Posts

Two (Three) Possibilities on the “WikiLeaks” Archive Story

Don Jr’s testimony to Congress yesterday has brought out several new details on the evidence he was provided. In this post I want to look at the report that someone sent key Trump figures a link to a Wikileaks archive and an encryption key.

Candidate Donald Trump, his son Donald Trump Jr. and others in the Trump Organization received an email in September 2016 offering a decryption key and website address for hacked WikiLeaks documents, according to an email provided to congressional investigators.

The September 14 email was sent during the final stretch of the 2016 presidential race.

CNN originally reported the email was released September 4 — 10 days earlier — based on accounts from two sources who had seen the email. The new details appear to show that the sender was relying on publicly available information. The new information indicates that the communication is less significant than CNN initially reported.

After this story was published, The Washington Post obtained a copy of the email Friday afternoon and reported that the email urged Trump and his campaign to download archives that WikiLeaks had made public a day earlier. The story suggested that the individual may simply have been trying to flag the campaign to already public documents.

CNN has now obtained a copy of the email, which lists September 14 as the date sent and contains a decryption key that matches what WikiLeaks had tweeted out the day before.

First, note there’s no explanation in the story why these are described as Wikileaks emails, aside from the fact that Julian Assange has on occasion posted archives with a key. Indeed, it sounds like this archive is more closely related to the DC Leaks side of the house, given the reference to Colin Powell emails in the larger story. So absent a more fulsome explanation of what makes these WikiLeaks documents, I wouldn’t necessarily bet that these documents are related to Wikileaks.

Second, one possible explanation for this archive is that it’s the same one that is the center of the skeptics’ theory. They focus on an archive called NGP/VAN (but which is not NGP/VAN), which was curated on September 1. In public form, the archive was pointed to by Guccifer 2.0 on September 12, but never posted on his site.

the files were posted during a speech given in London by another hacker as a proxy for G2.0 on that day. The Forensicator relies on a copy posted by NatSecGeek. And while on Twitter G2.0 pointed to the speech the day before it was given, he never actually pointed back to the data on his WordPress site.

It’s true that the “speech” that was read for G2.0 relied on and posted a link to these files at the conference.

This scheme shows how NGP VAN is incorporated in the DNC infrastructure. It’s for detailed examination, if you are interested. And here are a couple of NGP VAN’s documents from their network. If you r interested in their internal documents, you can have them via the link on the screen. The password is usual. It’s also on the screen. You may also ask the conference producers for them later.

But at the very least, it seems any analysis of these forensics needs to account for the hand-off and proxy involved.

The timing of this would suggest that (if this is the same archive) three days after the archive was curated but over a week before it was posted publicly, top campaign officials got a link.

But there is another possibility, a detail I’ve often alluded to but never laid out publicly. There is or was a grand jury investigation into some script kiddies that tried to hijack Guccifer 2.0’s password or ID or something like that. It is or was in Philadelphia, based on the location of an archive involved. As I understand it the thought was that this effort was unrelated to the chief Russian info op, but was a lead the FBI had to chase down. I’ve been waiting to see if that grand jury investigation was ever going to show up publicly, and it’s one possible explanation for this email.

Update: I should make clear, I lay out three possibilities here:

  1. These are actually DC Leaks emails, not WikiLeaks ones; this is consistent with what recipients of those emails say about timing.
  2. This is the NGP/VAN archive released in mid-September, associated with Guccifer 2.0.
  3. This is an effort from the unknown skiddies being investigated in Philly.

Update: By description, WaPo makes it clear that this was an email sending the Trumps to this material, though using a different link and password.

That means it is, in fact, the NGP/VAN materials at the heart of the skeptics’ counterarguments about Guccifer being Russian (number 2, above), being sent under an apparently Anglo name (albeit with a few errors; making number 3 possible), but branded as Guccifer 2.0 materials, not WikiLeaks materials (sort of, 1).

In other words, the emails are much more interesting for all these other related theories than for the fact that the Trump folks received it, apparently unsolicited.

Update: I’ve subbed in the corrected language from CNN confirming that this was a September 14 email.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

On Metadata and Manipulation: the First Guccifer 2.0 Documents

In the AP’s (very worthwhile) coverage of the data it obtained from Secureworks it reveals at least the fifth piece of deception pertaining to the first documents released by Guccifer 2.0 on June 15, 2016. It revealed that Guccifer 2.0 added the word “confidential” (possibly as both the watermark shown on the front page and in the footer) to this document.

But there were signs of dishonesty from the start. The first document Guccifer 2.0 published on June 15 came not from the DNC as advertised but from Podesta’s inbox, according to a former DNC official who spoke on condition of anonymity because he was not authorized to speak to the press.

The official said the word “CONFIDENTIAL” was not in the original document.

Guccifer 2.0 had airbrushed it to catch reporters’ attention.

Here’s that watermark, which would have made reporters obtaining the document to ascribe it more value than it had.

On top of that change, we know that Guccifer 2.0 deliberately used the name Felix Edmundovich, invoking Iron Felix, the founder of the KGB (though another document invoked Che Guevaro in the same way) in the metadata of the document.

This analysis and this analysis compellingly shows, in my opinion, that the other Russian metadata in the documents was also deliberately placed there.

Finally, I believe that the addition of Warren Flood as author was also deliberate.

In addition, Guccifer 2.0 released these documents as DNC documents when in fact they are either Podesta documents or have not yet been sourced.

Now, Guccifer 2.0 in fact didn’t hide some of these alterations. Some were identified the same day the documents were released. But at the time they were interpreted as OpSec failures, rather than intentional deception. To this day, skeptics try to argue that the intentional deception of the rest of the metadata is somehow different than the tribute to Iron Felix (which is a mirror to the assumption in the early days that the Iron Felix was deliberate but the other Russian metadata was not, which I criticized here), without explaining why that would be the case.

In this post, I talked about how some of the other deception — pitching these Podesta (and other) documents as DNC documents — would have been a way to taunt the DNC and Crowdstrike for their false claims downplaying the hack. (Note, in the post, I ask why Guccifer 2.0 harped on VAN so much; the AP piece reveals that VAN officials and those working on voter registration were targeted, which suggests maybe the Russians did get VAN data and we simply don’t know about it.)

So contrary to the belief of some commentators, it has long been known that Guccifer 2.0 altered these documents. But I don’t think there has been a full accounting of all the ways that it worked (it’s not even clear we know the full extent of the deception).

For now, I’m going to leave these multiple layers of deception laid out (I’d add, that whatever cutout led Julian Assange to believe — or at least to claim — the documents were sourced to Americans is another layer of deception, a different kind of metadata.)

There were multiple layers of deception built into these first documents, alternately taunting the Democrats who would have known them to be deception, the analysts who mistook them as mistakes, and the press who took them to indicate real value. I suspect there are at least two more layers of deception here.

But it’s worth noting that no one was immune from this deception, and it’s likely there are still a few layers that we’re missing here.

Update: As Thomas Rid notes on Twitter, one of the first five documents Guccifer 2.0 released is a version of one that Guccifer 1.0 had released.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Cambridge Analytica and the Hillary Emails

Update: I made an error in this post: WSJ has made it clear the emails in question were the DNC emails, not the Hillary ones. I’ve deleted the parts that are inaccurate accordingly.

For some time, I have been interested in the many pieces of evidence that, partly as a result of late GOP ratfucker Peter Smith’s efforts, Julian Assange ended up with something approximating Hillary Clinton’s deleted emails. We know Smith alleged Mike Flynn was involved in the effort. Weev and Chuck Johnson were involved. There are reasons to believe Roger Stone was involved in the effort. And there are reasons to believe Guccifer 2.0 was involved in the effort.

Plus, everyone from Stone to Attorney General Sessions (who “did not recall” whether he had spoken to Russians about email in his SJC testimony) seems to be ignoring that part of the scandal in their denials of colluding with Russians.

And now, Cambridge Analytica — the data firm paid for by far right wing oligarch Bob Mercer that played a big role in getting Trump elected — is involved in it.

The DailyBeast reports that Congressional investigators have found an email from CA head Alexander Nix to some unnamed person (Trump’s digital director Brad Parscale was interviewed by HPSCI yesterday) saying he offered to help Assange with the project.

Nix, who heads Cambridge Analytica, told a third party that he reached out to Assange about his firm somehow helping the WikiLeaks editor release Clinton’s missing emails, according to two sources familiar with a congressional investigation into interactions between Trump associates and the Kremlin. Those sources also relayed that, according to Nix’s email, Assange told the Cambridge Analytica CEO that he didn’t want his help, and preferred to do the work on his own.

Assange, who insists he never says anything to compromise sources, released his own statement saying he rejected the help.

After publication, Assange provided this statement to The Daily Beast: ”We can confirm an approach by Cambridge Analytica and can confirm that it was rejected by WikiLeaks.”

Remember, Stone told the Russian hackers he was soliciting that, allegedly because he couldn’t verify the authenticity of any emails obtained from hackers, they should turn them over to Assange. And both the Nix email and the Assange denial seem to admit that WikiLeaks did, indeed, receive at least one set of those emails. Which would explain why Roger Stone was so certain WikiLeaks was going to drop Clinton Foundation emails — not the Podesta ones that Stone showed no interest in — in October of last year. And it would seem to explain why Guccifer 2.0 had the same belief.

That is, there are a whole bunch of dots suggesting WikiLeaks got something approximating Clinton’s emails, and either because they couldn’t be verified, or because his source was too obviously Russian, or some other unknown reason, he decided not to publish.

If that’s right, all these non-denial denials about the operation seem to point to a confluence of interest around this effort that touched pretty much everyone. And involved Russians, their agents, and GOP ratfuckers willfully working together.

