Posts

Guccifer 20uble Entendre

As people continue to unravel the various parties involved in the January 6 insurrection, including Roger Stone and his repurposed group, Stop the Steal, I want to finish unpacking the Mueller-related files liberated by BuzzFeed last month.

Before I do that though, I want to lay out one potential implication of some things I said as part of my Rat-Fucker Rashomon series on Roger Stone’s prosecution.

In the post from that series on Jerome Corsi’s prescience that WikiLeaks would dump John Podesta’s emails, I showed that Ted Malloch, Rick Gates, and Paul Manafort all testified that Stone had advance knowledge of the Podesta drop in August — and according to Gates, he had that knowledge before August 14.

According to the SSCI Report, in part of Rick Gates’ October 25, 2018 interview that remains redacted,

Gates recalled Stone advising him, prior to the release of an August 14 article in The New York Times about Paul Manafort’s “secret ledger,” that damaging information was going to be released about Podesta. 1579 Gates understood that Stone was referring to nonpublic information. Gates further recalled later conversations with Stone about how to save Manafort’s role on the Campaign, and that Stone was focused on getting information about John Podesta, but said that Stone did not reveal the “inner workings” of that plan to Gates. 1580

An unredacted part of that 302 — which is likely the continuation of the discussion cited in SSCI — explains,

Gates said there was a strategy to defend Manafort by attacking Podesta. The idea was that Podesta had baggage as well. Gates said it was unfortunate the information did not come out in time to defend Manafort from his ultimate departure from the campaign.

In a September 27, 2018 interview, Manafort provided details of two conversations that he placed in August 2016, one of which provided specific details (which remain redacted, purportedly to protect Podesta’s privacy!) about John Podesta’s alleged ties with Russia.

Manafort was sure he had at least two conversations with Stone prior to the October 7, 2016 leak of John Podesta’s emails.

In the one conversation between Stone and Manafort, Stone told Manafort “you got fucked.” Stone’s comment related to the fact that Manafort had been fired. The conversation was either the day Manafort left the campaign or the day after.

In the other conversation, Stone told Manafort that there would be a WikiLeaks drop of emails with Podesta, and that Podesta would be “in the barrel” and Manafort would be vindicated. Manafort had a clear memory of the moment because of the language Stone used. Stone also said Manafort would be pleased with what came out. It was Manafort’s understanding that WikiLeaks had Podesta’s emails and they were going to show that [redacted] Manafort would be vindicated because he had to leave the campaign for being too pro-Russian, and this would show that Podesta also had links to Russia and would have to leave.

Manafort’s best recollection was the “barrel” conversation was before he got on the boat the week of August 28, 2016.

Roger Stone’s longtime friend Paul Manafort, at a time when he lying to protect key details about what happened in 2016, nevertheless confirmed that Stone had detailed knowledge not just that the Podesta files would drop, but what Russian-based attacks they would make of them.

In the piece arguing that Guccifer 2.0, not Julian Assange, was Roger Stone’s go-between with the Russian operation, I noted that SSCI believes Roger Stone had obtained his advance knowledge that WikiLeaks would later release John Podesta files by mid-day August 15, 2016.

Indeed, the Mueller Report describes that Corsi told Ted Malloch later in August that, “Stone had made a connection to Assange and that the hacked emails of John Podesta would be released prior to Election Day,” not that he himself had.

[snip]

At 8:16AM on August 15, Corsi texted and then at 8:17 AM Corsi emailed Stone the same message, telling him there was “more to come than anyone realizes”:

Appearing in the midst of a story about Stone’s lies about his go-between with WikiLeaks, the texts and emails are fairly innocuous. Though the SSCI Report does seem to believe Corsi’s story that this moment — and the 24 minute call between Corsi and Stone at 12:14PM on August 15 — is when Corsi told Stone about what the Podesta files would include.

(U) The Committee is uncertain how Corsi determined that Assange had John Podesta’s emails. Corsi initially explained in an interview with the SCO that during his trip to Italy, someone told him Assange had the Podesta emails. Corsi also recalled learning that Assange was going to “release the emails seriatim and not all at once.”1572 However, Corsi claimed not to remember who provided him with this information, saying he could only recall that “it feels like a man” who told him.1573

(U) Corsi further recalled that on August 15, after he returned from Italy, he conveyed this information to Stone by phone.1574 According to Corsi, the information was new to Stone. Stone seemed “happy to hear it,” and the two of them “discussed how the emails would be very damaging” to Clinton. 1575 Corsi also reiterated by both text and email to Stone on August 15 that there was “[m]ore to come than anyone realizes. Won’t really get started until after Labor Day.”1576

So three witnesses sympathetic to Stone say he had advance knowledge of the Podesta dump, and the neutral observers at SSCI believe that happened by mid-day on August 15, 2016.

If that’s the case, I pointed out in the Guccifer 2.0 post, then it means when the persona asked the rat-fucker whether Stone had found anything interesting in the documents he posted, it would appear to be a reference to the DCCC documents released days earlier, but would actually be reference to the Podesta files.

August 15, 2016 (unknown time): Guccifer 2.0 DMs Stone: “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?”

So long as the WikiLeaks story is kept separate from the Guccifer 2.0 one, that August 15 DM from Guccifer 2.0 to Stone appears to be a question about the DCCC emails posted on August 12, and so, as Stone claimed, totally innocuous. But given the evidence that Corsi and Stone acquired advance knowledge of the content of select Podesta emails by August 15 — particularly given Stone’s claim, reportedly made before July 22, to have been in touch with Guccifer 2.0 and his apparent foreknowledge of the GRU personas — that August 15 DM appears to be a comment on the Podesta files.

That is, that August 15 was not innocuous at all. It appears to have been, rather, the GRU’s persona asking Stone whether he liked what he had received in advance.

That is, it would be a kind of double entendre, a comment that seemed to have an innocuous public meaning, but in fact was a public marker of direct coordination between the Russian operation and the Trump campaign.

Consider the implications if that were true of the other comments from Guccifer 2.0 to Roger Stone. There were two such comments that have been made public. On August 16, Roger Stone linked a piece of his, talking about “How the election can be rigged against Donald Trump,” part of Stone’s Stop the Steal campaign that would eventually morph into the January 6 insurrection. Via DM, Stone asked G2 to RT it, which the persona did, saying he was “paying u back.”

Then on August 17, G2 buttered Stone up a bit, then offered to help him.

Starting at 1AM on August 18, Roger Stone himself buttered up the new replacement campaign manager for Donald Trump, offering him some way to win the election. “I do know how to win this but it ain’t pretty,” a similar pitch as Stone made to Paul Manfort just weeks earlier.

Affidavits show that Stone and Bannon continued to talk.

On August 19, 2016, Bannon sent Stone a text message asking if he could talk that morning. On August 20, 2016, Stone replied, “when can u talk???”

Bannon testified under oath at Stone’s trial that this conversation might have pertained to “the tougher side of politics” that the Trump campaign might use to “make up some ground,” possibly relating to Stone’s role as envoy to WikiLeaks.

Q. When Mr. Stone wrote to you, “I do know how to win this but it ain’t pretty,” what in your mind did you understand that to mean?

A. Well, Roger is an agent provocateur, he’s an expert in opposition research. He’s an expert in the tougher side of politics. And when you’re this far behind, you have to use every tool in the toolbox.

Q. What do you mean by that?

A. Well, opposition research, dirty tricks, the types of things that campaigns use when they have got to make up some ground.

Q. Did you view that as sort of value added that Mr. Stone could add to the campaign?

A. Potentially value added, yes.

Q. Was one of the ways that Mr. Stone could add value to the campaign his relationship with WikiLeaks or Julian Assange?

A. I don’t know if I thought it at the time, but he could — you know, I was led to believe that he had a relationship with WikiLeaks and Julian Assange.

This is the testimony Stone is threatening to sue Bannon over.

The next day, Stone tweeted his famous “Podesta time in the barrel” tweet.

The communication between Stone and Bannon continued; I’ll return to it in a follow-up post. But first, there was one more DM exchange between G2 and Stone: When, on September 9, G2 wrote Stone seemingly out of the blue and asked, “what do u think of the info on the turnout model for the democrats entire presidential campaign”?

Stone did’t respond at first. G2 probed again: “?” Then G2 sent HelloFL’s post on the Florida turnout model that G2 had sent Aaron Nevins. And G2 lectured the rat-fucker about a topic on which Stone is an expert: the import of voter turnout.

“Pretty standard,” Stone correctly said of the base level oppo research that G2 had sent Nevins.

And for years, that exchange made perfect sense. The Nevins data was the only publicly known turnout data that G2 might have had (indeed, it’s still the only data that most people know about). And so it made sense: G2 was just trying to fluff up his value with the candidate’s rat-fucker by pointing to data the quality of which the rat-fucker already had easy access.

Except, that data was not — as G2 referenced — “the turnout model for the democrats entire presidential campaign.” It pertained only to Florida.

But GRU had obtained data that may have provided a way to reconstruct the turnout model for the Democrats’ entire Presidential campaign: starting on September 5, they started hacking Hillary’s analytics, hosted on AWS. As the DNC described it in their lawsuit targeting (among others) Stone, this data was among the most valuable for the campaign. The hackers made several snapshots of the testing clusters the DNC used to test their analytics program.

On September 20, 2016, CrowdStrike’s monitoring service discovered that unauthorized users—later discovered to be GRU officers—had accessed the DNC’s cloud-computing service. The cloud-computing service housed test applications related to the DNC’s analytics. The DNC’s analytics are its most important, valuable, and highly confidential tools. While the DNC did not detect unauthorized access to its voter file, access to these test applications could have provided the GRU with the ability to see how the DNC was evaluating and processing data critical to its principal goal of winning elections. Forensic analysis showed that the unauthorized users had stolen the contents of these virtual servers by making exact duplicates (“snapshots”) of them and moving those snapshots to other accounts they owned on the same service. The GRU stole multiple snapshots of these virtual servers between September 5, 2016 and September 22, 2016. The U.S. government later concluded that this cyberattack had been executed by the GRU as part of its broader campaign to damage to the Democratic party.

In 2016, the DNC used Amazon Web Services (“AWS”), an Amazon-owned company that provides cloud computing space for businesses, as its “data warehouse” for storing and analyzing almost all of its data.

To store and analyze the data, the DNC used a software program called Vertica, which was run on the AWS servers. Vertica is a Hewlett Packard program, which the DNC licensed. The data stored on Vertica included voter contact information, such as the names, addresses, phone numbers, and email addresses of voters, and notes from the DNC’s prior contacts with these voters. The DNC also stored “digital information” on AWS servers. “Digital information” included data about the DNC’s online engagement, such as DNC email lists, the number of times internet users click on DNC advertisements (or “click rates”), and the number of times internet users click on links embedded in DNC emails (or “engagement rates”). The DNC also used AWS to store volunteer information—such as the list of people who have signed up for DNC-sponsored events and the number of people who attended those events.

[snip]

The DNC’s Vertica queries and Tableau Queries that allow DNC staff to analyze their data and measure their progress toward their strategic goals—collectively, the DNC’s “analytics,”—are its most important, valuable, and highly confidential tools. Because these tools were so essential, the DNC would often test them before they were used broadly.

The tests were conducted using “testing clusters”—designated portions of the AWS servers where the DNC tests new pieces of software, including new Tableau and Vertica Queries. To test a new query, a DNC engineer could use the query on a “synthetic” data set—mock-up data generated for the purpose of testing new software—or a small set of real data. For example, the DNC might test a Tableau query by applying the software to a set of information from a specific state or in a specific age range. Thus, the testing clusters housed sensitive, proprietary pieces of software under development. As described above, the DNC derives significant value from its proprietary software by virtue of its secrecy: if made public, it would reveal critical insights into the DNC’s political, financial, and voter engagement strategies and services, many of which are used or intended for use in interstate commerce.

[snip]

On September 20, 2016, CrowdStrike’s monitoring service discovered that unauthorized users had breached DNC AWS servers that contained testing clusters. Further forensic analysis showed that the unauthorized users had stolen the contents of these DNC AWS servers by taking snapshots of the virtual servers, and had moved those replicas to other AWS accounts they controlled. The GRU stole multiple snapshots of these servers between September 5, 2016 and September 22, 2016. The U.S. later concluded that this cyberattack had been executed by the GRU as part of its broader campaign to damage to the Democratic party. The GRU could have derived significant economic value from the theft of the DNC’s data by, among other possibilities, selling the data to the highest bidder.

The software would also be usable as executable code by DNC opponents, who could attempt to re-create DNC data visualizations or derive DNC strategy decisions by analyzing the tools the DNC uses to analyze its data.

So by the time G2 asked Stone what he thought of “the info on the turnout model for the democrats entire presidential campaign” on September 9, three weeks after having offered to help Stone, the GRU had started stealing snapshots relating to Hillary’s analytics four days earlier. If, as seems may have been the case with G2’s August 15 question, this question was meant to be a double entendre with a  hidden meaning, it might suggest that GRU had shared this, a way to reconstruct Hillary’s crown jewels, with Trump’s rat-fucker (and in any case would have provided incredibly valuable information for whomever received the campaign strategy information that Konstantin Kilimnik was passing on).

Which is even more interesting given the conversations about data that Stone and Bannon were having at the time.

Footnote: The Day Before Roger Stone Received a Pre-Written Pardon, He Lied about the Ongoing Investigation into His Conspiracy with Russia

As I noted here, Roger Stone’s pardon appears to have been all packaged up, covering only the crimes for which he has already been found guilty, before Billy Barr left DOJ and the pardons were rolled out.

Which is why I’m intrigued that Roger Stone went on The Gateway Pundit to lie about the investigation into him just yesterday. In what appears to be an interview of himself, Stone makes several assertions. First, he includes me among those who — he claims — were “obsessed with the idea that I was working with WikiLeaks and WikiLeaks was working with the Russians.”

