Posts

The Black Hole Where SSCI’s Current Understanding of WikiLeaks Is

Four years after it started, the Senate Intelligence Committee continues its investigation into Russia’s 2016 election interference, this week releasing the report on what the Obama Administration could have done better. For a variety of reasons, these reports have been as interesting for their redactions or silences as for what the unredacted bits say.

This latest report is no different.

Putin responded to Obama’s warnings by waggling his nukes

The most interested unredacted bit pertains to Susan Rice’s efforts, scheduled to occur just before ODNI and DHS released their report attributing the hack to Russia, to warn Russia against continuing to tamper in the election. That would place the meeting at just about precisely the moment the Access Hollywood video and Podesta email release happened, a big fuck you even as Obama was trying to do something about the tampering. The meeting also would have occurred during the period when Sergei Kislyak was bitching about FBI efforts to prevent Russia from sending election observers to voting sites.

The description of the meeting between Rice and Kislyak is redacted. But the report does reveal, for the first that I heard, that Russia responded to being warned by raising its nukes.

Approximately a week after the October 7. 2016. meeting, Ambassador Kislyak asked to meet with Ambassador Rice to deliver Putin’s response. The response, as characterized by Ambassador Rice, was “denial and obfuscation,” and “[t]he only thing notable about it is that Putin somehow deemed it necessary to mention the obvious fact that Russia remains a nuclear power.”

This exchange is all the more interesting given that there’s an entirely redacted bullet (on page 37) describing actions that “Russian cyber actors” took after Obama warned Putin. Given that the state and county scanning and the alleged hack of VR Systems shows up, there’s something we either still don’t know about or SSCI continues to hide more details of the VR Systems hack.

The page long post-election response to the election year attack

The longest subsection in a section devoted to describing Obama’s response is redacted (pages 39-41).

Here’s what the timing of the unredacted parts of that section is:

  • A: Expulsion of Russian diplomats (December 29, 2016)
  • B: Modifying the EO and sanctions (December 29, 2016)
  • C: redacted
  • D: Cybersecurity action in the form of the issuance of two technical reports (December 29, 2016 and February 10, 2017)
  • E: Tasking the ICA Report (initiated December 6, 2016; completed December 30, 2016; published January 5 and 6, 2017)
  • F: Protecting election infrastructure (January 5, 2017)

That might suggest that whatever secret action the Obama Administration took happened right in December, with everything else.

John Brennan was proved fucking right

There’s a redacted passage that may undermine the entire premise of the John Durham investigation, which purports to review what agencies, other than FBI, did to lead to an investigation focused on Trump’s campaign. Some reporting suggests Durham is investigating whether CIA tricked FBI into investigating Trump’s flunkies.

But this report describes how, in spite of knowing about related Russian hacks in 2015 and Russia’s habit of leaking information they stole, the IC really wasn’t aware of what was going on until John Brennan got an intelligence tip during the summer of 2016. That intelligence tip was described at length in a WaPo story that resembles this section of the report.

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.

The section in this report is redacted.

Effectively, this report seems to confirm the WaPo reporting (which may have been based off sources close to those who testified to SSCI). It also emphasizes the import of this intelligence. But for this intelligence, the IC may have continued to remain ignorant of Putin’s plans for the operation.

The IC won’t let SSCI share its current understanding of WikiLeaks

But the most interesting redactions pertain to WikiLeaks.

There are four redacted paragraphs describing how hard it was for the IC to come up with a consensus attribution for the hack and leak operation.

Senior administration officials told the Committee that they hesitated to publicly attribute the cyber efforts to Russia m1til they had sufficient information on the penetration of the DNC network and the subsequent disclosure of stolen information via WikiLeaks, DCLeaks, and Guccifer 2.0.

More interesting still, almost the entirety of the page-plus discussion (relying on testimony from Ben Rhodes, Michael Daniel, Paul Selva, Mike Rogers, and others) of why it took so long to understand WikiLeaks remains redacted.

One reference that is unredacted, however, describes WikiLeaks as “coopted.”

This information would be of particular interest as the prosecution of Julian Assange goes forward. That — and the fact that some of this determination, relying as it does on former NSA Director Mike Rogers, appears to rely on NSA information — may be why it remains redacted.

Update: I’ve deleted the remainder of this post. It came from Wyden’s views, not the report itself.

Roger Stone’s Latest: When Legal Categories of Innocent or Guilty become Disinformation and Pardon [Updated]

Update, June 27: This post describes why Stone’s defense strategy — not to mount a legal defense, but to engage in disinformation — may pose a problem for Amy Berman Jackson’s enforcement  of her gag against Roger Stone. That’s because his magnification of other outlets’ coverage of his lawyers’ own bullshit filings questioning whether Russia hacked the DNC do amount to a magnification of his own defense strategy. ABJ ordered Stone to explain why his release conditions shouldn’t be changed. Stone’s response is here. As expected, his response largely claims he was within the terms of her order when commenting on his lawyers’ own filings.

The government’s disproportionate reaction is an effort to deprive Stone of the narrow latitude the Court left him; a latitude that was not violated by the posts, and a latitude which, if curtailed, based on the posts, would violate Stone’s First Amendment rights. The notion that “an appeal to major media outlets to publish information that is not relevant to, but may prejudice, this case” (Dkt. 136, p. 4, n.1), is oxymoronic, outré, and out of First Amendment bounds

Stone’s response is weakest in the explanation for calling for John Brennan to be hanged.

June 2, 2019 (Gov’t Ex. 8): “This psycho must be charged, tried, convicted . . . . [John Brennan] and hung for treason.” Dkt. 136-9. Stone: No comment was made by Stone about the “case” or about the “investigation.” Analysis: As background, Mr. Brennan, in a July 16, 2018 Tweet (about which 133,000 people were “talking”) wrote: “Donald Trump’s press conference performance in Helsinki rises to and exceeds the threshold of ‘high crimes and misdemeanors. It was nothing short of treasonous’.” The First Amendment protected Brennan’s remarks. Likewise, Stone’s remarks are also protected. This posting has nothing whatsoever to do with Stone’s case and therefore posed no fair trial threat, nor did it violate the Order.

This is clearly an attempt to explain away what Stone’s deletion of the post seems to recognize did violate the gag.

Anyway, I may be alone in thinking this, but I suspect ABJ won’t do anything more than restrict Stone’s use of the Internet, if even she does that.

I will add, however, that the government would do well to formally notice what I pointed out here: that in the DNC lawsuit, his attorneys are arguing the opposite of what they’re arguing here, that Russia definitely did the DNC hack.


Yesterday, the government asked Judge Amy Berman Jackson to hold a hearing to determine whether Roger Stone didn’t violate his gag order earlier this week by trying to get mainstream press outlets to pick up marginal outlets’ reports of his attorneys’ effort to undermine the attribution of the DNC hack to Russia. They point to several Instagram posts Stone made that referred to conspiratorial interpretations of his lawyers’ own frivolous arguments and ask why other outlets aren’t picking up the story. [I’ve added links to the posts.]

On June 18, 2019, Stone posted a screenshot of an article about one of his recent filings in this case. The screenshot read: “US Govt’s Entire Russia-DNC Hacking Narrative Based on Redacted Draft of CrowdStrike Report.” Ex. 1. He tagged the post, “But where is the @NYTimes? @washingtonpost? @WSJ? @CNN?” Id. Later that day, Stone posted a screenshot of another piece about his filing with the title, “FBI Never Saw CrowdStrike Unredacted Final Report on Alleged Russian Hacking Because None was Produced.” Ex. 2. Next, Stone posted an article titled, “Stone defense team exposes the ‘intelligence community’s’ [sic] betrayal of their responsibilities.” Ex. 3. The text further stated, “As the Russia Hoax is being unwound, we are learning some deeply disturbing lessons about the level of corruption at the top levels of the agencies charged with protecting us from external threats. One Jaw-dropping example has just been exposed by the legal team defending Roger Stone.” Id. Stone tagged the article, “Funny , No @nytimes or @washingtonpost coverage of this development.”

On June 19, 2019, Stone posted a screenshot of an article with the title, “FBI Never Saw CrowdStrike Unredacted or Final Report on Alleged Russian Hacking Because None Was Produced.” Ex. 4. He tagged the post, “The truth is slowly emerging. #NoCollusion.” Id.2

They argue this violates ABJ’s ban on,

making statements to the media or in public settings about the Special Counsel’s investigation or this case or any of the participants in the investigation or the case. The prohibition includes, but is not limited to, statements made about the case through the following means: radio broadcasts; interviews on television, on the radio, with print reporters, or on internet based media; press releases or press conferences; blogs or letters to the editor; and posts on Facebook, Twitter, Instagram, or any other form of social media.

Thus far, ABJ has not responded to this request, though in that same time she assented to another of the government’s requests, to submit a sur-reply to Stone’s claim that the FBI never had any direct evidence Russia hacked the DNC.

I want Roger Stone to go to jail as much as the next opponent of rat-fucking. But I think the government’s claim, on this point, is problematic. Back when ABJ set Stone’s gag, she said,

You may send out as many emails, Tweets, posts as you choose that say, Please donate to the Roger Stone defense fund to help me defend myself against these charges. And you may add that you deny or are innocent of the charges, but that’s the extent of it. You apparently need clear boundaries, so there they are.

But in the same hearing, prosecutor Jonathan Kravis — the guy who signed yesterday’s filing — laid out that defensible public statements would include articulating a defense.

And because the conduct we’re talking about now, because the message we’re talking about now are not just messages about proclaiming innocence or articulating a defense, but are messages that could be construed as threatening, the government believes that the restriction on extrajudicial statements would be appropriate under the Bail Reform Act.

And the posts from this week that prosecutors lay out do nothing more than point to poor analysis of Stone’s own lawyers’ filings, and as such probably count as an effort to articulate a defense.

The problem is precisely what prosecutors explicitly explain is their real concern, that these posts are designed to generate more attention for conspiracy theories that totally undermine the public record of the Mueller investigation.

