Posts

Fun with Dr. Corsi’s “Forensics”!

By far the most ridiculous part of Jerome Corsi’s book is where he spends an entire chapter pretending that he figured out on his own that WikiLeaks had John Podesta’s emails rather than being told that by someone whose identity he’s trying to avoid sharing with Mueller’s team.

The chapter is one of three in the book that he presents as having been written in real time, effectively as diary entries. Corsi presents it as the fevered narrative he writes on November 18, 2018, at a time when Mueller’s team was cracking down on him for his continued lies but before he refused the plea deal, after a night of nightmares.

Last night, I was plagued by nightmares that caused me to sleep very poorly.

His change in voice is followed with an even more direct address to readers, which he returns to as an interjection in the middle of his crazed explanation.

I am going to write this chapter to explain to you, the reader, how I used my basic intuitive skills as a reporter to figure out in August 2016 that Assange had Podesta’s emails, that Assange planned to start making the Podesta file public in October 2016, and that Assange would release the emails in a serial, day-by-day fashion, right up to election day.

[snip]

Now, I know this is tedious and will tax many readers, so I’ve decided here to take a break. You have to understand what I am going through is a roller-coaster. Sometimes I feel like everything is normal and that the federal government will understand that I am a reporter and should be protected by the First Amendment. Then, I realize that the next ring of the doorbell could be the FBI seeking to handcuff me and arrest me in full view of my family.

Resuming after a much-needed break, we need only a few more dates to complete the analysis.

The chapter consists of three things, none of which even remotely presents a case for how he could have concluded WikiLeaks was sitting on John Podesta’s emails:

  • An argument that claims he simply reasoned it all out, without proof
  • A chronology that makes no sense given the July and August 2016 emails he’s trying to explain away
  • Other crap theories designed to undermine Mueller’s argument about Russian involvement, most of which post-date the date when Corsi claims to have figured out the Podesta emails were coming

Corsi’s “argument”

Corsi’s main argument is this:

Clearly, I reasoned there had to have been Podesta emails on that server that would have discussed the Clinton/DNC plot to deny Bernie Sanders the Democratic Party presidential nomination in 2016. Where were these Podesta emails, I wondered?

[snip]

I felt certain that if Assange had Podesta’s emails he would wait to drop them in October 2016, capturing the chance to stage the 2016 “October Surprise,” a term that had been in vogue in U.S. presidential politics since 1980 when Jimmy Carter lost re-election to Ronald Reagan, largely because the Reagan camp finessed Ayatollah Khomeini to postpone the release of the hostages from the American embassy in Tehran until after that year’s November election. I also figured that Assange would release the Podesta emails in drip-drip fashion, serially, over a number of days, stretching right up to the Election Day. In presidential politics, the news cycle speeds up, such that what might take a month or a week to play out in a normal news cycle might take only a day or two in the heightened intensity of a presidential news cycle—especially a presidential news cycle in October, right at Election Day is nearing.

In spite of his claims, elsewhere, to have done forensic analysis that told him John Podesta’s emails were coming, ultimately his argument boils down to this: he figured out that Podesta’s emails (which he purportedly hadn’t read) would be the most damning possible thing and therefore WikiLeaks must have and intend to release them in a serial release because it made sense.

Corsi’s chronology

From there, Corsi proceeds to spin out the following bullshit about how he came to that conclusion:

  • Starting in February 2016, a woman named LH whose ex-husband was a former top NSA figure told him [why?] incorrect things about how the Democrats organize their servers. This information seems to be inflected by the flap over VAN space the previous December, but Corsi doesn’t mention that. This information is wrong in many of the ways later skeptics of the Russian hack would be wrong, but Corsi claims he had that wrong understanding well in advance of the crowd.
  • When Assange announced on June 12 that he had upcoming Hillary leaks, Corsi was “alerted to the possibility Assange had obtained emails from the DNC email server,” which he took to mean VAN.
  • When the WaPo reported on the DNC hack on June 14, 2016, Corsi took Democrats’ (false) reassurances about financial data to be true, matched it to his incorrect claimed understanding of how the Democrats organized their data, and assumed VAN had been hacked (this is the day before Guccifer 2.0 would claim he got in through VAN, remember). Corsi also claims to have noted from the WaPo story that Perkins Coie and Crowdstrike were involved, the latter of which he tied to Google’s Eric Schmidt (who was helping Dems on tech), which together he used to suggest that in real time he believed the Democrats had “manufactured” evidence to pin the hack on the Russians. Again, Corsi is suggesting he got to the conspiracy theories it took the rest of Republicans a year to get to, but in real time.
  • Corsi incorrectly read the Crowdstrike white paper (on which the WaPo story was obviously based and which Ellen Nakashima had had for about a week, and which includes an update written in response to the appearance of Guccifer 2.0) as a response to Guccifer 2.0’s post on June 15 and — in spite of the WaPo report that Cozy Bear had been “monitoring DNC’s email and chat communications” — concluded that the hackers had not taken email.
  • After the DNC emails were released, Corsi had what he claims was his big insight: that these emails largely came from DNC’s Comms Director and their finance staffers, which meant Podesta’s (and DWS’, which he logically should but did not, pursue) had to be what was left. Mind you, the former point is something WikiLeaks made clear on its website:

On July 22, 2016, Wikileaks began releasing over two days a total of 44,053 emails and17,761 email attachments from key figures in the DNC. What I noticed immediately was that the largest number of emails by far came from DNC Communications Director Luis Miranda (10,520 emails), who had approximately three-times the emails released for the next highest on the list, National Finance Director Jordon Kaplan (3,799 emails) and Finance Chief of Staff Scott Corner (3,095 emails). What I noticed immediately was that emails from Debbie Wasserman Schultz and John Podesta were missing. Yet, by analyzing the addresses in the emails, it was clear the “From,” “To,” and or “CC” listings indicate the email was sent by or to an addressee using the DNC email server, identified as @dnc.org.

  • In his narrative of how he “figured out” there must be Podesta emails, he relies not on the July 25 NBC story he cites earlier in his book, quoting Assange saying there was “no proof” the emails came from Russia (and suggesting his set were a different one than the ones analyzed by cybersecurity experts), but a CNN story he dates to July 26 but which got updated early morning July 27, citing Assange saying, “Perhaps one day the source or sources will step forward and that might be an interesting moment some people may have egg on their faces. But to exclude certain actors is to make it easier to find out who our sources are;” Corsi also cites a July 27 NYMag story citing the CNN one. Corsi claims that as he was listening to this interview, he realized that Assange had Podesta emails “lifted from the DNC server,” which would be incorrect even if it were true, given that Podesta’s emails were from his Gmail account.

Listening to this interview on CNN, all the pieces fit in place for me. Assange had Podesta emails that were also lifted from the DNC server and these were the emails he was holding to drop later in the campaign.

  • Corsi describes “the last piece of the puzzle” to be Seth Rich’s death on July 10, 2016, but which occurred before Assange’s post DNC release interviews, in one of which Assange suggested his sources were still alive to “step forward,” then points to Assange’s offer of a reward for information leading to a conviction on August 9. This happened after he had already suggested to Stone that Podesta’s emails were coming.

None of this explains how Corsi would not have decided that Clinton Foundation emails were what was missing, which is what Stone believed when he instructed Corsi to reach out to Ted Malloch on July 25, the day before the Assange interviews Corsi says led him to conclude WikiLeaks instead had Podesta’s emails. And much of it assumes that a unified hack occurred (otherwise it would be impossible to decide what was coming from what had already been released), an assumption he claims not to believe in much of the rest of his crap.

Corsi’s crap

In addition to that chronology, though, Corsi throws in a bunch of crap meant to discredit the evidence laid out in the Mueller GRU indictment. Much of this evidence post-dates the moment he claims he figured out that WikiLeaks had Podesta’s emails, which makes it irrelevant to his theory, nevertheless Corsi throws it out there.

  • Corsi takes the Guccifer 2.0 leak of DCCC files to Aaron Nevins — which didn’t happen until over a month after he told Stone that WikiLeaks had Podesta emails — to be “proof” not just that Guccifer 2.0 only hacked DNC files, which he again asserts incorrectly came from VAN, but also that Guccifer 2.0 had not hacked emails.
  • Corsi claims that Guccifer 2.0 “never bragged that he hacked the DNC email server that contained the Podesta emails,” even though Guccifer 2.0 did brag that WikiLeaks had published documents he gave them after the DNC leak.
  • Corsi claims that Guccifer 2.0 published donor lists and voter analysis at DCLeaks, which is generally inaccurate (indeed, some Podesta files came out via DCLeaks!), but also admits a tie between Guccifer 2.0 and DCLeaks that would either rely on contemporary reporting that asserted a tie, the GRU indictment, or some personal knowledge not otherwise explained.
  • Corsi claims that, unlike Marcel Lazar, “Guccifer 2.0 has never been positively identified let alone arrested,” without explaining how he’s sure that the 12 GRU officers Mueller indicted don’t amount to positively identifying the people running Guccifer 2.0. Indeed, rather than addressing that indictment, Corsi instead tries to rebut the Intelligence Community Assessment’s “high confidence” attribution of Guccifer 2.0 to GRU, which he claims relies on ‘tradecraft’ that relies on circumstantial evidence at best, presuming a hacker leaves a signature.” In the ICA, that discussion appears in a section that also notes that “Some analytic judgments are based directly on collected information,” as the Mueller indictment makes clear the GRU one was.
  • Corsi claims the Vault 7 release suggesting the CIA has a tool to falsely attribute its own hacks “undermined” the IC’s attribution of Cozy Bear and Fancy Bear, without realizing that’s a different issue from whether the CIA, NSA, and FBI can correctly attribute the hack (though if the Russians obtained those files in the weeks after Joshua Schulte allegedly stole them in 2016, it would have made it harder for CIA to chase down the Russians).
  • Corsi initially argues, providing no evidence except that he’s sure the DNC emails come from the DNC email server and not NGP-VAN or Hillary’s private server, that, “While the DNC email server could have been hacked by an outside agent, what is equally plausible is that the emails could have been stolen by someone on the inside of the DNC, perhaps an employee with their own @dnc.org email address.” He then feeds the Seth Rich conspiracy.
  • Corsi uses what he claims to have learned about serialization in a college course covering Dickens (but details of which, regarding the history of Dickens’ serialization, he gets entirely wrong) to explain how he knew the Podesta emails would come out in a serialized release.
  • Corsi dismisses the possibility the Russians used a cut-out with this garble:

The attempt to distinguish is disingenuous, suggesting the Russians may have been responsible for the hack, turning the information to a third party, not the Russians or a state actor, who handed WikiLeaks the emails and thus became “the source.”

  • Corsi cites the Nation’s August 9, 2017 version of the Bill Binney theory purportedly proving that a set of files purporting to be from the DNC — which were never released by WikiLeaks — were copied inside the US and also noting that the Russian metadata in the first Guccifer 2.0 documents was placed there intentionally. As I noted at the time, the two theories actually don’t — at all — disprove the claim that Russia hacked the DNC. But they’re even worse for Corsi’s claims, because (even though the set of files were called NGP/VAN) they undermine his false claim about the Democrats’ servers and they acknowledge that the files he said disproved that Guccifer 2.0 had Podesta files actually were Podesta files.

These things are utterly irrelevant to the soundness of Corsi’s own claim to have been able to guess that the Podesta emails were coming and — as I note — a number of them sharply contradict what he claims to believe.

Corsi’s mistaken notion of his role in proving “collusion”

But the crap does serve Corsi’s larger point, which is to undermine what he imagines Mueller’s theory of “collusion” to be.

Mueller & Company had decided the Trump campaign somehow encouraged Russia to steal the DNC emails and give them to Assange, so WikiLeaks could publish them. Then to establish “Russian collusion” with the Trump campaign, Mueller was out to connect his own dots. The Mueller prosecutors had been charged with the mission to grill me until

I would “give up” my source to Assange. I was their critical “missing link.” If Rhee, Zelinsky, and Goldstein only got me to confess, Mueller figured he could connect the dots from Roger Stone to me to Assange, and from Assange back again to me, and from me to Roger Stone, who would feed the information to Steve Bannon, then chairing the Trump campaign.

The final dots, the Mueller prosecutors assumed, would connect Bannon to Trump and the “Russian collusion” chain of communication would be complete. The only problem was that I did not have a source connecting me to Assange, so Mueller’s chain-link narrative does not connect.

While I actually think it possible that Corsi’s shenanigans may have harmed the neatness of Mueller’s case against Stone, perhaps even leading Mueller to charge Stone only with the obstruction charges rather than in a larger conspiracy, it doesn’t affect the understanding with which Mueller seems to be approaching the Don Jr side of any conspiracy, in which Trump’s son accepted a meeting offering dirt, thinking the family might make $300 million off it, and promised policy considerations that — even before he was sworn into office — his father took steps to pay off.