Update: The Trump campaign just did some amazing bus under-throwing of CA. Compare that to this November 10 piece attributing their win to CA.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Not Mentioned in Roger Stone’s Straw Rat-Fucker Statement: the Peter Smith Rat-Fuck

Earlier today, legendary rat-fucker Roger Stone had a three hour interview before the House Intelligence Committee. Before the interview, he leaked his testimony, as all of the most implicated Trump officials — save Paul Manafort — have.

The testimony is telling for multiple reasons. Given the recent trouble I got in for saying “rat-fucker” on TV, I’m particularly invested in the way he avoided calling himself one.

As to the substance of the report, it is delightfully, tellingly, squirrelly in two different ways. First, his generalized denial is very specific to colluding with the Russian state to affect the outcome of the 2016 election; this is a point Renato Mariotti makes here.

I have no involvement in the alleged activities that are within the publicly stated scope of this Committee’s investigation  — collusion with the Russian state to affect the outcome of the 2016 election.

I’m even more interested in how he depicts what he claims are the three allegations made against him.

Members of this Committee have made three basic assertions against me which bust be rebutted her today. The charge that I knew in advance about, and predicted, the hacking of the Clinton campaign chairman John Podesta’s email, that I had advanced knowledge of the source or actual content of the WikiLeaks disclosures regarding Hillary Clinton or that, my now public exchange with a persona that our intelligence agencies claim, but cannot prove, is a Russian asset, is anything but innocuous and are entirely false.

In point of fact, this tripartite accusation is actually a misstatement of the allegations against him (though in his rebuttal of them, he is helped immensely by the sloppiness of public statements made by Democrats, especially those on the panel, which I’ve criticized myself). Generally, the accusation is more direct: that in conversing with both Julian Assange (though a cut-out) and Guccifer 2.0, Stone was facilitating or in some way helping the Trump campaign maximally exploit the Russian releases that were coming.

Which is why I find one other silence quite interesting: Stone makes no mention of the Peter Smith operation to find the emails, purportedly related to the Clinton Foundation, deleted from Hillary’s server. As I noted here, along with reaching out to multiple suspected Russian hackers and advising those with emails that might be Foundation emails to share them with WikiLeaks, rat-fucker Smith also pushed GOP operatives like rat-fucker Stone to reach out to Guccifer 2.0.

Instead, Johnson said, he put the word out to a “hidden oppo network” of right-leaning opposition researchers to notify them of the effort. Johnson declined to provide the names of any of the members of this “network,” but he praised Smith’s ambition.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republicanoperatives, including Trump confidant Roger Stone—to Russian government hackers.)

As I noted, there is much about the events from August to October that suggest Republicans may have believed WikiLeaks had obtained, and might be leaking, the Clinton Foundation emails, only to have the John Podesta ones released in their stead.

If I’m right, it would mean that by pitching everything as pertaining to Podesta, and not to other emails, Stone can more successfully deny his involvement.

And Stone’s timeline obscures some of the key details here, notably leaving out his incorrect predictions not just of an October 5 release, but that they’d be the Foundation emails.

Also note: Stone describes his exchange with Guccifer as starting on August 14. That’s actually not right. It started on August 13 (actually, August 12 East Coast time), with this tweet, which puts it in the context of two offers for files.

It’s definitely true (in the DMs that Stone includes) that Stone ultimately doesn’t response to Guccifer 2.0’s offers of data.

But that timeline also extends matters just to where things were heating up on Smith’s hunt for Clinton Foundation documents.

As noted above, Stone has denied colluding with the Russian state to affect the outcome of the election. But that’s not a denial of colluding with Russian hackers or Russian assets (the latter a rather curious term Stone uses twice to refer to Guccifer 2.0 in his statement, but not in the Breitbart piece in which he claims to have refuted claims he was an “asset”) to “prove Hillary’s corruption” or some such excuse for digging up more dirt on Hillary.

And that’s precisely the kind of thing we know a rat-fucker like Stone would do, and precisely the kind of thing we know other rat-fuckers were doing.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Facebook Anonymously Admits It IDed Guccifer 2.0 in Real Time

The headline of this story focuses on how Obama, in the weeks after the election, nine days before the White House declared the election, “free and fair from a cybersecurity perspective,” begged Mark Zuckerberg to take the threat of fake news seriously.

Now huddled in a private room on the sidelines of a meeting of world leaders in Lima, Peru, two months before Trump’s inauguration, Obama made a personal appeal to Zuckerberg to take the threat of fake news and political disinformation seriously. Unless Facebook and the government did more to address the threat, Obama warned, it would only get worse in the next presidential race.

But 26 paragraphs later, WaPo reveals a detail that should totally change the spin of the article: in June, Facebook not only detected APT 28’s involvement in the operation (which I heard at the time), but also informed the FBI about it (which, along with the further details, I didn’t).

It turned out that Facebook, without realizing it, had stumbled into the Russian operation as it was getting underway in June 2016.

At the time, cybersecurity experts at the company were tracking a Russian hacker group known as APT28, or Fancy Bear, which U.S. intelligence officials considered an arm of the Russian military intelligence service, the GRU, according to people familiar with Facebook’s activities.

Members of the Russian hacker group were best known for stealing military plans and data from political targets, so the security experts assumed that they were planning some sort of espionage operation — not a far-reaching disinformation campaign designed to shape the outcome of the U.S. presidential race.

Facebook executives shared with the FBI their suspicions that a Russian espionage operation was in the works, a person familiar with the matter said. An FBI spokesperson had no immediate comment.

Soon thereafter, Facebook’s cyber experts found evidence that members of APT28 were setting up a series of shadowy accounts — including a persona known as Guccifer 2.0 and a Facebook page called DCLeaks — to promote stolen emails and other documents during the presidential race. Facebook officials once again contacted the FBI to share what they had seen.

Like the U.S. government, Facebook didn’t foresee the wave of disinformation that was coming and the political pressure that followed. The company then grappled with a series of hard choices designed to shore up its own systems without impinging on free discourse for its users around the world. [my emphasis]

But the story doesn’t provide the details you would expect from such disclosures.

For example, where did Facebook see Guccifer 2.0? Did Guccifer 2.0 try to set up a Facebook account? Or, as sounds more likely given the description, did he/they use Facebook as a signup for the WordPress site?

More significantly, what did Facebook do with the DC Leaks account, described explicitly?

It seems Facebook identified, and — at least in the case of the DC Leaks case — shut down an APT 28 attempt to use its infrastructure. And it told FBI about it, at a time when the DNC was withholding its server from the FBI.

This puts this passage from Facebook’s April report, which I’ve pointed to repeatedly, in very different context.

Facebook is not in a position to make definitive attribution to the actors sponsoring this activity. It is important to emphasize that this example case comprises only a subset of overall activities tracked and addressed by our organization during this time period; however our data does not contradict the attribution provided by the U.S. Director of National Intelligence in the report dated January 6, 2017.

In other words, Facebook had reached this conclusion back in June 2016, and told FBI about it, twice.

And then what happened?

Again, I’m sympathetic to the urge to blame Facebook for this election. But this article describes Facebook’s heavy handed efforts to serve as a wing of the government to police terrorist content, without revealing that sometimes Facebook has erred in censoring content that shouldn’t have been. Then, it reveals Facebook reported Guccifer 2.0 and DC Leaks to FBI, twice, with no further description of what FBI did with those leads.

Yet from all that, it headlines Facebook’s insufficient efforts to track down other abuses of the platform.

I’m not sure what the answer is. But it sounds like Facebook was more forthcoming with the FBI about APT 28’s efforts than the DNC was.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Facebook Troll Account Events Happen in Wake of Guccifer 2.0 Released Targeting Data

In this post, I noted that the Russian troll Facebook events identified to date — including an event that drew four people in Idaho — weren’t exactly a smoking gun showing the troll accounts had intervened meaningfully in the election.

The Daily Beast has found an account — which it assumes must be tied to Internet Research Agency because it was shut down the same time as the other IRA accounts were, which seems a fair assumption — that does appear to be more legitimately tied to the election.

The demonstrations—at least one of which was promoted online by local pro-Trump activists— brought dozens of supporters together in real life. They appear to be the first case of Russian provocateurs successfully mobilizing Americans over Facebook in direct support of Donald Trump.

The Aug. 20, 2016, events were collectively called “Florida Goes Trump!” and they were billed as a “patriotic state-wide flash mob,” unfolding simultaneously in 17 different cities and towns in the battleground state. It’s difficult to determine how many of those locations actually witnessed any turnout, in part because Facebook’s recent deletion of hundreds of Russian accounts hid much of the evidence. But videos and photos from two of the locations—Fort Lauderdale and Coral Springs—were reposted to a Facebook page run by the local Trump campaign chair, where they remain to this day.

“On August 20, we want to gather patriots on the streets of Floridian towns and cities and march to unite America and support Donald Trump!” read the Facebook event page for the demonstrations. “Our flash mob will occur in several places at the same time; more details about locations will be added later. Go Donald!”

The Florida flash mob was one of at least four pro-Trump or anti-Hillary Clinton demonstrations conceived and organized over a Facebook page called “Being Patriotic,” and a related Twitter account called “march_for_trump.”  (The Daily Beast identified the accounts in a software-assisted review of politically themed social-media profiles.)

Being Patriotic had 200,000 followers and the strongest activist bent of any of the suspected Russian Facebook election pages that have so far emerged.

Unlike the previously reported events, the Florida ones took place in a swing state. And the numbers represent more significant turnout than other reported events.