Stone’s posts appear calculated to generate media coverage of information that is not relevant to this case but that could prejudice potential jurors. They relate to Stone’s claims—made in both filings before the Court and in public settings—that Russia did not hack the DNC servers, that the FBI and intelligence community were negligent in investigating Russian interference in the 2016 presidential election, that the government improperly “targeted” Stone and others, and that the entire investigation was somehow invalid and any crimes flowing from it (including Stone’s witness tampering and lies to Congress) were justified.3 If those theories were relevant to this case (which they are not), public statements aimed at the media and meant to bolster the claims would risk prejudicing the jury pool. But these posts are arguably even worse, because they risk tainting the jury pool with information that is not relevant but that may appear, to some, to be relevant. At best, Stone’s efforts could create the misimpression that this case is about issues that are not charged in the Indictment, and risk the trial “devolv[ing] into a circus” (Tr. 49:19-20). But worse, it could confuse prospective jurors or color how they later view the actually-relevant evidence and understand the Court’s instructions about that evidence.

Prosecutors are absolutely right: the reporting on Stone’s lawyers filings misrepresent what his case is about. But that’s because Stone’s own lawyers are engaging in a legal strategy of disinformation, not legal defense.

I’ve repeatedly said that I think Stone will be pardoned before his November trial. Currently, there are no charges against him which could be refiled in NY or FL (the latter of which wouldn’t do it anyway). DOJ has already ruled that Stone’s known underlying activity — optimizing the release of documents stolen by Russians — does not reach the level of illegal conspiracy. So if Trump pardoned Stone before November, the fact that Stone would lose his Fifth Amendment rights over his charges would pose no legal risk to Trump (unlike, say, Manafort). Yet November’s trial, if it goes forward, will be unbelievably damning for the President.

And that means that Stone’s lawyers have an even bigger incentive than Manafort’s lawyers did to mount a defense that undermines the credibility of the Russian investigation, even if it does nothing to increase Stone’s chances for acquittal (which, if this goes to trial, are slim).

Which leaves ABJ and the prosecutors attempting to litigate a trial that will find innocence or guilt, while Stone’s lawyers are litigating to push disinformation in support of a pardon.

All that said, Stone may still be in trouble. Prosecutors note that this is not the first time Stone has violated the letter (if not spirit) of ABJ’s gag. They include several more examples.

1 These posts are not the first statements that appear to have run afoul of the Court’s order. See, e.g., Ex. 5 (Instagram Posting of April 4, 2019, stating “FBI Refuses Records Request for Emails to CNN on Day of Roger Stone Raid,” with the tag, “How curious? What could they possibly be hiding?”); Ex. 6 (Instagram Posting of May 8, 2019, with the headline “Judge demands unredacted Mueller report in Roger Stone case,” with the comment, “The Judge has ruled but @Politico gets most of the story wrong because they are biased elitist snot-nosed fake news [expletive] who’s [sic] specialty is distortion by omitting key facts to create a false narrative.”); Ex. 7 (Instagram Posting of May 16, 2019, with headline, “Roger Stone Swings For the Fences; Court Filing Challenges Russiagate’s Original Premise,” with the comment, “My attorneys challenged the entire “Russia hacked the DNC/CrowdStrike” claim by the Special Counsel in public court filings[.]”); Ex. 8 (Instagram Posting of June 2, 2019, picturing a former CIA Director and writing, “This psycho must be charged, tried, convicted . . . . and hung for treason.”) (ellipses in original) (subsequently deleted). The government is bringing this matter to the Court’s attention now because Stone’s most recent posts represent a direct attempt to appeal to major media outlets to publish information that is not relevant to, but may prejudice, this case.

Three of these, like the other four, might be viewed as articulating a defense, with the defense being, engaging in disinformation.

The fourth, however, solidly violates the spirit and letter of ABJ’s gag, because it would be likely to incite violence directed at John Brennan, because it calls for his hanging (Click through to see the post; I don’t want to magnify Stone’s violent language).

I’m not sure what the remedy is for lawyers whose defense strategy is to sow disinformation inside and outside the court room (in both filings this week, the government has said they’re going to move to prevent any such discussion from the trial). But I think these Instagram posts were probably designed, with advice of counsel, to be defensible as part of a defense strategy.

It’s Stone’s defense strategy that’s the problem.

Update: ABJ has given Stone until Thursday to convince her he didn’t violate her gag.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

We Will Not Get Peace from the People Who Dismember Dissidents Alive

In the wake of Trump’s announcement that the US will withdraw from Syria and James Mattis’ subsequent resignation, Jeremy Scahill captured the ambivalence of the moment this way:

I agree with much of what Scahill says: I welcome withdrawing troops from overseas. We should never forget that Mattis earned his name, Mad Dog, nor that he got fired by Obama for being too belligerent. The panicked response of a bunch of warmongers is telling. Trump cannot be trusted.

But I think Scahill is too pat in saying “the chaos presents opportunity,” in part because (as he suggests) there doesn’t yet exist “an alternative vision for US foreign policy.”

And while I appreciate that Scahill really does capture this ambivalence, far too many others welcoming a potential troop withdrawal are not recognizing the complexity of the moment.

While we don’t yet fully understand the complex dynamics that led to it, Trump decided to withdraw from Syria during a phone call with a man who has spent two months embarrassing Trump, Trump’s son-in-law, and the corrupt Saudi prince whose crackdown Trump has enthusiastically backed by releasing details of how that prince lulled an American resident dissident to a third country so he could be chopped up with a bone saw while still breathing. And even while Erdogan was embarrassing Trump with those details about Khashoggi’s assassination, he was pressuring Trump to extend the same favor to him by extraditing Fethullah Gulen so he could be chopped up in some grisly fashion.

It is a mistake to think we will get peace from men who dismember dissidents alive.

All that said, Trump will do what he wants and unless the simmering revolt at DOD changes his mind, he will withdraw from Syria and drawdown in Afghanistan.

And if that happens those who would like peace had damn well be better prepared  for that “opportunity” than by simply hoping a future alternative US foreign policy arises. It will take immediate tactical actions to prevent any withdrawal from creating more chaos and misery both in the US and overseas. After all, Trump says he wants to bring troops home, but he has already come perilously close to violating posse comitatus by deploying troops domestically, and that was even with Mattis pushing back against that campaign stunt.

At a minimum, those who want peace need to answer some of the following questions immediately:

What person would both be willing to work for Trump and pursue a policy of peace?

I could not think of any person who could be confirmed by the Senate — even one where nutjobs like Marsha Blackburn have replaced people like Bob Corker — that would be willing to work for Donald Trump and might pursue some kind of alternative foreign policy.

In fact, the only person I could think of for the job (ruling out Erik Prince for a variety of reasons) would be Tom Cotton.

So job number one, for people who hope to use this as an opportunity, is to start coming up with names of people who could replace Mattis and anyone else who quits along with him.

How to prevent the refugee crisis from getting worse?

Multiple accounts of the events leading up to Trump’s decision make it clear that Erdogan would like to use US withdrawal to massacre the Kurds. It’s possible we’ll see similar massacres in Assad-held Syria and Afghanistan as those left try to consolidate their victory.

For all the years the refugee crisis has been mostly a political prop here in the US, it has posed a real threat to the European Union (indeed, I went to several meetings with EUP members in the weeks before Trump’s election where they said it was the greatest threat to the EU). So we need to start thinking seriously about how to prevent genocide and other massacres and the inevitable refugee crises that would result.

How to counter Trump’s fondness for fossil fuels and arms sales?

No withdrawal is going to lead to “peace” or even a retreat of the US empire so long as Trump exacerbates an already unforgivable US addiction to fossil fuels and reliance on arms sales. Particularly with Saudi Arabia but also with Turkey, Trump has excused his fondness for authoritarianism by pointing to arms sales.

And on these issues, Trump actually agrees with the “war party in DC,” which will make it far harder to counter them. Yes, many of the new Democrats entering Congress — most of all Alexandria Ocasio-Cortez — don’t have these horrible habits. So what can you do to make sure her Green New Deal not only isn’t squelched by party leadership, but is seen as the alternative to Trump by centrists?

Nukes. How to prevent Trump from using them?

It’s not that Trump is opposed to violence. He’s opposed to engagement and complexity and long term engagement.

Which means, particularly as more and more so-called adults leave, the chance he’ll turn a tantrum into a nuclear strike skyrocket. Mattis won’t be there to stop him.

How to balance accountability for the mistakes that got us here with accountability for Trump?

The movement that brands itself as “The Resistance” has long made a grave mistake of embracing whatever warmed over anti-Trump centrist wanted to loudly denounce the President.

As a result, the mistakes of many of those people — people like John Brennan and Jim Comey and David Frum and David Brooks — were ignored, even when those mistakes created the vacuum that Trump (and Vladimir Putin) have filled.

Trump would not be President if George Bush had not invaded Iraq, abetted by Frum’s nifty tagline, Axis of Evil. Trump would not be President if the banks that crashed the economy in 2008 had been accountable by people like former Bridgewater Associates executive and HSBC board member then FBI Director Jim Comey.

Again, this is about complexity. But so long as those who would keep Trump accountable ignore what made Trump possible, we will make no progress.

How to preserve democracy long enough to pursue a new foreign policy?

Finally, an increasingly real challenge. Trump sides with Putin and Erdogan and Mohammed bin Salman and Abdel Fattah el-Sisi not because it serves US interests (which is the excuse American politicians usually offer for tolerating Saudi and Egyptian authoritarianism). He does so because he genuinely loves their authoritarianism.

And as Republicans in the Senate begin to push back against Trump, Democrats in the House try to hold him accountable, and the so-called adults leave his Administration, it raises the chances that Trump will embrace increasingly desperate measures to implement his policies. We can’t just assume that Mueller and SDNY and NY State will prevent a Trump authoritarian power grab, particularly not as he continues to pack the courts.