That conspiracy remains, even if Mueller can’t show that at the same time, Trump was maximizing the advantage of the WikiLeaks releases via his old political advisor Roger Stone.

But who knows? Perhaps Mueller may one day prove that, too?

One other thing that’s worth noting, however: As I laid out above, Corsi doesn’t just attempt to explain how he came to guess that WikiLeaks would release John Podesta’s emails. In the guise of doing that, he lays out what amounts to the Greatest Hits of the Denialist Conspiracies, throwing every possible claim mobilized to undermine the conclusion that Russia hacked the Democrats out there, even the ones that undermine Corsi’s own claimed beliefs.

And, as Corsi himself notes, Mueller has Corsi’s Google searches.

Truthfully, I was astounded because it seemed as if the FBI had studied me down to knowing the key strokes that I had used on my computer to do Google searches for articles. I realized my Google file would have much information about my locations and my Internet searches, but the way Zelinsky drilled down on how I wrote this article was shocking.

Repeatedly Zelinsky had warned me that I had no idea how truly extensive the Special Counselor’s investigation had been. Now, I imagined an army of FBI computer specialists at Quantico mapping out my every electronic communication in 2016, including my emails, my cellphone calls, and my use of the laptop and the Internet to conduct my research and write my various articles and memos.

They actually know whether he read this stuff (notably, the NBC, CNN, and NYMag articles he cites from late July 2016) in real time or only after the fact. They know when Corsi downloaded a bunch of other things (including the Guccifer 2.0 releases), and they know whether he read the GRU indictment. The FBI has also likely obtained what he was doing in November, 2018, as he was writing this stuff.

So it may be that when Corsi’s book comes out in hard cover on March 12, Mueller’s team will  already have put together the forensic evidence to prove that Corsi’s claims about how he came by his own forensic analysis — and the rest of these conspiracies — are absolute bullshit. It is, admittedly, frightening how much the government can obtain about our contemporaneous thinking.

But it would be an ironic and just outcome for Corsi if Mueller’s best demonstration about the power of FBI’s forensic analysis comes not in the GRU indictment Corsi so studiously avoided mentioning in the entire book attempting to discredit it, but in proving Corsi’s own claims about forensics to be utterly false.

Corsi’s Timeline

March 16, 2016: WikiLeaks indexes FOIAed Hillary emails

June 12, 2016: Assange announces he has more information on Hillary

In that interview, Assange disclosed that WikiLeaks has “upcoming leaks in relation to Hillary Clinton,” though Assange distinguished the Hillary Clinton emails WikiLeaks possessed pending publication came from a different source than the emails from Hillary’s private email server. This alerted me to the possibility Assange had obtained emails from the DNC email server.

June 14, 2016: WaPo announces the DNC hack

June 15, 2016: Crowdstrike publicly releases white paper on DNC hack and Guccifer 2.0 first posts

July 10, 2016: Seth Rich’s murder

July 22, 2016: WikiLeaks releases the DNC emails

July 25, 2016: Stone emails Corsi asking him to Get to Assange to “get the pending WikiLeaks emails;” Corsi forwards the email to Ted Malloch

July 26, 2016: Assange tells CNN a lot more material is coming and refuses to exclude Russia as a source because “to exclude certain actors is to make it easier to find out who our sources are”

July 28, 2016: Corsi and his wife leave for Italy

July 31, 2016: Stone emails Corsi to “call me MON” instructing him to get Malloch to see Assange

August 2, 2016: Corsi emails Stone,

Word is friend in embassy plans 2 more dumps. One shortly after I’m back. 2nd in Oct. Impact planned to be very damaging.… Time to let more than Podesta to be exposed as in bed w enemy if they are not ready to drop HRC. That appears to be the game hackers are now about. Would not hurt to start suggesting HRC old, memory bad, has stroke — neither he nor she well. I expect that much of next dump focus, setting stage for Foundation debacle.

August 9, 2016: WikiLeaks offers $20,000 reward for information leading to conviction for murder of Seth Rich

August 12, 2016: Corsi returns from Italy

March 7, 2017: WikiLeaks starts to release Vault 7 documents, including an Umbrage file showing that CIA uses disinformation to hide which attacks it launches

May 25, 2017: WSJ reports on Aaron Nevins files that Guccifer 2.0 noted in real time; Corsi deems this (in a Murdoch paper) to be part of the anti-Stone narrative

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Jerome Corsi’s Theory of Roger the Rat-Fucker’s Mule Prosecution

I did something rash recently. I bought Jerome Corsi’s book, Silent No More.

It’s a … remarkable work of autobiographical fiction. It has two unbelievable chapters — one on how he met Stone and one claiming to describe how he figured out WikiLeaks had John Podesta’s emails; I’ll deal with the former in this post, and do a follow-up on the latter.

The rest of the book is a narrative of Corsi’s botched cooperation that is fairly clearly designed to provide all the details of his interactions with Mueller’s team to others, without, however, even clarifying details about events that should be central to the story.

Corsi continues to hide details of his Strip House trip with Stone

One of those missing details is what date Corsi introduced Stone to Ted Malloch over dinner at the Strip House in NYC. After that dinner, Stone had Corsi email two requests to Malloch, one of which is the email that appears in Corsi’s botched plea:

a. On or about July 25, 2016, Person 1 sent an email to CORSI with the subject line, “Get to [the founder of Organization 1].” The body of the message read: “Get to [the founder of Organization 1] [a]t Ecuadorian Embassy in London and get the pending [Organization 1] emails . . . they deal with Foundation, allegedly.” On or about the same day, CORSI forwarded Person 1’s email to the overseas individual.

b. On or about July 31, 2016, Person 1 emailed CORSI with the subject line, “Call me MON.” The body of the email read in part that the overseas individual “should see [the founder of Organization 1].”

c. On or about August 2, 2016, CORSI responded to Person 1 by email. CORSI wrote that he was currently in Europe and planned to return in mid-August. CORSI stated: “Word is friend in embassy plans 2 more dumps. One shortly after I’m back. 2nd in Oct. Impact planned to be very damaging.… Time to let more than [the Clinton Campaign chairman] to be exposed as in bed w enemy if they are not ready to drop HRC [Hillary Rodham Clinton]. That appears to be the game hackers

A second request from Stone — which Corsi says was sent August 16 — Corsi describes as being limited to Bernie Sanders’ brother, but at least one other description I’ve heard about may also include a reference to WikiLeaks.

Here’s the context of Corsi’s two references to that dinner and his description of the August 16 email:

After meeting Roger Stone in February 2016, I arranged a dinner in New York City with Roger and Ted Malloch, a strong supporter of Donald Trump, for the next time both were in New York City at the same time. Malloch was anxious to assist the Trump campaign and he hoped Malloch [sic] could arrange to have him appointed to Trump’s presidential advisory staff—a hope that never materialized.

[snip]

On Tuesday, August 16, 2016, I sent Ted Malloch an email in the U.K., asking Ted if he could find Bernie Sanders’ brother who was in the U.K. at that time. My email to Malloch continued: “He (Bernie Sanders brother) is on the record of saying he plans to vote for Trump. Roger Stone suggested you might track down Sanders’ brother.” This was the third request Stone made of Malloch. At the dinner in New York City when I introduced Roger to Ted, Roger asked Ted to research Bill Clinton’s time as a Rhodes Scholar at Oxford. Roger believed Bill Clinton had been dismissed from the program because Clinton had raped a female graduate student at Oxford. Then, on July 25, 2016, I passed Roger’s email onto Ted, asking Ted to go see Assange in London. Ted waned [sic] an advisory position with the Trump campaign and Stone believed Malloch could improve his chances by scoring on one of these three requests. To the best of my recollection, Ted never said anything to me to suggest he had succeeded on any of the three requests.

One published version of the dinner puts it in late February or March, almost immediately after Corsi met Stone.

Corsi told the Guardian he introduced Malloch to Stone over steaks at the Strip House in midtown Manhattan in late February or March 2016. Mueller’s investigators “wanted to know about the dinner”, he said. When asked if Assange was discussed during the meal, Corsi said he was not a “human tape recorder”.

I think the actual date of the meeting is later, but if that date is right — given the possibility that WikiLeaks came up at the meeting — it would have Stone pursuing information about what WikiLeaks had around the same time as (possibly even before) the Russians first hacked John Podesta on March 19.

Update: One other detail of Corsi’s suppression of details about Malloch. In the book, he describes the only time he met with Trump during the campaign.

During the campaign, I only recall seeing Trump once up close, and that was as Trump was entering the elevator at Trump Tower. On that occasion, Trump jokingly pointed at me and said, “That’s trouble there.” The last time I recall having a telephone conversation with Trump was in 2011.

Elsewhere, however, he made it clear that that exchange happened with Malloch.

Corsi said he spoke to Trump only once during the 2016 presidential campaign. It happened when he brought London-based conservative author Ted Malloch to Trump Tower to show him the campaign headquarters and possibly meet Trump. Corsi said Malloch was interested in potentially doing policy work for the campaign.

Shortly after Corsi and Malloch entered the lobby, Trump happened to be getting into the elevator, Corsi said.

“We said hello. Trump points to me and he points to Malloch and he says, ‘There’s trouble there,'” Corsi said. “And he laughs, we laugh, and that’s the only time I spoke to Donald Trump [during the campaign].”

Corsi never explains what crime he stopped short of committing with Stone

The book is also entirely inconsistent with the fact that before Corsi first lied to Mueller’s prosecutors, his lawyer, David Gray, suggested that Corsi had had the opportunity to engage in, but stopped short of, committing some crime.

Gray said he was confident that Corsi has done nothing wrong. “Jerry Corsi made decisions that he would not take actions that would give him criminal liability,” he added, declining to elaborate.

Asked if Corsi had opportunities to take such actions, Gray said, “I wouldn’t say he was offered those opportunities. I would say he had communications with Roger Stone. We’ll supply those communications and be cooperative. My client didn’t act further that would give rise to any criminal liability.”

As I note here, Gray’s pre-interview comments make it really hard for Corsi to claim faulty memory.

Corsi emphasizes Stone’s ongoing, yet deniable, role in Trump’s campaign

I raise those two details as background to what Corsi lays out in the chapter called, Meet Roger Stone. It describes:

  • Meeting Stone for the first time on February 22, 2016
  • Claiming that Stone’s campaign role as an “outside adviser” was intentionally designed to give Trump plausible deniability regarding Stone’s “various maneuvers”
  • Learning that — at least in February 2016 — Stone spoke to Trump every day and got him to adopt about 70% of his suggestions
  • Giving Stone the credit for getting Paul Manafort hired

And then it goes into a theory of Stone’s crime, real or imagined, I’m not sure which.

Corsi avoids the GRU indictment like the plague but nevertheless suggests Stone could be the mule

Mind you, I’m not sure if this is Corsi’s theory about what Stone actually did or what he thinks Mueller thinks Stone did (the theory is somewhat inconsistent with what Corsi suggests Mueller thinks Stone did as presented later in the book, which is more focused on Julian Assange). In part, it addresses what he seems to think Democrats suspect about Stone.

Democratic opponents of Trump raised the question that if Roger Stone had known in advance that Assange was holding the Podesta emails, as evidenced by his tweet on August 21, was it possible Stone had colluded with the Russians and with WikiLeaks? Had all this happened by accident or were the WikiLeaks DNC email drops just Roger Stone’s crowning achievement in a career distinguished by dirty tricks. Put simply: Did Roger Stone coordinate with Russia to steal the DNC emails and give them to WikiLeaks, having having arranged with Assange in advance a strategy to use the hacked DNC emails to prevent Hillary from achieving the White House?

But it ends by suggesting that when he was first subpoenaed, he “suspected immediately” that he was a key link in a theory that (bizarrely) had Stone serving as a mule between Guccifer 2.0 and WikiLeaks (it’s worth noting that Corsi claims to believe, erroneously, that the Podesta emails came from a DNC server, in which case the reference could be about the Podesta emails).

On August 28, 2018, when I was served the subpoena from the Mueller grand jury, I suspected immediately the prosecutors in the Special Counsel office were in possession of evidence that suggested I might have been the link between Stone and Assange. As David Gray and I prepared to go to Washington, we speculated Mueller may have targeted me as the link who provided Stone his advance knowledge in August 2016 that Assange possessed DNC emails from John Podesta that WikiLeaks planned to release serially over a number of days as the 2016 “October Surprise,” designed to deal a knock-out punch to the Clinton campaign. If I was Stone’s link to Assange, was this the connection with WikiLeaks that Stone used to get WikiLeaks the Guccifer 2.0 hacks of the DNC computers?