I’m also interested that these events happened in FL — and happened in late August — for another reason. Florida was the first of the swing states for which Guccifer 2.0 publicly released DCCC data, including targeting information. He released that information via his website on August 15, admittedly too close to the rallies to do much good, but early enough to know they were available before the rallies. But by that point, HelloFLA already had (and had released) documents.

As I have said, we don’t have to prove that Republicans helped the IRA target ads, because we already know that Russians obtained targeting information by stealing it from the Democrats. It just so happens that this first instance where Facebook events might affect the Presidential came in the wake of targeting information for key congressional districts became publicly available (and therefore deniable for entities more closely with with Russia).

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Why Did Guccifer 2.0 Keep Harping on VAN?

One problem with the skeptics’ claims that Guccifer 2.0 is not Russian, but instead a Democrat or Crowdstrike blaming Russia, is they misread how his original post responded to the WaPo article announcing the hack. The assumption at the time was that Guccifer 2.0 was disinformation to disclaim the attack. But it more immediately discredited the claims the Democrats and Crowdstrike made to WaPo.

There’s Shawn Henry’s claim the hackers took just two documents.

The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff — an average of about several dozen on any given day.

In response Guccifer 2.0 posted eleven documents and taunted Crowdstrike.

Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?

[snip]

I guess CrowdStrike customers should think twice about company’s competence.

Fuck the Illuminati and their conspiracies!!!!!!!!! Fuck CrowdStrike!!!!!!!!!

There’s the bizarre pitch suggesting that only documents affecting Trump had been stolen, describing it as typical foreign espionage (which APT 29 might have been doing).

the entire database of opposition research on GOP presidential candidate Donald Trump

[snip]

The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers.

[snip]

“It’s the job of every foreign intelligence service to collect intelligence against their adversaries,” said Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI’s cyber division.

Guccifer 2.0 did post a Trump document. But the DNC, Hillary, and Crowdstrike should have known that (even if there had been one stolen) it wasn’t the one they had in mind. That was a document stolen from Podesta, not the DNC.

Which would have been a response — one her aides might understand, but the rest of us would not — to this claim by Hillary.

Clinton called the intrusion “troubling” in an interview with Telemundo. She also said, “So far as we know, my campaign has not been hacked into,” and added that cybersecurity is an issue that she “will be absolutely focused on” if she becomes president.

Because it would have been a sign that, indeed, her campaign had been hacked.

Similarly, by posting documents that dated from months earlier, Guccifer 2.0 would have made it clear to DWS that her lie — that the DNC responded quickly — could be exposed.

“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” said Rep. Debbie Wasserman Schultz (Fla.), the DNC chairwoman. “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”

Finally, there’s Michael Sussman’s claim that no donor or voter information was stolen.

CrowdStrike is continuing the forensic investigation, said Sussmann, the DNC lawyer. “But at this time, it appears that no financial information or sensitive employee, donor or voter information was accessed by the Russian attackers,” he said.

Guccifer 2.0 proved that wrong by posting a number of financial documents.

In other words, the initial post was designed to discredit anything Crowdstrike and Democrats said. More importantly, it included a number of threats that Hillary and her aides should have recognized: Guccifer 2.0 had more, had more of the stuff closer to Hillary.

This was dick-waving, not obfuscation (which is consistent with what we see in the documents, and consistent with what I understand was left in some of the servers). It’s just that most of the public wouldn’t have seen that dick-waving; just the Democrats and Crowdstrike would.

Which is why I want to return to something that commentators have long been hung up on: Guccifer 2.0’s claim to have gotten in through VAN.

The DNC had NGP VAN software installed on their system so I used the 0-day exploit and then deployed my backdoor.

I suspect his reference to zero-days was actually a further taunt to Dmitri Alperovitch, who had fluffed up the Russians in the original WaPo.

The two crews have “superb operational tradecraft,” he said. They often use previously unknown software bugs — known as “zero-day” vulnerabilities — to compromise applications.

But why did dick-wagging Guccifer 2.0 focus on VAN? One obvious reason is that it invoked the events of December, when a Bernie staffer got fired for having saved Hillary files when the wall between the two campaigns in VAN came down, literally at the moment the Sanders campaign finished their best fundraiser to date. That is, it might be that VAN just invoked a really sore subject between the two sides.

Guccifer 2.0 may have raised it because Crowdstrike was brought in and did a cursory review to endorse the official view. Had Crowdstrike done more at the time, it they might have discovered the Russians.

The reason I ask, though, is that Guccifer 2.0 kept harping on VAN. A big file that has been the focus of recent attention — in the last few days credibly shown to come from the same file set as the documents later released falsely labeled as Clinton Foundation documents — was called NGP VAN, even though the file has nothing to do with VAN.

Notably, too, some of the last files stolen and shared with WikiLeaks included a series providing VAN access to the finance team. That is, one of the last things that happened before Russia got dumped from the system is a new set of VAN passwords got set up.

Amid the discussion of how the Russians got targeting data, I think it worth noting that having VAN access would have provided a lot of the information the Russians would have wanted.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The (Thus Far) Flimsy Case for Republican Cooperation on Russian Targeting

A number of credulous people are reading this article this morning and sharing it, claiming it is a smoking gun supporting the case that Republicans helped the Russians target their social media, in spite of this line, six paragraphs in.

No evidence has emerged to link Kushner, Cambridge Analytica, or Manafort to the Russian election-meddling enterprise;

Not only is there not yet evidence supporting the claim that Republican party apparatchiks helped Russians target their social media activity, not only does the evidence thus far raise real questions about the efficacy of what Russia did (though that will likely change, especially once we learn more about other platforms), but folks arguing for assistance are ignoring already-public evidence and far more obvious means by which assistance might be obtained.

Don’t get me wrong. I’m acutely interested in the role of Cambridge Analytica, the micro-targeting company that melds Robert Mercer’s money with Facebook’s privatized spying (and was before it was fashionable). I first focused on Jared Kushner’s role in that process, which people are gleefully discovering now, back in May. I have repeatedly said that Facebook — which has been forthcoming about analyzing and sharing (small parts) of its data — and Twitter — which has been less forthcoming — and Google — which is still channeling Sargent Schultz — should be more transparent and have independent experts review their methodology. I’ve also been pointing out, longer than most, of the import of concentration among social media giants as a key vulnerability Russia exploited. I’m particularly interested in whether Russian operatives manipulated influencers — on Twitter, but especially in 4Chan — to magnify anti-Hillary hostility. We may find a lot of evidence that Russia had a big impact on the US election via social media.

But we don’t have that yet and people shooting off their baby cannons over the evidence before us and over mistaken interpretations about how Robert Mueller might get Facebook data are simply degrading the entire concept of evidence.

The first problem with these arguments is an issue of scale. I know a slew of articles have been written about how far $100K spent on Facebook ads go. Only one I saw dealt with scale, and even that didn’t do so by examining the full scale of what got spent in the election.

Hillary Clinton spent a billion dollars on losing last year. Of that billion, she spent tens of millions paying a 100-person digital media team and another $1 million to pay David Brock to harass people attacking Hillary on social media (see this and this for more on her digital team). And while you can — and I do, vociferously — argue she spent that money very poorly, paying pricey ineffective consultants and spending on ads in CA instead of MI, even the money she spent wisely drowns out the (thus far identified) Russian investment in fake Facebook ads. Sure, it’s possible we’ll learn Russians exploited the void in advertising left in WI and MI to sow Hillary loathing (though this is something Trump’s people have explicitly taken credit for), but we don’t have that yet.

The same is true on the other side, even accounting for all the free advertising the sensationalist press gave Trump. Sheldon Adelson spent $82 million last year, and it’s not like that money came free of demands about policy outcomes involving a foreign country. The Mercers spent millions too (and $25 million total for the election, though a lot of that got spent on Ted Cruz), even before you consider their long-term investments in Breitbart and Cambridge Analytica, the former of which is probably the most important media story from last year. Could $100K have an effect among all this money sloshing about? Sure. But by comparison it’d be tiny, particularly given the efficacy of the already established right wing noise machine backed by funding orders of magnitude larger than Russia’s spending.

Then there’s what we know thus far about how Russia spent that money. Facebook tells us (having done the kind of analysis that even the intelligence community can’t do) that these obviously fake ads weren’t actually focused primarily on the Presidential election.

  • The vast majority of ads run by these accounts didn’t specifically reference the US presidential election, voting or a particular candidate.
  • Rather, the ads and accounts appeared to focus on amplifying divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights.
  • About one-quarter of these ads were geographically targeted, and of those, more ran in 2015 than 2016.

That’s not to say sowing discord in the US has no effect, or even no effect on the election. But thus far, we don’t have evidence showing that Russia’s Facebook trolls were (primarily) affirmatively pushing for Trump (though their Twitter trolls assuredly were) or that the discord they fostered happened in states that decided the election.

Now consider what a lot of breathless reporting on actual Facebook ads have shown. There was the article showing Russia bought ads supporting an anti-immigrant rally in Twin Falls, ID. The ad in question showed that just four people claimed to attend this rally in the third most Republican state. Another article focused on ads touting events in Texas. While the numbers of attendees are larger, and Texas will go Democratic long before Idaho does, we’re still talking relatively modest events in a state that was not going to decide the election.

To show Russia’s Facebook spending had a measurable impact on last year’s election, you’d want to focus on MI, WI, PA, and other close states. There were surely closely targeted ads that, particularly in rural areas where the local press is defunct and in MI where there was little advertising (WI had little presidential advertising, but tons tied to the Senate race) where such social media had an important impact; thus far it’s not clear who paid for them, though (again, Trump’s campaign has boasted about doing just that).

Additionally, empiricalerror showed that a number of the identifiably Russian ads simply repurposed existing, American ads.