While numerous State Attorneys General and NGOs are having reasonable success at constraining Trump, thus far, in the courts, eventually we’re going to need a bipartisan commitment in DC to constraining Trump. Eventually we’re going to need to convince a bunch of Republican Senators that Trump is doing permanent damage to this country. That’s going to take building, not severing, relationships with some Republicans, even while finding some means to persuade them that Trump can no longer benefit them.

To some degree, we have no choice but to find answers to these questions, one way or another. It is especially incumbent on those celebrating a withdrawal to acknowledge, and try to answer, them.

The DNC-Centric Focus of the HPSCI Investigation

Through the duration of the various Russia investigations, skeptics always harp on two questions pertaining to the Russian election year hacks — why the Democrats never turned over the DNC “server,” singular, to the FBI, allegedly leaving the FBI to rely on Crowdstrike’s work, and whether several sets of files released via Guccifer 2.0 showed signs of non-Russian origin. That is, skeptics look exclusively at the DNC, not the totality of the known Russian targeting.

Looking at the list of witnesses the House Intelligence Committee called (which the committee will release in the coming weeks) shows one reason why: that the most public and propagandist of all the Russia investigations focused on the DNC to the detriment of other known Democratic targets.

Here’s what the list of the HPSCI interviews looks like arranged by date (HPSCI will not be releasing the bolded interviews).

  1. [Comey, Jim (May 2 and 4, 2017): Intel]
  2. [Rogers, Mike (May 4, 2017): Intel]
  3. [Brennan, John (May 23, 2017): Intel]
  4. Coats, Dan (June 22, 2017): Intel
  5. Farkas, Evelyn (June 26, 2017): Ukraine/RU DOD
  6. Podesta, John (June 27, 2017): Clinton Chair
  7. Caputo, Michael (July 14, 2017): RU tied Trump
  8. Clapper, James (July 17, 2017): Intel
  9. Kushner, Jared (July 25, 2017): June 9 etc
  10. Carlin, John (July 27, 2017): Early investigation
  11. Gordon, JD (July 26, 2017): Trump NatSec
  12. Brown, Andrew (August 30, 2017): DNC CTO
  13. Tamene, Yared (August 30, 2017): DNC tech contractor
  14. Rice, Susan (September 6, 2017): Obama response to hack/unmasking
  15. Stone, Roger (September 26, 2017): Trump associate
  16. Epshteyn, Boris (September 28, 2017): RU-tied Trump
  17. Tait, Matthew (October 6, 2017): Solicit hack
  18. Safron, Jonathan (October 12, 2017): Peter Smith
  19. Power, Samantha (October 13, 2017): Obama response to hack/unmasking
  20. Catan, Thomas (October 18, 2017): Fusion
  21. Fritsch, Peter (October 18, 2017): Fusion
  22. Lynch, Loretta (October 20, 2017): Investigation
  23. Parscale, Brad (October 24, 2017): Trump’s data
  24. Cohen, Michael (October 24, 2017): Trump lawyer
  25. Rhodes, Benjamin (October 25, 2017): Obama response to hack/unmasking
  26. McCord, Mary (November 1, 2017): Early investigation
  27. Kaveladze, Ike (November 2, 2017): June 9 meeting
  28. Yates, Sally (November 3, 2017): Early investigation
  29. Schiller, Keith (November 7, 2017): Trump bodyguard
  30. Akhmetshin, Rinat (November 13, 2017): June 9
  31. Samachornov, Anatoli (November 28, 2017): June 9
  32. Sessions, Jeff (November 30, 2017): Trump transition
  33. Podesta, John (December 4, 2017): Dossier
  34. Denman, Diana (December 5, 2017): RNC platform
  35. Henry, Shawn (December 5, 2017): Crowdstrike
  36. Trump, Jr. Donald (December 6, 2017): June 9
  37. Phares, Walid (December 8, 2017): Trump NatSec
  38. Clovis, Sam (December 12, 2017): Trump NatSec
  39. Goldfarb, Michael (December 12, 2017): Dossier
  40. Elias, Marc (December 13, 2017): Dossier
  41. Nix, Alexander (December 14, 2017): Cambridge Analytica
  42. Goldstone, Rob (December 18, 2017): June 9
  43. Sussmann, Michael (December 18, 2017): Hack and dossier
  44. McCabe, Andrew (December 19, 2017): Early investigation
  45. Kramer, David (December 19, 2017): Dossier
  46. Sater, Felix (December 20, 2017): RU connected Trump
  47. Gaeta, Mike (December 20, 2017): Dossier go-between
  48. Sullivan, Jake (December 21, 2017): Dossier
  49. [Rohrabacher, Dana (December 21, 2017): Russian compromise]
  50. [Wasserman Schultz, Debbie (December 21, 2017): dossier]
  51. Graff, Rhona (December 22, 2017): June 9
  52. Kramer, David (January 10, 2018): Dossier
  53. Bannon, Stephen (January 16, 2018): Trump official
  54. Lewandowski, Corey (January 17, 2018): Trump official
  55. Dearborn, Rick (January 17, 2018): Trump official
  56. Bannon, Stephen (February 15, 2018): Trump official
  57. Hicks, Hope (February 27, 2018): Trump official
  58. Lewandowski, Corey (March 8, 2018): Trump official

While John Podesta, one of the earliest spearphishing victims, was one of  the earliest witnesses (and, as HPSCI shifted focus to the dossier, one of the last as well), the other hack witnesses, DNC CTO Andrew Brown and DNC IT contractor Yared Tamene, represent the DNC. Perhaps that’s because of the NYT’s big story on the hack, which was obviously misleading in real time and eight months old by the time of those interviews. While Perkins Coie lawyer and former DOJ cyber prosecutor Michael Sussmann would surely have real insight into the scope of all the Democratic targets, he was interviewed during HPSCI’s dossier obsession, not alongside Brown and Tamene.

All of which is to say that the HPSCI investigation of the hack was an investigation of the hack of the DNC, not of the full election year attack.

To get a sense of some of what that missed, consider the victims described in the GRU indictment (which leaves out some of the earlier Republican targets, such as Colin Powell). I’ve included relevant paragraph numbers to ID these victims.

  1. Spearphish victim 3, March 21, 2016 (Podesta)
  2. Spearphish victim 1 Clinton aide, March 25, 2016 (released via dcleaks)
  3. Spearphish victim 4 (DCCC Employee 1), April 12, 2016 ¶24
  4. Spearphish victim 5 (DCCC Employee), April 15, 2016
  5. Spearphish victim 6 (possibly DCCC Employee 2), April 18, 2016 ¶26
  6. Spearphish victim 7 (DNC target), May 10, 2016
  7. Spearphish victim 2 Clinton aide, June 2, 2016 (released via dcleaks)
  8. Spearphish victim 8 (not described), July 6, 2016
  9. Ten DCCC computers ¶24
  10. 33 DNC computers ¶26
  11. DNC Microsoft Exchange Server ¶29
  12. Act Blue ¶33
  13. Third party email provider used by Clinton’s office ¶22 (in response to July 27 Trump request)
  14. 76 email addresses at Clinton campaign ¶22 (in response to July 27 Trump request)
  15. DNC’s Amazon server ¶34
  16. Republican party websites ¶71
  17. Illinois State Board of Elections ¶72
  18. VR Systems ¶73
  19. County websites in GA, IA, and FL ¶75
  20. VR Systems clients in FL ¶76

Effectively, HPSCI (and most hack skeptics) focused exclusively on item 11, the DNC Microsoft Exchange server from which the emails sent to WikiLeaks were stolen.

Yet, at least as laid out by Mueller’s team, the election year hack started elsewhere — with Podesta, then the DCCC, and only after that the DNC. It continued to target Hillary through the year (though with less success than they had with the DNC). And some key things happened after that — such as the seeming response to Trump’s call for Russia to find more Hillary emails, the Info-Ops led targeting of election infrastructure in the summer and fall, and voter registration software. Not to mention some really intriguing research on Republican party websites. And this barely scratches on the social media campaign, largely though not entirely carried out by a Putin-linked corporation.

HPSCI would get no insight on the overwhelming majority of the election year operation, then, by interviewing the witnesses they did. Of particular note, HPSCI would not review how the targeting and release of DCCC opposition research gave Republican congressmen a leg up over their Democratic opponents.

And while HPSCI did interview the available June 9 meeting witnesses, they refused to subpoena the information needed to really understand it. Nor did they interview all the witnesses or subpoena available information to understand the Stone operation and the Peter Smith outreach.

Without examining the other multiple threads via which Russia recruited Republicans, most notably via the NRA, HPSCI wouldn’t even get a sense of all the ways Russia was trying to make Republicans and their party infrastructure into the tools of a hostile foreign country. And there are other parts of the 2016 attack that not only don’t appear in these interviews, but which at least one key member on the committee was utterly clueless about well past the time the investigation finished.

The exception to the rule that HPSCI didn’t seek out information that might damn Republicans, of course, is the interview of Dana Rohrabacher, who (along with President Trump) proved reliably willing to entertain Russian outreach via all known channnels. But that’s one of the interviews Republicans intend to keep buried because — according to an anonymous Daily Beast source — they don’t want Rohrabacher’s constituents to know how badly Russia has pwned him before November 6.

“The Republicans are trying to conceal from the voters their colleague Dana Rohrabacher’s Russia investigation testimony,” said a committee source familiar with the issue. “There were highly concerning contacts between Rohrabacher and Russians during the campaign that the public should hear about.”

By burying the Comey, Rogers, and Brennan transcripts, Republicans suppress further evidence of the degree to which Russia specifically targeted Hillary, and did so to help not just Trump, but the Republican party.

I’m sure there will be some fascinating material in these transcripts when they’re released. But even before the selective release, designed to hide any evidence gathered of how lopsided the targeting was, the scope of these interviews makes clear that the HPSCI investigation was designed to minimize, as much as possible, evidence showing how aggressively Russia worked to help Republicans.