The theory relies on a really weird timeline of the relevant events, which I’ve reproduced below. Several things stick out about the timeline. First, Corsi dates WikiLeaks’ indexing of Hillary’s FOIAed emails as part of WikiLeaks’ election year activities (something he continues later in the book). That’s interesting because of Cambridge Analytica’s related efforts in that early period (not to mention the funding of an attack on Hillary as being close to Russia), as well as the way a WikiLeaks’ request for Hillary’s speech transcripts precedes the John Podesta hack. If Corsi knows that that indexing was part of a larger campaign (and as I’ll show in the follow-up post, he does know stuff about WikiLeaks he should not), then it suggests that he knows that WikiLeaks knew the hacks were coming.

The timeline is also weird for the way it jumps over all the exchanges between Stone and Corsi in the aftermath of the DNC email release, details that are absolutely central to the rest of the narrative in the book.

It’s oddest, however, in the way this chapter makes no mention of the initial Guccifer 2.0 posts, even though in his chapter purporting to explain how he knew Podesta’s emails were coming, Corsi admits to having tracked those releases very closely (and links two of the posts). Just as notably, Corsi’s narrative only mentions Mueller’s GRU indictment indirectly (an odd habit he continues in his Podesta explanation), instead relying on the 2018 coverage of the indictment for his claims about what’s in it. Even there, however, Corsi doesn’t link the coverage (not even Fox!) where Stone admitted he’s the person cited in the GRU indictment. This leads Corsi to treat the mention of Stone in the GRU indictment to be merely “suspect” rather than confirmed.

Clearly, Stone’s tweets with Guccifer 2.0 target him as a likely suspect for that person, especially given that Stone remained in regular contact with Trump even after Stone resigned as Trump’s political advisor.

Perhaps both those choices are just attempts to avoid acknowledging familiarity with the evidence that would utterly disprove his later whack theories about the Podesta emails (which go well beyond the Podesta emails). But it seems to adopt a very indirect method to avoid admitting that, yes, Stone was DMing with  Guccifer 2.0, but that nothing in the public record suggests those DMs were criminal in any way.

Let me be clear: There’s nothing in the public record that suggests Stone had a role in getting any files from the Russians to WikiLeaks (though I considered the possibility Guccifer 2.0 was a source for the men here). But the handoff of the Podesta emails is part of the operation that remains unexplained. And even while Corsi goes to great lengths to spin up this theory of Stone’s prosecution, he (a guy who puts his PhD in his Twitter handle) studiously avoids the primary sources that make this case.

Timeline

February 22, 2016: Stone and Corsi first meet

March 16, 2016: First WikiLeaks drop (in reality, indexing of documents obtained via FOIA)

July 13, 2016: Guccifer 2.0, a hacker who previously claimed to have breached the computers of the DNC, released a cache of purported DNC documents to The Hill

July 14, 2016: Guccifer 2.0 sends WikiLeaks link to archive of DNC documents [Corsi botches this section badly, in part by getting the year of the GRU indictment wrong]

July 22, 2016: DNC release “Julian Assange timed the release of the DNC emails to be the Friday before the DNC National Nominating Convention”

July 24, 2016: DWS resigns

July 24, 2016: Robby Mook announces Russia hacked emails “for the purpose of helping Donald Trump”

July 25, 2016: Assange tells NBC “there is no proof whatsoever” he got emails from Russia

August 21, 2016: Stone tweets “Podesta’s time in the barrel”

October 7, 2016: WikiLeaks starts dumping Podesta files

November 7, 2016: “final WikiLeaks post … dropped by WikiLeaks on November 7, 2016, three days after the presidential election was held.”

March 10, 2017: Stone post Corsi relies on to describes his DMs with Guccifer 2.0

July 13, 2018: WaPo story on Stone and the GRU indictment

July 15, 2018: NYT story on GRU indictment

August 28, 2018: Corsi subpoena

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Things Not Said in Roger Stone’s Indictment: “Trump Directed” and Other More Damning Details

I’m a leading purveyor of the theory that Robert Mueller is producing his mythical “report” via one after another speaking indictments. That said, it has always been true that some of the most interesting parts of his indictments involved what didn’t get said. That’s especially true in today’s Roger Stone indictment. Before I explain what didn’t get said, let me review what got said. The indictment shows that Stone was asked to figure out what emails on Hillary Julian Assange had, and using at least Jerome Corsi and Randy Credico as go-betweens, Stone did so, providing information (most explicitly) to Trump campaign manager Steve Bannon. When Congress asked Stone about all this, he lied, first hiding any of his go-betweens, and then seemingly using Randy Credico to hide Jerome Corsi. Mueller provides a lot of the communications between Stone and his go-betweens and the communications from October 2016, as well as some of the ones from the cover-up period.

But he doesn’t provide us everything.

I have argued that the early morning raid, not to mention the larding on of charges, suggest this is an effort to get Stone to flip, both against Jerome Corsi (which is why Meuller locked in testimony from Corsi’s stepson yesterday) and Trump himself.

With that in mind, here are the things that Mueller doesn’t say.

With whom — besides Campaign Manager Steve Bannon — at the Trump Campaign did Roger Stone speak

The word “campaign” shows up 52 times in Stone’s indictment, of which (by my count) 7 are generic references, 16 are to Hillary’s campaign or a descriptor for John Podesta, and 29 are to Trump’s campaign or associates of it. The indictment describes Stone’s discussions with people on the campaign over and over. While a number of those are to identified individuals — most notably Steve Bannon — a number of those are generic, including the following references.

During the summer of 2016, STONE spoke to senior Trump Campaign officials about Organization 1 and information it might have had that would be damaging to the Clinton Campaign. STONE was contacted by senior Trump Campaign officials to inquire about future releases by Organization 1.

[snip]

STONE also continued to communicate with members of the Trump Campaign about Organization 1 and its intended future releases.

[snip]

By in or around June and July 2016, STONE informed senior Trump Campaign officials that he had information indicating Organization 1 had documents whose release would be damaging to the Clinton Campaign.

[snip]

STONE thereafter told the Trump Campaign about potential future releases of damaging material by Organization 1.

It does so in an indictment that alleges (correctly, obviously) that one of Stone’s lies to the House Intelligence Committee that was material was whom he was speaking with on the campaign. The description of that lie cites the October 4 Bannon communication and the “supporter.” But it still leaves who else he spoke with unstated.

STONE’s False and Misleading Testimony About Communications with the Trump Campaign

35. During his HPSCI testimony, STONE was asked, “did you discuss your conversations with the intermediary with anyone involved in the Trump campaign?” STONE falsely and misleadingly answered, “I did not.” In truth and in fact, and as described above, STONE spoke to multiple individuals involved in the Trump Campaign about what he claimed to have learned from his intermediary to Organization 1, including the following:

a. On multiple occasions, STONE told senior Trump Campaign officials about materials possessed by Organization 1 and the timing of future releases.

And, of course, there’s this reference, which uses the word “directed” exactly a week after BuzzFeed got pilloried for using it about Trump.

After the July 22, 2016 release of stolen DNC emails by Organization 1, a senior Trump Campaign official was directed to contact STONE about any additional releases and what other damaging information Organization 1 had regarding the Clinton Campaign.

Mind you, this indictment had to have been approved in advance by Big Dick Toilet Salesman Matt Whitaker, and the last time he permitted prosecutors to name Individual-1 in an indictment, he got chewed out for it.

So maybe Mueller is not saying who else on the Trump campaign Stone was talking to (though we know he had frequent calls with Trump all through the campaign) to hide what else he knows. Maybe the Big Dick Toilet Salesman wouldn’t let Mueller lay this out (though I doubt that’s the case). Or maybe Mueller is just trying to avoid a second week in a row featuring headlines about what Trump “directed” his associates to do as part of the Russian conspiracy.

Corsi’s (and possibly Credico’s) role in the conspiracy

As I noted above, Mueller got aggressive with Stone to get him to flip on others. Obviously, the big prize is Trump. But there’s space for Stone to take his revenge on Jerome Corsi (and possibly even Randy Credico).

I suspect that Credico is not in any danger here. That said, he is described as a potential co-conspirator, Person 2, and did clearly discuss a conspiracy to obstruct HPSCI’s investigation. “‘Stonewall it. Plead the fifth. Anything to save the plan’ . . . Richard Nixon,” Stone wrote as he tried to persuade Credico not to testify to HPSCI.

There’s just one detail that makes me wonder if Credico was not fully truthful with Mueller. When Credico discussed Stone’s September request that he ask Assange about emails pertaining to Hillary’s efforts to undermine a Libyan peace effort with WSJ last year, he denied he had sent the request to either Assange or his lawyer Margaret Kunstler.

“Please ask Assange for any State or HRC e-mail from August 10 to August 30–particularly on August 20, 2011,” Mr. Stone wrote to Randy Credico, a New York radio personality who had interviewed Mr. Assange several weeks earlier. Mr. Stone, a longtime confidant of Donald Trump, had no formal role in his campaign at the time.

Mr. Credico initially responded to Mr. Stone that what he was requesting would be on WikiLeaks’ website if it existed, according to an email reviewed by the Journal. Mr. Stone, the emails show, replied: “Why do we assume WikiLeaks has released everything they have ???”

In another email, Mr. Credico then asked Mr. Stone to give him a “little bit of time,” saying he thought Mr. Assange might appear on his radio show the next day. A few hours later, Mr. Credico wrote: “That batch probably coming out in the next drop…I can’t ask them favors every other day .I asked one of his lawyers…they have major legal headaches riggt now..relax.”

Mr. Credico said in an interview with the Journal that he never passed the message on to Mr. Assange or his lawyers, but “got tired” of Mr. Stone “bothering” him, and so told Mr. Stone he had passed along the message.

The indictment says he in fact did forward the request to Kunstler.

On or about September 20, 2016, Person 2 forwarded the request to a friend who was an attorney with the ability to contact the head of Organization 1. Person 2 blind-copied STONE on the forwarded email.

That said, the indictment clearly remains silent about a lot of the details Mueller has incriminating Corsi in a cover-up (who, remember, prosecutors threatened to charge in a conspiracy to suborn perjury with respect to Stone’s testimony, and whose stepson Mueller locked into testimony before this indictment). The indictment includes this reference to a November discussion between Stone and Corsi.

On or about November 30, 2017, STONE asked Person 1 to write publicly about Person 2. Person 1 responded, “Are you sure you want to make something out of this now? Why not wait to see what [Person 2] does. You may be defending yourself too much—raising new questions that will fuel new inquiries. This may be a time to say less, not more.” STONE responded by telling Person 1 that Person 2 “will take the 5th—but let’s hold a day.”

But it remains silent on the report that Stone asked Corsi to write in August 2016 to establish a cover story, and it remains silent on whether Stone paid Corsi hush payments to stay silent after that.

Farage and Malloch and any other go-betweens

The indictment names Ted Malloch, though not as a co-conspirator.

On or about the same day, Person 1 forwarded STONE’s email to an associate who lived in the United Kingdom and was a supporter of the Trump Campaign.

[snip]

The body of the email read in part that Person 1’s associate in the United Kingdom “should see [the head of Organization 1].”

It doesn’t, however, put the Malloch references into context.

For example, it doesn’t reveal that — around the time someone “was directed” to get Stone to find out what WikiLeaks had — Stone and Alex Jones met with Nigel Farage at the RNC, which ultimately led to Farage joining Trump at a campaign event.

One night during the convention, Farage was introduced to Trump’s longtime adviser, the infamous political trickster, Roger Stone, at an Italian restaurant in The Flats district of Cleveland, according to both men.

Stone, who was accompanied that night by the Internet radio host and conspiracy theorist Alex Jones, said Farage’s main goal appeared to be to get a meeting with Trump.

The next day, Stone said, he tried to help by calling his former business partner, Paul Manafort – then Trump’s campaign chairman – and suggested that the Republican nominee get together with Farage. Manafort’s response was something along the lines of, “I’ll put a good word in,” Stone recalled.

Then, Stone met Ted Malloch — with Corsi — for dinner in NYC.

Asked about the nature of his relationship with Malloch, Stone said he did not know the other man well. He initially said he met Malloch three times but later said he recalled only two meetings with him.

Stone’s and Malloch’s first meeting was at a New York restaurant, Strip House, during the 2016 campaign. The two men dined with Jerome Corsi, a far-right political commentator and conspiracy theorist, Stone said.

Stone said his conversation with Malloch and Corsi at dinner was friendly but not memorable, and that they discussed “Brexit and globalism.” He added that they never discussed WikiLeaks, Assange, or Russia.