That’s not surprising, as the ads appear to follow (not lead) activities that happened on far right outlets, including both Breitbart and Infowars. As with the Gizmo that tracks what it claims are Russian linked accounts and thereby gets credulous journalists to claim campaigns obviously pushed by Americans are actually Russian plots, it seems Russian propaganda is following, not leading, the right wing noise machine.

So thus far what we’re seeing is the equivalent of throwing a few matches on top of the raging bonfire that is the well established, vicious, American-funded inferno of far right media. That’s likely to change, but that’s what we have thus far.

But as I said, all this ignores one other key point: We already have evidence of assistance on the election.

Except, it went the opposite direction from where everyone is looking, hunting for instances where Republicans helped Russians decide to buy ads in Idaho that riled up 4 people.

As I reminded a few weeks back, at a time when Roger Stone and (we now know) a whole bunch of other long-standing GOP rat-fuckers were reaching out to presumed Russian hackers in hopes of finding Hillary’s long lost hacked Clinton Foundation emails, Guccifer 2.0 was reaching out to journalists and others with close ties to Republicans to push the circulation of stolen DCCC documents.

That is, the persona believed to be a front for Russia was distributing documents on House races in swing states such that they might be used by Republican opponents. Some of that data could be used for targeting.

Now, I have no idea whether Russia would risk doing more without some figure like Guccifer 2.0 to provide deniability. That is, I have no idea whether Russia would go so far as take more timely and granular data about Democrats’ targeting decisions and share that with Republicans covertly (in any case, we are led to believe that data would be old, no fresher than mid-June). But we do know they were living in the Democrats’ respective underwear drawers for almost a year.

And Russia surely wouldn’t need a persona like Guccifer 2.0 if they were sharing stolen data within Russia. If the FSB stole targeting data during the 11 months they were in the DNC servers, they could easily share that data with the Internet Research Association (the troll farm the IC believes has ties to Russian intelligence) so IRA can target more effectively than supporting immigration rallies in Idaho Falls.

Which is a mistake made by many of the sources in the Vanity Fair article everyone keeps sharing, the assumption that the only possible source of targeting help had to be Republicans.

We already know the Russians had help: they got it by helping themselves to campaign data in Democratic servers. It’s not clear they would need any more. Nor, absent proof of more effective targeting, is there any reason to believe that the dated information they stole from the Democrats wouldn’t suffice to what we’ve seen them do. Plus, we’ve never had clear answers whether or not Russians weren’t burrowed into far more useful data in Democratic servers. (Again, I think Russia’s actions with influencers on social media, particularly via 4Chan, was far more extensive, but that has more to do with HUMINT than with targeting.)

So, again, I certainly think it’s possible we’ll learn, down the road, that Republicans helped Russians figure out where to place their ads. But we’re well short of having proof of that right now, and we do have proof that some targeting data was flowing in the opposite direction.

Update: This post deals with DB’s exposure of a FB campaign organizing events in FL, which gets us far closer to something of interest. Those events came in the wake of Guccifer 2.0 releasing FL-based campaign information.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

John Sipher’s Garbage Post Arguing the Steele Dossier Isn’t Garbage

I generally find former CIA officer John Sipher’s work rigorous and interesting, if not always persuasive. Which is why I find the shoddiness of this post — arguing, just as Republicans in Congress and litigious Russians start to uncover information about the Christopher Steele dossier, that the dossier is not garbage  — so telling.

I don’t think the Steele dossier is garbage.

But neither do I think it supports the claim that it predicted a lot of information we’ve found since, something Sipher goes to great pains to argue. And there are far more problems with the dossier and its production than Sipher, who claims to be offering his wisdom about how to interpret raw intelligence, lets on. So the dossier isn’t garbage (though the story behind its production may well be). But Sipher’s post is. And given that it appears to be such a desperate — and frankly, unnecessary — attempt to reclaim the credibility of the dossier, it raises questions about why he feels the need.

Making and claiming accuracy for a narrative out of raw intelligence

Sipher’s project appears to be taking what he admits is raw intelligence and providing a narrative that he says we should continue to use to understand Trump’s Russian ties.

Close to the beginning of his piece, Sipher emphasizes that the dossier is not a finished intelligence report, but raw intelligence; he blames the media for not understanding the difference.

I spent almost thirty years producing what CIA calls “raw reporting” from human agents.  At heart, this is what Orbis did.  They were not producing finished analysis, but were passing on to a client distilled reporting that they had obtained in response to specific questions.  The difference is crucial, for it is the one that American journalists routinely fail to understand.

[snip]

Mr. Steele’s product is not a report delivered with a bow at the end of an investigation.  Instead, it is a series of contemporaneous raw reports that do not have the benefit of hindsight.

Sipher explains that you need analysts to make sense of these raw reports.

The onus for sorting out the veracity and for putting the reporting in context against other reporting – which may confirm or deny the new report – rests with the intelligence community’s professional analytic cadre.

He then steps into that role, an old clandestine services guy doing the work of the analysts. The result, he says, is a narrative he says we should still use — even in the wake of eight months of aggressive reporting since the dossier came out — in trying to understand what went on with the election.

As a result, they offer an overarching framework for what might have happened based on individuals on the Russian side who claimed to have insight into Moscow’s goals and operational tactics.  Until we have another more credible narrative, we should do all we can to examine closely and confirm or dispute the reports.

[snip]

Looking at new information through the framework outlined in the Steele document is not a bad place to start.

How to read a dossier

One thing Sipher aspires to do — something that would have been enormously helpful back in January — is explain how an intelligence professional converts those raw intelligence reports into a coherent report. He describes the first thing you do is source validation.

In the intelligence world, we always begin with source validation, focusing on what intelligence professionals call “the chain of acquisition.”  In this case we would look for detailed information on (in this order) Orbis, Steele, his means of collection (e.g., who was working for him in collecting information), his sources, their sub-sources (witting or unwitting), and the actual people, organizations and issues being reported on.

He goes to great lengths to explain how credible Steele is, noting even that he “was the President of the Cambridge Union at university.” I don’t dispute that Steele is, by all accounts, an accomplished intelligence pro.

But Sipher unwisely invests a great deal of weight into the fact that the FBI sought to work with Steele.

The fact that the FBI reportedly sought to work with him and to pay him to develop additional information on the sources suggest that at least some of them were worth taking seriously.  At the very least, the FBI will be able to validate the credibility of the sources, and therefore better judge the information.  As one recently retired senior intelligence officer with deep experience in espionage investigations quipped, “I assign more credence to the Steele report knowing that the FBI paid him for his research.  From my experience, there is nobody more miserly than the FBI.  If they were willing to pay Mr. Steele, they must have seen something of real value.”

This is flat-out dumb for two reasons. First, it is one of the things the GOP has used to discredit the dossier and prosecution — complaining (rightly) that the FBI was using a document designed as opposition research, possibly even to apply for a FISA warrant. If the FBI did that, I’m troubled by it.

More importantly, the actual facts about whether FBI did pay Steele are very much in dispute, with three different versions in the public record and Chuck Grassley claiming the FBI has been giving conflicting details about what happened (it’s likely that FBI paid Steele’s travel to the US but not for the dossier itself).

WaPo reported that Steele had reached a verbal agreement that the FBI would pay him to continue his investigation of Russia’s involvement with Trump after still unnamed Democrats stopped paying him after the election. CNN then reported that FBI actually had paid Steele for his expenses. Finally, NBC reported Steele backed out of the deal before it was finalized.

If the FBI planned to pay Steele, but got cold feet after Steele briefed David Corn for a piece that made explicit reference to the dossier, it suggests FBI may have decided the dossier was too clearly partisan for its continued use. In any case, citing a “recently retired senior intelligence officer” claiming the FBI did pay Steele should either be accompanied by a “BREAKING, confirming the detail no one else has been able to!” tag, or should include a caveat that the record doesn’t affirmatively support that claim.

After vouching for Steele (again, I don’t dispute Steele’s credentials), Sipher lays out the other things that need to happen to properly vet raw intelligence, which he claims we can’t do.

The biggest problem with confirming the details of the Steele “dossier” is obvious: we do not know his sources, other than via the short descriptions in the reports.  In CIA’s clandestine service, we spent by far the bulk of our work finding, recruiting and validating sources.  Before we would ever consider disseminating an intelligence report, we would move heaven and earth to understand the access, reliability, trustworthiness, motivation and dependability of our source.  We believe it is critical to validate the source before we can validate the reliability of the source’s information.  How does the source know about what he/she is reporting?  How did the source get the information?  Who are his/her sub-sources?  What do we know about the sub-sources?  Why is the source sharing the information?  Is the source a serious person who has taken appropriate measures to protect their efforts?

The thing is, we actually know answers to two of these questions. First, Steele’s sources shared the information (at least in part) because they were paid. [Update, 11/15: According to CNN, Glenn Simpson testified that Steele did not pay his sources. That somewhat conflicts with suggestions made by Mike Morell, who said Steele paid intermediaries who paid his sources, but Simpson’s testimony may simply be a cute legal parse.] That’s totally normal for spying, of course, but if Sipher aspires to explain to us how to assess the dossier, he needs to admit that money changes hands and that’s just the way things are done (again, that’s all the more important given that it’s one of the bases the GOP is using to discredit the report).

More importantly, Sipher should note that Steele worked one step removed — from London, rather than from Moscow — than an intelligence officer otherwise might. The reports may still be great, but that additional step introduces more uncertainty into the validation. It’s all the more important that Sipher address these two issues, because they’re the ones the GOP has been and will continue to use to discredit the dossier.

Ultimately, though, in his section on vetting the document, Sipher doesn’t deal with some key questions about the dossier. Way at the end of his piece, he questions whether we’re looking at the entire dossier.