As I laid out in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Epistemology of Security Clearance Dick-Waving

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

I really couldn’t be bothered to get hot and bothered about President Trump stripping John Brennan of his security clearance. Brennan himself has been involved in the politicization of security clearances (perhaps most directly in Jeffrey Sterling’s case), and to have David Petraeus, of all people, complain about politicized security clearances, discredits the pushback. I’m far more concerned about the loyalty policing at EPA, Interior, Department of Education, and on the DOJ team attacking ObamaCare than I am about Brennan, because the bullying of those more obscure people will have a tangible effect on Americans’ lives. Indeed, the fact that Trump issued a declaration stripping Brennan of his clearance on July 26 but we only learned about it on August 15 is a testament to how little impact this has, other than the posturing around it.

But it has led to dangerous politicization elsewhere.

After being stripped of his clearance, Brennan wrote this op-ed.

In it, Brennan spends six paragraphs setting up how deceitful are Russians generally and his former counterpart Alexander Bortnikov specifically, and how successfully they recruit targets, including Americans, leading from a description of Russian “perfidy” directly to deeming election tampering denials “hogwash.”

Brennan then turns to Trump. He leads his accusation that Trump “colluded” with Russia by describing how asking for Russian to find Hillary’s missing emails “openly authorized his followers to work” with Russians.

The already challenging work of the American intelligence and law enforcement communities was made more difficult in late July 2016, however, when Mr. Trump, then a presidential candidate, publicly called upon Russia to find the missing emails of Mrs. Clinton. By issuing such a statement, Mr. Trump was not only encouraging a foreign nation to collect intelligence against a United States citizen, but also openly authorizing his followers to work with our primary global adversary against his political opponent.

Brennan then points to what he has read in “the reporting of an open and free press” to declare Trump’s claims of no collusion — as he had just claimed Russia’s denials of election interference — to be “hogwash.”

Such a public clarion call certainly makes one wonder what Mr. Trump privately encouraged his advisers to do — and what they actually did — to win the election. While I had deep insight into Russian activities during the 2016 election, I now am aware — thanks to the reporting of an open and free press — of many more of the highly suspicious dalliances of some American citizens with people affiliated with the Russian intelligence services.

Mr. Trump’s claims of no collusion are, in a word, hogwash.

The only questions that remain are whether the collusion that took place constituted criminally liable conspiracy, whether obstruction of justice occurred to cover up any collusion or conspiracy, and how many members of “Trump Incorporated” attempted to defraud the government by laundering and concealing the movement of money into their pockets.

In response, Richard Burr issued this testy statement, defending Trump’s action of stripping the clearance of a former CIA Director with whom Burr got along splendidly when he was spying on Burr’s own separate branch of government oversight committee.

Director Brennan’s recent statements purport to know as fact that the Trump campaign colluded with a foreign power. If Director Brennan’s statement is based on intelligence he received while still leading the CIA, why didn’t he include it in the Intelligence Community Assessment released in 2017? If his statement is based on intelligence he has seen since leaving office, it constitutes an intelligence breach. If he has some other personal knowledge of or evidence of collusion, it should be disclosed to the Special Counsel, not The New York Times.

If, however, Director Brennan’s statement is purely political and based on conjecture, the president has full authority to revoke his security clearance as head of the Executive Branch.

I’m offended by Burr’s statement not just because it ignores the plain language of Brennan’s op-ed, which it links, but for the epistemology of the Russian investigation suggested by the Senate Intelligence Committee Chair. Here’s the logic of the statement:

1. Brennan “purports” to know Trump colluded with a foreign power

Here, Burr ignores how Brennan defines it — first “authorizing his followers to work” with Russia by calling on them to find Hillary’s missing emails, and then “highly suspicious dalliances of some American citizens with people affiliated with the Russian intelligence services” — stuff that’s public. He also ignores that Brennan himself says he doesn’t know whether the “collusion” involved constitutes a criminally liable conspiracy. That is, Brennan is defining collusion as something less than a criminal conspiracy to cooperate to cheat on the election, but Burr doesn’t care.

2. Why doesn’t Brennan’s claim show up in the Brennan-led Intelligence Community Assessment?

Again, Burr ignores Brennan’s description of becoming aware of this in the time period after he “had deep insight into Russian activities during the 2016 election” — so after he left the CIA — and taunts him that the ICA Brennan oversaw showed no evidence of collusion. The implication is Brennan’s ability to know if there were collusion ended on January 20, 2017. (Burr is also ignoring that there were two different investigations even while Brennan was in government — the intelligence investigation led by Brennan, which by law should not be targeting Americans, and the several parallel counterintelligence investigations at FBI, which could investigate Americans.)

Burr then presents three and only three possibilities for how Brennan might have knowledge of collusion, once again ignoring the free press that Brennan clearly attributes it to. First, either intelligence, or personal knowledge:

3. If Brennan has something called “intelligence” proving Trump’s collusion, then it must have come from an intelligence breach.

4. If he has something called “personal knowledge” of collusion, then it must only be shared with Mueller’s team, not with the NYT.

That’s it, according to the Senate Intelligence Chair, for real information about collusion. Either it’s intelligence to which Brennan is no longer entitled (assuming, of course, that Gina Haspel would have no reason to share intelligence about Russia with Brennan in some kind of consultation, which — if Brennan did then pass that on publicly, would be the only proper reason to strip his clearance). Or it’s “personal information,” usually called “evidence,” which may only be shared with Mueller and not with the press. “Intelligence,” which is the purview of the Intelligence Committee and the agencies it oversees. Or “evidence,” which is the purview of a DOJ investigation. Either/or.

That’s, of course, illogical, and not just because Burr’s own committee is investigating some of the same “evidence” that the FBI is, notably what happened on social media and what some witnesses have testified about, in secret, to the committee, and witnesses to both (like Rob Goldstone) have also commented publicly.

It’s illogical, too, because there are other ways to get real evidence of collusion. I believe I have evidence of collusion. I shared it with the FBI, sure. But after I revealed that I had provided information to the FBI in July, I also shared limited parts of it with some Republican Congressmen, in hopes of explaining to them how serious the investigation is and showing that entire parts of it don’t derive from Peter Strzok’s decisions. I’ve also discussed, prospectively, sharing it with some former top intelligence officials (unsurprisingly, not Brennan), in the interests of elucidating parts of the Russian attack they missed.

Yet even though his either/or proposition is false, Burr then uses it to proclaim Trump’s treatment of Brennan proper based on this remarkable statement:

5. “If, however, Director Brennan’s statement is purely political and based on conjecture, the president has full authority to revoke his security clearance as head of the Executive Branch.”

Having set up this false either/or proposition, Burr then suggests anything else must be “purely political” and “based on conjecture,” and — without showing the logical relation between the two clauses in this sentence — states that the President has the authority to revoke Brennan’s security clearance.

(If NOT (intelligence or evidence,) THEN political conjecture) THEN strip the damn clearance.

It is true that thus far the case law suggests that a President does have the authority to strip Brennan’s clearance (though a Brennan challenge, or even more easily, a Bruce Ohr challenge, might establish new limits to that authority). But that authority has no relationship to the claimed political or conjectural nature of Brennan’s comments. Not only does Burr suggest it does — suggest that stripping security clearances because of speech perceived to be political is not just proper but justified — but by yoking these two clauses together in one sentence, Burr suggests punishing political speech is in some way intimately tied to the authority therein.

Plus, as Brad Heath noted, Burr’s statement argues that Trump was right to strip Brennan’s clearance on July 26 because of statements Brennan made on August 16.

The Chairman of the Intelligence Committee, mind you, made this statement.

But here’s the reason why I really care about this.

Back when he was CIA Director, I openly criticized Brennan for the way he worked the press to get the most hawkish read of the Russian attack into the press. But I didn’t think his efforts arose from partisanship. Rather, it was an effort to raise alarm bells about the attack in the last weeks of the Administration. Such use of the press happens all the time when Administration officials are trying to advance their favored policy decisions.

Burr, however, is using his position of authority to affirmatively tie security clearances to speech he (or the President) deems excessively political. He’s doing it even as he argues there are just two appropriate categories of weighing whether collusion happened or not, intelligence (his purview) or evidence (Mueller’s). And he’s doing it as his committee is leading what has, up to this point, been the only Congressional investigation not utterly discredited by partisan bickering.

That pisses me off for several reasons. First, Burr is in the same breath being a raging partisan and asserting that his committee is one of the only entities that can appropriately weigh whether Trump conspired with Russia to win the election. He’s putting a thumb on the scale at precisely the moment that he claims only he (and Mueller) get to decide whether collusion happened. This raises real questions in my mind about what would happen if and when SSCI came upon information that shows Trump conspired with Russia. It raises real doubts in my mind about whether SSCI is able to conduct their investigation.

More importantly, he’s wrong. He’s wrong for the obvious reason that journalists are discovering important threads of the Russia investigation. Indeed, the part of SSCI’s work they’re most proud about — Russia’s use of social media — came out of a lot of really good reporting on the topic.

He’s wrong because we’re a democracy and whether Trump conspired with Russia will one day be most critically decided in a political sphere. As we get closer to that day, the American public has every right to read these two data points together and consider whether they show Trump and the Russians conspiring.

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.”

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

And he’s wrong because none of the certified experts are getting the Russia story entirely right. As I said, I’ve had conversations in the last several months with Republican congressmen, former top intelligence officials, and a whole lot of experts on the Russian attack, including (but not limited to) top InfoSec people, other journalists, and some key witnesses. Even aside from the stuff I went to the FBI about (which might give me special insight to what happened, but also has made me admittedly blindered about other issues) all of those people, including me, have missed key things or gotten key details wrong. Just as one example, in conversations I’ve had with that ilk of people, every single person save one has either misread key parts of the GRU indictment or read in their prior assumptions (the one exception had the advantage of being a key witness behind at least two paragraphs of the indictment). That’s just one example, but it’s an example that suggests we need more honest discussion and less of Burr and Trump’s attempt to decertify democratic speech about what the President did.