Stone, at least, is very sketchy about the timing of this, though it may actually precede when Stone asks Corsi to reach out to Malloch (indeed, might be the very reason he thought Corsi could get to Assange via Malloch).

That led to Farage’s campaign appearance with Trump on August 23.

Note, too, that the Stone indictment actually doesn’t say that Corsi is the go-between that Stone was hiding when he instead claimed Credico was his link to Assange. Indeed, of that go-between, he says he had only phone contact (though as I’ll write in a follow-up, that may have been for other reasons).

Particularly given Stone’s move to begin setting up a cover-story in August 2016, I’m not yet convinced we know who Stone’s real go-between is (and I’m still fairly certain that he and possibly Corsi had actual Podesta emails by then). He could have been working with Malloch directly. Or it could be someone else entirely.

Whoever it is, nothing in the Stone indictment tells us that for sure.

The Assange pardon

The Stone indictment is also silent about something that they have evidence — in the form of texts between Credico and Stone, surely among other things — that Stone tried to get Assange a pardon early last year.

In early January, Roger Stone, the longtime Republican operative and adviser to Donald Trump, sent a text message to an associate stating that he was actively seeking a presidential pardon for WikiLeaks founder Julian Assange—and felt optimistic about his chances. “I am working with others to get JA a blanket pardon,” Stone wrote, in a January 6 exchange of text messages obtained by Mother Jones. “It’s very real and very possible. Don’t fuck it up.” Thirty-five minutes later, Stone added, “Something very big about to go down.”

The recipient of the messages was Randy Credico, a New York-based comedian and left-leaning political activist whom Stone has identified as his back channel to WikiLeaks during the 2016 campaign—a claim Credico strongly denies. During the election, Stone, a political provocateur who got his start working for Richard Nixon’s presidential campaign, made statements that suggested he had knowledge of WikiLeaks’ plans to publish emails stolen from Hillary Clinton’s campaign chairman, John Podesta, and other Democrats, and his interactions with WikiLeaks have become an intense focus of special counsel Robert Mueller’s ongoing investigation into Russian election interference. As Mueller’s team zeroes in on Stone, they have examined his push for an Assange pardon—which could be seen as an attempt to interfere with the Russia probe—and have questioned at least one of Stone’s associates about the effort.

Particularly given that any pardon would have had to involve the one guy in the United States who can pardon Assange, it seems relevant to Mueller’s investigation. And yet it doesn’t show up in this indictment.

That’s something, then, that Stone could walk Mueller through as an effort to get rid of the 20-year witness tampering charge he faces.

Russia

Finally, the indictment remains mostly silent about Russia, particularly Roger Stone’s 180-turn on August 1 to claim that Russia may not have been behind the hack of the DNC. That’s all the more interesting given the way the indictment lays out the attribution to Russia made in mid-June.

On or about June 14, 2016, the DNC—through Company 1—publicly announced that it had been hacked by Russian government actors.

And then included Stone’s denial that Russia had hacked the DNC in his statement before HPSCI.

“These hearings are largely based on a yet unproven allegation that the Russian state is responsible for the hacking of the DNC and [the Clinton Campaign chairman] and the transfer of that information to [Organization 1].”

The indictment makes these two nods to attribution even as (as a number of people have observed) in their motion to seal Stone’s indictment, prosecutors deemed Stone’s indictment to be related to the GRU indictment, and his docket includes one of the DC AUSAs also on the Internet Research Agency case, Jonathan Kravis. (I’ve updated my running docket of Mueller and potentially related cases here.)

Remember, the GRU indictment describes (but doesn’t charge) Stone’s communications with Guccifer 2.0.

On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, wrote to a person who wasin regular contact with senior members of the presidential campaign of Donald J. Trump, “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?” On or about August 17, 2016, the Conspirators added, “please tell me if i can help u anyhow . . . it would be a great pleasure to me.” On or about September 9, 2016, the Conspirators, again posing as Guccifer 2.0, referred to a stolen DCCC document posted online and asked the person, “what do u think of the info on the turnout model for the democrats entire presidential campaign.” The person responded, “[p]retty standard.”

So prosecutors are saying that Stone’s crimes are more closely related to the actual Russian hack (which, remember, continued into September, after Stone deemed the DCCC analytics Guccifer 2.0 released to be “standard”) than they are to Flynn or Manafort or Papadopoulos or anyone else’s indictments.

Mind you, WikiLeaks appears as an unindicted co-conspirator in both the Stone and the GRU indictments, which may explain the connection.

But for some reason, Mueller thinks it important to note in Stone’s indictment that he pretended to believe Russia didn’t hack the DNC long after the hack had been attributed, without ever once mentioning that he had also spoken with the GRU persona dumping files.

Update: I’ve taken out the reference to Sam Nunberg, who says he’s not the person listed in this indictment.

Update: I’ve corrected this to reflect it was Jerome Corsi’s stepson who appeared before the grand jury Thursday. h/t AK

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Someone Has Already Been Charged for Most of the Actions the Steele Dossier Attributes to Michael Cohen

Because of a McClatchy story claiming two new details corroborating a Steele dossier claim that Michael Cohen had a meeting with people serving the interests of Putin’s Administration, people have gotten themselves into a tizzy again about what a smoking gun it would be if the allegations in the Steele dossier were proven true.

It’s an utterly bizarre tizzy, both because the allegations in the Steele dossier not only don’t match some more damning allegations Cohen has already pled guilty to, but because Mueller has already charged other people for some of the allegations about Cohen made in the dossier. In other words, the McClatchy story has people excited about the wrong allegations, rather than focusing on the damning things Cohen (and others) have already been charged with.

Indeed, most functional allegations made in the Steele dossier have already been publicly explained in either court filings or sworn testimony. That doesn’t rule out that Cohen had a role in some of them, however. Indeed, one detail from Cohen’s SDNY plea — that among the things Trump Organization reimbursed Cohen for in January 2017 was a $50,000 payment to a tech services company — actually could confirm a detail made in the dossier. But generally, Mueller and other entities have already explained away many of the allegations made against Cohen in the dossier.

I’ve put the substantive claims the Steele dossier made about Cohen below. I’ll take each and show public reporting that explains who did something attributed to Cohen in the dossier.

Cohen met with Russian Presidential Administration Legal Department officials

The central allegation involving Cohen is that he met with people from Putin’s Presidential Administration’s legal department or, in a later version, someone acting on their behalf.

By the time that allegedly happened in August or maybe September, however, Cohen had already established a paper trail with someone more central than some anonymous lawyers. Cohen’s Mueller plea describes Cohen receiving an email on January 20, 2016 from Dmitry Peskov’s personal assistant and shortly thereafter calling her. Somehow Mueller knows that the assistant “asked detailed questions and took notes.” The day after Cohen spoke with the personal assistant, someone from Putin’s office called Felix Sater.

Given that Cohen made reservations to travel to St. Petersburg (for a possible meeting directly with Putin) on June 9, then canceled those reservations on June 14 (after Russia’s role in the DNC hack was made public), those communications about a Trump Tower deal surely tie to the hack-and-leak operation.

It’s certainly possible that, later in the summer (or in the fall, during Cohen’s known trips to London), Cohen would attempt to reschedule that meeting, though the purpose was originally and probably would remain more central to a quid pro quo trading a Trump Tower and election assistance for sanctions relief and policy considerations. But having already exchanged easily collectable communications directly with Peskov’s office (whom the dossier calls “the main protagonist” in the operation), it’s not clear how helpful using Rossotrudnichestvo would be to hide the Trump role. Furthermore, there are other known cut-outs for related matters, including Steele dossier source Sergei Millian and the Agalrovs.

Cohen aimed to contain the Paul Manafort scandal

The three Cohen reports in October all claim that Cohen got involved to tamp down scandals connecting Trump to Russia. That’s not, at all, far-fetched. After all, Cohen was Trump’s fixer and he told a bunch of lies to Congress in an effort to hide Trump’s Moscow Project.

That said, a filing explaining why Mueller might have to mention the Trump campaign in Manafort’s aborted DC trial and a filing in Alex Van der Zwaan’s prosecution show that Manafort and Rick Gates themselves — with the direct involvement of Oleg Deripaska associate Konstantin Kilimnik — worked to contain this scandal.

As Mueller laid out in numerous ways, the Manafort-Gates-Kilimnik team went on a crime spree in the fall trying to cover up their past activities with Russian-backed oligarchs.

Indeed, that a claim that Cohen managed this pushback (and its timing) appeared in the dossier is particularly tantalizing for two reasons. First, one of the things Manafort reportedly lied about after agreeing to cooperate with Mueller pertained a boat trip he took with Tom Barrack; Mueller seems to know that Kilimnik joined the two men. If that happened, then it would show that someone did indeed hold a meeting in August to contain the damage of Manafort’s burgeoning scandals, but that meeting would have been between a key Trump funder, Manafort himself, and someone suspected of ongoing ties with GRU, the agency that conducted the DNC hack.

More intriguing still, as I noted above, Kilimnik was Manafort’s go-between with Oleg Deripaska. That’s interesting because in 2016, Christopher Steele was attempting to convince DOJ’s Bruce Ohr that Deripaska could be a useful source on Russian organized crime. If Steele thought Deripaska would be a useful source for DOJ, he may well have been relying on Deripaska himself. If so, the report that Cohen (who in fact did have communications with Peskov!) was containing the damage of Manafort’s ties to Russian oligarchs might be an attempt to distract from the way that a Russian oligarch was actually working through his handler, Kilimnik, to minimize that damage himself.

Cohen aimed to contain the Carter Page scandal

It likewise seems unlikely that Cohen was the one to try to contain the Carter Page scandal. While he shouldn’t be relied on for anything, several claims in Page’s testimony to HPSCI provide an alternate explanation about who was containing the scandal tied to him.

Page denied ever speaking to Cohen.

But he did describe Keith Kellogg discussing the allegations with him. And he did describe Steve Bannon, both by himself and with the assistance of Trump’s election lawfirm, Jones Day, trying to minimize the Page scandal.

That’s consistent with a number of on-the-record claims from the campaign in the days following Page’s resignation in September. Which is to say, minimizing the Page scandal fell to the campaign itself.

The people who carried out the information operation had been paid by Russia and Trump

The three initial reports on Cohen came, in suspiciously quick succession, in October, after the number of reporters briefed on the Steele dossier started to expand.

The one other report implicating Cohen was the December 13 report, based on intelligence Steele claimed he obtained for “free.”

The report is most notable for the legal battle it caused. The allegations most clearly resemble what Adrian Chen had identified and attributed to the Internet Research Agency year earlier and there had been extensive reporting on it all through the campaign. But instead of blaming Internet Research Agency, the report blames all that on Webzilla. And Webzilla’s owner, Aleksei Gubarev was sufficiently comfortable facing the prospect of discovery to sue BuzzFeed right away (though he lost his lawsuit a few weeks back).

There’s another reference in the report to a long debunked claim made by the Russians — that a Romanian hacker was involved, presumably an allusion to Guccifer 2.0’s half-hearted claim to be Romanian.

Still, much of that last report instead presented the most inflammatory claim in the entire dossier: that Trump’s campaign had helped pay for the information operation targeting Hillary.

On its face, that claim makes zero sense. The scenario as a whole assumes that the hack was done by independent hackers coerced to work for the FSB — perhaps people like Yevgeniy Nikulin, who had already been arrested in Prague by this point. As far as Mueller has shown publicly, however, the information operation was instead done by two entities: Russians in the employ of Putin crony Yevgeniy Prigozhin’s Internet Research Agency and officers in the employ of Russia’s military intelligence agency, GRU. In indictments of both conspirators, Mueller provided details about how the money was handled.

So we’ve already got explanations for how the information operation was funded: by Prigozhin and the Russian state, using a range of money laundering techniques to hide Russia’s role. We even have evidence that — contrary to the claim about information warriors’ loyalty to Sergei Ivanov — Prighozhin’s employees even sucked up to him in one of their dry runs getting Americans to perform IRL actions.

Cohen arranged deniable cash payments to hackers working in Europe against the Clinton campaign

As noted, the December report involving Cohen made the most incendiary claim of all: that the Trump organization planned to pay for some of the hackers that targeted Hillary.

In spite of the fact that Mueller has already explained how the two main groups of participants in the information operation got funded, this allegation gets more interesting given details laid out in Cohen’s SDNY plea. Several of his SDNY crimes, after all, involving making deniable payments, in that case to Stormy Daniels and Karen McDougal.

That shows Cohen’s modus operandi for paying off Trump’s illicit debts. Mind you, it shows that he didn’t use cash. He laundered the funds using more sophisticated money laundering. But it does show that Cohen was the guy who did that kind of thing.