It wasn’t just the nut jobs like Mother Jones ,the Daily Beast , Salon and nutty bloggers like Marcy Wheeler but allegedly responsible media outlets like the New York Times, the Washington Post, the Wall Street Journal and CNN and MSNBC became obsessed with the idea that I was working with WikiLeaks and WikiLeaks was working with the Russians.

I’m flattered Stone felt the need to include me in this esteemed list without, this time, threatening to sue me for reporting things that would later be confirmed in court documents. It’s a testament to how closely Stone has always read me.

Stone wrote this self-interview for a more specific purpose, however: To claim that the Mueller Report passages unsealed the day before the election concluded he had no ties to WikiLeaks.

At midnight on election day November 3rd, 2020- the busiest news day of the year and timed to get as little press coverage as possible, the United States Department of Justice released the remaining unredacted sections of the Mueller Report regarding me specifically, in which they had admitted that despite two years of intense investigation, spending millions to pour through every aspect of my life, dragging 36 witnesses to the grand jury and after obtaining all my electronic communications for four years ( literally millions of e-mails and pages of documents, tax returns, banking and financial records –they found no factual evidence of any collaboration or coordination between me and WikiLeaks regarding the release of emails regarding John Podesta, the Democratic National committee or Hillary Clinton or that I had any advance knowledge of the timing, content or source of their disclosures).

He says that this passage proves that:

“The Office determined that it could not pursue a Section 1030 conspiracy charge against Stone for some of the same legal reasons. The most fundamental hurdles, though, are factual ones.1279 As explained in Volume I, Section III.D.1, supra, Corsi’s accounts of his interactions with Stone on October 7, 2016 are not fully consistent or corroborated. Even if they were, neither Corsi’s testimony nor other evidence currently available to the Office is sufficient to prove beyond a reasonable doubt that Stone knew or believed that the computer intrusions were ongoing at the time he ostensibly encouraged or coordinated the publication of the Podesta emails. Stone’s actions would thus be consistent with (among other things) a belief that he was aiding in the dissemination of the fruits of an already completed hacking operation perpetrated by a third party, which would be a level of knowledge insufficient to establish conspiracy liability. See State v. Phillips, 82 S.E.2d 762, 766 (N.C. 1954) (“In the very nature of things, persons cannot retroactively conspire to commit a previously consummated crime.”) (quoted in Model Penal Code and Commentaries § 5.03, at 442 (1985).

[additional content that Stone doesn’t include]

“Regardless, success would also depend upon evidence of WikiLeaks’s and Stone’s knowledge of ongoing or contemplated future computer intrusions-the proof that is currently lacking.”

Unsurprisingly, Stone does not include the footnote modifying this passage which, as I noted at the time, made it clear there were still ongoing investigations, plural, into this question at the time Mueller closed up shop on March 22, 2019.

1279 Some of the factual uncertainties are the subject of ongoing investigations that have been referred by this Office to the D.C. U.S. Attorney’s Office.

That is, the passage said the exact opposite of what Stone said it did. It said that, presumably in part because Roger Stone’s aide Andrew Miller had stalled on his grand jury testimony for a year, the investigation into whether Stone could be charged in the CFAA conspiracy with Russia was not yet complete, not after two years of investigation.

And having lied about what the unsealed passage says, Stone then complains that Judge Amy Berman Jackson withheld it from his lawyers.

Judge Amy Berman withheld this from my lawyers at trial. The Mueller’s dirty cops concluded in their report that even if they had found evidence that I had received documents from Assange of WikiLeaks and passed them to anyone, which I did not and for which they found no evidence whatsoever, it would not have been illegal. The whole thing was a hoax.

ABJ withheld it, of course, because DOJ was still investigating, even as recently as April 2020 when DOJ unsealed warrants that made that clear. DOJ withheld that passage so Stone wouldn’t know that the witness tampering case into him was just one step in an ongoing investigation, one that remained focussed on whether Roger Stone conspired with Russia or — indeed — had even served as an Agent of Russia.

Stone goes on to complain that only BuzzFeed, along with right wing propaganda sites Washington Examiner (who launched the investigation into Stone in the first place) and Zero Hedge, misreported the significance of this detail.

The only three news outlets who reported on this shocking election day admission that there was no evidence found that would support this narrative were BuzzFeed, who successfully brought the lawsuit for the release of this material, the Washington Examiner and ZeroHedge. Where were the New York Times, the Washington Post, the Wall Street Journal, the Huffington Post, The Atlantic, The Hill, Politico, Salon, Vox, Vice, CNN, MSNBC, NBC and the Business Insider – all of who were quick to smear me as a “go-between for WikiLeaks and the Trump Campaign” but none of whom reported on the stunning conclusions of Mueller’s thugs.

He didn’t mention me in this case, because I correctly reported that the Mueller language actually said the exact opposite of what Stone claims.

Hours before he received a pardon for lying to cover up his real go-between with WikiLeaks — which a good deal of evidence suggests was Guccifer 2.0 — Roger Stone did an interview of himself where he falsely claimed the Mueller Report had finished its investigation only to fall short of proving that he was conspiring with Russia.

That’s a crime, it should be noted, for which Stone was not pardoned.

Snowden

Like Glenn Greenwald, Roger Stone Links a Pardon for Edward Snowden to a Corrupt Pardon for Julian Assange

After being pardoned for his crime of lying to Congress last night, Roger Stone called for a pardon for Julian Assange and Edward Snowden.

Stone welcomed the pardon and complained he’d been subjected to a “Soviet-style show trial on politically-motivated charges.”

The longtime political provocateur also urged the president to extend clemency to a key figure in the release of hacked emails during the 2016 campaign, Julian Assange, and to National Security Agency leaker Edward Snowden.

“Other good Americans have been victims of a corrupt system made to serve venal power-seekers,rewarding deceit and manipulation, rather than reason and justice. President Trump can be the purveyor of justice over the vile machinations of wicked pretenders to the mantle of public service,” Stone wrote.

Unless Bill Barr shut it down in preparation for the pardons to come (a very good possibility), DOJ has an ongoing investigation into the circumstances under which Roger Stone started pursuing a pardon for Assange, one that ties a pardon for Assange to Stone’s successful optimization of the release of the John Podesta files in October 2016. That might even make Stone’s call a new overt act in a conspiracy that started in 2016.

What it also does, though, is tie a hypothetical Snowden pardon — one that otherwise would have nothing to do with Trump’s crimes — to this quid pro quo.

Stone is not the first to do so in a corrupt way, of course. So did Glenn Greenwald, when he pitched such a dual pardon as a way for Trump to get back at The [American] Deep State on Tucker Carlson’s show, back in September.

Glenn: Let’s remember, Tucker, that the criminal investigation into Julian Assange began by the Obama Administration because in 2010 WikiLeaks published a slew of documents — none of which harmed anybody, not even the government claims that. That was very embarrassing to the Obama Administration. It revealed all kinds of abuses and lies that they were telling about these endless wars that the Pentagon and the CIA are determined to fight. They were embarrassing to Hillary Clinton, and so they conducted, they initiated a grand jury investigation to try and prosecute him for reporting to the public. He worked with the New York Times, the Guardian, to publish very embarrassing information about the endless war machine, about the Neocons who were working in the Obama Administration. To understand what’s happening here, we can look at a very similar case which is one that President Trump recently raised is the prosecution by the Obama Administration, as well, of Edward Snowden for the same reason — that he exposed the lies that James Clapper told, he exposed how there’s this massive spying system that the NSA and the CIA control, that they can use against American citizens. Obviously this isn’t coming from President Trump! He praised WikiLeaks in 2016 for informing the public. He knows, firsthand, how these spying systems that Edward Snowden exposed can be abused and were abused in 2016. This is coming from people who work in the CIA, who work in the Pentagon, who insist on endless war, and who believe that they’re a government unto themselves, more powerful than the President. I posted this weekend that there’s a speech from Dwight Eisenhower warning that this military industrial complex — what we now call the Deep State — is becoming more powerful than the President. Chuck Schumer warned right before President Obama — President Trump — took office that President Trump challenging the CIA was foolish because they have many ways to get back at anybody who impedes them. That’s what these cases are about Tucker, they’re punishing Julian Assange and trying to punish Edward Snowden for informing the public about things that they have the right to know about the Obama Administration. They’re basically saying to President Trump, “You don’t run the country even though you were elected. We do!” And they’re daring him to use his pardon power to put an end to these very abusive prosecutions. One which resulted in eight years of punishment for Julian Assange for telling the truth, the other which resulted in seven years of exile for Edward Snowden of being in Russia simply for informing the public and embarrassing political officials who are very powerful.

While there’s abundant evidence (which press organizations and journalists who’ve been personally involved are dutifully ignoring) that Julian Assange has been something other than he has been claiming for years, I have always believed a Snowden pardon is an entirely different thing, something far more justified. But if these people who were running interference for Guccifer 2.0 back in 2016 and have continued to do so to this day keep linking a corruptly negotiated Assange with a Snowden one, it does raise questions about whether there’s some closer tie.

Hours before Trump Pardoned Flynn, “Phil” Weighed in a Pardon

Update: This was not Phil. It was someone testing Phil’s identity. I’m removing the post (though I’m sure it’s archived).

Roger Stone’s 2016 “Stop the Steal” Effort May Have Been Coordinated with Russia

CNN has traced out in detail what I’ve been noting for some time: the “Stop the Steal” effort ginning up disinformation and threats of violence in the wake of Donald Trump’s loss is a repackaged version of an effort that Roger Stone rolled out in 2016.

[W]hile Stop the Steal may sound like a new 2020 political slogan to many, it did not emerge organically over widespread concerns about voting fraud in President Donald Trump’s race against Joe Biden. It has been in the works for years.

Its origin traces to Roger Stone, a veteran Republican operative and self-described “dirty trickster” whose 40-month prison sentence for seven felonies was cut short by Trump’s commutation in July.

Stone’s political action committee launched a “Stop the Steal” website in 2016 to fundraise ahead of that election, asking for $10,000 donations by saying, “If this election is close, THEY WILL STEAL IT.”

But CNN — with four journalists bylined — misses several important parts of that earlier story, parts that are critical to understanding the stakes for Steve Bannon and Stone now.

Stone may have mixed his political fundraising

First, there’s good reason to believe that Stone was not segregating the different kinds of campaign finance organizations he was using for his 2016 rat-fucking. Even from what remained of his public infrastructure when I wrote this post, it showed that fundraising for one kind of dark money group went to links associated with a PAC.

[I]t’s clear he wasn’t segregating the fundraising for them, and I wonder whether some of his email fundraising involved other possible campaign finance violations. For example, here’s the Stop the Steal site as it existed on March 10, 2016. It was clearly trying to track fundraising, carefully instructing people to respond to emails if they received one. But it claimed to be TCTRAG (what I call CRAG), even though the incoming URL was for Stop the Steal.

That remained true even after Stop the Steal was formally created, on April 10. Even after the website changed language to disavow Stop the Steal being a PAC by April 23, the fundraising form still went to TCTRAG (what I call CRAG), a PAC.

In other words, people would click a link thinking it would fund one effort (and one kind of legal entity) and any money donated would instead go to another effort (and another kind of legal entity). Since then, we’ve learned more about how everyone associated with Trump — Corey Lewandowski, Paul Manafort, and Brad Parscale, in addition to Stone — set up these entities to get rich off of Trump. It’s one reason the rivalry between Lewandowski and Manafort was so heated: because one’s relative prominence in Trump’s campaign effort was directly related to the amount of money that one could grift from it.

But as Bannon’s indictment for fraud makes clear, telling people they’re donating money for one purpose (to build a wall) but using the money for other purposes (to support Bannon’s pricey lifestyle) can be prosecuted as fraud.

When Andrew Miller was negotiating testimony about Stone, he specifically asked for immunity relating to Stone’s PACs and his texts with Stone that the government subpoenaed after his grand jury appearance overlapped with that campaign slush.

In 2016, Stone was (illegally) coordinating with the campaign

As appears to have been the case for all these efforts to grift off the campaign, Stone was coordinating his PAC and dark money efforts with the campaign.

We learned that, in Stone’s case, starting with a legal debate in the lead-up to Stone’s trial about 404(b) information, which is information about other bad actions (including crimes) that prosecutors are permitted to introduce during a trial to prove something like motive or consistent behavior.

In advance of Stone’s trial prosecutors got permission to introduce evidence that Stone lied about something in his HPSCI testimony, on top of all the lies about who his go-between with WikiLeaks was, only that other lie wasn’t charged.

At the pretrial conference held on September 25, 2019, the Court deferred ruling on that portion of the Government’s Notice of Intention to Introduce Rule 404(b) evidence [Dkt. # 140] that sought the introduction of evidence related to another alleged false statement to the HPSCI, which, like the statement charged in Count Six, relates to the defendant’s communications with the Trump campaign. After further review of the arguments made by the parties and the relevant authorities, and considering both the fact that the defendant has stated publicly that his alleged false statements were merely accidental, and that he is charged not only with making individual false statements, but also with corruptly endeavoring to obstruct the proceedings in general, the evidence will be admitted, with an appropriate limiting instruction. See Lavelle v. United States, 751 F.2d 1266, 1276 (D.C. Cir. 1985), citing United States v. DeLoach, 654 F.2d 763 (D.C. Cir. 1980) (given the defendant’s claim that she was simply confused and did not intend to deceive Congress, evidence of false testimony in other instances was relevant to her intent and passed the threshold under Rule 404(b)). The Court further finds that the probative value of the evidence is not substantially outweighed by the danger of unfair prejudice.

Judge Amy Berman Jackson permitted prosecutors to include it because it showed that Stone was trying to cover up all of his coordination with the campaign.

A September hearing about this topic made clear that it pertained to what Stone’s PACs were doing.