We also don’t know if the 35 pages leaked by BuzzFeed is the entirety of the dossier.  I suspect not.

He doesn’t raise two other key questions about the provenance of the dossier we’ve been given, some of which I laid out when the dossier came out when I also noted that the numbering of the dossier by itself makes it clear it’s not the complete dossier. Importantly: is the copy of the dossier leaked to BuzzFeed an unaltered copy of what Steele delivered to Fusion, in spite of the weird textual artifacts in it? And how and why did the dossier get leaked to BuzzFeed, which Steele has told us was not one of the six outlets that he briefed on its contents.

Finally, Sipher includes the obligation to “openly acknowledge the gaps in understanding” outside of the section on vetting, which is telling given that he notes only a few of the obvious gaps in this dossier.

Sipher claims the dossier predicted what wasn’t known

So there are a lot of aspects of vetting Sipher doesn’t do, whether or not he has the ability to. But having done the vetting of checking Steele’s college extracurricular record, he declares the dossier has proven to be “stunningly accurate.”

Did any of the activities reported happen as predicted?

To a large extent, yes.

The most obvious occurrence that could not have been known to Orbis in June 2016, but shines bright in retrospect is the fact that Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump, as the U.S. intelligence community itself later concluded.  Well before any public knowledge of these events, the Orbis report identified multiple elements of the Russian operation including a cyber campaign, leaked documents related to Hillary Clinton, and meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents.  Mr. Steele could not have known that the Russians stole information on Hillary Clinton, or that they were considering means to weaponize them in the U.S. election, all of which turned out to be stunningly accurate.

Now as I said above, I don’t believe the dossier is junk. But this defense of the dossier, specifically as formulated here, is junk. Central to Sipher’s proof that Steele’s dossier bears out are these claims:

  • Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump
  • The Orbis report identified multiple elements of the Russian operation including
    • A cyber campaign
    • Leaked documents related to Hillary Clinton
    • Meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents

As I’ll show, these claims are, with limited exceptions, not actually what the dossier shows. Far later into the dossier, the reason Sipher frames it this way is clear. He’s taking validation from recent details about the June 9, 2016 meeting.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

The Steele dossier was way behind contemporary reporting on the hack-and-leak campaign

I consider the dossier strongest in its reports on early ties between Trump associates and Russians, as I’ll lay out below. But one area where it is — I believe this is the technical term — a shit-show is the section claiming the report predicted Russia’s hacking campaign.

Here’s how Sipher substantiates that claim.

By late fall 2016, the Orbis team reported that a Russian-supported company had been “using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Hackers recruited by the FSB under duress were involved in the operations. According to the report, Carter Page insisted that payments be made quickly and discreetly, and that cyber operators should go to ground and cover their tracks.

[snip]

Consider, in addition, the Orbis report saying that Russia was utilizing hackers to influence voters and referring to payments to “hackers who had worked in Europe under Kremlin direction against the Clinton campaign.” A January 2017 Stanford study found that “fabricated stories favoring Donald Trump were shared a total of 30 million times, nearly quadruple the number of pro-Hillary Clinton shares leading up to the election.”  Also, in November, researchers at Oxford University published a report based on analysis of 19.4 million Twitter posts from early November prior to the election.  The report found that an “automated army of pro-Trump chatbots overwhelmed Clinton bots five to one in the days leading up to the presidential election.”  In March 2017, former FBI agent Clint Watts told Congress about websites involved in the Russian disinformation campaign “some of which mysteriously operate from Eastern Europe and are curiously led by pro-Russian editors of unknown financing.”

The Orbis report also refers specifically to the aim of the Russian influence campaign “to swing supporters of Bernie Sanders away from Hillary Clinton and across to Trump,” based on information given to Steele in early August 2016. It was not until March 2017, however, that former director of the National Security Agency, retired Gen. Keith Alexander in Senate testimony said of the Russian influence campaign, “what they were trying to do is to drive a wedge within the Democratic Party between the Clinton group and the Sanders group.”

Here’s what the dossier actually shows about both kompromat on Hillary and hacking.

June 20: In the first report, issued 6 days after the DNC announced it had been hacked by Russia, and 5 days after Guccifer 2.0 said he had sent stolen documents to WikiLeaks, the dossier spoke of kompromat on Hillary, clearly described as years old wiretaps from when she was visiting Russia. While the report conflicts internally, one part of it said it had not been distributed abroad. As I note in this post, if true, that would mean the documents Natalia Veselnitsaka shared with Trump folks on June 9 was not the kompromat in question.

July 19: After Guccifer 2.0 had released 7 posts, most with documents, and after extended reporting concluding that he was a Russian front, the second report discussed kompromat — still seemingly meaning that dated FSB dossier — as if it were prospective.

July 26: Four days after WikiLeaks released DNC emails first promised in mid-June, Steele submitted a report claiming that Russian state hackers had had “only limited success in penetrating the ‘first tier’ of foreign targets. These comprised western (especially G7 and NATO) governments, security and intelligence services and central banks, and the IFIs.” There had been public reports of FSB-associated APT 29’s hacking of such targets since at least July 2015, and public reporting on their campaigns that should have been identified when DNC did a Google search in response to FBI’s warnings in September 2015. It’s stunning anyone involved in intelligence would claim Russia hadn’t had some success penetrating those first tier targets.

Report 095: An undated report, probably dating sometime between July 26 and July 30, did state that a Trump associate admitted Russia was behind WikiLeaks release of emails, something that had been widely understood for well over a month.

July 30: A few weeks before WikiLeaks reportedly got the second tranche of (Podesta) emails, a report states that Russia is worried that the email hacking operation is spiraling out of control so “it is unlikely that these [operations] would be ratcheted up.”

August 5: A report says Dmitry Peskov, who is reportedly in charge of the campaign, is “scared shitless” about being scapegoated for it.

August 10: Just days before WikiLeaks purportedly got the Podesta tranche of emails, a report says Sergei Ivanov said “Russians would not risk their position for the time being with new leaked material, even to a third party like WikiLeaks.”

August 10: Months after a contentious primary and over two weeks after Debbie Wasserman Schultz’s resignation during the convention (purportedly because of DNC’s preference for Hillary), a report cites an ethnic Russian associate of Russian US presidential candidate Donald TRUMP campaign insider, not a Russian, saying the email leaks were designed to “swing supporters of Bernie SANDERS and away from Hillary CLINTON and across to TRUMP.” It attributes that plan to Carter Page, but does not claim any Russian government involvement in that strategy. Nor would it take a genius for anyone involved in American politics to pursue such a strategy.

August 22: A report on Manafort’s “demise” doesn’t mention emails or any kompromat.

September 14: Three months after Guccifer 2.0 first appeared, the dossier for the first time treated the Russians’ kompromat as the emails, stating that more might be released in late September. That might coincide with Craig Murray’s reported contact with a go-between (Murray has been very clear he did not ferry the emails themselves though he did have some contact in late September).

October 12: A week after the Podesta emails first started appearing, a report states that “a stream of further hacked CLINTON materials already had been injected by the Kremlin into compliant media outlets like Wikileaks, which remained at least “plausibly deniable”, so the stream of these would continue through October and up to the election, something Julian Assange had made pretty clear. See this report for more.

October 18, 19, 19: Three reports produced in quick succession describe Michael Cohen’s role in covering up the Trump-Russia mess, without making any explicit (unredacted) mention of emails. See this post on that timing.

December 13: A virgin birth report produced as the US intelligence community scrambled to put together the case against Russia for the first time ties Cohen to the emails in unredacted form).

What the timeline of the hacking allegations in the Steele dossier (and therefore also “predictions” about leaked documents) reveal is not that his sources predicted the hack-and-leak campaign, but on the contrary, he and his sources were unbelievably behind in their understanding of Russian hacking and the campaign generally (or his Russian sources were planting outright disinformation). Someone wanting to learn about the campaign would be better off simply hanging out on Twitter or reading the many security reports issued on the hack in real time.

Perhaps Sipher wants to cover this over when he claims that, “The Russian effort was aggressive over the summer months, but seemed to back off and go into cover-up mode following the Access Hollywood revelations and the Obama Administration’s acknowledgement of Russian interference in the fall, realizing they might have gone too far and possibly benefitted Ms. Clinton.” Sure, that’s sort of (though not entirely) what the dossier described. But the reality is that WikiLeaks was dropping new Podesta emails every day, Guccifer 2.0 was parroting Russian (and Republican) themes about a rigged election, and Obama was making the first ever cyber “red phone” call to Moscow because of Russia’s continued probes of the election infrastructure (part of the Russian effort about which both the dossier and Sipher’s post are silent).

The quotes Sipher uses to defend his claim are even worse. The first passage includes two clear errors. The report in question was actually the December 13 one, not “late fall 2016” one. And the Trump associate who agreed (in the alleged August meeting in Prague, anticipating that Hillary might win) to making quick payments to hackers was Michael Cohen, not Carter Page. [Update, 12/10/17: Just Security has fixed this error.] Many things suggest this particular report should be read with great skepticism, not least that it post-dated both the disclosure of the existence of the dossier and the election, and that this intelligence was offered up to Steele, not solicited, and was offered for free.

Next, Sipher again cites the December 13 report to claim Steele predicted something reported in a November Oxford University report (and anyway widely reported by BuzzFeed for months), which seems to require either a time machine or an explanation for why Steele didn’t report that earlier. He attributes a quote sourced to a Trump insider as indicating Russian strategy, which that report doesn’t support. And if you need Keith Alexander to suss out the logic of Democratic infighting that had been clear for six months, then you’re in real trouble!