The Chair of the Intelligence Committee, Richard Burr, effectively asserted that he is one of the few authorities with the right to say, based off what his committee does in private, whether Trump conspired with Russia or not, and that any citizen deigning to weigh in based off the public evidence may be properly disciplined by the President. The statement goes a long way to discredit the investigation his committee is doing, a real blow to his staffers’ success at bridging any partisan divide. Most importantly, because it so badly gets the epistemology of an attack that targeted all Americans wrong, it raises real questions about Burr’s understanding of the Russian attack at issue.

GRU’s Alice Donovan Persona Warned of a WannaCry-Like Event a Year before It Happened

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In this post, I suggested that The Shadow Brokers persona served as a stick to the carrots Vladimir Putin dangled in front of Donald Trump. When Donald Trump took an action — bombing Syria to punish Bashar al-Assad — that violated what I believe to be one of the key payoffs in the election quid pro quo, Shadow Brokers first bitched mightily, then released a bunch of powerful NSA tools that would soon lead to the WannaCry global malware attack.

It turns out GRU warned of that kind of attack a year before it happened.

One of the tidbits dropped into a very tidbit-filled GRU indictment is that GRU ran the Alice Donovan propaganda persona.

On or about June 8, 2016, and at approximately the same time that the dcleaks.com website was launched, the Conspirators created a DCLeaks Facebook page using a preexisting social media account under the fictitious name “Alice Donovan.”

That tidbit has led to some follow-up on the Donovan figure, including this typically great DFRLab piece arguing that Russia had two parallel streams of troll campaigns, the Internet Research Agency one focused on the election, and the GRU one focused on foreign policy.

Donovan was first exposed in December of last year after WaPo reported on and CounterPunch did a review of “her” work after then WaPo reporter Adam Entous contacted CP after learning the FBI believed “she” had some tie to Russia.

We received a call on Thursday morning, November 30, from Adam Entous, a national security reporter at the Washington Post. Entous said that he had a weird question to ask about one of our contributors. What did we know about Alice Donovan? It was indeed an odd question. The name was only faintly familiar. Entous said that he was asking because he’d been leaked an FBI document alleging that “Alice Donovan” was a fictitious identity with some relationship to Russia. He described the FBI document as stating that “Donovan” began pitching stories to websites in early 2016. The document cites an article titled “Cyberwarfare: Challenge of Tomorrow.”

As both pieces emphasize, the first article that Donovan pitched — and “she” pitched it to multiple outlets — pertained to cyberattacks, specifically to ransomware attacks on hospitals.

The article was first published in Veterans Today on April 26, 2016. That’s the same day that Joseph Mifsud first told George Papadopoulos Russia had emails — emails hacked by Donovan’s operators — they planned to leak to help defeat Hillary Clinton.

CounterPunch published the cybersecurity article on April 29. That’s the day the DNC first figured out that GRU (and FSB’s APT 29) had hacked them.

Those dates may well be coincidences (though they make it clear the Donovan persona paralleled the hack-and-leak campaign). I’m less sure about the third publication of the article, in Mint Press, on August 17, 2016, just four days after Shadow Brokers went live. So just days after Shadow Brokers had called out, “!!! Attention government sponsors of cyber warfare and those who profit from it !!!” an article was republished with the penultimate paragraph accusing the US of planning to shut down Iran’s power grid.

Moreover, the U.S. has been designing crippling cyber attack plans targeting the civilian sector. In case its nuclear negotiations with Iran failed, the U.S. was prepared to shut down the country’s power grid and communications networks.

The basis for that accusation was actually this article, but “Donovan” took out the reference (bolded below) to GRU’s attack on Ukraine’s power grid in the original.

Today such ransomware attacks are largely the work of criminal actors looking for a quick payoff, but the underlying techniques are already part of military planning for state-sponsored cyberwarfare. Russia showcased the civilian targeting of modern hybrid operations in its attack on Ukraine’s power grid, which included software designed to physically destroy computer equipment. Even the US has been designing crippling cyberattack plans targeting the civilian sector. In case its nuclear negotiations with Iran failed, the US was prepared to shut down the country’s power grid and communications networks.

Imagine a future “first strike” cyberattack in which a nation burrowed its way deeply into the industrial and commercial networks of another state and deployed ransomware across its entire private sector, flipping a single switch to hold the entire country for ransom. Such a nightmare scenario is unfortunately far closer than anyone might think. [my emphasis]

And “Donovan” adds in this sentence (from elsewhere in the Forbes article).

Government itself, including its most senior intelligence and national security officials are no better off when a single phishing email can redirect their home phone service and personal email accounts.

When this article was first published, the memory was still fresh of the Crackas with Attitude hack, where self-described teenagers managed to hack John Brennan and James Clapper and forward the latter’s communications (among the men serving prison sentences for this attack are two adult Americans, Andrew Otto Boggs and Justin Liverman).

Most of the rest of the article uses the threat of malware attacks on hospitals to illustrate the vulnerability of civilian infrastructure to cyberattack. It cites a Kaspersky proof of concept (recall that Shadow Brokers included a long play with Kaspersky). It cites an FBI agent attributing much of this hacking to Eastern Europe.

Stangl said the hackers, most of them from Eastern Europe, have increasingly targeted businesses, which are often able to pay more than individuals to unlock data. The hackers “scan the Internet for companies that post their contact information,” then send them email phishing attacks. Unsuspecting employees, Stangl said, are asked to click on what seem to be innocuous links or attachments — perhaps something as simple as a .PDF purporting to be a customer complaint — and before they know it, their computers are infected.

And the “Donovan” article explains at length — stealing from this article — why hospitals are especially vulnerable to malware attacks.

Such attacks may all sound like nightmare scenarios, but the experts say they’re becoming almost routine. And hospitals have not made cybersecurity a priority in their budgets. On average hospitals spent about 2 percent on IT, and security might be 10 percent of that. Compare that percentage to the security spending by financial institutions: for example, Fidelity spends 35 percent of its budget on IT.

Moreover, medical facilities are vulnerable to these attacks in part because they don’t properly train their employees on how to avoid being hacked, according to Sinan Eren, who has worked in cybersecurity for government and health-care organizations for two decades.

“It’s not like the financial-services industry, where they train employees how to spot suspicious emails,” said Eren, general manager at Avast Mobile Enterprise. Also, many hospital computer systems are outdated, bulky and in dire need of upgrades or newer software, he said. But such institutions often don’t have — or don’t want to spend — the money to make sweeping changes.

While it’s still unclear which computer WannaCry first infected in May 2017, Britain’s National Health Service was easily the most famous victim, with about a third of the system being shut down. Not long after WannaCry, NotPetya similarly spanned the globe in wiperware designed to appear as ransomware (though the latter’s use of NSA tools was mostly just show). While the US and UK have publicly attributed WannaCry to North Korea (I’m not convinced), NotPetya was pretty clearly done by entities close to GRU.

And a year before those global pseudo-ransomware worms were launched, repeated just days after Shadow Brokers started releasing NSA’s own tools, GRU stole language to warn of “a nation burrow[ing] its way deeply into the industrial and commercial networks of another state and deploy[ing] ransomware across its entire private sector, flipping a single switch to hold the entire country for ransom. Such a nightmare scenario is unfortunately far closer than anyone might think.”

(h/t TC for the heads up on this file and a number of the insights in this piece)

Update: MB noted that the “added” sentence actually also comes from the original Forbes article (it links to an earlier column that notes the Crackas tie explicitly).

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Preferred Anti-Obama Russian Hack Story Remains Silent on Shadow Brokers

Michael Isikoff and David Corn are fluffing their upcoming book on the Russian tampering with the 2016 election. This installment covers the same ground, and the same arguments, and has the same weaknesses that this WaPo article did: It describes how urgent but closely held the CIA tips were (without considering whether the close hold on the intelligence led the IC to make incorrect conclusions about the attack). It describes efforts to make a public statement that got drowned out by the Pussy Grabber and Podesta releases. It airs the disappointment of those who thought Obama should have launched a more aggressive response.

Perhaps the biggest addition to the WaPo version is that this one includes more discussion of Obama’s thoughts on cyber proliferation, with the acknowledgement that the US would be more vulnerable than Russia in an escalating cyber confrontation.

Michael Daniel and Celeste Wallander, the National Security Council’s top Russia analyst, were convinced the United States needed to strike back hard against the Russians and make it clear that Moscow had crossed a red line. Words alone wouldn’t do the trick; there had to be consequences. “I wanted to send a signal that we would not tolerate disruptions to our electoral process,” Daniel recalled. His basic argument: “The Russians are going to push as hard as they can until we start pushing back.”

Daniel and Wallander began drafting options for more aggressive responses beyond anything the Obama administration or the US government had ever before contemplated in response to a cyberattack. One proposal was to unleash the NSA to mount a series of far-reaching cyberattacks: to dismantle the Guccifer 2.0 and DCLeaks websites that had been leaking the emails and memos stolen from Democratic targets, to bombard Russian news sites with a wave of automated traffic in a denial-of-service attack that would shut the news sites down, and to launch an attack on the Russian intelligence agencies themselves, seeking to disrupt their command and control modes.

[snip]

One idea Daniel proposed was unusual: The United States and NATO should publicly announce a giant “cyber exercise” against a mythical Eurasian country, demonstrating that Western nations had it within their power to shut down Russia’s entire civil infrastructure and cripple its economy.

[snip]

The principals did discuss cyber responses. The prospect of hitting back with cyber caused trepidation within the deputies and principals meetings. The United States was telling Russia this sort of meddling was unacceptable. If Washington engaged in the same type of covert combat, some of the principals believed, Washington’s demand would mean nothing, and there could be an escalation in cyber warfare. There were concerns that the United States would have more to lose in all-out cyberwar.

“If we got into a tit-for-tat on cyber with the Russians, it would not be to our advantage,” a participant later remarked. “They could do more to damage us in a cyber war or have a greater impact.” In one of the meetings, Clapper said he was worried that Russia might respond with cyberattacks against America’s critical infrastructure—and possibly shut down the electrical grid.