Assistant U.S. Attorney Michael J. Marando argued that Stone falsely denied communicating with Trump’s campaign about his political-action-committee-related activities, and that the lie revealed his calculated plan to cover up his ties to the campaign and obstruct the committee’s work.

This debate suggested prosecutors could present the information via just one witness, but unless I’m misunderstanding, it actually came in via two witnesses: There were a number of texts between Rick Gates and Stone where Stone kept demanding lists from the campaign (indeed, this is something that Stone’s lawyers actually emphasized!). And during the period when Bannon was campaign manager, Stone asked him to get Rebekah Mercer to support some of his other activities, designed to suppress the black vote.

Both of these communications show that Stone was at least attempting to coordinate his efforts with the campaign (it’s not clear to what degree Gates responded to Stone’s demands), and the second detail shows that he was coordinating with Bannon, the guy who took over the Stop the Steal effort this year.

This kind of coordination is illegal (albeit common), though Billy Barr’s DOJ refused to prosecute Trump for any of it (and he even appears to have shut down an investigation into what appeared to be a kickback system Manafort used to get paid).

Stone’s Stop the Steal efforts paralleled the voter suppression efforts of the Russian operation

Even back when I examined Stone’s Stop the Steal efforts in 2018 (when I was skeptical about his legal liability with respect to WikiLeaks), it was clear that the steps Stone took happened to coincide with Russia’s efforts.

Stone’s voter suppression effort is not surprising. It’s the kind of thing the rat-fucker has been doing his entire life.

Except it’s of particular interest in 2016 because of the specific form it took. That’s because two aspects of Stone’s voter suppression efforts paralleled Russian efforts. For example, even as Stone was recruiting thousands of “exit pollers” to intimidate people of color, Guccifer 2.0 was promising to register as an election observer, in part because of the “holes and vulnerabilities” in the software of the machines.

INFO FROM INSIDE THE FEC: THE DEMOCRATS MAY RIG THE ELECTIONS

I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.

As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.

I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.

I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.

More interesting still, the GRU indictment makes it clear that GRU’s information operation hackers were probing county electoral websites in swing states as late as October 28.

In or around October 2016, KOVALEV and his co-conspirators further targeted state and county offices responsible for administering the 2016 U.S. elections. For example, on or about October 28, 2016, KOVALEV and his co-conspirators visited the websites of certain counties in Georgia, Iowa, and Florida to identify vulnerabilities.

Whether or not GRU ever intended to alter the vote, Russia’s propagandists were providing the digital “proof” that Republicans might point to to sustain their claims that Democrats had rigged the election.

This is a line that Wikileaks also parroted, DMing Don Jr that if Hillary won his pop should not concede.

Hi Don if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred—as he has implied that he might do.

Since that time, we’ve learned that Maria Butina and Sergey Kislyak were also aiming to focus on observing polls in 2016. We’ve learned that the GRU hackers were actually targeting conservative Florida counties in 2016 (including Matt Gaetz’s district), meaning that had Trump lost he might have turned to the hacking of GOP strongholds to claim that that hacking had undermined his vote totals in Florida.

There are also indications that Mueller was pursuing evidence that not only Stone, but also Paul Manafort, had advance notice of all this. For example, Manafort got asked about Russians hacking voting machines in regards to a November 5, 2016 note he sent to the campaign regarding “Securing the Victory” (which admittedly is a slightly different topic but one that might have elicited an answer about hacking the Boards of Election if Manafort were at all inclined to tell the truth, which he was not).

All of which is to say that, had Hillary won narrowly (as Biden won by close margins in enough states to amount to a resounding victory), we probably would have seen Stone’s Stop the Steal effort to be doing precisely what Bannon’s Stop the Steal has been doing this year, both delegitimizing the outcome and sowing violence. But in that case, the effort may have been accompanied by possible foreknowledge that a close investigation of certain GOP strongholds would disclose proof of tampering in the election.

Stone pitched Bannon on a way to win ugly the day he became Campaign Manager

At this point, I’ve come to believe that prosecutors used their live witnesses at Stone’s trial (aside from former FBI Agent Michelle Taylor, who introduced most of the evidence) to make certain testimony public regarding other investigative prongs. For example, prosecutors got Gates to testify publicly that Stone claimed involvement in the release of stolen emails at a time when only Guccifer 2.0 was releasing them, not WikiLeaks. Prosecutors got Randy Credico to confirm publicly that shortly after the election, he helped Stone try to pay off his election debt by pardoning Julian Assange.

And prosecutors got Steve Bannon to — very reluctantly — repeat grand jury testimony that he regarded a pitch that Stone made to him the day after he became campaign manager to be related to dirty tricks and WikiLeaks.

Prosecutors introduced a similar exchange with Steve Bannon, the guy who took over from Manafort weeks later: an August 18, 2016 email exchange  where Stone claimed Trump could “still win” … “but it ain’t pretty,” and Bannon responded by asking to talk ASAP.

Manafort didn’t testify at Stone’s trial. But Bannon did. Prosecutors had Bannon sitting there on the stand, forcing him to repeat what he had said to a grand jury earlier in the year, yet they only asked him to say this much about what all this means, in which he begrudgingly admitted he believed this discussion about using social media to win was about WikiLeaks:

Q. At the bottom of this email Mr. Stone states, “Trump can still win, but time is running out. Early voting begins in six weeks. I do know how to win this, but it ain’t pretty. Campaign has never been good at playing the new media. Lots to do, let me know when you can talk, R.” Did I read that correctly?

A. That’s correct.

Q. Then you respond, “Let’s talk ASAP”; am I correct?

A. That’s correct.

Q. When Mr. Stone wrote to you, “I do know how to win this but it ain’t pretty,” what in your mind did you understand that to mean?

A. Well, Roger is an agent provocateur, he’s an expert in opposition research. He’s an expert in the tougher side of politics. And when you’re this far behind, you have to use every tool in the toolbox.

Q. What do you mean by that?

A. Well, opposition research, dirty tricks, the types of things that campaigns use when they have got to make up some ground.

Q. Did you view that as sort of value added that Mr. Stone could add to the campaign?

A. Potentially value added, yes.

Q. Was one of the ways that Mr. Stone could add value to the campaign his relationship with WikiLeaks or Julian Assange?

A. I don’t know if I thought it at the time, but he could — you know, I was led to believe that he had a relationship with WikiLeaks and Julian Assange.

Even though prosecutors didn’t lay out precisely what happened next — something that other evidence suggests may have implicated Jared Kushner — Stone’s team never challenged the prosecution claim that this email and the subsequent exchanges did pertain to WikiLeaks. Perhaps, because they had reviewed Bannon’s grand jury and more recent testimony, they knew how he would respond and thought better off leaving it unchallenged.

Perhaps, too, they didn’t want to have to explain how long this exchange persisted. For example, the Stone affidavits — starting with one obtained after Bannon’s first testimony — showed this particular email exchange lasted two more days, through August 19 and 20 (the day before the Podesta “time in the barrel” tweet).

On August 19, 2016, Bannon sent Stone a text message asking if he could talk that morning. On August 20, 2016, Stone replied, “when can u talk???”

And those discussions may have continued into face-to-face meetings in September.

On September 4, 2016, Stone texted Bannon that he was in New York City for a few more days, and asked if Bannon was able to talk.

[snip]

On September 7, 2016, Stone and Bannon texted to arrange a meeting on September 8, 2016 at the Warner Center in New York.

On September 7, 2016, Bannon texted Stone asking him if he could “come by trump tower now???”

On September 8, 2016, Stone and Bannon texted about arranging a meeting in New York.

This is a lot of back-and-forth to discuss the “the tougher side of politics.”

Even though they had Bannon there on the stand, prosecutors did not get him to explain what this plan to win ugly entailed. So we don’t know whether it pertained to Stone’s efforts to suppress the black vote, his Stop the Steal effort to discredit a potential Hillary win, or something more (I’ll eventually get around to what that something more might be). But we do know that when Bannon enthusiastically responded to those pitches, he expected Stone’s plan to win ugly would involve dirty tricks and WikiLeaks.

Stone’s real go-between with WikiLeaks was likely Guccifer 2.0

No one involved with the Trump campaign — at least as far as is public — claims to have known who Stone’s claimed tie to WikiLeaks was.

But Rick Gates apparently did testify that Stone claimed to have a tie to Guccifer 2.0 well before the time he was DMing with the persona on Twitter. The FBI had evidence (though how good it is remains inconclusive) that he was searching on both Guccifer 2.0 and dcleaks before those sites went live. When prosecutors wrote the Mueller Report in March 2019, they still had not determined whether any proof they had of Stone’s awareness of Russia’s ongoing hacking — which extended until November 2016 — was sufficient proof beyond reasonable doubt to charge him as part of the hack-and-leak conspiracy.

As I have argued, there is evidence, albeit not conclusive, that Stone’s go-between with WikiLeaks was Guccifer 2.0.

If that’s right, it suggests that Stone’s parallel efforts with Guccifer 2.0’s, efforts that seemingly anticipated hacks that might have served to discredit the vote in 2016, may not have been coincidence or even just a result of the seeming dance via which Trump’s team and Russia followed the same path without any coordination. It may have reflected coordination.

Let me very clear: I’m not making any claims that happened this year. There’s no evidence of it, and those who tracked election tampering efforts have said they found none.

But until Billy Barr intervened in Stone’s sentencing, all this was (at least per FOIA redactions) an ongoing investigation, the investigation that Stone’s prosecution served, in part, as an investigative step in. If you put that together with Bannon’s own legal exposure in the Build the Wall fraud indictment, it changes the stakes on these men’s efforts to curry Trump’s favor (and to ensure he remains in power, via whatever means).

If Trump remains in charge of DOJ, these men will stay out of prison. If he doesn’t, they may not. And for Stone, especially, a Joe Biden DOJ (or a Democratic Congress, with DOJ’s help) may reveal what he has been denying for years, that Stone willingly coordinated during the 2016 election with someone whose ties to Russia were only thinly hidden.

Some Details of Mueller’s GRU Indictment You Probably Missed

When the Mueller team wrote the GRU indictment, they were hiding that Roger Stone might one day be included in it.

Last week,  DOJ unsealed language making it clear that, when Mueller closed up shop in March 2019, they were still investigating whether Roger Stone was part of a conspiracy with Russia’s GRU to hack-and-leak documents stolen from the Democrats in 2016.

The Office determined that it could not pursue a Section 1030 conspiracy charge against Stone for some of the same legal reasons. The most fundamental hurdles, though, are factual ones.1279 As explained in Volume I, Section III.D.1, supra, Corsi’s accounts of his interactions with Stone on October 7, 2016 are not fully consistent or corroborated. Even if they were, neither Corsi’s testimony nor other evidence currently available to the Office is sufficient to prove beyond a reasonable doubt that Stone knew or believed that the computer intrusions were ongoing at the time he ostensibly encouraged or coordinated the publication of the Podesta emails. Stone’s actions would thus be consistent with (among other things) a belief that he was aiding in the dissemination of the fruits of an already completed hacking operation perpetrated by a third party, which would be a level of knowledge insufficient to establish conspiracy liability. See State v. Phillips, 82 S.E.2d 762, 766 (N.C. 1954) (“In the very nature of things, persons cannot retroactively conspire to commit a previously consummated crime.”) (quoted in Model Penal Code and Commentaries § 5.03, at 442 (1985)).

1279 Some of the factual uncertainties are the subject of ongoing investigations that have been referred by this Office to the D.C. U.S. Attorney’s Office.

That means, eight months after they charged a bunch of GRU officers for the hack-and-leak, DOJ still hadn’t decided whether Stone had criminally participated in that very same conspiracy.

That raises questions about why they obtained the indictment before deciding whether to include Stone in it.

In his book, Andrew Weissmann provides an explanation for the timing of it.

A problem arose, however, when it came to the timing of this indictment. Having secured the Intelligence Community’s and Justice Department’s go-ahead, Jeannie aimed to have the indictment completed by July 2018. However, Team M’s first case against Manafort was scheduled to go to trial in Virginia in mid-July and, with Manafort showing little sign of wanting to plead, much less cooperate, with our office, we had few doubts that the trial would go forward. If we brought Team R’s indictment just before the trial, the judge in the Manafort case would go bonkers, justifiably concerned that such an indictment from the Special Counsel’s Office could generate adverse pretrial publicity, even if it didn’t relate directly to the Manafort charges.

But we couldn’t afford to wait to bring the hacking indictment until after both of Manafort’s trials concluded—the trial in Virginia was slated to start in July and the trial in Washington in early September. By then, we would be running up on the midterms, and we would not announce any new charges that close to the election (consistent with Department policy). But waiting until mid-November would be intolerable to Mueller. I told Jeannie I thought we could safely defend ourselves from any objections from the Virginia judge if she brought her case at least two weeks before the start of our July trial—that, I hoped, would give us a reasonable buffer.

Jeannie said she could manage that, then quickly noted that the new timetable created yet another problem: Two weeks before our trial, the president was scheduled to be in Helsinki, where he would be meeting privately with Vladimir Putin. Our indictment would require alerting the State Department, given their diplomatic concerns in preparing for and running a summit, as the indictment would accuse the Russians explicitly of election interference. That was standard operating procedure, but there was also the real perception issue that the indictment could look like a commentary on Trump’s decision to meet alone with Putin, which we did not intend.

We brought the dilemma to Mueller. He suggested we determine whether the White House would take issue with our proceeding just before the president’s trip—would it pose any diplomatic issues? The answer we got back was no: The administration would not object to the timing. I suspect the White House Counsel’s Office did not want to be perceived as dictating to us how or when to bring our indictment, or as hiding evidence of Russian election interference. In retrospect, a less generous interpretation of their blessing to move forward was that they knew dropping the indictment just before the trip would provide Trump and Putin an opportunity to jointly deny the attack on a global stage—that they were playing us, as Barr would later on. [my emphasis]

The indictment was ready in July. If it wasn’t announced then and if both Manafort trials went forward, then prohibitions on pre-election indictments would kick in, meaning the indictment wouldn’t be released in mid-November. That would have been “intolerable” for Mueller’s purposes. Weissmann doesn’t note that mid-November would also be after the election, meaning that the indictment might not get released before a hypothetical post-election Mueller firing and so might not get released at all. That may be what intolerable means.