Which makes this detail included — but not explained — in the same plea document intriguing.

Cohen paid some tech company $50,000 in connection with the campaign.

That’s not a whole lot of money, in any case. And if it went to pay off part of the information operation, it would have to have involved some part of the operation not yet publicly identified. Even the one known instance of Trump supporters reaching out to hackers in Europe — Peter Smith’s reported consultation of Weev — is known to have been paid for by other means (in that case, Smith’s own fundraising).

Still, it’s certainly possible that that $50,000 went to some still unidentified entity that played a role in the information operation that, for some reason, didn’t get paid for by Putin’s cronies or the Russian state.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.


18 October

Speaking separately to the same compatriot in mid-October 2016, a Kremlin insider with direct access to the leadership confirmed that a key role in the secret TRUMP campaign/Kremlin was being played by the Republican candidates personal lawyer Michael COHEN. [redacted line]

19 October

1. Speaking in confidence to a longstanding compatriot friend in mid-October 2016, a Kremlin insider highlighted the importance of Republican presidential candidate Donald TRUMP’s lawyer, Michael COHEN, in the ongoing secret liaison relationship between the New York tycoon’s campaign and the Russian leadership. COHEN’s role had grown following the departure of Paul MANNAFORT as campaign manager in August 2016. Prior to that MANNAFORT had led for the TRUMP side.

2. According to the Kremlin insider, COHEN now was heavily engaged in a cover up and damage limitation operation in the attempt to prevent the full details of relationship with Russia being exposed. In pursuit of this aim, COHEN had met secretly with several Russian Presidential Administration (PA) Legal Department officials in an EU country in August 2016. The immediate issues had been to contain further scandals involving MANNAFORT’s commercial and political role in Russia/Ukraine and to limit the damage arising from exposure of former TRUMP foreign policy advisor, Carter PAGE’s secret meetings with Russian leadership figures in Moscow the previous month. The overall objective had been to “to sweep it all under the carpet and make sure no connections could be fully established or proven”

3. Things had become even “hotter” since August on the TRUMP-Russia track. According to the Kremlin insider, this had meant that direct contact between the TRUMP team and Russia had been farmed out by the Kremlin to trusted agents of influence working in pro-government policy institutes like that of Law and Comparative Jurisprudence. COHEN however continued to lead for the TRUMP team.

[snip]

The Kremlin insider was unsure of the identities of the PA officials with whom COHEN met secretly in August, or the exact date/s and locations of the meeting/s. There were significant internal security barriers being erected in the PA as the TRUMP issue became more controversial and damaging. However s/he continued to try to obtain these.

20 October

1. Speaking to a compatriot and friend on 19 October 2016, a Kremlin insider provided further details of reported clandestine meeting/s between Republican presidential candidate, Donald lawyer Michael COHEN and Kremlin representatives in August 2016. Although the communication between them had to be cryptic for security reasons, the Kremlin insider clearly indicated to his/her friend that the reported contact/s took place in Prague, Czech Republic.

2. Continuing on this theme, the Kremlin insider highlighted the importance of the Russian parastatal organisation, Rossotrudnichestvo, in this contact between TRUMP campaign representative/3 and Kremlin officials. Rossotrudnichestvo was being used as cover for this relationship and its office in Prague may well have been used to host the COHEN Russian Presidential Administration (PA) meeting/s. It was considered a “plausibly deniable” vehicle for this, whilst remaining entirely under Kremlin control.

3. The Kremlin insider went on to identify leading pro-PUTIN Duma figure, Konstantin KOSACHEV (Head of the Foreign Relations Committee) as an important figure in the TRUMP campaign-Kremlin liaison operation. KOSACHEV, also “plausibly deniable” being part of the Russian legislature rather than executive, had facilitated the contact in Prague and by implication, may have attended the meeting/s with COHEN there in August.

Company Comment

We reported previously, in our Company Intelligence Report 2016/135 of 19 October 2016 from the same source, that COHEN met officials from the PA Legal Department clandestinely in an EU country in August 2016. This was in order to clean up the mess left behind by western media revelations of TRUMP ex-campaign manager corrupt relationship with the former pro-Russian YANUKOVYCH regime in Ukraine and TRUMP foreign policy advisor, Carter secret meetings in Moscow with senior regime figures in July 2016. According to the Kremlin advisor, these meeting/s were originally scheduled for COHEN in Moscow but shifted to what was considered an operationally “soft” EU country when it was judged too compromising for him to travel to the Russian capital.

13 December

1. We reported previously (2016/135 and /136) on secret meeting/s held in Prague, Czech Republic in August 2016 between then Republican presidential candidate Donald TRUMP’s representative, Michael COHEN and his interlocutors from the Kremlin working under cover of Russian ‘NGO’ Rossotrudnichestvo.

2. [two lines redacted] provided further details of these meeting/s and associated anti- CLINTON/Democratic Party operations. COHEN had been accompanied to Prague by 3 colleagues and the timing of the visit was either in the last week of August or the first week of September. One of their main Russian interlocutors was Oleg SOLODUKHIN operating under Rossotrudnichestvo cover. According to [redacted] the agenda comprised questions on how deniable cash payments were to be made to hackers who had worked in Europe under Kremlin direction against the CLINTON campaign and various contingencies for covering up these operations and Moscow’s secret liaison with the TRUMP team more generally.

3. [redacted] reported that over the period March-September 2016 a company called XBT/Webzilla and its affiliates had been using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct “altering operations” against the Democratic Party leadership. Entities linked to one Aleksei GUBAROV were involved and he and another hacking expert, both recruited under duress by the FSB, Seva KAPSUGOVICH, were significant players in this operation. In Prague, COHEN agreed contingency plans for various scenarios to protect the Operation, but in particular what was to be done in the event that Hillary CLINTON won the presidency. It was important in this event that all cash payments owed were made quickly and discreetly and that cyber and other operators were stood down/able to go effectively to ground to cover their traces. (We reported earlier that the involvement of political operatives Paul MANAFORT and Carter PAGE in the secret TRUMP-Kremlin liaison had been exposed in the media in the run-up to Prague and that damage limitation of these also was discussed by COHEN with the Kremlin representatives).

In terms of practical measures to be taken, it was agreed by the two sides in Prague to stand down various “Romanian hackers” (presumably based in their homeland or neighboring eastern Europe) and that other operatives should head for a bolt-hole in Plovdiv, Bulgaria where they should “lay low”. On payments, IVANOV’s associate said that the operatives involved had been paid by both TRUMP’s team and the Kremlin, though their orders and ultimately loyalty lay with IVANOV, as Head of the PA and thus ultimately responsible for the operation, and his designator successor/s after he was dismissed by president PUTIN in connection with the anti-CLINTON operation in mid August.

Information in Amended DNC Lawsuit Reveals that Roger Stone Is at Significantly Greater Risk for CFAA Indictment

Back in November, I wrote a post considering whether Roger Stone could be charged in a CFAA conspiracy. I noted that the last hack noted in the GRU indictment may have post-dated communications Stone had with Guccifer 2.0, in which Stone scoffed at the analytical information released as part of the DCCC hack. I pointed to this passage from the GRU indictment, showing that the GRU hack of the DNC analytics hosted on an AWS server may have post-dated those conversations between Guccifer 2.0 and Stone.

I’m writing a response to the Wikileaks defense against the DNC lawsuit for its involvements in the 2016 election attack, and so have only now gotten around to reading the amended complaint against Stone and others that the DNC filed in the wake of the GRU indictment. And it reveals that the AWS hack was far worse than described in the GRU indictment — and it continued well after that Stone conversation with Guccifer 2.0.

None of this long passage is footnoted in the complaint. It has to be based on the DNC’s own knowledge of the AWS hack.

On September 20, 2016, CrowdStrike’s monitoring service discovered that unauthorized users—later discovered to be GRU officers—had accessed the DNC’s cloud-computing service. The cloud-computing service housed test applications related to the DNC’s analytics. The DNC’s analytics are its most important, valuable, and highly confidential tools. While the DNC did not detect unauthorized access to its voter file, access to these test applications could have provided the GRU with the ability to see how the DNC was evaluating and processing data critical to its principal goal of winning elections. Forensic analysis showed that the unauthorized users had stolen the contents of these virtual servers by making exact duplicates (“snapshots”) of them and moving those snapshots to other accounts they owned on the same service. The GRU stole multiple snapshots of these virtual servers between September 5, 2016 and September 22, 2016. The U.S. government later concluded that this cyberattack had been executed by the GRU as part of its broader campaign to damage to the Democratic party.

In 2016, the DNC used Amazon Web Services (“AWS”), an Amazon-owned company that provides cloud computing space for businesses, as its “data warehouse” for storing and analyzing almost all of its data.

To store and analyze the data, the DNC used a software program called Vertica, which was run on the AWS servers. Vertica is a Hewlett Packard program, which the DNC licensed. The data stored on Vertica included voter contact information, such as the names, addresses, phone numbers, and email addresses of voters, and notes from the DNC’s prior contacts with these voters. The DNC also stored “digital information” on AWS servers. “Digital information” included data about the DNC’s online engagement, such as DNC email lists, the number of times internet users click on DNC advertisements (or “click rates”), and the number of times internet users click on links embedded in DNC emails (or “engagement rates”). The DNC also used AWS to store volunteer information—such as the list of people who have signed up for DNC-sponsored events and the number of people who attended those events.

Vertica was used to both store DNC data and organize the data so that DNC computer engineers could access it. To use the Vertica data, DNC employees could not simply type a plain-English question into the database. Instead, DNC engineers needed to write lines of computer code that instructed Vertica to search for and display a data set. The computer engineers’ coded requests for data are called “queries.”

When the DNC wanted to access and use the data it collected, the DNC described the information it wanted to retrieve, and DNC computer engineers designed and coded the appropriate “queries” to produce that data. These queries are secret, sensitive work product developed by the DNC for the purpose of retrieving specific cross-sections of information in order to develop political, financial, and voter engagement strategies and services. Many of these queries are used or intended for use in interstate commerce. The DNC derives value from these queries by virtue of their secrecy: if made public, these queries would reveal critical insights into the DNC’s political, financial, and voter engagement strategies. DNC computer engineers could save Vertica queries that they run repeatedly. In 2016, some of the DNC’s most frequently used Vertica queries—which revealed fundamental elements of the DNC’s political and financial strategies— were stored on the AWS servers.

When the DNC wanted to analyze its data to look for helpful patterns or trends, the DNC used another piece of software called Tableau. Tableau is commercial software not developed by DNC engineers. Instead, the DNC purchased a license for the Tableau software, and ran the software against Vertica.

Using Tableau, the DNC was able to develop graphs, maps, and other visual reports based on the data stored on Vertica. When the DNC wanted to visualize the data it collected, the DNC described the information it wanted to examine, and DNC computer engineers designed and coded the appropriate “Tableau queries” to produce that data in the form requested. These Tableau queries are secret, sensitive work product developed by the DNC for the purpose of transforming its raw data into useful visualizations. The DNC derives value from these queries by virtue of their secrecy: if made public, these queries would reveal critical insights into the DNC’s political, financial, and voter engagement strategies and services. Many of these queries are used or intended for use in interstate commerce.

DNC computer engineers could also save Tableau queries that they ran repeatedly. In 2016, some of the DNC’s most frequently used Tableau queries—which revealed fundamental elements of the DNC’s political and financial strategies—were stored on the AWS servers.

The DNC’s Vertica queries and Tableau Queries that allow DNC staff to analyze their data and measure their progress toward their strategic goals—collectively, the DNC’s “analytics,”—are its most important, valuable, and highly confidential tools. Because these tools were so essential, the DNC would often test them before they were used broadly.

The tests were conducted using “testing clusters”—designated portions of the AWS servers where the DNC tests new pieces of software, including new Tableau and Vertica Queries. To test a new query, a DNC engineer could use the query on a “synthetic” data set—mock-up data generated for the purpose of testing new software—or a small set of real data. For example, the DNC might test a Tableau query by applying the software to a set of information from a specific state or in a specific age range. Thus, the testing clusters housed sensitive, proprietary pieces of software under development. As described above, the DNC derives significant value from its proprietary software by virtue of its secrecy: if made public, it would reveal critical insights into the DNC’s political, financial, and voter engagement strategies and services, many of which are used or intended for use in interstate commerce.

The DNC protected all of the data and code in its AWS servers by, among other things, restricting access to authorized users. To gain access to the AWS servers themselves, an authorized user had to take multiple steps. First, the authorized user would have to log onto a Virtual Private Network (VPN) using a unique username and password. Second, once the user entered a valid and password, the system would send a unique six-digit code (PIN) to the authorized user’s phone, and the user would have 30 seconds to type it into the computer system. This two-step process is commonly known as “two-factor authentication.”