[snip]

Asked at a post-summit news conference about Russia’s hacking of the election, the president spoke in generalities—and insisted the United States did not want a blowup over the issue. “We’ve had problems with cyber intrusions from Russia in the past, from other counties in the past,” he said. “Our goal is not to suddenly in the cyber arena duplicate a cycle escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so that everybody’s acting responsibly.”

The most dramatic part of the piece quotes an angry Susan Rice telling her top Russian expert to stand down some time after August 21.

One day in late August, national security adviser Susan Rice called Daniel into her office and demanded he cease and desist from working on the cyber options he was developing. “Don’t get ahead of us,” she warned him. The White House was not prepared to endorse any of these ideas. Daniel and his team in the White House cyber response group were given strict orders: “Stand down.” She told Daniel to “knock it off,” he recalled.

Daniel walked back to his office. “That was one pissed-off national security adviser,” he told one of his aides.

But like the WaPo article before it, and in spite of the greater attentiveness to the specific dates involved, the Isikoff/Corn piece makes not one mention of the Shadow Brokers part of the operation, which first launched just as NSC’s Russian experts were dreaming up huge cyber-assaults on Russia.

On August 13, Shadow Brokers released its first post, releasing files that had compromised US firewall providers and including a message that — while appearing to be an attack on American Elites and tacitly invoking Hillary — emphasizes how vulnerable the US would be if its own cybertools were deployed against it.

We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites?

Sure, it’s possible the IC didn’t know right away that this was a Russian op (though Isikoff and Corn claim, dubiously and in contradiction to James Clapper’s November 17, 2016 testimony, that the IC had already IDed all the cut-outs Russia was using on the Guccifer 2.0 and DC Leaks operations). Though certainly the possibility was publicly discussed right away. By December, I was able to map out how it seemed the perpetrators were holding the NSA hostage to any retaliation attempts. Nice little NSA you’ve got here; it’d be a shame if anything happened to it. After the inauguration, Shadow Brokers took a break, until responding to Trump’s Syria strike by complaining that he was abandoning those who had gotten him elected.

Respectfully, what the fuck are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.

That was followed by a release of tools that would soon lead to billion dollar attacks using repurposed NSA tools.

As recently as February, the NSA and CIA were still trying to figure out what Russia (and the stories do appear to confirm the IC believed this was Russia) had obtained.

I mean, it’s all well and good to complain that Obama asked the NSC to stand down from its plans to launch massive cyberattacks as a warning to Putin. But you might, first, consider whether that decision happened at a time when the US was facing far greater uncertainty about our own vulnerabilities on that front.

10 Years of emptywheel: Jim’s Dimestore

As you saw in Marcy’s posts yesterday, emptywheel is celebrating the ten year anniversary of the move from The Next Hurrah to Firedoglake.   You will notice that the current version of the blog comes to you without ads. If you want this wonderful state of affairs to continue, contributions are a must. A new subscription option helps to make sure the hamsters keep turning the wheels on the magic blog-hosting machines and the ever more sophisticated mole-whacking machinery stays up to date.

Marcy’s outstanding work over the years has received great acclaim. A huge part of the success of the blog, though, has been its ongoing tradition of the best commenting community on the internet. Over the years, the conversations that have taken place on each seminal post have helped to decipher the meaning of cryptic government documents, bring in alternate views and point out new information as it breaks. In the end,  emptywheel isn’t just a blog, it’s a community. For all of your support and participation during these trying times, we thank you.

In keeping with the “10” theme, Marcy has a post highlighting her favorite surveillance posts over each of the last ten years. She has graciously allowed a few of us hangers-on to participate with posts of our own.  I haven’t been an official emptywheeler for all of those ten years.  I did spend a year as an evening editor at Firedoglake around the time of the migration from TNH, so I got to start my friendship with this group of writers and commenters around that time.  I’m going to list my favorite ten posts from the time I started posting here, shortly after the blog moved from Firedoglake to the independent site. Several of these posts link back to earlier work at MyFDL. Sadly, the archives of that work were imperfectly migrated to the Shadowproof successor to Firedoglake, and so searching for those is imperfect and many of the graphics are lost.

So here is Jim’s Dimestore listing my 10 favorite posts on Emptywheel.net, in chronological order:

DETAILS OF SILICON-TIN CHEMISTRY OF ANTHRAX ATTACK SPORES PUBLISHED; WILLMAN TUT-TUTS

Sandia National Laboratories image of attack spore. In the upper frame, silicon, in green, is found exclusively on the spore coat and not on the exosporium (outer pink border).

Perhaps my favorite topic over the years has been a technical analysis of the evidence presented by the FBI in its Amerithrax investigation. It is absolutely clear from this analysis of the anthrax attacks of 2001 that the FBI failed to demonstrate how Bruce Ivins could have carried out the attacks on his own. This post goes deep into the technical weeds of how the spores in the attack material were treated so that they would disperse easily and seem to float on air. The bottom line is that high amounts of silicon are found inside these spores. The silicon could not have gotten there naturally, and it took very sophisticated chemistry to get it there and treat it to make sure it stayed. Ivins had neither the expertise nor the equipment to achieve this highly advanced bioweaponization. Earlier work I did in this series showed that Ivins also could not have grown the anthrax used in the attacks.  My favorite candidate for where it was produced is an isolated lab built by the Defense Threat Reduction Agency on what is now called the Nevada National Security Site (formerly the Nevada Test Site) that Judy Miller described on September 4, 2001.  That article by Miller has always stood out to me as the ultimate limited hangout presented by DoD before the fact, where we see a facility of the perfect size for producing the amount of material used in the anthrax attacks. Those attacks occurred just a short time after the article was published. Miller’s assurance in the article that the site only was used for production of harmless bacteria sharing some characteristics with anthrax just never smelled right to me.

INTELLIGENCE AIDE FLYNN RE MCCHRYSTAL: “EVERYONE HAS A DARK SIDE”

When Michael Hastings’ article in Rolling Stone led to Stanley McChrystal’s firing, little did we know that this would be the beginning of the fall from grace for David Petraeus and his all-star band of torture enablers. These “operators”, as Hastings termed the team, relied on night raids and illegal detentions as the core of their counterterrorism initiatives in Iraq and Afghanistan. These foolishly evil practices fueled massive growth in the insurgencies in response. In this post, Flynn reveals to us that he felt McChrystal, and everyone else, has a “dark side”. As we now await fallout from Flynn’s guilty plea for his lies to the FBI about conversations with Russian Ambassador Kislyak (mainly, his testimony against the rest of Trump’s team), it appears that Flynn himself found the dark side to be quite compelling.

DESPITE METAPHYSICAL IMPOSSIBILITY, US GOVERNMENT REPEATEDLY ATTEMPTS RETROACTIVE CLASSIFICATION

Another favorite topic of mine over the years has been the utter futility of the military’s efforts to “train” troops in both Iraq and Afghanistan. It has been an endless sequence of the military getting countless “do-overs”, with Congress rolling over and believing every single utterance of “This time it will work for sure!”. Part of the military’s strategy in hiding their training failures was to keep changing how Afghan troops were counted and evaluated for combat readiness. A corollary to the futility of the training effort is the horrific death toll of “green on blue” attacks, where the Afghan or Iraqi trainees attacked and often killed those who were training them. When this problem got especially bad in Afghanistan in 2011, DoD commissioned a sociological analysis that returned a result the military did not like. The report indicated that the military was utterly failing to address vast cultural differences between Afghan and coalition troops.  The military, in its infinite wisdom, decided to classify the report, but did so after it already had been released in unclassified form.  Oops.

PERSIANS PUNK PHOTO PRETENDERS: PARCHIN PRETTY IN PINK

Detail from the photo carried in CNN’s story showing the pink tarp over the building said to contain the blast chamber.

Neocons have long lusted after violent regime change in Iran. Cooked up allegations on Iran’s nuclear capabilities have played a central role over the years in how they wished to achieve that war. Despite the neocons’ best efforts to sabotage negotiations, Iran agreed to a comprehensive set of severe restrictions on its nuclear capabilities in return for “dropping” (quotes because the US has claimed other grounds for maintaining other sanctions) the worst of the US sanctions that crippled Iran’s economy. Along the way, I had a ton of fun picking at two of the worst offenders in spreading anti-Iran propaganda: David Albright of the Institute for Science and International Security and George Jahn of AP. Reports that Iran had constructed a high explosives blast chamber at the Parchin military site became quite a point of argument. Albright spent countless hours scouring satellite images of the site and claimed the photographs showed that Iran was attempting to clean radioactivity from the site. Iran seemed to have a lot of fun with this process. I’m sure the pink tarps in the post here were added just to punk Albright. I maintained that the real evidence of what had taken place at the site couldn’t be scrubbed, because the accused activity would have resulted in the steel chamber itself being made radioactive throughout its entire thickness. Perhaps Iran made the same assessment, because once the IAEA gained access to the site, there was no steel chamber to be found. Was there ever a blast chamber there? Who knows? In the end, whether Iran carried out that work is immaterial, as the Joint Comprehensive Plan of Action has the most aggressive inspection regime ever agreed to by a country that hasn’t just lost a war.  We can rest assured that Iran has no capability at the current time of assembling a nuclear weapon, and the neocons are left to pout about diplomacy working better than their war ever could have. If you want to know why Donald Trump put Rex Tillerson in charge of dismantling the Department of State, look no further than the success diplomacy played in achieving the JCPOA.

JOHN GALT KILLS TEXANS IN MASSIVE FERTILIZER PLANT EXPLOSION

When a massive explosion in West, Texas killed 15 people, injured over 250 and destroyed 500 homes, it was clear to me who had killed these Texans: Ayn Rand’s mythical libertarian hero John Galt. How else do  you explain a site being allowed to store hundreds of thousands of pounds of ammonium nitrate with inadequate fire protection and fatally close to inhabited structures than the misguided libertarian belief that free enterprise should rule?  In the post, I pointed to the dangers inherent in the lack of zoning laws that allowed this fatal mixture of structures. As we later learned from the Washington Post,  John Galt’s influence on the destruction was decades in the making:

The plant was a mom-and-pop operation, a distribution center where farmers picked up custom mixes of fertilizer to boost crop yields. It was built in 1962 a half-mile outside West. As the harvests grew, so did the town. In 1967, the rest home opened 629 feet from the plant. In the early ’70s, a two-story apartment complex was built even closer. Then a playground and basketball court, a mere 249 feet away.