Other possible factors on the GRU indictment timing

One thing that almost certainly played a factor in DOJ obtaining the indictment before they decided whether to include Stone in it, however, was Andrew Miller’s appeal.

Stone’s former aide Andrew Miller was interviewed for two hours at his home on May 9, 2018; this is almost certainly the 302 from the interview. Assuming that is his 302, Miller was asked about his relationship with Stone, Stone’s relationship with Trump, a bunch of Stone’s right wing nut-job friends, and someone whom Miller knew under a different name. Nothing in the unredacted passages of the interview reflects Miller’s role coordinating Stone’s schedule at the RNC, even though that was the focus of a follow-up subpoena after Miller testified to the grand jury. At the end of the interview, Miller agreed to appear voluntarily for a follow-up and grand jury testimony.

But then Stone learned about the interview.

We know that from the description of a pen register Mueller obtained on Stone a week later, described in affidavits. The PRTT showed that Miller had called Stone twice in the days after his interview with the FBI. On May 11, 2018, Miller lawyered up and his new lawyer, Alicia Dearn, told Mueller that Miller would no longer appear voluntarily (remember that Stone had offered to get a lawyer who would help Randy Credico refuse to testify).

This timeline lays out the early part of Miller’s subpoena challenge.

Miller emailed Stone over a hundred times over the month after his FBI interview. Miller did schedule a grand jury appearance, but then blew it off. Mueller started moving to hold Miller in contempt on June 11. In the days between then and a hearing on the subpoena, Miller and Stone exchanged five more emails. Then, in late June, Miller added another lawyer, Paul Kamenar (whom Stone would add to his team after his sentencing, presumably to allow Kamenar to access the evidence against him under the protective order). Kamenar made it clear he would appeal Miller’s subpoena.

In other words, in late June, the Mueller team learned that they would have to wait a while to get Miller before the grand jury (it ultimately took until the moment Mueller closed up shop on May 29, 2019). All the back and forth also would have made it clear how damaging Stone believed Miller’s testimony against him to be. When Mueller obtained a second warrant for Stone’s emails in early August 2018, the team would have gotten the content of those emails to learn precisely what Stone had to say to Miller about his testimony.

So Miller’s challenge to his subpoena meant that Mueller’s team would not obtain testimony that — it seems clear — they knew went to the heart of whether Stone was conspiring with Russia until well after the midterm election.

If my concerns that “Phil” had a role in the Guccifer 2.0 operation were correct, there’s a chance my big mouth had a role in the timing, too. Starting on June 28, I started considering revealing that I had gone to the FBI in what would eventually become this post. Contrary to the invented rants of people like Glenn Greenwald and Eli Lake, even a year into an investigation into what I had shared with the FBI, long after the time they would have been able to dismiss my concerns if they had no merit, prosecutors did not blow me off.

My interaction with Mueller’s press person in advance of going forward extended over five days. I emailed the press person on June 28 and said I wanted to run something by him. He blew it off for a day (there was a Manafort hearing), then on Friday I wrote again saying I run my decision by my lawyer, and was still planning on going forward. He still blew it off. The next day, I suggested he go check with a particular prosecutor; while the prosecutor hadn’t been in my interview, he was involved in setting it up. The press guy called back within an hour, far more interested in the discussion, and chatty about the fact that I live(d) in Michigan. He asked me to explain the threats I believed I had gotten after I went to the FBI. He asked me generally what I wanted to say. I noted that I believed if people guessed why I had gone to the FBI, they would guess the Shadow Brokers side of it, since TSB had dedicated its last words to a tribute to me, but probably not the Guccifer 2.0 side.

He told me “some people” needed to discuss it. Early on Monday July 1, we spoke again first thing in the morning. He asked me to describe more specifically what I would say. I described the select parts of my post that I suspected would be most sensitive, and read the text that I planned to publish. He said some people needed to discuss it and I would hear by the end of the day. At the end of the workday, he apologized for a further delay. After some more back-and-forth, he told me, around 10PM, that my post would not damage the investigation. The Special Counsel’s Office took no view on whether it was a stupid idea or not (it probably was, not least because one can never understand the moving parts in an investigation like this).

I posted the next day, part of a mostly-failed attempt to get Republicans to care about the non-partisan sides of this investigation. That was 11 days before the actual indictment.

I didn’t know then and frankly I still can’t rule out whether, over those two days, when “some people” discussed my plans, they reached a final conclusion that my concerns about an American who might have a role in the Guccifer 2.0 operation were either baseless or could not be proven.

But the aftermath shows they were still investigating Stone’s ties to Guccifer 2.0, whether not I was right about an American involved in it. Later in July, after the GRU indictment was released, prosecutors would obtain a warrant on several of Stone’s Google accounts in an attempt to determine whether he was the person looking up dcleaks and Guccifer 2.0 before the sites went live. A month and a half later, they would get two warrants, two minutes apart, one for Stone’s cell site location, and another for a Guccifer 2.0 email account, possibly an attempt to co-locate Stone and someone using the Guccifer account. That was the beginning of the period when Mueller’s team would start gagging warrant applications to hide the scope of the investigation from Stone.

For several months after releasing an indictment that made it appear as if all the answers about the hack-and-leak were answered, then, Mueller’s team took a number of steps that aimed to understand any tie between Stone and Guccifer 2.0. Even sixteen months after the GRU indictment, the Guccifer 2.0 persona ended up being an unstated focus of Stone’s trial — a trial about his lies to hide his true go-between with WikiLeaks — too.

Whatever the reason for the timing of the GRU indictment, given the confirmation that Mueller’s team was still investigating whether Stone had foreknowledge of ongoing GRU hacks that would merit including him in the hack-and-leak conspiracy when they closed up shop in March 2019, it’s worth revisiting the GRU indictment. At the time Mueller’s team wrote it, they knew at a minimum they were killing time to get Miller’s testimony, and subsequent steps they took show they they continued to pursue a prong of the investigation pertaining to Guccifer 2.0 that they planned to hide from Stone. So it’s worth seeing how they wrote the indictment to allow for the possibility of later including Stone in it, without telegraphing that that was a still open part of the investigation.

The Stone investigation parallels several of the counts charged in Mueller’s GRU indictment

The indictment charges 12 GRU officers for several intersecting conspiracies: Conspiracy against the US by hacking to interfere in the 2016 election (incorporating various CFAA charges and 18 USC §371), conspiracy to commit wire fraud for using false domain names (18 USC §3559(g)(1)), aggravated identity theft for stealing the credentials of victims (18 USC 1028A(a)(1)), conspiracy to launder money for using bitcoin to hide who was funding the hacking infrastructure (18 USC §1956(h)), and conspiracy against the US for tampering with election infrastructure (18 USC §371). In addition there’s an abetting charge (18 USC §2). Those charges are similar to, but do not exactly line up with, the other GRU indictment obtained in 2018, for hacking international doping agencies, which I’ll call the WADA indictment. The WADA indictment includes hacking, wire fraud, money laundering conspiracies, along with identity theft, as well. But it doesn’t include the abetting charge. And as described below, it deals with the leaking part of the operation differently.

DOJ used the abetting charge in Julian Assange’s indictments, a way to try to hold him accountable for the theft of documents by Chelsea Manning. Given the mention of Company 1, WikiLeaks, in the indictment, that may be why the abetting charge is there.

But the charges in the Mueller GRU indictment also parallel those for which the office was investigating Stone: he was investigated for CFAA charges from the start (that first affidavit focused exclusively on Guccifer 2.0), 371 was added in the next affidavit, aiding and abetting a conspiracy was added in the third affidavit, and wire fraud was added in March 2018 (the campaign finance charges that would be declined in the Mueller Report were added in November 2017). While the wire fraud investigation might be tied to Stone’s own disinformation on social media, the rest all stems from the charges eventually filed against the GRU in July 2018. Those same charges remained in Stone’s affidavits through 2018 (though did not appear in the early 2019 warrants used to search his houses and devices).

Mueller charged Unit 74455 officers for “assisting” in the DNC leak, without describing whom they assisted

Given the overlap on charges between those for which Mueller investigated Stone and those that appeared in the indictment, the treatment of the information operation in the GRU indictment — particularly when compared with the WADA indictment — is of particular interest. In both cases, the indictment described the InfoOps side to be conducted by Russian military intelligence GRU Unit 74455, as distinct from Unit 26165, which did most (but not all, in the case of the election operation) of the hacking.

In the WADA indictment, none of the personnel involved in the hack-and-leak at Unit 74455 are named or charged. Instead the indictment explains that, “these [Fancy Bears Hack Team social media accounts] were acquired and maintained by GRU Unit 74455.” Later, the indictment describes these accounts as being “managed, at least in part, by conspirators in GRU 74455,” notably allowing for the possibility that someone else may have been involved as well. The actions associated with that infrastructure are generally described in the passive voice: “were registered,” “were released” (several times). For other actions, the personas were the subject of the action: “”@fancybears and @fancybearHT Twitter accounts sent direct messages…”

The Mueller indictment, however, names three Unit 74455 officers: It charges Aleksandr Osadchuk and Anatoliy Kovalev in the hack of the election infrastructure (Kovalev got charged in the recent GRU indictment covering the Seoul Olympics and NotPetya, as well).

And it charges Osadchuk and the improbably named Aleksey Potemkin in the hack-and-leak conspiracy. The Mueller indictment describes that those two Unit 74455 officers set up the infrastructure for the leaking part of the operation. Significantly, it describes that these officers “assisted” in the release of the stolen documents.

Unit 74455 assisted in the release of stolen documents through the DCLeaks and Guccifer 2.0 personas, the promotion of those releases, and the publication of anti-Clinton content on social media accounts operated by the GRU.

[snip]

Infrastructure and social media accounts administered by POTEMKIN’s department were used, among other things, to assist in the release of stolen documents through the DCLeaks and Guccifer 2.0 personas.

The indictment doesn’t describe whom these officers assisted in releasing the documents.

Unlike the WADA indictment, the Mueller indictment also includes specific details proving that GRU did control the social media infrastructure. It describes how the conspirators used the same cryptocurrency account to register “dcleaks.com” as they used in the spear-phishing operation, and the same email used to register the server was also used in the spear-phishing effort.

The funds used to pay for the dcleaks.com domain originated from an account at an online cryptocurrency service that the Conspirators also used to fund the lease of a virtual private server registered with the operational email account [email protected] The dirbinsaabol email account was also used to register the john356gh URL-shortening account used by LUKASHEV to spearphish the Clinton Campaign chairman and other campaign-related individuals.

[snip]

For example, between on or about March 14, 2016 and April 28, 2016, the Conspirators used the same pool of bitcoin funds to purchase a virtual private network (“VPN”) account and to lease a server in Malaysia. In or around June 2016, the Conspirators used the Malaysian server to host the dcleaks.com website. On or about July 6, 2016, the Conspirators used the VPN to log into the @Guccifer_2 Twitter account. The Conspirators opened that VPN account from the same server that was also used to register malicious domains for the hacking of the DCCC and DNC networks.

(Note, this is some of the evidence collected via subpoenas to tech companies that the denialists ignore when they claim that CrowdStrike was the only entity to attribute the effort to Russia.)

The Mueller indictment describes how Potemkin controlled the computers used to launch the dcleaks Facebook account.

On or about June 8, 2016, and at approximately the same time that the dcleaks.com website was launched, the Conspirators created a DCLeaks Facebook page using a preexisting social media account under the fictitious name “Alice Donovan.” In addition to the DCLeaks Facebook page, the Conspirators used other social media accounts in the names of fictitious U.S. persons such as “Jason Scott” and “Richard Gingrey” to promote the DCLeaks website. The Conspirators accessed these accounts from computers managed by POTEMKIN and his co-conspirators.

Finally, there’s the most compelling evidence, that some conspirators logged into a Unit 74455-controlled server in Moscow hours before the initial Guccifer 2.0 post went up and searched for the phrases that would be used in the first post.

On or about June 15, 2016, the Conspirators logged into a Moscow-based server used and managed by Unit 74455 and, between 4:19 PM and 4:56 PM Moscow Standard Time, searched for certain words and phrases, including:

Search Term(s)

“some hundred sheets”

“some hundreds of sheets”

dcleaks

illuminati

широко известный перевод [widely known translation]

“worldwide known”

“think twice about”

“company’s competence”

Later that day, at 7:02 PM Moscow Standard Time, the online persona Guccifer 2.0 published its first post on a blog site created through WordPress. Titled “DNC’s servers hacked by a lone hacker,” the post used numerous English words and phrases that the Conspirators had searched for earlier that day (bolded below):

Worldwide known cyber security company [Company 1] announced that the Democratic National Committee (DNC) servers had been hacked by “sophisticated” hacker groups.

I’m very pleased the company appreciated my skills so highly))) [. . .]

Here are just a few docs from many thousands I extracted when hacking into DNC’s network. [. . .]

Some hundred sheets! This’s a serious case, isn’t it? [. . .] I guess [Company 1] customers should think twice about company’s competence.

F[***] the Illuminati and their conspiracies!!!!!!!!! F[***] [Company 1]!!!!!!!!! [emphasis original]

Remember: in the weeks after DOJ released this indictment, Mueller’s team took steps to try to obtain proof of whether Roger Stone was the person in Florida searching on Guccifer’s moniker on June 15, 2016, before the initial post was published. If Stone did learn about this effort in advance, it would suggest he learned about Guccifer 2.0 operation around the same time as someone was searching on these phrases in a GRU server located in Moscow. It would mean Stone learned about the upcoming Guccifer post in the same timeframe as these GRU officers were reviewing it.