Sipher would have been better off citing the undated Report 095 (which is another report about which there should be provenance questions), which relies on the same ethnic Russian Trump insider as the August 10 report, which claims agents/facilitators within the Democratic Party and Russian émigré hackers working in the United States — a claim that is incendiary but (short of proof that the Al-Awan brothers or Seth Rich really were involved) — one that has not been substantiated.

In short, the evidence in the dossier simply doesn’t support the claim it predicted two of the three things Sipher claims it does, at least not yet.

The dossier is stronger in sketchy contacts with Russians

The dossier is stronger with respect to some, but not all Trump associates. But even there, Sipher’s defense demonstrates uneven analytic work.

First, note that Sipher relies on “renowned investigative journalist” Michael Isikoff to validate some of these claims.

Renowned investigative journalist Michael Isikoff reported in September 2016 that U.S. intelligence sources confirmed that Page met with both Sechin and Divyekin during his July trip to Russia.

[snip]

A June 2017 Yahoo News article by Michael Isikoff described the Administration’s efforts to engage the State Department about lifting sanctions “almost as soon as they took office.”

Among the six journalists Steele admits he briefed on his dossier is someone from Yahoo.

The journalists initially briefed at the end of September 2016 by [Steele] and Fusion at Fusion’s instruction were from the New York Times, the Washington Post, Yahoo News, the New Yorker and CNN. [Steele] subsequently participated in further meetings at Fusion’s instruction with Fusion and the New York Times, the Washington Post and Yahoo News, which took place in mid-October 2016.

That the Yahoo journalist is Isikoff would be a cinch to guess. But we don’t have to guess, because Isikoff made it clear it was him in his first report after the dossier got leaked.

Another of Steele’s reports, first reported by Yahoo News last September, involved alleged meetings last July between then-Trump foreign policy adviser Carter Page and two high-level Russian operatives, including Igor Sechin — a longtime associate of Russian President Vladimir Putin who became the chief executive of Rosneft, the Russian energy giant.

In other words, Sipher is engaging in navel-gazing here, citing a report based on the Steele dossier, to say it confirms what was in the Steele dossier.

Sipher similarly cites a NYT article that was among the most criticized for the way it interprets “senior Russian intelligence officials” loosely to include anyone who might be suspect of being a spook.

We have also subsequently learned of Trump’s long-standing interest in, and experience with Russia and Russians.  A February 2017 New York Times article reported that phone records and intercepted calls show that members of Trump’s campaign and other Trump associates had repeated contacts with senior Russian officials in the year before the election.  The New York Times article was also corroborated by CNN and Reuters independent reports.

The two reports he claims corroborate the NYT one fall far short of the NYT claim about talks with Russian intelligence officials — a distinction that is critical given what Sipher claims about Sergey Kislyak, which I note below.

Carter Page

Sipher cites the Carter Page FISA order as proof that some of these claims have held up.

What’s more, the Justice Department obtained a wiretap in summer 2016 on Page after satisfying a court that there was sufficient evidence to show Page was operating as a Russian agent.

But more recent reporting, by journalists Sipher elsewhere cites approvingly, reveals that Page had actually been under a FISA order as early as 2014.

Page had been the subject of a secret intelligence surveillance warrant since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.

Paul Manafort

I have no complaint with Sipher’s claims about Manafort — except to the extent he suggests Manafort’s Ukrainian corruption wasn’t know long before the election. Sipher does, however, repeat a common myth about Manafort’s influence on the GOP platform.

The quid pro quo as alleged in the dossier was for the Trump team to “sideline” the Ukrainian issue in the campaign.  We learned subsequently the Trump platform committee changed only a single plank in the 60-page Republican platform prior to the Republican convention.  Of the hundreds of Republican positions and proposals, they altered only the single sentence that called for maintaining or increasing sanctions against Russia, increasing aid for Ukraine and “providing lethal defensive weapons” to the Ukrainian military.  The Trump team changed the wording to the more benign, “appropriate assistance.”

Republicans have credibly challenged this claim about the platform. Bob Dole is credited with making the platform far harsher on China in the service of his Taiwanese clients. And Trump’s team also put in language endorsing the revival of Glass-Steagall, with support from Manafort and/or Carl Icahn.

Michael Cohen

Sipher’s discussion of Trump lawyer Michael Cohen is the weirdest of all, not least because the Cohen reports are the most incendiary but also because they were written at a time when Steele had already pitched the dossier to the media (making it far more likely the ensuing reports were the result of disinformation). Here’s how Sipher claims the Steele dossier reports have been validated.

We do not have any reporting that implicates Michael Cohen in meetings with Russians as outlined in the dossier.  However, recent revelations indicate his long-standing relationships with key Russian and Ukrainian interlocutors, and highlight his role in a previously hidden effort to build a Trump tower in Moscow. During the campaign, those efforts included email exchanges with Trump associate Felix Sater explicitly referring to getting Putin’s circle involved and helping Trump get elected.

Go look at that “recent revelations” link. It goes to this Josh Marshall post which describes its own sourcing this way:

TPM Reader BR flagged my attention to this 2007 article in The New York Post.

[snip]

Because two years ago, in February 2015, New York real estate trade sheet The Real Deal reported that Cohen purchased a $58 million rental building on the Upper East Side.

This is not recent reporting!! Again, this is stuff that was publicly known before the election.

More importantly, given Cohen’s rebuttal to the dossier, Marshall supports a claim that Cohen has ties to Ukraine, not Russia. The dossier, however, claims Cohen has ties to the latter, as Cohen mockingly notes.

Felix Sater

Then there are the Trump associates who are now known to have been central to any ties between Trump and the Russians that the Steele dossier didn’t cite — as least not as subjects (all could well be sources, which raises other questions). The first is Felix Sater, whom Sipher discusses three times in suggesting that the dossier accurately predicts Cohen’s involvement in the Russian negotiations.

To take one example, the first report says that Kremlin spokesman Dmitry Peskov was responsible for Russia’s compromising materials on Hillary Clinton, and now we have reports that Michael Cohen had contacted Peskov directly in January 2016 seeking help with a Trump business deal in Moscow (after Cohen received the email from Trump business associate Felix Sater saying “Our boy can become president of the USA and we can engineer it. I will get all of Putins team to buy in on this.”).

[snip]

Following the inauguration, Cohen was involved, again with Felix Sater, to engage in back-channel negotiations seeking a means to lift sanctions via a semi-developed Russian-Ukrainian plan (which also included the hand delivery of derogatory information on Ukrainian leaders) also fits with Orbis reporting related to Cohen.

Given that Sater’s publicly known links between mobbed up Russians and Trump go back a decade, why isn’t he mentioned in the dossier? And why does the dossier seemingly contradict these claims about an active Trump Tower deal?

Aras Agalarov and Rinat Akhmetshin

There are far more significant silences about two other Trump associates, Aras Agalarov and Rinat Akhmetshin.

To be fair, the dossier isn’t entirely silent about the former, noting in at one place that Agalarov would be the guy to go to to learn about dirt on Trump in Petersburg (elsewhere he could be a source).

Far, far more damning is the dossier’s silence (again, at least as a subject rather than source) about Akhmetshin. That’s long been one of the GOP complaints about the dossier — that Akhmetshin was closely involved with Fusion GPS on Magnitsky work in parallel with the Trump dossier, which (if Akhmetshin really is still tied to Russian intelligence) would provide an easy feedback loop to the Russians. The dossier’s silence on someone well known to Fusion GPS is all the more damning given the way that Sipher points to the June 9 meeting (which the dossier didn’t report, either) as proof that the dossier has been vindicated.

It was also apparently news to investigators when the New York Times in July 2017 published Don Jr’s emails arranging for the receipt of information held by the Russians about Hillary Clinton. How could Steele and Orbis know in June 2016 that the Russians were working actively to elect Donald Trump and damage Hillary Clinton?

[snip]

To take another example, the third Orbis report says that Trump campaign manager Paul Manafort was managing the connection with the Kremlin, and we now know that he was present at the June 9 2016 meeting with Donald Trump, Jr., Russian lawyer Natalia Veselnitskaya and Rinat Akhmetshin, who has reportedly boasted of his ties to ties and experience in Soviet intelligence and counterintelligence.  According to a recent New York Times story, “Akhmetshin told journalists that he was a longtime acquaintance of Paul J. Manafort.”

There’s no allegation that investigations didn’t know about June 2016 plan to hurt Hillary (indeed, the Guccifer 2.0 stuff that Sipher ignores was public to all). Rather they didn’t know — but neither did Fusion, who has an established relationship with Akhmetshin — about the meeting involving Akhmetshin. If you’re going to claim the June 9 meeting proves anything, it’s that the dossier as currently known has a big hole right in Fusion’s client/researcher list.

Sergey Kislyak

Which brings me — finally! — to Sipher’s weird treatment of Sergey Kislyak. Sipher argues (correctly) that Trump associates’ failure to report details of their contacts with Russians may support a conspiracy claim.

 Of course, the failure of the Trump team to report details that later leaked out and fit the narrative may make the Steele allegations appear more prescient than they otherwise might.  At the same time, the hesitancy to be honest about contacts with Russia is consistent with allegations of a conspiracy.

Of course, Trump’s folks have failed to report details of that June 9 meeting as well as meetings with Sergey Kislyak. Having now invested his vindication story on that June 9 meeting, he argues that reports about Kislyak (on which the NYT article he cites approvingly probably rely) are misguided; we need to look to that June 9 meeting intead.