We learned last year that ATF has determined that the fire that preceded the blast was intentional.  So while we don’t know who started the fire itself, we know for a fact that, ultimately, it was John Galt who killed these 15 Texans.

US DRONE STRIKE IN PAKISTAN REEKS OF POLITICAL RETALIATION YET AGAIN

The current concern that Donald Trump will lash out in fury with a nuclear strike, somewhere, anywhere, just to vent his anger over Mueller’s noose tightening over his entire administration is not the first time that it was appropriate to be concerned about an  enraged high-ranking government official killing innocent people. In the case of John Brennan, poorly targeted rage attacks carried out as retaliation for a perceived wrong happened repeatedly. In the post linked here, a drone strike in Pakistan’s tribal area seemed timed as retaliation for Pakistan refusing to reopen supply routes that had been closed six months earlier when the US killed 24 Pakistani troops in an erroneous attack. The post goes on to detail other rage drone strikes that Brennan ordered, with the worst probably being the killing of over 40 people who were simply gathered to discuss mineral rights. That strike was carried out the day after the CIA’s Raymond Davis was finally released and was clearly carried out without proper evaluation of targeting criteria, as it seems few if any actual terrorists were killed.

NO, WE AREN’T ALL GOING TO DIE BECAUSE EBOLA PATIENTS ARE COMING TO US FOR TREATMENT

image.ppat.v04.i11.g001

Scary, color-enhanced electron micrograph of Ebola virus particles. Creative Commons license courtesy of Thomas W. Geisbert, Boston University School of Medicine.

The Ebola outbreak in 2014 led to widespread fear in the US, especially when it was announced that medical personnel who had been treating Ebola patients in Africa and became infected would be transported to Atlanta for treatment. There was no appreciation for how the disease actually is spread, what the conditions were where the medical workers became infected in Africa and how such spread would be much less likely in a properly run US hospital. A poorly run hospital in Texas, however, did manage to have personnel treating Ebola acquire infections. Of course, the treatment at CDC in Atlanta was carried out without incident, and the virus did not spread in the US, even after the Texas hospital had its initial failure. In fact, as the virus wound down, those who study and understand the virus were shown to have been completely correct in their analysis when they modeled how large the outbreak would get before receding once proper intervention was carried out. But the fears of Ebola wiping out the US weren’t the only bit of bad science that had to be knocked down during the outbreak. Conspiracy theories started spreading that the Ebola virus in the 2014 outbreak had been genetically engineered in a bioweapons lab and was accidentally released from a lab in Africa. DNA sequence analysis quickly debunked that one.

WASHINGTON POST FAILS TO DISCLOSE HEINONEN’S UANI CONNECTION IN ANTI-IRAN OP/ED

Yes, the Iran nuclear agreement is so important that it is the only topic repeated in my ten favorite posts. In this post, we are in the time just a few months before the agreement is finalized, and the neocon opponents of the deal are reaching a fever pitch. The post outlines a horrible failure of full disclosure by the Washington Post. This occurred after Bezos purchased the paper, but clearly was a failure of beating back the darkness in which democracy dies. In this case, the Post carried an op-ed opposing the Iran deal. Besides allowing an incendiary headline (The Iran Time Bomb) and giving voice to Michael Hayden and neocon nightmare Ray Takeyh, the Post made its biggest failure regarding the middle author, Olli Heinonen. The Post allowed Heinonen to identify himself only by his current Harvard affiliation and his former role in IAEA. What is left out of that description is that Heinonen was also playing a prominent role on the Advisory Board of United Against Nuclear Iran, shadowy group with even more shadowy funding sources. Somehow, in the course of its “advocacy” work against Iran, UANI had come into possession of US state secrets that suddenly allowed it to avoid a civil case for defamation of a businessman they accused of breaking sanctions against Iran. Why, yes, of course the New York Times also allowed Heinonen to deceptively carry out his work on their pages, too. This time it was in a “news” story that came out shortly after the UANI civil court case was dismissed when the judge stated the case could not proceed because of the state secrets involved. Of course, even after more than two and a half years, neither the Washington Post nor New York Times have admitted their omissions in describing Heinonen’s affiliations in the cited articles. It is really remarkable that diplomacy defeated this full court press by the neocons who were working with the full cooperation of the media.

WAVING THE CONSTITUTION AT THOSE WHO IGNORE IT

I waved my pocket copy of the Constitution at Nancy Pelosi on July 19,2008. Khizr Khan waved his at Donald Trump on July 28,2016.

I waved my pocket copy of the Constitution at Nancy Pelosi on July 19,2008. Khizr Khan waved his at Donald Trump on July 28,2016.

I haven’t written much in the last couple of years, but I just couldn’t avoid writing this one only ten days after surgery to replace my aorta. When I saw Khizr Khan’s appearance at the Democratic National Convention, I was really moved when he waved his pocket copy of the Constiution at Donald Trump. I had done the same thing in July of 2008 when Nancy Pelosi appeared at Netroots Nation in Austin. I was waving my Constitution at Pelosi to remind her of her failure to impeach George W. Bush and Dick Cheney for their roles in torture and illegal wars. Khan was calling out Trump for his campaign promises that so clearly violate the Constiution. Sadly, Trump has followed through in enforcing many of those policies Khan warned us about and we are left without much more recourse than continuing to wave our Constitutions at those who violate it on a daily basis.

ON JULY 2016 PANEL, GEORGE PAPADOPOULOS USED SAME COVER ORGANIZATION AS JOSEPH MIFSUD 

My one minor contribution so far to the unfolding saga of Russian influence on the 2016 election was prompted by noticing a photo in my Twitter stream shortly after the George Papadopoulos plea agreement was made public. What initially caught my eye was that my Congressman, Ted Yoho, was in the photo with Papadopoulos while both appeared in a panel discussion in Cleveland in July of 2016. However, once I started digging into the circumstances of the photo, I discovered that when he appeared for the panel, Papadopoulos claimed an affiliation with an entity that was also an affiliation for the shadowy Joseph Mifsud. We still don’t have a satisfactory explanation of how these two came to have a shared cover organization where it seems both Papadopoulos and Mifsud had positions that were grossly inflated with respect to their previous career accomplishments. I still think that if we ever discover who was behind these two getting such inflated positions, we will learn much about who might have been orchestrating later events in which these two played roles.

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten today.

To celebrate, over the next few days, the emptywheel team will be sharing some of our favorite work from the last decade. I’ll be doing 4 posts featuring some of my most important or — in my opinion — resilient non-surveillance posts, plus a separate post bringing together some of my most important surveillance work. I think everyone else is teeing up their favorites, too.

Putting together these posts has been a remarkable experience to see where we’ve been and the breadth of what we’ve covered, on top of mainstays like surveillance. I’m really proud of the work I’ve done, and proud of the community we’ve maintained over the years.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2013

What a Targeted Killing in the US Would Look Like

Amid now-abandoned discussions about using the FISA court to review targeted killing, I pointed out that a targeted killing in the US would look just like the October 28, 2009 killing of Imam Luqman Abdullah.

Article II or AUMF? “A High Level Official” (AKA John Brennan) Says CIA Can Murder You

When the second memo (as opposed to the first 7-page version) used to authorize the killing of Anwar al-Awlaki, it became clear that OLC never really decided whether the killing was done under Article II or the AUMF. That’s important because if it’s the latter, it suggests the President can order anyone killed.

John Brennan Sworn in as CIA Director Using Constitution Lacking Bill of Rights

I know in the Trump era we’re supposed to forget that John Brennan sponsored a whole lot of drone killing and surveillance. But I spent a good deal of the Obama Administration pointing that out. Including by pointing out that the Constitution he swore to protect and defend didn’t have the First, Fourth, Fifth, and Sixth amendment in it.

2014

The Day After Government Catalogs Data NSA Collected on Tsarnaevs, DOJ Refuses to Give Dzhokhar Notice

I actually think it’s unreasonable to expect the government’s dragnets to prevent all attacks. But over and over (including with 9/11), NSA gets a pass when we do reviews of why an attack was missed. This post lays out how that happened in the Boston Marathon case. A follow-up continued that analysis.

A Guide to John Rizzo’s Lies, For Lazy Journalists

Former CIA General Counsel John Rizzo lies, a lot. But that doesn’t seem to lead journalists to treat his claims skeptically, nor did it prevent them from taking his memoir as a statement of fact. In this post I summarized all the lies he told in the first 10 pages of it.

Obama to Release OLC Memo after Only 24 Congressional Requests from 31 Members of Congress

Over the year and a half when one after another member of Congress asked for the OLC memos that authorized the drone execution of Anwar al-Awlaki, I tracked all those requests. This was the last post, summarizing all of them.

The West’s Ideological Vacuum

With the rise of Trump and the success of Russia intervening in US and European politics, I’ve been talking about how the failures of US neoliberal ideology created a vacuum to allow those things to happen. But I’ve been talking about the failures of our ideology for longer than that, here in a post on ISIS.

KSM Had the CIA Believing in Black Muslim Convert Jihadist Arsonists in Montana for 3 Months

There weren’t a huge number of huge surprises in the SSCI Torture Report for me (indeed, its scope left out some details about the involvement of the White House I had previously covered). But it did include a lot of details that really illustrate the stupidity of the torture program. None was more pathetic than the revelation that KSM had the CIA convinced that he was recruiting black Muslim converts to use arson in Montana.