It’s not really clear what was going on here. The assumption has always been that GRU officers were looking for translations into English from a post they drafted in Russian, even though the quotation marks suggests the Russian officers were searching on English phrases.

The one exception to that seems to confirm that. Those conducting these searches appear to have searched on a Russian phrase, a phrase they would have easily understood.

широко известный перевод

Moreover, it would take a shitty-ass translation application to come up with the stilted English used in the post. Plus, “illuminati,” at least, is an easily recognized cognate, even for someone (me!) whose Russian is surely worse than the English of any one of these Russian intelligence officers.

Still, proof of this  activity — obtained via undescribed means — clearly ties the Guccifer operation to the GRU. It’s just not clear what to make of it. And the possibility that there’s an American component to the Guccifer 2.0 operation — whether “Phil” or someone else — one that may have alerted Stone to what was going on, provides explanations other than straight up translation. Indeed, it may be that GRU officers were approving the content that someone else wrote, originally in English. Which might also explain why Stone may have known about it in advance.

Whatever else, the GRU indictment only claims that these GRU officers “assisted” this effort. It doesn’t claim they wrote this post.

The Stone-adjacent Guccifer 2.0 activity

One other detail of Mueller’s GRU indictment of interest pertains to which Stone-adjacent activity it chose to highlight.

Stone had first made his DMs with Guccifer 2.0 public himself, in March 2017. They were covered in his House Intelligence Committee testimony. But when Mueller included them in the GRU indictment, Stone first denied, and then sort of conceded the reference to them might be him.  His initial denial was an attempt to deny he had spoken with people in the campaign other than Trump himself, even though he had released the communications himself over a year earlier.

Remember — Mueller was still weighing whether Stone was criminally involved in this conspiracy when Stone issued the initial denial!

But that’s not the most interesting detail of the part of the indictment that lays out with whom Guccifer 2.0 shared stolen documents (even ignoring one or two tidbits I’m still working on).

Mueller’s GRU indictment included — along with the reference to the Roger Stone DMs they still hadn’t determined whether reflected part of a criminal conspiracy or not — the Lee Stranahan exchange with Guccifer 2.0 that ended in Stranahan, a Breitbart employee who would later move to Sputnik, obtaining early copies of a document purportedly about Black Lives Matter.

On or about August 22, 2016, the Conspirators, posing as Guccifer 2.0, sent a reporter stolen documents pertaining to the Black Lives Matter movement. The reporter responded by discussing when to release the documents and offering to write an article about their release.

These Stranahan exchanges are really worth attention, not just for the way they prove that Stone-adjacent people got early releases on request (which, lots of evidence suggests, also happened with Stone with respect to the Podesta files pertaining to Joule Holdings), but also for the way Guccifer 2.0 ignored Stranahan’s claim in early August 2016 to have convinced Stone that Guccifer 2.0 was not Russian.

Note what this indictment didn’t mention, though: Guccifer 2.0’s outreach to Alex Jones (about whom, unlike Stranahan, the FBI questioned Andrew Miller).

As I’ve pointed out, in the SSCI Report, there’s a long section on Jones that remains almost entirely redacted. Citing to five pages of a report the title of which is also redacted, the four paragraphs appear between the discussions of Guccifer 2.0’s outreach to then-InfoWars affiliate Roger Stone and Guccifer 2.0 and dcleaks’ communication with each other.

According to Thomas Rid’s book, Active Measures, both dcleaks and Guccifer 2.0 tried to reach out to Jones on October 18, 2016.

On October 18, for example, as the election campaign was white hot and during the daily onslaught of Podesta leaks, both GRU fronts attempted to reach out to Alex Jones, a then-prominent conspiracy theorist who ran a far-right media organization called Infowars. The fronts contacted two reporters at Infowars, offered exclusive material, and asked to be put in touch with the boss directly. One of the reporters was Mikael Thalen, who then covered computer security. First it was DCleaks that contacted Thalen. Then, the following day, Guccifer 2.0 contacted him in a similar fashion. Thalen, however, saw through the ruse and was determined not to “become a pawn” of the Russian disinformation operation; after all, he worked at Infowars. So Thalen waited until his boss was live on a show and distracted, then proceeded to impersonate Jones vis-à-vis the Russian intelligence fronts.23

“Hey, Alex here. What can I do for you?” the faux Alex Jones privately messaged to the faux Guccifer 2.0 on Twitter, later on October 18.

“hi,” the Guccifer 2.0 account responded, “how r u?”

“Good. Just in between breaks on the show,” said the Jones account. “did u see my last twit about taxes?”

Thalen, pretending to be Jones, said he didn’t, and kept responses short. The officers manning the Guccifer 2.0 account, meanwhile, displayed how bad they were at media outreach work, and consequently how much value Julian Assange added to their campaign. “do u remember story about manafort?” they asked Jones in butchered English, referring to Paul Manafort, Donald Trump’s former campaign manager. But Thalen no longer responded. “dems prepared to attack him earlier. I found out it from the docs. is it interesting for u?”24

Rid describes just one of two outreaches to Jones (through his IC sources, he may know of the report the SSCI relies on). But a key detail is that this outreach used as entrée some stolen documents from May 2016 showing that the Democrats were doing basic campaign research on Trump’s financials. It then purports to offer “Alex Jones” information on early Democratic attacks on Paul Manafort’s substantial Ukrainian graft, possibly part of the larger GRU effort to claim that Ukraine had planned an election year attack on Trump.

That is, unlike Stranahan’s request for advance documents, this discussion intended for “Alex Jones,” ties directly to Stone’s efforts to optimize the Podesta release. And it’s something that some entity prevented SSCI from publishing.

It’s also something Mueller’s team left out of an indictment aiming to lay out the hack-and-leak case before they might get fired, but in such a way as to hide the then-current state of the investigation from Roger Stone.

There were actually a number of Stone-adjacent associates in contact with GRU’s personas. And as recently as just a few months ago, the government wanted to hide the nature of those ties.

Palace Intrigue: Trump Prepares His Consolation Prize for Vladimir Putin

In the last two days, Trump has prepared a coup of sorts. First, he fired Mike Esper and replaced him with Christopher Miller; several of Esper’s top deputies went with him. Then, Trump installed three different Devin Nunes flunkies at several places in the DOD bureaucracy:

  • Mike Ellis — the guy who hid the Ukraine transcript and one source for the unmasking hoax — to NSA as General Counsel
  • Ezra Cohen-Watnick — a key Mike Flynn loyalist and another source for the unmasking hoax — to DOD Undersecretary of Intelligence
  • Kash Patel — who ensured that no HPSCI Republicans got sound intelligence during their Russian investigation, then pretended to be a Ukraine expert during impeachment, and then served to conduct a purge in the Office of Director of National Intelligence — to DOD Chief of Staff

To be clear, unlike these others, Christopher Miller, the Acting Secretary of Defense, reportedly does care about US security, even if he’s several ranks too junior for the job and got appointed over a Senate confirmed Deputy.

But the Nunes flunkies are there, serving as gate-keepers for the hoaxes favored by Trump and Nunes, as they have done so successfully throughout Trump’s term.

Spook-whisperer David Ignatius reports that these changes come amidst a sustained debate about what to do with a piece of likely Russian disinformation that — Trump and feeble-minded partisans like Lindsey Graham believe — will prove that Russia didn’t prefer Trump over Hillary.

President Trump’s senior military and intelligence officials have been warning him strongly against declassifying information about Russia that his advisers say would compromise sensitive collection methods and anger key allies.

An intense battle over this issue has raged within the administration in the days before and after the Nov. 3 presidential election. Trump and his allies want the information public because they believe it would rebut claims that Russian President Vladimir Putin supported Trump in 2016. That may sound like ancient history, but for Trump it remains ground zero — the moment when his political problems began.

CIA Director Gina Haspel last month argued strongly at a White House meeting against disclosing the information, because she believed that doing so would violate her pledge to protect sources and methods, a senior congressional source said. This official said a bipartisan group of Republican and Democratic senators has been trying to protect Haspel, though some fear that Trump may yet oust her.

Rumors have been flying this week about Haspel’s tenure, but a source familiar with her standing as CIA director said Tuesday that national security adviser Robert C. O’Brien and White House Chief of Staff Mark Meadows had both “assured her that she’s good,” meaning she wouldn’t be removed. Haspel also met personally with Senate Majority Leader Mitch McConnell (R-Ky.) Tuesday. She sees him regularly as a member of the “Gang of Eight” senior congressional leaders. But Tuesday’s visit was another sign of GOP support.

Haspel’s most unlikely defender has been Attorney General William P. Barr, who opposed a pre-election push to declassify the sensitive material, according to three current and former officials. At a showdown meeting at the White House, Barr pushed back against revealing the secret information.

Gen. Paul Nakasone, who heads U.S. Cyber Command and the National Security Agency, has also argued vehemently against disclosure, according to a senior defense official and the senior congressional source. Like Haspel, Nakasone took the unusual step of directly opposing White House efforts to release the intelligence, because he feared the damage that disclosure would cause.

With the new changes, General Nakasone reports through Cohen-Watnick and Patel and will have to rely on the legal “advice” of Ellis. So not only does this move put more senior votes in favor of declassifying this intelligence, but it puts them in places where Nakasone might be forced to accede to these demands.

Reporting suggests that Trump is seeking to make the full intelligence behind the reports described here available. Fundamentally, the intelligence shows that the US government obtained a Russian intelligence report that stated in late July 2016 — John Ratcliffe says it was July 26 but by handwriting it appears to be July 28 — Hillary approved of a plan to vilify Trump for his dalliance with Russian intelligence.

Already, this is a stupid hoax from the Republicans. It is public that, in the wake of the DNC release on July 22 — and particularly after Trump’s “Russia are you listening” comment on July 27 — Hillary started focusing on Trump’s coziness with Russia. In other words, the crack Russian analysts would have to do no more than read the paper to come to this conclusion. Nor would there be anything scandalous about Hillary trying to hold Trump accountable for capitalizing on an attack on her by a hostile foreign country.

I think Republicans are trying to suggest — by altering a date (July 26 instead of July 28) again and breathing heavy — that former government official Hillary Clinton was the reason why the FBI opened an investigation into Trump, rather than the Australians informing the US about Coffee Boy George Papadopoulos bragging about Russia offering help back in May. There’s not a shred of evidence for it, of course, but that has never stopped the frothy right.

The far more interesting part of this intelligence comes in the report that Peter Strzok wrote up, which is dated September 7. It makes it clear that Hillary’s alleged attack pertained to Russian hackers, notably Guccifer 2.0.

So a Russian intelligence report the US stole from Russia in late July 2016 claimed that, on July 26 0r 28, Hillary approved an attack on Trump pertaining to having help from Russian hackers, a report that did not get formally shared with the FBI until September 7. And either the report itself or FBI’s interpretation of it focuses on Guccifer 2.0.

Somehow this is the smoking gun — that over a month after opening up Crossfire Hurricane the FBI started investigating a claim that, starting on July 26 or 28, Hillary thought Trump was cuddling up with Russian hackers, interpreted by someone to be Guccifer 2.0 — the FBI learned that fact.

When I first wrote this up, I hadn’t started my Rashomon Rat-Fucker series, to say nothing of my report to the FBI that an American I knew may have served as an American cut-out for the Guccifer 2.0 operation (I’m jumping ahead of myself, but I’m certain the FBI investigated that claim for at least a year). At the time, I focused on how prescient the frothers were making Hillary look for anticipating that Roger Stone would first start doing propaganda for Guccifer 2.0 on August 5; best case for the frothers in this situation is that Stone somehow learned of the Russian report before the FBI did.

But now that I’ve written those posts, it’s clear that not only did the FBI have strong circumstantial evidence that Stone knew of the Guccifer 2.0 operation even before the first Guccifer 2.0 post, because he was searching for it on June 15 before the WordPress site went public, but that Stone probably had a face-to-face meeting with someone at the RNC from whom he got advance notice of the DNC drop.

In July 2016, this report is only mildly interesting, amounting to showing that the Russians read the newspaper like everyone else.

In 2020, after details from the Mueller investigation have become public, the Russian report makes far more sense as deliberate disinformation, an attempt to turn a direct contact with Stone into a hoax about Hillary.

Which makes Trump’s apparent determination to liberate this document all the more telling. It suggests that he wants to make public something, anything, he can use to counter what will be very damning allegations when this all becomes clear.

And, given how shoddy the actual intelligence itself is (at best showing that Russian intelligence officers read public sources and more credibly showing that Russia was building plausible deniability for contacts with Roger Stone in real time), Trump’s insistence on it, whether intentional or not, would serve to blow highly sensitive collection for a third-rate hoax.

I can see why Trump would prioritize this intelligence on his way out that the door. It comes at a time when he can be easily manipulated to burn the IC in ways that can only serve Russian interests.

In other words, one of Trump’s top priorities for the Lame Duck period is to give Vladimir Putin a consolation prize.

“Show Me the Metadata:” A Forensic Tie Between Shadow Brokers and Guccifer 2.0

On October 16, 2017, some of the last words the persona Shadow Brokers (TSB) ever wrote hailed my journalism.

TSB special shouts outs to Marcy “EmptyWheel” Wheeler, is being what true journalist and journalism is looking like thepeoples!

TheShadowBrokers, brokers of shadows.

As I noted at the time, I really didn’t need or appreciate the shout-out. I wrote a serious post analyzing that TSB post, but mostly I was trying to tell TSB to fuck off and leave me alone.

That was months after I told the FBI that I thought that someone I knew, whom I will refer by the pseudonym “Phil,” might be the voice of TSB, and less than a week after I got a Psycho-themed threat I deemed worthy of calling the cops.