Authorized users would also employ a two-factor authentication system to access Tableau visualizations. First, they would log into a Google account with a unique username and password, and then they would enter a pin sent to their cell phones.

Finally, the DNC’s AWS servers were protected with firewalls and cybersecurity best practices, including: (a) limiting the IP addresses and ports with which users could access servers; (b) auditing user account activities; and (c) monitoring authentication and access attempts.

On September 20, 2016, CrowdStrike’s monitoring service discovered that unauthorized users had breached DNC AWS servers that contained testing clusters. Further forensic analysis showed that the unauthorized users had stolen the contents of these DNC AWS servers by taking snapshots of the virtual servers, and had moved those replicas to other AWS accounts they controlled. The GRU stole multiple snapshots of these servers between September 5, 2016 and September 22, 2016. The U.S. later concluded that this cyberattack had been executed by the GRU as part of its broader campaign to damage to the Democratic party. The GRU could have derived significant economic value from the theft of the DNC’s data by, among other possibilities, selling the data to the highest bidder.

The software would also be usable as executable code by DNC opponents, who could attempt to re-create DNC data visualizations or derive DNC strategy decisions by analyzing the tools the DNC uses to analyze its data. [my emphasis]

In other words, at least one of those snapshots was stolen after Stone suggested he would like better analytics data than what GRU had publicly released via HelloFL. So he can no longer say that his communications with Guccifer 2.0 preceded all the hacking. Which the nifty timeline Stone’s attorney submitted in conjunction with his motion to dismiss doesn’t account for at all.

Given Stone’s history of non-denial denials for crimes he commits, I’d say this stunted timeline doesn’t help him much.

Here’s Stone’s motion to dismiss. As with his nifty timeline, he does not address — at all — the communications between him and Guccifer 2.0 regarding analytics. It does, however, include this tagline.

He is the First Amendment running, not walking; but his conduct cannot be adjudged a civil wrong.

Past history says Stone’s rat-fuckery tends to be easily found in his swiss cheese denials, and I’d say this is one example.

Note that, a week after DNC submitted its amended complaint on October 4, WikiLeaks released a proprietary AWS document showing the locations of all AWS’s servers around the world — something that is not all that newsworthy, but something that would be incredibly valuable for those trying to compromise AWS. That was one of its only releases since the crackdown on Assange has intensified.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Theory of Prosecution You Love for Julian Assange May Look Different When Applied to Jason Leopold

The WaPo confirmed something Seamus Hughes disclosed last night: Sometime before August 22, EDVA had filed a sealed complaint (not indictment) against Julian Assange.

WikiLeaks founder Julian Assange has been charged under seal, prosecutors inadvertently revealed in a recently unsealed court filing — a development that could significantly advance the probe into Russian interference in the 2016 election and have major implications for those who publish government secrets.

The disclosure came in a filing in a case unrelated to Assange. Assistant U.S. Attorney Kellen S. Dwyer, urging a judge to keep the matter sealed, wrote that “due to the sophistication of the defendant and the publicity surrounding the case, no other procedure is likely to keep confidential the fact that Assange has been charged.” Later, Dwyer wrote the charges would “need to remain sealed until Assange is arrested.”

Dwyer is also assigned to the WikiLeaks case. People familiar with the matter said what Dwyer was disclosing was true, but unintentional.

The confirmation closely follows a WSJ story describing increased confidence that the US will succeed in extraditing Assange for trial.

The confirmation that Assange has been charged has set off a frenzy, both among Assange supporters who claim this proves their years of claims he was indicted back in 2011 and insisting that charging him now would amount to criminalizing journalism, and among so-called liberals attacking Assange lawyer Barry Pollack’s scolding of DOJ for breaking their own rules.

I’ve long been on record saying that I think most older theories of charging Assange would be very dangerous for journalism. More recently, though, I’ve noted that Assange’s actions with respect to Vault 7, which had original venue in EDVA where the Assange complaint was filed (accused leaker Joshua Schulte waived venue in his prosecution), go well beyond journalism. That said, I worry DOJ may have embraced a revised theory on Assange’s exposure that would have dire implications for other journalists, most urgently for Jason Leopold.

There are, roughly, four theories DOJ might use to charge Assange:

  • Receiving and publishing stolen information is illegal
  • Conspiring to release stolen information for maximal damage is illegal
  • Soliciting the theft of protected information is illegal
  • Using stolen weapons to extort the US government is illegal

Receiving and publishing stolen information is illegal

The first, theory is the one that Obama’s DOJ rejected, based on the recognition that it would expose NYT journalists to prosecution as well. I suspect the Trump Administration will have the same reservations with such a prosecution.

Conspiring to release stolen information for maximal damage is illegal

The second imagines that Assange would be charged for behavior noted in the GRU indictment — WikiLeaks’ solicitation, from someone using the persona of Guccifer 2.0, of material such that it would be maximally damaging to Hillary Clinton.

On or about June 22, 2016, Organization 1 sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.” The Conspirators responded, “ok . . . i see.” Organization 1 explained, “we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

After failed attempts to transfer the stolen documents starting in late June 2016, on or about July 14, 2016, the Conspirators, posing as Guccifer 2.0, sent Organization 1 an email with an attachment titled “wk dnc link1.txt.gpg.” The Conspirators explained to Organization 1 that the encrypted file contained instructions on how to access an online archive of stolen DNC documents. On or about July 18, 2016, Organization 1 confirmed it had “the 1Gb or so archive” and would make a release of the stolen documents “this week.”

Significantly, WikiLeaks (but not Roger Stone) was referred to in the way an unidicted co-conspirator normally is, not named, but described in such a way to make its identity clear.

This is a closer call. There is a Supreme Court precedent protecting journalists who publish stolen newsworthy information. But it’s one already being challenged in civil suits in ways that have elicited a lot of debate. Prosecuting a journalist for trying to do maximal damage actually would criminalize a great deal of political journalism, starting with but not limited to Fox. Note that when the founders wrote the First Amendment, the norm was political journalism, not the so-called objective journalism we have now, so they certainly didn’t expect press protections to be limited to those trying to be fair to both sides.

Such a charge may depend on the degree to which the government can prove foreknowledge of the larger agreement with the Russians to damage Hillary, as well as the illegal procurement of information after WikiLeaks expressed an interest in information damaging Hillary.

Mueller might have evidence to support this (though there’s also evidence that WikiLeaks refused to publish a number of things co-conspirators leaked to them, including but not limited to the DCCC documents). The point is, we don’t know what the fact pattern on such a prosecution would look like, and how it would distinguish the actions from protected politically engaged journalism.

Soliciting the theft of protected information is illegal

Then there’s the scenario that Emma Best just hit on yesterday: that DOJ would prosecute Assange for soliciting hacks of specific targets. Best points to Assange’s close coordination with hackers going back to at least 2011 (ironically, but in a legally meaningless way, with FBI’s mole Sabu).

This is, in my opinion, a possible way DOJ would charge Assange that would be very dangerous. I’m particularly worried because of the way the DOJ charged Natalie Mayflower Edwards for leaking Suspicious Activity Reports to Jason Leopold. Edwards was charged with two crimes: Unauthorized Disclosure of Suspicious Activity Reports and Conspiracy to Make Unauthorized Disclosures of Suspicious Activity Reports (using the same Conspiracy charge that Mueller has been focused on).

In addition to describing BuzzFeed stories relying on SARs that Edwards saved to a flash drive by October 18, 2017 and then January 8, 2018, it describes a (probably Signal) conversation from September 2018 where Leopold — described in the manner used to describe unindicted co-conspirators — directed Edwards to conduct certain searches for material that ended up in an October story on Prevezon, a story published the day before Edwards was charged.

As noted above, the October 2018 Article regarded, among other things, Prevezon and the Investment Company. As recently as September 2018, EDWARDS and Reporter-1 engaged in the following conversation, via the Encrypted Application, in relevant part:

EDWARDS: I am not getting any hits on [the CEO of the Investment Company] do you have any idea what the association is if I had more information i could search in different areas

Reporter-1: If not on his name it would be [the Investment Company]. That’s the only other one [The CEO] is associated with Prevezon Well not associated His company is [the Investment Company]

Based upon my training and experience, my participation in the investigation, and my conversations with other law enforcement agents familiar with the investigation, I believe that in the above conversation, EDWARDS was explaining that she had performed searches of FinCEN records relating to Prevezon, at Reporter-l’s request, in order to supply SAR information for the October 2018 Article.

Edwards still has not been indicted, two weeks after her arraignment. That suggests it’s possible the government is trying to persuade her to plead and testify against Leopold in that conspiracy, thereby waiving indictment. The argument, in that case, would be that Leopold went beyond accepting stolen protected information, to soliciting the theft of the information.

This is the model a lot of people are embracing for an Assange prosecution, and it’s something that a lot of journalists not named Jason Leopold also do (arguably, it’s similar but probably more active than what James Rosen got dubbed a co-conspirator in the Stephen Jin-Woo Kim case).

Charging Leopold in a bunch of leaks pertaining to Russian targets would be a nice way (for DOJ, not for journalism) to limit any claim that just Assange was being targeted under such a theory. Indeed, it would placate Trump and would endanger efforts to report on what Mueller and Congress have been doing. Furthermore, it would be consistent with the aggressive approach to journalists reflected in the prosecution of James Wolfe for a bunch of leaks pertaining to Carter Page, which involved subpoenaing years of Ali Watkins’ call records.

In short, pursuing Leopold for a conspiracy to leak charge would be consistent with — and for DOJ, tactically advantageous — the theory under which most people want Assange charged.

Using stolen weapons to extort the US government is illegal

Finally, there’s the fourth possibility, and one I think is highly likely: charging Assange for his serial efforts to extort a pardon from the US government by threatening to release the Vault 7 (and ultimately, a single Vault 8 live malware) files.

This post shows how, starting in January 2017, Assange (and Oleg Deripaska) representative Adam Waldman was reaching out to top DOJ officials trying to negotiate a deal and using the release of the Vault 7 documents as leverage.

This post shows how, the second time Assange tweeted Don Jr asking for an Ambassadorship, he included a threatening reference to Vault 8, WikiLeaks’ name for the actual malware stolen and leaked from CIA, the first file from which Assange had released days earlier.

[B]ack in November 2017, some outlets began to publish a bunch of previously undisclosed DMs between Don Jr and Wikileaks. Most attention focused on Wikileaks providing Don Jr access to an anti-Trump site during the election. But I was most interested in Julian Assange’s December 16, 2016 “offer” to be Australian Ambassador to the US — basically a request for payback for his help getting Trump elected.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

In the wake of the releases, on November 14, 2017, Assange tweeted out a follow-up.

As I noted at the time, the offer included an implicit threat: by referencing “Vault 8,” the name Wikileaks had given to its sole release, on November 9, 2017 of an actual CIA exploit (as opposed to the documentation that Wikileaks had previously released), Assange was threatening to dump more hacking tools, as Shadow Brokers had done before it. Not long after, Ecuador gave Assange its first warning to stop meddling in other countries politics, explicitly pointing to his involvement in the Catalan referendum but also pointing to his tampering with other countries. That warning became an initial ban on visitors and Internet access in March of this year followed by a more formal one on May 10, 2018 that remains in place.

Notably, Ecuador may have warned Assange back then to stop releasing America’s malware from their Embassy; those warnings have laid the groundwork for the rigid gag rules recently imposed on Assange on risk of losing asylum.

Immediately after this exchange, accused Vault 7/8 leaker Joshua Schulte had some Tor accesses which led to him losing bail. They didn’t, however, lead BOP to take away his multiple devices (!?!?!). Which means that when they raided his jail cell on or around October 1, they found a bunch of devices and his activity from 13 email and social media accounts. Importantly, DOJ claims they also obtained video evidence of Schulte continuing his efforts to leak classified information.

The announcement of that raid, and the additional charges against Schulte, coincided with a period of increased silence from WikiLeaks, broken only by last night’s response to the confirmation Assange had been charged.

I think it possible and journalistically safe to go after Assange for releasing stolen weapons to extort a criminal pardon. But most of the other theories of prosecuting Assange would also pose real risks for other journalists that those rooting for an Assange prosecution appreciate and rely on.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Could Roger Stone Be Charged in a CFAA Conspiracy?