It should be noted in this context, that the much-reported meetings with Ambassador Kislyak do not seem to be tied to the conspiracy. He is not an intelligence officer, and would be in the position to offer advice on politics, personalities and political culture in the United States, but would not be asked to engage in espionage activity.  It is likewise notable that Ambassador Kislyak receives only a passing reference in the Steele dossier and only having to do with his internal advice on the political fallout in the U.S. in reaction to the Russian campaign.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

This seems utterly bizarre. We know what happened after June 9, in part: Per Jared Kushner (who also is not mentioned in the dossier or Sipher’s column), immediately after the election Kislyak started moving towards meeting about Syria (not Ukraine). But in the process, Kushner may have asked for a back channel and at Kislyak’s urging, Kushner took a meeting with the head of a sanctioned bank potentially to talk about investments in his family’s debt-ridden empire. And all that is the lead-up to the Mike Flynn calls with Kislyak about sanctions relief which provide some of the proof that Trump was willing to deliver the quo that the dossier claims got offered for quids.

That latter story — of the meetings Kushner and Flynn did in the wake of the election and events that may have taken place since — is every bit as coherent a narrative as the Steele dossier or the entirely new narratives tied to the June 9 meeting (which Sipher claims are actually the Steele narrative).

Of course, neither is yet evidence of collusion. And that’s, frankly, what we as citizens should be after.

A narrative offered up by an intelligence contractor who was always trying to catch up to the central part of the story — the hack-and-leak — is not what we should be striving for. That’s why this dossier is probably mostly irrelevant to the Mueller probe, no matter how the GOP would like to insinuate the opposite. If there was collusion (or rather, coordination on all this stuff between the campaign and Russia), we should expect evidence of it. The Steele dossier, as I have noted, left out one of the key potential proofs of that, in spite of having ties with someone who attended the meeting.

All that said, it would be useful for someone responsible to respond to GOP criticisms and, where invented (such as with the claim that Steele paying sources diminishes its value), demonstrate that. It would be useful for someone to explain what we should take from the dossier.

Sipher didn’t do that, though. Indeed, his post largely suffers from the same bad analysis he accuses the media of.

Update: In the original I got the date of the final report incorrect. That has been corrected.

Update, 12/10/17: I didn’t realize it, but Just Security updated Sipher’s post to include this language, which it explains with an editor’s note saying “Editor’s note: This article was update to provide additional analysis on Carter Page.” Compare this with this. Here’s the language.

Admittedly, Isikoff’s reporting may have relied on Steele himself for that information. Isikoff, however, also reported that U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it. There are also other indicia that are also consistent with the Orbis report but only developed or discovered later. In early December 2016, Page returned to Moscow where he said he had “the opportunity to meet with an executive from” Sechin’s state oil company. In April 2017, Page confirmed that he met with and passed documents to a Russian intelligence officer in 2013. Court documents include an intercept in April 2013 of conversations between the Russians discussing their effort to recruit Page as “as an intelligence source.” A Russian intelligence officer said of Page: “He got hooked on Gazprom … I don’t know, but it’s obvious that he wants to earn lots of money … For now his enthusiasm works for me. I also promised him a lot … You promise a favor for a favor. You get the documents from him and tell him to go fuck himself.” In late December 2016, Sechin’s chief of staff, Oleg Erovinkin “who may have been a source for ex-British spy Christopher Steele’s Trump dossier,” according to multiple reports, was found dead in the back of his car in Moscow.

But this passage introduces new errors for Sipher’s post!

First, here’s the language (in an article Just Security never links) Sipher relies on to justify using Isikoff’s Steele-based reporting to claim Steele had been proven correct.

After one of those briefings, Senate minority leader Harry Reid wrote FBI Director James Comey, citing reports of meetings between a Trump adviser (a reference to Page) and “high ranking sanctioned individuals” in Moscow over the summer as evidence of “significant and disturbing ties” between the Trump campaign and the Kremlin that needed to be investigated by the bureau.

Some of those briefed were “taken aback” when they learned about Page’s contacts in Moscow, viewing them as a possible back channel to the Russians that could undercut U.S. foreign policy, said a congressional source familiar with the briefings but who asked for anonymity due to the sensitivity of the subject. The source added that U.S. officials in the briefings indicated that intelligence reports about the adviser’s talks with senior Russian officials close to President Vladimir Putin were being “actively monitored and investigated.”

A senior U.S. law enforcement official did not dispute that characterization when asked for comment by Yahoo News. “It’s on our radar screen,” said the official about Page’s contacts with Russian officials. “It’s being looked at.”

It is true that “U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it,” and that Harry Reid was leaking from the Steele dossier just like Isikoff was. But the “senior US law enforcement officer” does not back the identities of those Page met with, just that “it’s being looked at.”

That’s important for the way that Page’s meetings with people other than Igor Sechin have been used to claim the dossier has borne out. Not-A = A. Which is what Sipher does here, by pointing to Page saying he met with Rosneft but not Sechin. “Page says he was not referring to Sechin in his remarks,” the linked AP story says (as does Page’s congressional testimony).

Then Sipher points to language unsealed in a court filing in January 2015 that Page admitted — after reporting on it — was him. That Page was wrapped up in an earlier Russian spy prosecution is another of those things one might ask why Steele didn’t know, particularly given that the filing and the case was already public.

But the citation also exacerbates the problems with Sipher’s reliance on Page’s FISA wiretap as proof the Steele dossier proved out. As I noted above, later reports stated Page had been under FISA wiretap “since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.” That means it wasn’t the meetings in Russia, per se, that elicited the interest, but (at least) the earlier interactions with Russian spies.

Finally, Sipher points to the death of Oleg Erovinkin, something I’ve pointed to myself (and which would only be “Carter Page” analysis if Page actually had met with Sechin). Since Sipher updated this post, however, Luke Harding wrote (on page 101),

Steele was adamant that Erovinkin wasn’t his source and “not one of ours.”

As a person close to Steele put it to me: “Sometimes people just die.”

I’m not sure I find Harding entirely reliable elsewhere, and I can see why Steele would deny working with Erovinkin if the leak of his work had gotten the man killed. But if you buy Harding, then Erovinkin no longer proves the value of the Steele dossier either.

Update, 12/10: According to the Wayback Machine this change was made between October 25 and November 6. Ryan Goodman explained that he didn’t give me a hat-tip for this correction because he’s not sure whether he corrected because of me because a Daily Caller reporter also weighed in.

It is true that Chuck Ross (with whom I discuss the dossier regularly) tweeted that Sipher’s Isikoff reference was self-confirming on November 4, shortly before the change was made.

Ryan and I had a conversation about the errors in this piece on September 6, when the post first came out, both on Twitter then–late that evening–on DM. I included a link to my post.

I guess Ryan is now confessing he never read this post, and let notice of egregious errors sit unreviewed for two months, because he didn’t like my tone.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Guccifer 2.0: What about those DCCC and “Clinton Foundation” documents

In this post, I addressed one recent and one not-recent research finding pertaining to Guccifer 2.0 (I had already raised both of them, but I addressed them at more length). I pointed out the conclusions of the research itself (that Guccifer 2.0 put Russian metadata in the first documents he released intentionally, just as he had put the name Felix Dzerzhinsky in one; and that some files released by proxy in September were copied locally) were not that controversial and certainly don’t refute the Intelligence Community conclusion that Russia was behind these hacks.

I also pointed out something that came out of that and related research — the understanding that the documents Guccifer 2.0 first released weren’t the DNC documents released to WikiLeaks at all, and so had absolutely no bearing on the question of whether Guccifer 2.0 provided the DNC documents to WikiLeaks. The NYer’s Raffi Khatchadourian used that same data as part of his argument that Russia was clearly working with WikiLeaks.

Cui bono from DCCC documents

Not only does all this analysis focus on the DNC when it really should focus on Hillary documents, but it almost entirely ignores the later documents Guccifer 2.0. For example, here’s how Adam Carter dismisses the import of the DCCC documents in considering attribution.

The documents he posted online were a mixture of some from the public domain (eg. already been published by OpenSecrets.org in 2009), were manipulated copies of research documents originally created by Lauren Dillon (see attachments) and others or were legitimate, unique documents that were of little significant damage to the DNC. (Such as the DCCC documents)

The DCCC documents didn’t reveal anything particularly damaging. It did include a list of fundraisers/bundlers but that wasn’t likely to cause controversy (the fundraising totals, etc. are likely to end up on sites like OpenSecrets, etc within a year anyway). – It did however trigger 4chan to investigate and a correlation was found between the DNC’s best performing bundlers and ambassadorships. – This revelation though, is to be credited to 4chan. – The leaked financial data wasn’t, in itself, damaging – and some of the key data will be disclosed publicly in future anyway.

Even ignoring that some of these documents provided the DCCC’s views of races and candidates, the notion that data will one day become public in no way minimizes the value of having that data in time for an electoral race, which is what Guccifer 2.0’s release of them did.

Even Khatchadourian simply nods at what, given the timing, are likely the DCCC documents. After laying out what are suggestions of pressure Assange’s source is exerting on WikiLeaks in the early summer, he reveals that in August, Guccifer 2.0 considered leaking documents through Emma Best (who, notably, had just linked the Turkish emails that WikiLeaks would get blamed for at the end of July).

In mid-August, Guccifer 2.0 expressed interest in offering a trove of Democratic e-mails to Emma Best, a journalist and a specialist in archival research, who is known for acquiring and publishing millions of declassified government documents. Assange, I was told, urged Best to decline, intimating that he was in contact with the persona’s handlers, and that the material would have greater impact if he released it first.

Given the mid-August date, those emails are likely the DCCC emails that Guccifer 2.0 first announced on August 12 by publishing the contact information of members and their key staffers (one of the several things over the course of the operation that got suppressed by providers). While Khatchadourian doesn’t dwell on what happened to them instead of release via Best, it is significant: Guccifer 2.0 reached out to local journalists to report on the state-level data. That is, for a limited set of what must have been available at DCCC, a set focused on swing states (which, contrary to what Carter suggests, cannot be bracketed off from the top of the ticket in a presidential year), Guccifer 2.0 worked to magnify these documents too, with mixed success.