As I laid out here, I told the FBI that months before Phil had left a comment on my site on July 28, 2016, signed [email protected], he had done some paranoid things starting on June 14, 2016, including making multiple references to ties he claimed to have with Russia. He then attended a Trump rally on August 13, 2016, taking pictures he would later suggest were really sensitive.

In addition to my suspicions about Guccifer 2.0, I also told the FBI that I suspected Phil was part of the operation that had been dumping NSA exploits and other records on the Internet starting in August 2016.

Unlike with Guccifer 2.0, Phil never signed a comment at the site under the name TSB — though on September 21, 2017, someone left a comment asking for my opinion about the ways the government was pursuing TSB.

‘Merican

September 21, 2017 at 1:58 am

Is what you say easier get FISA than Criminal warrant or FISA keep secret from rest of government, but Criminal warrant maybe not? FBI is not intelligence agency is law enforcement agency why have access FISA? You write many articles about the shadow brokers, what you think FISA or Criminal for the shadow brokers? You thinking anyone in US government is looking for the shadow brokers? US government not even say name “name that shall never be spoken”. What is best way discover national security letter sent to your service provider? …asking for a friend!

I thought Phil might be TSB, in part, because Phil had said almost identical things to me in private that TSB said publicly months later. There were other things in TSB’s writing that resonated with stuff I knew about Phil. And while Phil and I never (as far as I recall) talked about TSB, at least once he did say some other things that went a long way to convincing me he could be TSB; I thought he was seeking my approval for what TSB was doing, approval I was unwilling to give.

There are, however, public exchanges between the persona TSB and me, in addition to that shout out in what turned out to be TSB’s swan song.

For example, after I wrote a post on January 5, 2017 wondering why the government hadn’t included TSB in any of its discussions of election year hacking, TSB tweeted to me, complaining that I had described TSB as “bitching” about the coverage, rather than calling it “trolling.” (Note, the language in these screen caps reflects the language used by the people who first archived these tweets, so don’t go nuts about the Russian.)

TSB then RTed my article, suggesting other outlets were complicit for not asking the same questions.

The first tweet, at least, didn’t adopt the fake Borat voice that TSB used to mask a very fluent English, though I think there were some other tweets TSB sent that day where that may be true as well. In neither of these tweets did TSB mock me for misspelling “Whither” (the post’s title originally spelled it “Wither”); that’s a bit odd, because TSB rarely passed up any opportunity to be an asshole on Twitter.

Then, on July 18, 2018, after I had revealed I had shared information with the FBI, someone started a Twitter account under the name LexingtonAl that ultimately claimed to be — and was largely viewed as, by those who followed it — TSB (the persona deleted most tweets in February 2019, but many are saved here). Starting in December 2018, Lex and I had several exchanges about what TSB had actually done. 

Here’s my side of one from that month where I pointed out a problem with Lex’s claim that TSB consisted of just three contractors who leaked the files to reveal US complicity with tech companies to other Americans. The claim didn’t accord with having sent the files to WikiLeaks (as both WikiLeaks and TSB claimed in real time).

At the time, Lex went on an anti-Semitic rant about things he hated. Assuming that Lex is TSB (as he claimed), I got demoted from being TSB’s favorite journalist to third on the list of things Lex hated.

Note: when I interacted with Phil, he was never anti-Semitic (though he was a raging asshole when angry), but Lex was clearly even more disturbed than Phil was in the period when I interacted with him.

Then, in January, Lex bitched (again, in anti-Semitic terms) about a post I had done noting that, given Twitter’s poor security at the time, the Twitter DMs that Hal Martin allegedly sent Kaspersky might have served to frame him.

The post had noted that the early TSB posts — including a number sent after Martin was arrested — had relied on similar cultural allusions as the DMs sent from Martin’s Twitter account. Shortly thereafter the FBI arrested Martin in a guns-wagging raid on his home in Maryland. Per this Kim Zetter story, the Tweets had mentioned the 2016 version of Jason Bourne and Inception. I reiterated that on Twitter.

It was a factual observation supported by the content of the earlier TSB posts, not a comment about any spookiness behind the release of the files.

I asked why TSB was so defensive about having those cultural allusions called out.

Lex responded with another anti-Semitic rant.

I responded,

Finally, in February 2019, Lex invoked me — including that I had “had a breakdown and outed her source” — sort of out of the blue in the middle of what might be called his claimed doctrine behind the leaks.

I noted that if his claimed doctrinal explanation were true, then TSB would have done a victory lap (and stopped dropping files) when Microsoft President Brad Smith started advocating for a Digital Geneva Convention in February 2017, which would have brought about an end to the practice that, Lex claimed, was his reason for dumping the files.

Not only didn’t TSB mention that in real time (instead choosing to exacerbate the tensions between the US and Microsoft), but TSB kept dropping files for six months after that.

Lex responded with another attack.

I have far less evidence that I could share to prove that TSB or Lex are Phil. But little noticed in the midst of TSB’s widely-discussed obsession with Jake Williams, a former NSA hacker whom TSB probably tried to frame as the source of the files, TSB also had an obsession with me — and certainly took notice when I revealed that I had gone to the FBI.

All that said, virtually all of these communications post-dated the time when I went to the FBI.

I went to the FBI in the wake of the WannaCry attack. The attack, reportedly a North Korean effort to make use of the tools dropped by TSB that went haywire, ended up causing a global worm attack that shut down hospitals and caused hundreds of billions of dollars in damage. When I have alluded to the ongoing damage I was trying to prevent, that’s what I mean: the indiscriminate release of NSA exploits to the public which, in that case, literally shut down hospitals on the other side of the world. 

There’s no defense for that.

While I had been trying to find some way to share my concerns long before that, I may never have met directly with the FBI about any of my suspicions except for another detail: I learned that there was a forensic tie between the Guccifer 2.0 and TSB personas. While, at the time, I had moderate confidence about both my belief that Phil had a role in the Guccifer operation and moderate confidence that he was TSB, when I learned there was a forensic tie between the two of them, it increased my confidence in both. 

A strong caveat is in order: the forensic tie isn’t decisive; it could be insignificant, or untrue.

The forensic tie is that someone logged into one of the Guccifer 2.0 accounts — I think the WordPress account — using the same IP address as someone who logged into the early staging sites — either Pastebin or GitHub — for the TSB operation.

If someone using the same IP address accessed both sites — probably using a VPN — it could mean either that the same person was involved, or whoever staged these things was doing little to cover their tracks and outsiders were accessing their infrastructure. One of the people who told me about this forensic tie interpreted it as a deliberate attempt to tie the two operations together, sort of yanking the government’s chain.

I learned of this forensic tie from multiple people, all of whom are credible. That said, I can’t rule out that they learned it from the same person. No one has reported on this in the years since these operations, even though I’ve tried to get better sourced journalists to go chase it down. Indeed, I recently learned that a top outside expert on issues related to TSB did not know this forensic detail.

The FBI had to chase down a lot of weird forensic shit pertaining to these influence operations, because that’s how this kind of operation works. I have noted in the past, for example, that some script kiddies tried to hijack an early Guccifer 2.0 email account; that was investigated by a Philadelphia grand jury in spring of 2017. So this forensic tidbit could be similarly unrelated to the people behind the operation.

So I don’t want to oversell this forensic tie. I do want to encourage others to try to chase it down. 

But it was something that significantly influenced my understanding of all this in 2017, when files released by TSB had just caused the worst damage of any cyber attack in history, to date.

When I mentioned the forensic tie during my FBI interview, the lead agent responded that they couldn’t confirm or deny anything during the interview. I wasn’t there to get confirmation.

Still, if it’s true — given what we’ve learned since about the Guccifer 2.0 operation — it is hugely significant.

TSB started staging its release — per this really helpful SwitHak timeline — on July 25, the same day Trump directed people to get Roger Stone to chase down the next WikiLeaks releases. The first files were encrypted on August 1, after Stone had already pitched Paul Manafort on a way to “save Trump’s ass.” TSB loaded the NSA files on GitHub just after Stone published a piece suggesting that Guccifer 2.0, and not Russia, had hacked the DNC. TSB went live overnight on August 12-13, not long after Guccifer 2.0 publicly tweeted to Stone, “Thanks that u believe in the real #Guccifer2.” WikiLeaks publicized the effort on August 15, after some private back and forth between Guccifer 2.0 and Stone, including Guccifer 2.0’s question, “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?” And, per the SSCI analysis and my own, WikiLeaks helped to boost TSB the same day Jerome Corsi may have started giving Roger Stone advance information about the content of the John Podesta emails that wouldn’t be dropped for another two months (SSCI appears not to have considered, much less concluded, that Guccifer 2.0 might be Stone’s source).

If the forensic tie between Guccifer 2.0 and TSB is real, it means that during precisely the same period when Roger Stone was desperately trying to optimize the release of the John Podesta files to save his buddies Paul Manafort and Donald Trump, related actor TSB was beginning a year-long effort to burn the NSA to the ground.

(Part of) What I Shared with the FBI

On July 28, 2016, something happened that would eventually lead me to the FBI.

I’m going to explain part of that story now. I’m explaining it for several reasons. I had promised myself I wouldn’t let another election pass without sharing what happened. Even now, I can’t entirely make sense of it — that was part of the point, confusion. But the release of documents in the wake of the Mueller investigation has provided a great number of public details (some of which I laid out in my Rat-Fucker Rashomon series) with which this story might be consistent. I can’t prove that this story explains the unanswered questions about the Roger Stone story (and Bill Barr’s intervention in the Stone sentencing seems to have shut down some parts of any ongoing investigation to do so). But at least I can share details that may provide an explanation.

It started with a several-day dispute about attribution, starting on July 26, 2016, which included discussions about Guccifer and Crowdstrike. A guy I will refer to by the pseudonym Phil and I were texting on Signal debating that attribution. On the 27th, Phil disputed the Crowdstrike report that APT 28, which had done the hack, was GRU, “Russia didn’t write this APT damnit.”

I told him, vaguely, that I knew that entities external to both the DNC and Crowdstrike had evidence confirming the GRU attribution. I had a well-placed source who knew Phil was wrong. He seemed not only sure he could convince me otherwise, but intent on learning what I knew, which I didn’t share.

The next day, July 28, 2016, Phil made up an excuse for wanting me to tell him what his IP address was–it was a bullshit excuse and doesn’t matter for the purpose of this story. “Can you see an ip on your website,” he asked. “Yeah I can get logs.” I said, “Easiest obviously is fr a comment.” (I was wrong about my ability to see the IP address, and he may have known that, because he had been testing how requests to my site worked for months.) “Now,” he said, as he left a comment. 

I forgot about the request until the next day, July 29, when another of the people who can approve first-time comments at the site emailed me with the comment, which had been posted moments after he had told me, “Now.” “I debated about approving that comment by icelanderia in DNC Hack sourcing post,” the person said. “But didn’t because of the email addy attached to it.” To readers of the public site, the comment read, “Just one phrase. Show me the metadata.” It was signed “Icelanderia.” Visible only to those of us with backstage access, however, it was signed [email protected]

Much later, Phil told me he liked leaving comments at my site as a, “Great outlet to talk to my usg pals.” Until late 2017, we kept getting comments at the site which were consistent with disinformation deliberately left in the first Guccifer 2.0 releases, but which might or might not have been him.

But I knew that first one, [email protected] was Phil, purportedly left to find out what IP address his comments would show up as. He never did follow up to ask me whether I could see his IP address. And so I was left trying to figure out why the hell he signed a comment with the name of the persona who was trying to obfuscate what really happened with the DNC hack.

Normally, I don’t think twice about comments left at my site under obviously fake names. Lots of people choose not to use their real email addresses when leaving comments at this site. Unsurprisingly, we’ve had a ton of comments claiming to use NSA email addresses. And from time to time — though, given how chummy and long-established emptywheel’s comments section is and how closely we moderate obvious trolls, not all that often — people try to get funny with their log-in names. 

In this case I did take notice. I did so, partly, because of how he had left it, giving me a heads up that it was him, but doing so in such a way that only I would know it was him (as noted, he never did ask me what IP he had come in under and, as I said, I was never able to determine that). But it also made me rethink stuff that had happened between us going back to fall 2015 and earlier, especially because of what had happened starting on June 14, 2016, the day that the Democrats publicly announced they had been hacked by the Russians, when he tried to get me to change my operational security even as he seemed to be debating about going forward with something, which he referred to in terms of “tapping out.”

On June 14, 2016, the same day the Washington Post reported that the DNC had been hacked by Russia, Phil called me up and asked me to delete notes of conversations we had had going back to December 2015, notes telling a story about his life and motivations for being angry with the government that he had wanted me to tell after he died, which he claimed — starting in December 2015 — was going to be imminent. The next day, he claimed he believed he was being investigated by the FBI for the way he had narced out some people in April, which was his explanation for escalating levels of paranoia. That same day, he asked me to shift our comms to the Silent Circle text service, which would have put the texts beyond the reach of US law enforcement. This was at least the fourth effort he had made to shift to more secure comms than Signal and PGP email with me, including a highly inappropriate suggestion earlier that spring; each time, including this one, I blew off the request, because I didn’t believe these conversations were that sensitive or interesting. 

Starting at 3:12PM on June 21, the weirdness resumed. He asked me to change my PGP key, inventing a bullshit excuse, while explaining he was flipping his own keys. He showed me a traceroute on my site he had done, reflecting my recent addition of Cloudflare to protect the site (he had concocted an earlier traceroute in May 2016 that–I’m certain–was designed to make me paranoid). He advised me that when using a VPN, one should always choose a Swiss or even a Russian server. He told me he worked for a company owned by FSB’s founding fathers. 

Around 8:12PM on June 21, he claimed, “I am getting DDOSed like a motherfucker–is it you or ‘Gucifer’?” 