I just did an extended rant on Twitter about Jonathan Chait’s latest attempt to pretend to be covering the Russian investigation. Basically, though, I was making the same point I made in this post: Mueller is not going to charge Roger Stone just for talking to WikiLeaks — or even having advance knowledge about what WikiLeaks planned to do. So to try to understand what Mueller is after, you need more than a Chait-like titillation that Stone exchanged some DMs with Guccifer 2.0 or, much later, WikiLeaks.

In response to that, a number of people suggested that Mueller might charge Stone for conspiracy to hack (under the Computer Fraud and Abuse Act) after the fact.

You don’t charge people for entering into a conspiracy after the crimes have been committed.

In fact, in one of Roger Stone’s denials, to Chuck Todd earlier this year, he tried to make this point — that he can’t be held responsible for any hacking because the hacking happened before he started interacting with the purported hacker, Guccifer 2.0.

Todd: Why did you reach out to Guccifer? Why did you reach out to Wikileaks?

Stone: First of all, my direct messages with Guccifer 2.0, if that’s who it really is, come six weeks, almost six weeks after the DNC emails had been published by Wikileaks. So in order to collude in their hacking, which I had nothing whatsoever to do with, one would have needed a time machine.

And (at least based on what we know) I believe that’s true, with respect to the March 19, 2016 hack of John Podesta and the May 25, 2016 exfiltration of the DNC emails. Nothing we know suggests Stone was part of a conspiracy with the Russians that early (though I don’t rule it out, particularly given his recruitment of Paul Manafort around the same time as the Podesta hack). Nothing we know says Stone can be shown to have entered into a conspiracy with Russia before the hack of Podesta or the DNC.

But it is not the case that no hacking occurred after Trump and his allies are suspected of entering into a conspiracy. Mueller provided a really remarkable example in the GRU indictment, showing that after Trump asked the Russians for Hillary’s emails, they launched a new wave of attacks on targets close to Hillary.

The Conspirators spearphished individuals affiliated with the Clinton Campaign throughout the summer of 2016. For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

There’s another example in the indictment, involving Stone, which is more subtle.

The indictment summarizes key parts of Stone’s conversation with Guccifer 2.0, describing him as someone who “was in regular contact with senior members of the presidential campaign of Donald J. Trump.” It describes how Guccifer 2.0 asked Stone if he could be of assistance, then asked him what he thought of a turnout model earlier released to and highlighted by Aaron Nevins (whom the indictment describes as a “a then-registered state lobbyist and online source of political news”). As the indictment describes, Stone said that that turnout model was “pretty standard.”

The Conspirators, posing as Guccifer 2.0, also communicated with U.S. persons about the release of stolen documents. On or about August 15, 2016, the Conspirators, posing as Guccifer 2.0, wrote to a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump, “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?” On or about August 17, 2016, the Conspirators added, “please tell me if i can help u anyhow . . . it would be a great pleasure to me.” On or about September 9, 2016, the Conspirators, again posing as Guccifer 2.0, referred to a stolen DCCC document posted online and asked the person, “what do u think of the info on the turnout model for the democrats entire presidential campaign.” The person responded, “[p]retty standard.”

It looked like this:

Sometime in September — the indictment is coy about whether it happened before or after September 9 — Russian hackers accessed the DNC’s analytics on an AWS server and made a copy, thereby stealing it.

In or around September 2016, the Conspirators also successfully gained access to DNC computers hosted on a third-party cloud-computing service. These computers contained test applications related to the DNC’s analytics. After conducting reconnaissance, the Conspirators gathered data by creating backups, or “snapshots,” of the DNC’s cloud-based systems using the cloud provider’s own technology. The Conspirators then moved the snapshots to cloud-based accounts they had registered with the same service, thereby stealing the data from the DNC.

Accessing the Democratic analytics program updated daily — even if, as I’ve been told happened, the Democrats discovered and shut down this effort before Russians could obtain more valuable trend data — would presumably be far more valuable than leaking a targeting document dating to February 9. It would be far more damning, too, if that theft came after a close associate of the candidate (and the recently departed campaign manager) had poo-pooed the dated targeting data as standard fare, suggesting Trump’s team wanted something more valuable.

We don’t know what happened to that analytics data after Russia stole it. But the GRU indictment does show not only that Stone was interacting with Guccifer 2.0 before that theft in September, but that he may have even provided feedback about similar information before the theft of more valuable, timely turnout information.

That probably still doesn’t get you to a CFAA conspiracy by itself (which is a different matter than a ConFraudUS conspiracy based off accepting a thing of value from a foreigner, for which there’s more solid evidence). But the two events taken in tandem suggest Russian hackers may have been responding to feedback from both the candidate and his longtime political advisor Roger Stone. The question, then, is what kind of agreement that responsiveness took part in.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

On the Roger Stone Investigation: Talking to Guccifer 2.0 or WikiLeaks Is Not a Crime

Before I get further in my series on the known universe of hacked and leaked emails from 2016, I want to explain something about Roger Stone, especially given this WaPo story that provides interesting details but claims Mueller is pursuing them in hopes of answering this question:

Did longtime Trump adviser Roger Stone — or any other associate of the president — have advance knowledge of WikiLeaks’ plans to release hacked Democratic emails in 2016?

While I don’t claim to understand much more than the rest of the world about what the Mueller probe is doing, I say with a fair degree of certainty that Mueller has not had three prosecutors chasing leads on Roger Stone since February because he wants to know if Stone had advance knowledge of WikiLeaks’ plans on releasing emails. Knowing that WikiLeaks planned on releasing emails is not a crime.

Indeed, Assange at times (most notably on June 12) telegraphed what he was up to. There were WikiLeaks volunteers and some journalists who knew what WikiLeaks was up to. None of that, by itself, is a crime.

With that in mind, consider the following:

It matters what emails Stone claimed to know would be released

At the risk of spoiling my series, let me explain the significance of it. While knowing that WikiLeaks would release emails is not by itself a crime, advance knowledge becomes more interesting based on what Stone might have done with that knowledge. Here’s why:

  • DNC emails: Mueller has presumably tracked whether and to whom George Papadopoulos shared advance knowledge of the tip he got on April 26 that the Russians would release emails to help Trump. That’s important because if he can show meeting participants knew those emails had been offered, then June 9 meeting becomes an overt act in a conspiracy. While there’s no public allegation Stone knew that WikiLeaks would be releasing Hillary emails before Julian Assange stated that publicly on June 12 (after the Trump Tower meeting and therefore at most a response to the meeting), if Stone knew that WikiLeaks would be part of the delivery method it adds to evidence of a conspiracy.
  • Podesta emails: The Democrats’ focus on Stone has always been on his seeming advance knowledge that WikiLeaks would release the Podesta emails, though the public case that he did is in no way definitive. Even assuming he did learn in advance, there are multiple channels via which Stone might have learned the Podesta emails were coming (just as an example, Democrats have necessarily always been obfuscating about how much they knew). But any presumed advance knowledge is still only a crime if Stone in some way coordinated with it or encouraged ongoing hacking.
  • Deleted Hillary emails: While the evidence that Roger Stone knew that WikiLeaks would release Podesta’s emails is inconclusive, the evidence that he “knew” WikiLeaks had Hillary’s deleted emails is not. Stone made that claim over and over. It’s actually not public whether and when WikiLeaks obtained files purporting to be Hillary’s deleted emails, though we should assume they got at least some sets of purported emails via the Peter Smith effort. If Stone had involvement in that effort, it might be criminal (because operatives were soliciting stolen emails from criminal hackers, not just making use of what got released), though Stone says he was unaware of it.
  • DCCC emails: The DCCC files, which offered more operational data about downstream campaigns, might raise other problems under criminal law. That’s because the data offered was generally more operational than the DNC and Podesta emails offered, meaning operatives could use the stolen data to tweak their campaign efforts. And Guccifer 2.0 was sharing that data specifically with operatives, providing something of value to campaigns. Guccifer 2.0 tried to do the same with Stone. The text messages between Stone and Guccifer 2.0 show the persona trying to get Stone interested in some of the DCCC files pertaining to FL. But at least on those DMs, Stone demurred. That said, if Stone received and operationalized DCCC data in some of his rat-fucking, then it might raise criminal issues.

It matters from whom Stone learned (if he did) of WikiLeaks’ plans

A big part of Mueller’s focus seems to be on testing Stone’s public claims that his go-between with WikiLeaks was Randy Credico, who had ties to Assange but was not conspiring to help Trump win via those channels.

There are other possible go-betweens that would be of greater interest. For example, the public discussion of Stone’s potential advance knowledge seems to have forgotten the suspected role of Nigel Farage, with whom Stone dined at the RNC and later met at Trump’s inauguration. That would be of heightened interest, particularly given the way Stone suggested the vote had been rigged against Brexit and Trump when in reality Russians were rigging the vote for both.

It matters whether Stone lied about the whom or the what

Stone’s testimony to the House, in which he offered explanations about any advance knowledge and his Podesta comment, was sworn. If Mueller can show he lied in his sworn testimony, that is certainly technically a crime (indeed, Sam Patten got referred to Mueller based on on his false statements to the Senate Intelligence Committee). But it’s unlikely Mueller would charge, much less investigate, Stone for 8 months solely to prove whether he lied to Congress.

But if Stone did lie — claiming he learned of WikiLeaks’ plans from Credico when in fact he learned from someone also conspiring with the Russians — then those lies would lay out the import of Stone’s role, in what he was hypothetically trying to cover up.

Stone’s flip-flop on blaming the Russians at the moment he claimed to have knowledge of WikiLeaks’ plans is of likely interest

There’s a data point that seems very important in the Roger Stone story. On or around August 3, the very same day Stone told Sam Nunberg that he had dined with Julian Assange, Stone flip-flopped on his public statements about whether Russia had hacked Hillary or some 400 pound hacker in a basement had. During that period, he went from NY (where he met with Trump) to LA to coordinate with his dark money allies, then went home to Florida to write a column that became the first entry in Stone’s effort to obfuscate the Russian role in the hack. That flip-flop occurred just before Stone started making public claims about what WikiLeaks had.

I suspect that flip-flop is a real point of interest, and as such may involve some other kind of coordination that the press has no public visibility on (particularly given that his claimed meeting with Assange happened while he was meeting with his dark money people).

Mueller may have had probable cause Roger Stone broke the law by March

In the wake of Michael Caputo’s testimony, Roger Stone briefly claimed that he must have been targeted under FISA, apparently based on the fact that Mueller had (possibly encrypted) texts he didn’t provide himself showing that he and Caputo had had contact with a presumed Russian dangle they had hidden in prior sworn testimony. A more likely explanation is that Stone’s was one of the at-least five phones Mueller got a warrant for on March 9, in the wake of Rick Gates’ cooperation. But if that’s the case, then it means that Mueller already had shown probable cause Stone had committed some crime by the time he got this phone.

Mueller is scrutinizing Stone for more than just knowledge of WikiLeaks

Even the public reporting on Mueller’s investigative actions make it clear that he is scrutinizing Stone for more than just a hypothetical knowledge of, much less coordination with, WikiLeaks. He seems to have interest in the two incarnations of Stone’s Stop the Steal dark money group, which worked to intimidate Cruz supporters around the RNC and worked to suppress Democratic voters in the fall. There’s reason to suspect that the ways in which Stone and his people sloshed that money around did not follow campaign finance rules (in which case Don McGahn might have played a role). Certainly, Andrew Miller seems to worry that his own role in that sloshing might lead to criminal exposure. But Jerome Corsi has also suggested that Stone might have pitched some legally suspect actions to him, and those would constitute rat-fuckery, not campaign finance violations in the service of rat-fuckery.

Now, those other potential crimes might just be the gravy that Mueller has repeatedly used, charging people with unrelated crimes (like Mike Flynn’s Turkish influence peddling or Michael Cohen’s Stormy Daniel payoffs) to get their cooperation in the case in chief. Or they might be something that more closely ties to conspiracy with Russians.