It’s hard to imagine why anyone associated with the Democratic party or Crowdstrike  — who both have been accused of being the real insiders behind the Wikileaks documents — would release those documents, no matter how uninteresting people outside of politics find them. Likewise, even the most bitter Bernie supporter would have little reason to help Republicans get elected to Congress. Leaking boring but useful documents that benefit just Republicans doesn’t even fit with the hacktivist persona Guccifer 2.0 presented as. That leaves GOPers, as well as the Russians if they were siding with the GOP, with sufficient motive to hack and leak them.

Moreover, given questions about whether Republicans incorporated data made available by Russia in their own data analysis, the release of these documents may have provided a way to do that while maintaining plausible deniability. This stuff could get more interesting now, given that Ron DeSantis, who benefitted from these state level leaks, wants to cut the Mueller investigation short.

What about Guccifer 2.0’s Clinton Foundation headfake?

Which brings us to some other still unexplained events from last year: Roger Stone’s promises that WikiLeaks would release the Clinton Foundation emails in early October. A lot gets missed in the public narrative of that period. Stone turned out to repeatedly promise files, only to be wrong, which (on its face, anyway) undermines Democratic accusations he was in cahoots with WikiLeaks. And ultimately, WikiLeaks didn’t publish the Clinton Foundation files; instead, it released the Podesta document that included excerpts of Hillary’s speeches. Though — again, contrary to what the Democrats now complain — those were completely drowned out by the Access Hollywood release. No one mentions, either, that Stone sort of sulked away, uninterested in WikiLeaks emails anymore, moving on to Bill Clinton rape allegations. What happened?

Here’s what I laid out in April.

CNN has a timeline of many of Stone’s Wikileaks related comments, which actually shows that in August, at least, Stone believed Wikileaks would release Clinton Foundation emails (a claim that derived from other known sources, including Bill Binney’s claim that the NSA should have all the Clinton Foundation emails).

It notes, as many timelines of Stone’s claims do, that on Saturday October 1 (or early morning on October 2 in GMT; the Twitter times in this post have been calculated off the unix time in the source code), Stone said that on Wednesday (October 5), Hillary Clinton is done.

Fewer of these timelines note that Wikileaks didn’t release anything that Wednesday. It did, however, call out Guccifer 2.0’s purported release of Clinton Foundation documents (though the documents were real, they were almost certainly mislabeled Democratic Party documents) on October 5. The fact that Guccifer 2.0 chose to mislabel those documents is worth further consideration, especially given public focus on the Foundation documents rather than other Democratic ones. I’ll come back to that.

Throughout the week — both before and after the Guccifer 2.0 release — Stone kept tweeting that he trusted the Wikileaks dump was still coming.

Monday, October 3:

Wednesday, October 5 (though this would have been middle of the night ET):

Thursday, October 6 (again, this would have been nighttime ET, after it was clear Wikileaks had not released on Wednesday):

On October 7, at 4:03PM, David Fahrenthold tweeted out the Access Hollywood video.

On October 7, at 4:32 PM, Wikileaks started releasing the Podesta emails.

Stone didn’t really comment on the substance of the Wikileaks release. In fact, even before the Access Hollywood release, he was accusing Bill Clinton of rape, and he continued in that vein after the release of the video, virtually ignoring the Podesta emails.

Two parts of this narrative now look very different, given what we know now. As noted, Kachadourian argues that Guccifer 2.0 served as a pressure point for WikiLeaks, pushing Assange to release things on the persona’s timeline. I’ve long been puzzled (for obvious reasons) by Guccifer 2.0’s response to my tweet, calling out his supposed October 4 release of Clinton Foundation documents as the bullshit it was.

There was no private conversation behind this — Guccifer 2.0 and I never spoke by DM. My guess is he chose to respond to my tweet because Glenn Greenwald immediately responded to me and took my debunking seriously, though Guccifer 2.0’s response was quick — within 45 minutes. And only after that tweet did he follow me. It was a rare unsolicited response to someone, and it was one of maybe three tweets he sent responding to a criticism. (Interesting side note: I realized when reviewing his tweets that a few of Guccifer 2.0’s tweets appear in Twitter’s count but are not visible.) In other words, Guccifer 2.0 apparently wanted to respond to my debunking, perhaps because Greenwald found them credible, thereby sustaining the claim he really had Clinton Foundation emails. But it happened at a time when Stone, too, was pushing WikiLeaks to release Clinton Foundation emails.

Now couple that information with the details of GOP rat-fucker Peter Smith’s attempt to hunt down Clinton Foundation emails. As Matt Tait describes, close to the July 22 release of the the DNC emails, Smith contacted him already having been contacted by someone who claimed to have copies of Hillary’s Clinton Foundation emails.

Over the course of a long phone call, he mentioned that he had been contacted by someone on the “Dark Web” who claimed to have a copy of emails from Secretary Clinton’s private server, and this was why he had contacted me; he wanted me to help validate whether or not the emails were genuine.

The WSJ explained that Smith could never authenticate any of the emails he got pitched, which is why they weren’t ever published, and recommended they be dealt to WikiLeaks.

So what if someone actually did deal those emails to WikiLeaks, authentic or not? What if Guccifer 2.0 somehow knew that? It would explain Stone’s certainty they’d come out, Guccifer 2.0’s attempt to claim he had them, and the back-and-forth in early October.

Incidentally, the latest stink in the right wing noise machine is that a guy trying to obtain more Hillary related emails via FOIA got denied because the public interest doesn’t outweigh Hillary’s privacy interests. [Deleted: this was one of the fake Assange accounts–thanks to  Arbed for heads up.] Assange claim he has duplicates.

To be clear, I don’t believe those are Clinton Foundation emails. But I find the possibility that Assange may still be getting and releasing materials damning to Hillary.

Guccifer 2.0’s other propaganda

Finally, it’s worth noting that these reassessments of Guccifer 2.0 largely look at the documents he released, out of context of the things he said.

I think that’s particularly problematic given this last two posts, which align with activities alleged to have ties to Russia. His second-to-last post was typically nonsensical (the FEC’s networks have nothing to do with vote counting). But it attributed any tampering with software to Democrats.

INFO FROM INSIDE THE FEC: THE DEMOCRATS MAY RIG THE ELECTIONS

I’d like to warn you that the Democrats may rig the elections on November 8. This may be possible because of the software installed in the FEC networks by the large IT companies.

As I’ve already said, their software is of poor quality, with many holes and vulnerabilities.

I have registered in the FEC electronic system as an independent election observer; so I will monitor that the elections are held honestly.

I also call on other hackers to join me, monitor the elections from inside and inform the U.S. society about the facts of electoral fraud.

We’ve since learned (most recently in this NYT piece) that there was more risk of tampering with the vote count than initially revealed. And no matter whether or not you believe the Russians did it, there is no credible reason why Democrats would target turnout that they needed to win the election. This message, Guccifer 2.0’s last before the election, could only serve to give pre-emptive cover for any tampering that did get discovered.

Finally, there’s Guccifer 2.0’s last post, bizarrely posted months after he seemed to be done, capitalizing on legitimate complaints about the first Joint Analysis Report released on December 29 to suggest the evidence implicating him as Russian is fake.

The technical evidence contained in the reports doesn’t stand up to scrutiny. This is a crude fake.

Any IT professional can see that a malware sample mentioned in the Joint Analysis Report was taken from the web and was commonly available. A lot of hackers use it. I think it was inserted in the report to make it look a bit more plausible.

But several things are interesting about this post (in addition to the way it coincided with what Shadow Brokers claimed was going to be his last post). In spite of using the singular “this” to refer to the “reports,” Guccifer 2.0 claims that several reports tie him to Russia.

The U.S. intelligence agencies have published several reports of late claiming I have ties with Russia.

But the JAR actually doesn’t mention him at all. What does mention him is the Intelligence Community Assessment.

We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets.

Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists.

Guccifer 2.0’s silence about the ICA is all the more interesting given that the post — dated January 12 and so immediately after the leak of the Steele dossier — doesn’t mention that, but says the Obama Administration would release more fake information in the coming week.

Certainly, those who believe Guccifer 2.0 is not Russian even while noting his many false claims will take this post as gospel. But it’s worth noting that it doesn’t actually refute the substance of the claims made about Guccifer 2.0, rather than Russia.

Reassessing the Role of Guccifer 2.0 Should Not Terrify Analysts

I’m glad folks are still poking around the Guccifer 2.0 documents, and applaud the openness of the researchers to respond to criticism. Frankly, it’s a model those who made initial claims about Guccifer 2.0 — most egregiously, that Cyrillic metadata in a document adopting the name of Felix Dzerzhinsky would not be every bit as intentional as that graffiti — should adopt. There were errors in the early analysis of the Guccifer 2.0 persona (such as the assumption he was publishing DNC documents), that, with hindsight, are more clear. One particularly annoying one is the logic that because Guccifer 2.0 got caught pretending to be Romanian — a claim he backed off of in his FAQ a week later in any case — he had to be Russian. The unwillingness to revise early analysis only feeds the distrust of the Russian attribution.

That said, in my opinion nothing about the new analysis undermines the claim of Russian attribution, and the majority of the known evidence does support it (and has since been backed — for example — by Facebook, which has its own set of global data to draw from).

Update: I thought Stone was involved in the Smith effort. This article describes him as chatting to Guccifer 2.0 at the direction of Smith.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republican operatives, including Trump confidant Roger Stone—to Russian government hackers.)

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.