As far as I knew, he had no website to be DDOSed. As he surely knew, I didn’t have the capability to DDOS anything. It was just word salad invoking the newly unveiled GRU persona, but amid the other weirdness I didn’t make too much of it.

He then called me and repeated much of the story he had told me over the past six months, the story the notes of which he had, just a week earlier, asked me to destroy. In that retelling of the story, he would include several details about Russia (on top of the FSB founding fathers comment). He described a meeting he attended months before, overseas, one that (he claimed) members of Russian intelligence had also attended, where he had been physically beat up. Before that June 21 conversation, he had told me a version of that overseas meeting story at least 6 times, including telling me about the meeting in real time (in just two of those tellings do I remember him mentioning Russian intelligence, and precisely who in Russian intelligence he said attended was inconsistent). I’m not attesting that his claims about the meeting were true, I’m describing that he kept telling me about the meeting over the course of more than six months. 

Another detail in that June 21 conversation was the way he insisted to me, as he had at least once before June 14, almost plaintively, that he hates Russia. Phil told me that two of his most cherished possessions were trophies from interactions with Russia. At the time, I didn’t understand why he felt it was so urgent to convince me he really did hate Russia, but after the fact it seemed to be an effort to excuse himself, like emphasizing that he had been physically beaten.

There was a third story, too, another story about an interaction with Russia more alarming than the others, another one he had told me once prior to June 14. The story involved a moment when Russians held “a gun to [his] head.” I believe the story, as he told it to me, was a well-rehearsed lie, one he had told others. But if the lie served to explain away something else, it would be the kind of thing that might mean his comment might not be a joke, that he might have a role in the Guccifer 2.0 operation. 

In June, this felt somewhat stalkerish. I still had no idea why he was telling me this, aside from the fact he wanted me to tell the story of his grievances with the government, but he was also in a bad place and I was trying to make sense of it. The next day, June 22, between 12 and 5PM ET, we spoke again on and off. When I suggested I might be under surveillance to see how he’d react, he said there were no rules, saying that no one could back out of a deal (I had no idea what deal he was talking about). “360 degress of no rules, tap out is not an option unless (Apparently) you are a politician. But even then…”

The next day, June 23, just after 5PM, he told me he had been contemplating a line from a Cormac McCarthy screenplay: “The world in which you seek to undo the mistakes that you make, is different from the world where the mistakes were made.” He added, within that same hour, “I’m done. I don’t re-decide.” Phil was, obviously, a mess, but he was also done talking about ways out of whatever mess he was in. 

I broke off communication at that point for a period, but a week later, at 6:51PM on June 30, he was back. He told me he had “unfucked his problems.”

As weird as all this was, in those days in June, I was just observing, trying to figure out what had caused the sudden bout of paranoia, and honestly trying to figure out what he wanted out of me. I sure as hell didn’t think, at the time, there was a tie between all that and the DNC hack (remember, he was claiming — probably another lie — that the FBI was investigating him, which I assumed was what all the weirdness was about). 

But when I remembered all this on July 29, it made me reconsider whether there was a tie. As I’ve alluded to publicly in the past, it is why I spent six months on my part to test the Russian attribution for myself, to decide for myself whether the IC and Crowdstrike, along with people in tech companies and individuals who fought this hack personally with whom I’d spoken — were correct, that it had been the Russians, or whether what I took to be Phil’s suggestion that he or people he knew, without the Russians, may have been involved. Absent such an effort, I assume that certain other people who’ve interacted with Phil have, instead, taken the existence of an American body claiming to have been involved as enough to deny Russian involvement. That may be what happened with Roger Stone.

Once I was convinced about the Russian attribution in December 2016 and given a growing certainty I couldn’t test key parts of this story myself, I began to consider sharing it with the government in a way that protected both my identity and Phil’s. 

As I noted in the title, these events were just one part of the reason I went to the FBI in 2017, and not actually the most urgent reason at the time, nor the one I had most confidence in. There’s another part of the election year attack — one few people know is related — that I believed (and still believe) he may have had a role in, too. Those other parts of this story were, in 2017, an escalating, ongoing threat, which is part of why I ultimately chose to meet with two FBI cyber agents and a prosecutor from DOJ’s National Security Division, to stop ongoing damage if I was right. 

Now, four years later, it’s clear the details Phil shared with me in 2016 might be consistent with several details discovered in the Roger Stone investigation. Indeed, starting in August 2018, Mueller’s team appears to have investigated whether Stone had been co-present, in the US, with someone involved in this operation, and they also appear to have confirmed, after the Mueller team shut down, that Stone met with someone face-to-face at the RNC who gave Stone advance warning of the DNC drop. On July 15, 2016, Phil described to me flying east from the West Coast. 

More interesting still is the way that Phil’s activities over a key weekend in August 2016 overlap with Roger Stone’s. I won’t yet lay out how this timeline looks (I’ll return to it). For now, compare the one I did in this post to the timeline I lay out here. 

On August 12, 2016, the night that Guccifer 2.0 released DCCC documents the timing of which Jerome Corsi had predicted, Phil texted me at 11:32PM and told me he was thinking of going to the Trump rally that was scheduled — inexplicably, from a campaign strategy standpoint — in Roger Stone and Paul Manafort’s home state of Connecticut the next day. “Should I stay or should I go…” he said, but he already had a ticket. At 9:46 AM the next morning, he said it again. “Trump rally [in CT] tonight, thinking of swinging by.”

He did go, and made sure I had abundant contemporaneous record of it. At 4:21PM he told me he was close to the protest venue. At 4:33PM he told me he had put together an IMSI catcher for the event to track where the Secret Service had Stingrays.

Amid those texts, I told him that I had freed up the Guccifer comment at my site; I wanted to see how he’d react. “Haha-the mouthpiece,” he responded. “‘they’ are clueless as I’m fond of saying…” he added, which I took not only as confirmation that he did leave the comment, but also to mean that he believed the authorities misunderstood the Guccifer persona. 

It was an hour, though, before the calls started. From 5:57PM to 6:58PM, he kept calling me and sharing video of what he was doing at a protest close to the rally (as well as a screenshot of the IMSI catcher).

At the time, I thought he was hoping to film himself picking a confrontation with the cops that would go viral. I thought it was really stupid and started ignoring his calls. It was actually years before I reviewed all these videos. When I did, I realized that he was not interacting with any of the protestors. He was, instead, just badgering the cops, in really controlled fashion. He was filming the confrontations so as to catch their name badges. And then, each of several times he did this, he would back off and thank the cops for what they were doing. Those interactions would have left a handful of cops, whose names I’d have, who would have remembered him as the obnoxious guy at an event protesting Donald Trump. 

At 9:59PM, he told me the rally itself was done, he was not in jail, and his phone was intact. He showed me a document that he had picked up at the rally.

The next morning, August 14, at 7:22AM, he texted me a picture to let me know he was in NYC. That was the day Jerome Corsi claims he started a file named “Podesta,” that would eventually become posts that integrated documents publicly released in October. 

Again, I didn’t make much of this, as I didn’t make much of earlier events. 

Except that just over a week later, as part of a conversation from 7:56 to 8:28PM on August 21 (and so hours after Stone’s famous “time in the barrel” comment), he emphasized to me that I was the only one whom he had sent videos from the August 13 protest. Then he said there were more. “I have like 20 more vids before and after no one gets,” he told me. Something was interesting enough, both from before and after he attended the protest of the Trump rally, that was not only worth filming, but that was more sensitive than these protest videos.

Even as Stone and the persona Guccifer 2.0 were chatting away on Twitter over the weekend of August 12, a guy who’d just covertly signed his name “Guccifer2” on my site was at the Trump rally, taking videos of … something.

 Not immediately, but over time, I’ve wondered what might be on those videos.

On January 1, 2017, in the wake of Trump boasting that, “I also know things that other people don’t know,” about the Russian hack, I did a post wondering if what Trump thought he knew was the same thing that Craig Murray believed — that there was an American involved in this operation. I wrote, “I have a suspicion that Trump’s campaign did meet with such a person (I even have a guess about when it would have happened).” I had the rally in mind. Within 30 minutes after I published the post, after having not spoken to me in weeks (he later told me he had been overseas), Phil called me, but hung up before we spoke. 

Indeed, events that the investigation have since made public — including the confirmation that Roger Stone set about getting Julian Assange a pardon no later than 7 days after Trump won the election — made me revisit additional texts from July 29, ones I hadn’t even paid attention to in real time. 

On July 29, 2016 — the same day I was trying to figure out why this guy had just made a big deal of signing a comment guccifer2 — we had another conversation, one I believed at the time was unrelated, a discussion about what motivated Julian Assange. Revenge, I argued: the guy hates Hillary, going back to 2010. “Yes” Phil conceded, “but he has a puppeteer too — IDK who and maybe it’s just $ but.” Again, I was sure this was “sheer retaliation for him.” “You might be right,” Phil responded, “but there’s a political or $ way to get him out — please don’t lose sight of that…” I still didn’t buy it, and asked again why. “B/C if ‘I’ wanted badly enough for him to release that data in a manner that benefitted me, I could get him out and he’s damn sure in prison — where people do desperate things.”

On that day in July 2016, no one in public knew there’d be a second dump. Certainly, no one knew that, on that day and the next, Roger Stone was in conversations with Trump’s campaign manager planning how to optimize the next dump. “Good shit happening,” Stone told Manafort just over an hour before this exchange, before the old friends spent 67 minutes on the phone together on July 30, their longest conversation of the year. No one knew that Stone would turn immediately to getting Assange out of the Embassy at least as early as November 15, probably even before. 

But Phil, who had just made sure I knew he signed a comment Guccifer2, seemed to be sure of it before it all started. 

Rat-Fucker Rashomon: Guccifer 2.0 the Go-Between

Fresh off the weekend of Roger Stone’s trial, prosecutors got Rick Gates to testify, and then called former FBI Agent Michelle Taylor back on the stand. Ostensibly, they needed to call Taylor to introduce a transcript of a scene from Godfather II that Stone kept using to try to convince Randy Credico to lie to the House Intelligence Committee, something that the two sides had been debating throughout the first week of the trial.

But the first thing prosecutors did when they got their FBI witness back on the stand was to bring Guccifer 2.0 into it.

Q. When you first testified last week, do you remember testifying about the release of some emails of the Democratic National Committee by an organization called WikiLeaks on July 22nd, 2016?

A. Yes, I do.

Q. What was the name of the online persona or figure who took credit for hacking or obtaining those documents from the Democratic National Committee?

A. Guccifer 2.0.

Q. During Mr. Stone’s testimony before the House Intelligence Committee, was he asked about that persona, Guccifer 2.0, and that alleged hack?

A. Yes, he was.

MR. ZELINSKY: I would like to publish now, please, for the witness and the jury, what’s been admitted as Government’s Exhibit 1. This is page 28 of Government’s Exhibit 1.

BY MR. ZELINSKY: Q. Ms. Taylor, I want to direct your attention to the portion of — oh, and, Ms. Taylor, just to remind the jury, what is Government’s Exhibit 1?

A. This is a transcript of Mr. Stone’s testimony before HPSCI.

Q. I’ve put on the screen in front of you page 28 of the transcript. Can you read for us, please, the question and answer that I have highlighted there?

A. “MR. SWALWELL: In 2016, August of 2016, you and the American public are aware, from press reporting, that Russia is accused of hacking democratic emails, is that — “MR. STONE. Yes.”

Q. I want to direct your attention now to page 29, the next page of the same exhibit. Can you read, please, the question and answer that I’ve highlighted on page 29 of Government’s Exhibit 1, the transcript?

A. “MR. SWALWELL: It took me a while, too. “Were you aware when you wrote that article, the Breitbart one, that Guccifer 2.0 was assessed by the Intelligence Community as a cutout for the Russian intelligence services? “MR. STONE: I was aware of that claim, but I don’t subscribe to it. There’s a substantial amount of information you can find online that questions that. I realize it’s an assertion, but as I said in my statement, our intelligence agencies are often wrong.”

Q. Finally, Ms. Taylor, I would like to direct your attention to page 113, bottom of 113 to the top of 114 of the same exhibit, the transcript. First, can you read for us, please, the question that starts at the bottom of page 113 of the transcript?

A. “MR. SCHIFF: Mr. Stone, you’ve acknowledged that it’s the conclusion of the intelligence community that Guccifer 2 is a cutout of the Russian intelligence agencies.”

Q. And Mr. Stone’s response?

A. “MR. STONE: They have said that, yes.”

Mind you, Guccifer 2.0 had been mentioned earlier in the trial, as when Taylor read off HPSCI communications with Stone or Randy Credico’s texts with Stone mentioning the persona, as well as legal debates outside the presence of the jury. Prosecutors also had Taylor present two Guccifer 2.0 posts that were published on the same days as calls involving Stone, June 15 and June 30, in the latter case, a call to Trump.

Q. Can you please read for us the first two sentences of the Guccifer 2 Word Press post from June 15th, 2016?

A. Sure. “Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee, DNC, servers had been hacked by sophisticated hacker groups. I’m very pleased the company appreciated my skills so highly, but, in fact, it was easy, very easy.”

[snip]

Q. Did this same author, Guccifer 2.0, post another message about the hack a few weeks later?

A. He did.

Q. I’d like to publish now, please, for the witness and the Court — and the jury, excuse me, Government’s Exhibit 150, which appears at tab 4 of your binder. What is Government’s Exhibit 150?

A. This is another Word Press post by Guccifer 2 dated June 30, 2016.

Jonathan Kravis would remind the jury how the latter post coincided with a call between Stone and Trump in his closing arguments.

And Stone’s lawyers raised the persona a few times, in their opening, in cross examination, and their close.

But this was the first time prosecutors directly addressed Stone’s claims and communications about Guccifer 2.0, as opposed to with Trump or — via a never identified go-between — with WikiLeaks.

In the prosecution prior to this point, as in most of these Roger Stone stories, the WikiLeaks story was kept remarkably distinct from the Guccifer 2.0 story.