The larger point, however, is that isolated details from Stone-friendly witnesses (and from Stone himself) may not be the most reliable way to understand where Mueller is going with his investigation of Stone. Certainly not witnesses who say Mueller has spent 8 months scrutinizing whether Stone lied about his foreknowledge of WikiLeaks’ actions.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Universe of Hacked and Leaked Emails from 2016: DNC Emails

When Mueller’s team released George Papadopoulos’ plea deal last year, I noted that the initial denials that Papadopoulos had advance warning of the emails the Russians were preparing to hack and leak did not account for the entire universe of emails known to have been stolen. A year and several Mueller indictments later, we still don’t have a complete understanding of what emails were being dealt when. Because that lack of understanding hinders understanding what Mueller might be doing with Roger Stone, I wanted to lay out what we know about four sets of emails. This series will include posts on the following:

  • DNC emails
  • Podesta emails
  • DCCC emails
  • Emails Hillary deleted from her server

The series won’t, however, account for two more sets of emails, anything APT 29 stole when hacking the White House and State Department in 2015, or anything released via the several FOIAs of the Hillary emails turned over to the State Department from her home server. It also won’t deal with the following:

  • Emails from two Hillary staffers who had their emails released via dcleaks
  • The emails of other people released by dcleaks, which includes Colin Powell, some Republican party officials (including some 2015 emails Peter Smith sent to the IL Republican party), and others with interests in Ukraine
  • A copy of the Democrats’ analytics program copied on AWS
  • The NGP/VAN file, which was not directly released by Guccifer 2.0, but is central to one of the skeptics’ theories about an alternative source other than Russia

DNC Emails

The “DNC emails” are generally thought of as the 44,000 emails WikiLeaks released on July 22, 2016. The GRU indictment describes the theft and conveyance of those emails this way:

Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees. During that time, YERMAKOV researched PowerShell commands related to accessing and managing the Microsoft Exchange Server.

[snip]

On or about June 22, 2016, Organization 1 sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.” The Conspirators responded, “ok . . . i see.” Organization 1 explained, “we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

After failed attempts to transfer the stolen documents starting in late June 2016, on or about July 14, 2016, the Conspirators, posing as Guccifer 2.0, sent Organization 1 an email with an attachment titled “wk dnc link1.txt.gpg.” The Conspirators explained to Organization 1 that the encrypted file contained instructions on how to access an online archive of stolen DNC documents. On or about July 18, 2016, Organization 1 confirmed it had “the 1Gb or so archive” and would make a release of the stolen documents “this week.”

On or about July 22, 2016, Organization 1 released over 20,000 emails and other documents stolen from the DNC network by the Conspirators. This release occurred approximately three days before the start of the Democratic National Convention. Organization 1 did not disclose Guccifer 2.0’s role in providing them. The latest-in-time email released through Organization 1 was dated on or about May 25, 2016, approximately the same day the Conspirators hacked the DNC Microsoft Exchange Server.

Raffi Khatchadourian (who has done as much work as anyone else on the known universe of emails) noted that by the time the July 14 exchange had happened, Julian Assange had already said he had emails and Guccifer 2.0 had already said he had shared them with WikiLeaks.

On June 12th, three days before the creation of Guccifer 2.0, Assange announced that he had a substantial trove of Clinton-related e-mails that were pending publication. Likewise, Guccifer 2.0 proclaimed, on its very first post on the WordPress site, “The main part of the papers, thousands of files and mails, I gave to Wikileaks. They will publish them soon.” Again and again, the G.R.U. officers tried to drive home this point—which, of course, was evidently the main point of creating the persona. “I sent a big part of docs to WikiLeaks,” Guccifer 2.0 told the editor of the Smoking Gun that same day. On June 17th, Guccifer 2.0 said in another e-mail, “I gave WikiLeaks the greater part of the files.” (For e-mail, the G.R.U. gave Guccifer 2.0 another fake identity: Stephan Orphan.)

In other words, both the G.R.U. and Assange appear to have confessed to the transmission and reception of a large trove of Clinton-related e-mails in mid-June, before Guccifer 2.0 was apparently created. The indictment does not address this. There is no way to say precisely what that trove was—if it was the Podesta archive given to WikiLeaks much earlier than is generally presumed, or the D.N.C. e-mails, or both, or something else. (There is also the possibility that both parties were not speaking truthfully.) But, if Assange did have the D.N.C. e-mails before Guccifer 2.0 was created, then the details in the indictment take on new meaning. Some version of the following may be true: it is mid-June, with the convention approaching, and Assange is about to release a bombshell, when he notices the sudden appearance of Guccifer 2.0, a “hacker” edging into his turf, inviting journalists to write in. So he writes in, asking for material that interests him. He has already gone through the D.N.C. e-mails and has recognized that the trove highlights conflict within the Democratic Party. He signals that he wants more on that specific issue. The G.R.U. is happy to comply, through its new cutout. Perhaps some of it overlaps with what the G.R.U. already provided, making Guccifer 2.0’s confessions literally accurate. Perhaps it is the same irrelevant dross that Guccifer 2.0 fed to others.

Last year, I visited Assange several times in the Ecuadorian Embassy in London. He often emphasized to me that the sourcing of his election publications was complex. I usually took this as a dodge. But the sourcing may indeed have been multilayered. There are many conceivable ways that G.R.U. officers could have provided e-mails to WikiLeaks before they created Guccifer 2.0. They could have used the WikiLeaks anonymous-submission system. They could have used a different fictitious online persona. They could have used a human intermediary. Last year, James Clapper told me, “It was done by a cutout, which of course afforded Assange plausible deniability.” In January, 2017, Clapper oversaw a formal intelligence assessment on Russian meddling. At the time, more than one news organization reported that a classified version of the assessment made clear that the intermediaries between the G.R.U. and WikiLeaks were already known. (Certainly, the intelligence community would also have been in possession of Guccifer 2.0’s Twitter D.M.s at that time, too.) One intelligence official, describing the report, indicated to Reuters last year that the e-mails relayed to WikiLeaks had followed a “circuitous route,” by a series of handoffs, on their journey from Moscow. Such a scenario seems to be at odds with the idea that Guccifer 2.0 merely sent WikiLeaks an encrypted link to download it all in one swoop.

An earlier Khatchadourian piece describes WikiLeaks experiencing some pressure to publish before the convention.

In early July, for example, Guccifer 2.0 told a Washington journalist that WikiLeaks was “playing for time.” There was no public evidence for this, but from the inside it was clear that WikiLeaks was overwhelmed. In addition to the D.N.C. archive, Assange had received e-mails from the leading political party in Turkey, which had recently experienced a coup, and he felt that he needed to rush them out. Meanwhile, a WikiLeaks team was scrambling to prepare the D.N.C. material. (A WikiLeaks staffer told me that they worked so fast that they lost track of some of the e-mails, which they quietly released later in the year.) On several occasions, and in different contexts, Assange admitted to me that he was pressed for time. “We were quite concerned about meeting the deadline,” he told me once, referring to the Democratic National Convention.

His original release date for the D.N.C. archive, he explained, was July 18th, the Monday before the Convention; his team missed the deadline by four days. “We were only ready Friday,” he said. “We had these hiccups that delayed us, and we were given a little more time—” He stopped, and then added, strangely, “to grow.”

Khatchadourian’s earlier mention of a July 18 deadline is quite interesting, given the response from WikiLeaks to a Guccifer 2.0 email, promising to publish that week, on the 18th.

Khatchadourian also describes WikiLeaks as doing significant work to verify the emails — more than they could have done in the time between July 14 and July 22.

Once they were in Assange’s hands, his overriding concern was to insure that they were genuine. “We had quite some difficulties to overcome, in terms of the technical aspects, and making sure we were comfortable with the forensics,” he recalled. As an Australian, he had only a vague grasp of the way the D.N.C. operated, which made deciphering the political significance of the e-mails difficult. “It’s like looking at a very complex Hieronymus Bosch painting from a distance,” he told me. “You have to get close and interact with it, then you start to get a feel.” Often, a first encounter with a WikiLeaks database submission can be overwhelming—as one former staffer told me, “My heart sinks a bit.”

To work on the material, Assange had to coördinate with operatives outside the building, and avoid surveillance inside it. “I have a lot of security issues in the Embassy,” he told me. “It’s not like you can be comfortable with your source material and read it.” He would not tell me how many people worked on the project, except that the number was small. “We’re all secret squirrels now,” he said.

All this raises questions about how much verification WikiLeaks did, and if instead this was a tale told to Khatchadourian, not to mention why they had confidence publishing them would not blow up on them.

Now, I have suggested that one possible second source of the emails — or at least one alternate explanation that Russia and WikiLeaks might claim that could provide GRU some plausible deniability — would be via the contents of email boxes stolen using passwords released just before the DNC hack from Yevgeniy Nikulin’s past hacks of Linked-In and MySpace. Nikulin has utterly stalled his prosecution until February by refusing not only to cooperate with his defense (though he has had repeated contacts from Russian diplomatic officials), but also with a competency evaluation. So we won’t learn anything (and Nikulin won’t be coerced to cooperate) anytime soon as a result of his extradition to the US.

But, as part of an effort to track changes to WikiLeaks’ website and the DNC emails, Emma Best identified what at first appeared to be a change in one email but ultimately just revealed that the cache includes both the sent and received copies of some emails.

After pointing this out on Twitter and listing the 36 known instances, one user checked a copy of the DNC emails they had retrieved months before. They found what appeared to be a modification to the email – a missing piece of metadata that identified the internal IP address that sent the email. After several hours of searching and comparing five different caches of DNC emails, the difference was both confirmed and explained – WikiLeaks’ copy of the DNC emails comes from several accounts, which resulted in some duplicates in their cache. The internal message ID for the duplicates would be the same, but differences in metadata would appear based on whether the email was being sent or received, and in the case of the former what device and client was sending the emails. Since the x-originating-ip metadata which seemed to appear and then disappear is added by the server when it’s sent, it would naturally be missing from the sender’s copy of the email. This addresses the most alarming question regarding the DNC emails, but does nothing to address the rest.

There are reasons to believe that this means the email in question comes from the Microsoft Exchange server and not from someone’s own mailbox (Update: though I may be 100% wrong on this point). Which, if my speculation that WikiLeaks might invoke the Nikulin alternate theory, might still show Assange got the emails in one batch early on, but then published what he got via the delivery identified in the indictment and didn’t spend much time vetting that delivery.

Meanwhile, it’s crucial to note, as Khatchadourian does in his earlier piece, that emails Guccifer 2.0 claimed were DNC documents when he released them the day after the WaPo revealed the DNC had been hacked didn’t come from the DNC; those that have been identified came, instead, from John Podesta. It wasn’t until July 6 that the Guccifer 2.0 documents billed as DNC ones actually were.

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had. The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

The notion that the Guccifer 2.0 persona may have — in addition to discrediting the WaPo article and providing a quick cover for the Russian attribution of the hack — served to pressure Assange to keep to some kind of July 18 deadline raises more stakes on that detail from the GRU indictment, but also may relate to the kind of signaling we saw elsewhere.

Update: I should have laid out some of the logic behind emails we’ve got. First, WikiLeaks has claimed that all the emails they have come from the “accounts” of seven identified people.

The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10520 emails), National Finance Director Jordon Kaplan (3799 emails), Finance Chief of Staff Scott Comer (3095 emails), Finanace Director of Data & Strategic Initiatives Daniel Parrish (1742 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails).

Khatchadourian says they actually come from ten accounts.

The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.)

DNC automatically deleted emails after 30 days if they weren’t specifically saved (which is where this exfiltration estimate came from, which was off from the Mueller date by a week). Emails that precede the 30 day window (so April 19 or 25) or that weren’t part of one of the identified accounts may indicate another source.

As I disclosed July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Guccifer 2.0 Cleaned Up His “Collusion” Three Months after the Fact

I discovered something curious when I was working on a timeline recently.

Most posts on the Guccifer 2.0 site appear to have been modified only in the immediate timeframe after publishing (though, significantly, the first post was modified after the some of the first documents were recorded as being tweaked). But one post was modified, very slightly, months after it was posted.

That’s the Guccifer FAQ post. When it was first published on June 30, 2016 and as late as September 27 of that year, a paragraph on Hillary in the post read this way:

As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collision with the DNC turned the primaries into farce. [my emphasis]

On October 2, 2016, that paragraph was corrected to read like this:

As for me, I see great differences between Hillary Clinton and Donald Trump. Hillary seems so much false to me, she got all her money from political activities and lobbying, she is a slave of moguls, she is bought and sold. She never had to work hard and never risked everything she had. Her words don’t meet her actions. And her collusion with the DNC turned the primaries into farce. [my emphasis]

That is, over three months after the post was originally posted, someone went back in and changed “collision” into the word that has taken on such loaded meaning since, “collusion.” Probably, “collusion” was the word intended from the start; perhaps either a keyboard fat-finger (on an English language keyboard, with the “u” and the “i” adjacent) or an autocorrect produced “collision” instead. While the paragraph and the post are rife with the linguistic inaccuracies — such as the use of “mogul” in the same paragraph — seen in other Guccifer 2.0 posts, in context “collusion” is the word that makes sense.

To be clear: I’m not making a big deal about any likely explanations for the incorrect word in the first place, nor am I making a big deal that that word — “collusion” — is the one thing that someone cared enough about to correct months later. “Collusion” is not a word Guccifer 2.0 used elsewhere, not even in posts where it might have been easy to do so. I’m not ascribing any grand significance to this change. I just find it curious.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.