Of the four stories told about Roger Stone, two adopt a structure that treat Stone’s communication with Guccifer 2.0 and WikiLeaks in parallel: there are a handful of communications between him and Guccifer 2.0 (pages 194 to 196 of the SSCI Report, one paragraph on page 44 of the Mueller Report), and a separate discussion of Stone’s attempts to optimize the WikiLeaks releases (pages 221 to 252 of the SSCI Report, pages 51 to 59 of the Mueller Report).

The affidavits show that initial investigative work focused on Guccifer 2.0, not WikiLeaks. The way in which later affidavits present these issues changed over time. But many of them separate Stone’s “Public interactions with Guccifer 2.0 and WikiLeaks” from the (later) “Private Twitter Direct Messages with WikiLeaks and ASSANGE.” The affidavits generally stopped mentioning Stone’s private DMs with Guccifer 2.0 in March 2018.

That parallel structure applies to the indictments, too. Stone gets his own paragraph, ¶44, in the GRU indictment. But the Stone indictment makes absolutely no mention of Guccifer 2.0. The government declared Stone’s prosecution a “related case” to the GRU one, meaning the same judge — Amy Berman Jackson — would preside. Stone’s team unsuccessfully objected. Prosecutors explained the designation, in part, because, “Certain Netyksho defendants, through a fictitious online persona they created, Guccifer 2.0, also interacted directly with Stone concerning other stolen materials posted separately online.” Ultimately, ABJ denied Stone’s attempt to dissociate the case. Stone made an equally unsuccessful attempt to make the Russian attribution more central to the case, even addressing his communications with Guccifer 2.0. Ultimately, however, the case was totally separate.

And yet, just before it closed their case, the government got their FBI witness to review the part of Stone’s HPSCI testimony where he acknowledged that the intelligence community had assessed that Guccifer 2.0 was a cut-out for Russian intelligence.

In response, Stone’s attorney Bruce Rogow got Taylor to confirm that she didn’t know independently whether Guccifer is Russian and “was not aware” of any other communications between Stone and Guccifer 2.0, something he tried unsuccessfully to emphasize in his close.

Q. Good morning, again, Ms. Taylor.

A. Good morning.

Q. Do you know, independently, whether or not Guccifer is Russian?

A. I don’t.

Q. Did Mr. Stone turn over his communications with Guccifer that he mentioned in the transcript?

A. He did.

Q. Did you find any other communications between Mr. Stone and Guccifer?

A. I’m not aware of any.

Taylor’s response was the same one the Mueller Report gave, in that sole paragraph on Stone’s communications with Guccifer 2.0 referenced above. A sentence that has been unsealed since the original release reads, “The investigation did not identify evidence of other communications between Stone and Guccifer 2.0,” beyond the DMs in August and September, 2016. Earlier in that paragraph, however, a previously redacted passage reveals the significance of it. “After the GRU had published stolen DNC documents through Guccifer 2.0, Stone told members of the Campaign that he was in contact with Guccifer 2.0,” which it cites to this almost entirely redacted passage in a Rick Gates interview, a passage that seems to discuss events that predate the July 22 DNC release.

SSCI has read this unredacted 302, and they assess (as I have in the past, about a different 302) that Gates was just confused between the illusory deleted Clinton emails and actual advance knowledge of emails.

FBI, FD-302, Gates 4/10/2018. The Committee assesses· that, at this time, the references to Clinton’s “emails” reflected a focus on allegedly missing or deleted.emails from Clinton’s personal server during her tenure as Secretary of State.

But in context, the unredacted passage in the Mueller Report suggests that Stone told Gates — and others — that he spoke to Guccifer 2.0 before those known August and September exchanges.

This is a question that prosecutors might have asked Gates to testify about publicly. As noted, his testimony directly preceded Taylor’s second trip to the stand. Rather than ask for clarification on that question, though, Aaron Zelinsky instead had Gates describe how, on June 15, in the wake of the DNC announcement that it had been hacked by Russia (and, though Zelinsky didn’t say it, the launch of the Guccifer 2.0 site), Stone asked for the phone numbers of Jared Kushner and one other staffer “to debrief them on the developments of the DNC announcement.” Indeed, Zelinsky treated this as entirely a discussion about WikiLeaks’ upcoming leaks, not Guccifer 2.0’s existing one.

Q. During the balance of June — we’re still in June of 2016 — did you continue to discuss WikiLeaks with Mr. Stone?

A. Yes, off and on.

Q. Why did you continue, in June, to continue to discuss WikiLeaks with Mr. Stone?

A. Because at that point, both myself and Mr. Manafort didn’t believe the information was coming because it still hadn’t come out. And Mr. Manafort had asked me from time to time to check with Mr. Stone to see if the information was still real and viable.

Q. And when you say the “information,” you mean releases from WikiLeaks; is that correct?

A. That’s correct.

As for Agent Taylor’s response to Bruce Rogow’s question — that she was not aware of any other communications between Guccifer 2.0 and Stone besides the DMs he shared with HPSCI — she might not be aware of any late-discovered communications between Stone and Guccifer 2.0 beyond those he shared with HPSCI even if there were any. She testified that her role on “that piece” of the investigation — meaning the investigation of Roger Stone — was as a case agent.

Q. Ms. Taylor, in the course of your work with the FBI, was there a time in your career when you were assigned to work on the investigation led by then Special Counsel Robert Mueller?

A. Yes.

Q. And in particular in the course of your work on the special counsel’s investigation, did you participate in the piece of the investigation that concerned the defendant in this case, Roger Stone?

A. Yes, I did.

Q. What was your role on that piece of the special counsel’s investigation?

A. I was one of the case agents on the investigation of Mr. Stone.

According to Andrew Weissmann’s book, though, her primary role on Mueller’s team wasn’t on the Stone team, she was the lead agent on the obstruction team (which, given the involvement of Andrew Goldstein in certain interviews in fall 2018, was closely involved in investigating Roger Stone’s witness tampering and cover story as part of the obstruction piece). Taylor wrote none of the affidavits targeting Stone. Additionally, she had left the FBI months before the trial, in August 2019, so she also wouldn’t have been included in an interview conducted over the weekend of the trial (possibly with Andrew Miller, Stone’s aide who had managed his schedule at the RNC, where Stone appears to have gotten advance notice of the DNC leak).

So even with Taylor on the stand, Bruce Rogow may not have been able to discover — much less convey to the jury — the government’s full understanding of what Guccifer 2.0’s relationship with Stone was … not what it was when other FBI agents wrote affidavits hiding part of the investigation from him a year earlier, not what it was when they obtained Andrew Miller’s testimony weeks after the release of the Mueller Report, not what it was after that last interview on November 9, 2019, over seven months after the completion of the Mueller Report and smack dab in the middle of the trial.

Indeed, when he was standing there asking the question of Mueller’s lead agent from the obstruction team about communications between his client and Guccifer 2.0, Rogow would know that the FBI had found searches, starting on May 17, 2016, that seemed to indicate that Stone had foreknowledge of the Russian hack-and-leak; Stone had received those two warrants (one, two) in discovery. But Rogow would not know — because it was among the 15 warrants that the government had withheld, in part, to hide the full scope of the investigation from Stone — that two minutes after the FBI obtained a warrant for Stone’s cell site location from June 14 to November 15, 2016, in part to confirm whether Stone had done the searches indicating foreknowledge of the Guccifer 2.0 operation and in part to figure out whom he met with on August 3, 2016 in LA when he would later claim to have been dining with Julian Assange — a different FBI agent, one likely tied to the GRU investigative team, obtained a search warrant for an email that Guccifer 2.0 set up on July 23, 2016. That email was set up the day after the DNC drop, and perhaps not coincidentally, on the last day on which Stone may have deleted his Google search history, hiding those earlier searches showing foreknowledge of the Russian operation.

Up to that moment when former Agent Taylor discussed Stone’s HPSCI testimony confirming he knew the intelligence community believed Guccifer 2.0 to be a Russian cut-out, Stone’s trial was about his lies about who his go-between with WikiLeaks was, not about truths and lies he may have told about Guccifer 2.0.

Unless Guccifer 2.0 was that go-between.

In any case, the trial was, ultimately, about Guccifer 2.0, because some of the evidence prosecutors used to prove that Stone spoke with the campaign about a go-between to WikiLeaks involved Guccifer 2.0. In addition to the disclosure that Stone spoke to Trump before the June 15 and after the June 30 Guccifer 2.0 posts, the trial made something else public for the first time, something that had been a key detail in the affidavits, and would be in the SSCI Report, but which was not one included in the Mueller Report (or Stone’s indictment).

At 8:16AM on August 15, Corsi texted and then at 8:17 AM Corsi emailed Stone the same message, telling him there was “more to come than anyone realizes”:

Appearing in the midst of a story about Stone’s lies about his go-between with WikiLeaks, the texts and emails are fairly innocuous. Though the SSCI Report does seem to believe Corsi’s story that this moment — and the 24 minute call between Corsi and Stone at 12:14PM on August 15 — is when Corsi told Stone about what the Podesta files would include.

(U) The Committee is uncertain how Corsi determined that Assange had John Podesta’s emails. Corsi initially explained in an interview with the SCO that during his trip to Italy, someone told him Assange had the Podesta emails. Corsi also recalled learning that Assange was going to “release the emails seriatim and not all at once.”1572 However, Corsi claimed not to remember who provided him with this information, saying he could only recall that “it feels like a man” who told him.1573

(U) Corsi further recalled that on August 15, after he returned from Italy, he conveyed this information to Stone by phone.1574 According to Corsi, the information was new to Stone. Stone seemed “happy to hear it,” and the two of them “discussed how the emails would be very damaging” to Clinton. 1575 Corsi also reiterated by both text and email to Stone on August 15 that there was “[m]ore to come than anyone realizes. Won’t really get started until after Labor Day.”1576

But that’s only so long as you keep the Guccifer 2.0 story separate from the WikiLeaks story, as the SSCI and Mueller Reports do.

If you combine those stories, though, here’s what a partial timeline looks like:

August 2, 2016: Corsi informs Stone that “the hackers” will release one dump shortly after he returns on August 12 and another in October; he also mentions Podesta.

August 3, 9:12AM: Stone emails Manafort to tell him about, “an idea to save Trump’s ass.”

August 4: Stone tells Sam Nunberg that he dined with Assange the night before (he had been in LA).

August 5: Stone flip-flops on prior public statements backing the Russian attribution, writing a column declaring that Guccifer 2.0, not Russia, did the DNC hack.

August 9: Both Julian Assange and Stone start pushing the Seth Rich conspiracy.

August 12, 5:41PM: Guccifer 2.0 releases DCCC docs, fulfilling the timing (but not the outlet) that Corsi predicted.

August 12, 6:31PM: Guccifer 2.0, Emma Best, and WikiLeaks begin a discussion about exclusivity on the DCCC documents for WikiLeaks.

August 12, 10:16PM: Guccifer 2.0 says he’ll send major trove of DCCC documents to WikiLeaks; WikiLeaks never publishes any DCCC documents.

August 12, 10:23PM: Guccifer 2.0 publicly calls out Stone, “Thanks that u believe in the real #Guccifer2.”

August 13, 10:19AM: Corsi texts Stone: “Call when you can.”

August 13, 10:42AM: WikiLeaks tweets “‘@Guccifer_2’ has account completely censored by Twitter after publishing some files from Democratic campaign #DCCC”

August 13, 11:15AM: Stone tweets, “@wikileaks @GUCCIFER_2 Outrageous! Clintonistas now nned to censor their critics to rig the upcoming election.”

August 13, 7:29PM: Stone tweets, “@DailyCaller Censorship ! Gruccifer is a HERO.”

August 14, 12:58PM: Guccifer 2.0 tweets, “#Guccifer2 Here I am! They’ll have to try much harder to block me! #DNCleak #dccchack”

August 14 (unknown time): Stone DMs Guccifer 2.0: “Delighted you are reinstated.”

August 14 (unknown time, per Corsi article): Corsi starts a file called “Podesta.”

August 15, 1:33AM: Stone tweets about Podesta for the first time ever, seemingly in response to NYT story on black ledger implicating Manafort: “@JohnPodesta makes @PaulManafort look like St. Thomas Aquinas Where is the @NewYorkTimes?”

August 15, 8:16 and 8:17 AM: Corsi texts and emails Stone, “More to come than anyone realizes.”

August 15, 12:14PM: Corsi and Stone speak for 24 minutes.

August 15, 2016 (unknown time): Guccifer 2.0 DMs Stone: “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?”

So long as the WikiLeaks story is kept separate from the Guccifer 2.0 one, that August 15 DM from Guccifer 2.0 to Stone appears to be a question about the DCCC emails posted on August 12, and so, as Stone claimed, totally innocuous. But given the evidence that Corsi and Stone acquired advance knowledge of the content of select Podesta emails by August 15 — particularly given Stone’s claim, reportedly made before July 22, to have been in touch with Guccifer 2.0 and his apparent foreknowledge of the GRU personas — that August 15 DM appears to be a comment on the Podesta files.

That is, that August 15 was not innocuous at all. It appears to have been, rather, the GRU’s persona asking Stone whether he liked what he had received in advance.

 


The movie Rashomon demonstrated that any given narrative tells just one version of events, but that by listening to all available narratives, you might identify gaps and biases that get you closer to the truth.

I’m hoping that principle works even for squalid stories like the investigation into Roger Stone’s cheating in the 2016 election. This series will examine the differences between four stories about Roger Stone’s actions in 2016:

As I noted in the introductory post (which lays out how I generally understand the story each tells), each story has real gaps in one or more of these areas:

My hope is that by identifying these gaps and unpacking what they might say about the choices made in crafting each of these stories, we can get a better understanding of what actually happened — both in 2016 and in the investigations. The gaps will serve as a framework for this series.