2015

The Jeffrey Sterling Trial: Merlin Meets Curveball

A big part of the Jeffrey Sterling trial was CIA theater, with far more rigorous protection for 10 year old sources and methods than given to 4 year old Presidential Daily Briefs in the Scooter Libby trial. Both sides seemed aware that the theater was part of an attempt, in part, to help the CIA gets its reputation back after the Iraq War debacle. Except that the actual evidence presented at trial showed CIA was up to the same old tricks. That didn’t help Sterling at all. But neither did it help CIA as much as government prosecutors claimed.

The Real Story Behind 2014 Indictment of Chinese Hackers: Ben Rhodes Moves the IP Theft Goal Posts

I’ve written a lot about the first indictment of nation-state hackers — People’s Liberation Army hackers who compromised some mostly Pittsburgh located entities, including the US Steel Workers. Contrary to virtually all the reporting on the indictment, the indictment pertained to things we nation-state hack for too: predominantly, spying on negotiations. The sole exception involves the theft of some nuclear technology from Westinghouse that might have otherwise been dealt to China as part of a technology transfer arrangement.

Obama’s Terrorism Cancer Speech, Carter’s Malaise Speech

In response to a horrible Obama speech capitulating to Republican demands he treat the San Bernardino attack specially, as Islamic terrorism, I compared the speech to Jimmy Carter’s malaise speech. Along the way, I noted that Carter signed the finding to train the mujahadeen at almost the exactly moment he gave the malaise speech. The trajectory of America has never been the same since.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

The Compartments in WaPo’s Russian Hack Magnum Opus

The WaPo has an 8300 word opus on the Obama Administration’s response to Russian tampering in the election. The article definitely covers new ground on the Obama effort to respond while avoiding making things worse, particularly with regards to imposing sanctions in December. It also largely lays out much of the coverage the three bylined journalists (Greg Miller, Ellen Nakashima, and Adam Entous) have broken before, with new details. The overall message of the article, which has a number of particular viewpoints and silences, is this: Moscow is getting away with their attack.

“[B]ecause of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.”

The Immaculate Interception: CIA’s scoop

WaPo starts its story about how Russia got away with its election op with an exchange designed to make the non-response to the attack seem all the more senseless. It provides a dramatic description of a detail these very same reporters broke on December 9: Putin, who was personally directing this effort, was trying to elect Trump.

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

[snip]

The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read.

[snip]

In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan Rice side after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.

While the sharing of this information with just three aides adds to the drama, WaPo doesn’t consider something else about it. The inclusion of Rice and McDonough totally makes sense. But by including Avril Haines, Brennan was basically including his former Deputy Director who had moved onto the DNSA position, effectively putting two CIA people in a room with two White House people and the President. Significantly, Lisa Monaco — who had Brennan’s old job as White House Homeland Security Czar and who came from DOJ and FBI before that — was reportedly excluded from this initial briefing.

There are a number of other interesting details about all this. First, for thousands of wordspace, the WaPo presents this intelligence as irreproachable, even while providing this unconvincing explanation of why, if it is so secret and solid, the CIA was willing to let WaPo put it on its front page.

For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.

The Washington Post is withholding some details of the intelligence at the request of the U.S. government.

If this intelligence is so sensitive, why is even the timing of its collection being revealed here, much less its access to Putin?

That seemingly contradictory action is all the more curious given that not all agencies were as impressed with this intelligence as CIA was. It’s not until much, much later in its report until WaPo explains what remains true as recently as Admiral Rogers’ latest Congressional testimony: the NSA wasn’t and isn’t as convinced by CIA’s super secret intelligence as CIA was.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

By the time this detail is presented, the narrative is in place: Obama failed to respond adequately to the attack that CIA warned about back in August.

The depiction of this top-level compartment of just Brennan, Rice, McDonough, and Haines is interesting background, as well, for the depiction of the way McDonough undermined a State Department plan to institute a Special Commission before Donald Trump got started.

Supporters’ confidence was buoyed when McDonough signaled that he planned to “tabledrop” the proposal at the next NSC meeting, one that would be chaired by Obama. Kerry was overseas and participated by videoconference.

To some, the “tabledrop” term has a tactical connotation beyond the obvious. It is sometimes used as a means of securing approval of an idea by introducing it before opponents have a chance to form counterarguments.

“We thought this was a good sign,” a former State Department official said.

But as soon as McDonough introduced the proposal for a commission, he began criticizing it, arguing that it would be perceived as partisan and almost certainly blocked by Congress.

Obama then echoed McDonough’s critique, effectively killing any chance that a Russia commission would be formed.

Effectively, McDonough upended the table on those (which presumably includes the CIA) who wanted to preempt regular process.

Finally, even after  these three WaPo journalists foreground their entire narrative with CIA’s super duper scoop (that NSA is still not 100% convinced is one), they don’t describe their own role in changing the tenor of the response on December 9 by reporting the first iteration of this story.

“By December, those of us working on this for a long time were demoralized,” said an administration official involved in the developing punitive options.

Then the tenor began to shift.

On Dec. 9, Obama ordered a comprehensive review by U.S. intelligence agencies of Russian interference in U.S. elections going back to 2008, with a plan to make some of the findings public.

The WaPo’s report of the CIA’s intelligence changed the tenor back in December, and this story about the absence of a response might change the tenor here.

Presenting the politics ahead of the intelligence

The WaPo’s foregrounding of Brennan’s August scoop is also important for the way they portray the parallel streams of the intelligence and political response. It portrays the Democrats’ political complaints about Republicans in this story, most notably the suggestion that Mitch McConnell refused to back a more public statement about the Russian operation when Democrats were pushing for one in September. That story, in part because of McConnell’s silence, has become accepted as true.

Except the WaPo’s own story provides ample evidence that the Democrats were trying to get ahead of the formal intelligence community with respect to attribution, both in the summer, when Clapper only alluded to Russian involvement.

Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D-Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.

At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.

And, more importantly, in the fall, when the public IC attribution came only after McConnell refused to join a more aggressive statement because the intelligence did not yet support it (WaPo makes no mention of it, but DHS’s public reporting from late September still attributed the the threat to election infrastructure to “cybercriminals and criminal hackers”).

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.

When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.

I’m all in favor of beating up McConnell, but there is no reason to demand members of Congress precede the IC with formal attribution for something like this. So until October 7, McConnell had cover (if not justification) for refusing to back a stronger statement.

And while the report describes Brennan’s efforts to brief members of Congress (and the reported reluctance of Republicans to meet with him), it doesn’t answer what remains a critical and open question: whether Brennan’s briefing for Harry Reid was different — and more inflammatory — than his briefing for Republicans, and whether that was partly designed to get Reid to serve as a proxy attacker on Jim Comey and the FBI.

Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.

Nor does this account explain another thing: why Brennan serially briefed the Gang of Eight, when past experience is to brief them in groups, if not all together.

In short, while the WaPo provides new details on the parallel intelligence and political tracks, it reinforces its own narrative while remaining silent on some details that are critical to that narrative.

The compartments

The foregrounding of CIA in all this also raises questions about a new and important detail about (what I assume to be the subsequently publicly revealed, though this is not made clear) Task Force investigating this operation: it lives at CIA, not FBI.

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Much later in the story, WaPo reveals how, in the wake of Obama calling for a report, analysts started looking back at their collected intelligence and learning new details.

Obama’s decision to order a comprehensive report on Moscow’s interference from U.S. spy agencies had prompted analysts to go back through their agencies’ files, scouring for previously overlooked clues.

The effort led to a flurry of new, disturbing reports — many of them presented in the President’s Daily Brief — about Russia’s subversion of the 2016 race. The emerging picture enabled policymakers to begin seeing the Russian campaign in broader terms, as a comprehensive plot sweeping in its scope.

It’s worth asking: did the close hold of the original Task Force, a hold that appears to have been set by Brennan, contribute to the belated discovery of these details revealing a broader campaign?

The surveillance driven sanctions

I’m most interested in the description of how the Obama Admin chose whom to impose sanctions on, though it includes this bizarre claim.

But the package of measures approved by Obama, and the process by which they were selected and implemented, were more complex than initially understood.

The expulsions and compound seizures were originally devised as ways to retaliate against Moscow not for election interference but for an escalating campaign of harassment of American diplomats and intelligence operatives. U.S. officials often endured hostile treatment, but the episodes had become increasingly menacing and violent.

Several of the details WaPo presents as misunderstood (including that the sanctions were retaliation for treatment of diplomats) were either explicit in the sanction package or easily gleaned at the time.

One of those easily gleaned details is that the sanctions on GRU and FSB were mostly symbolic. WaPo uses the symbolic nature of the attack on those who perpetrated the attack as a way to air complaints that these sanctions were not as onerous as those in response to Ukraine.

“I don’t think any of us thought of sanctions as being a primary way of expressing our disapproval” for the election interference, said a senior administration official involved in the decision. “Going after their intelligence services was not about economic impact. It was symbolic.”

More than any other measure, that decision has become a source of regret to senior administration officials directly involved in the Russia debate. The outcome has left the impression that Obama saw Russia’s military meddling in Ukraine as more deserving of severe punishment than its subversion of a U.S. presidential race.

“What is the greater threat to our system of government?” said a former high-ranking administration official, noting that Obama and his advisers knew from projections formulated by the Treasury Department that the impact of the election-related economic sanctions would be “minimal.”

Three things that might play into the mostly symbolic targeting of FSB, especially, are not mentioned. First, WaPo makes no mention of the suspected intelligence sources who’ve been killed since the election, most credibly Oleg Erovinkin, as well as a slew of other suspect and less obviously connected deaths. It doesn’t mention the four men Russia charged with treason in early December. And it doesn’t mention DOJ’s indictment of the Yahoo hackers, including one of the FSB officers, Dmitry Dokuchaev, that Russia charged with treason (not to mention the inclusion within the indictment of intercepts between FSB officers). There’s a lot more spy vs. spy activity going on here that likely relates far more to retaliation or limits on US ability to retaliate, all of which may be more important in the medium term than financial sanctions.

Given the Yahoo and other indictments working through San Francisco (including that of Yevgeniey Nikulin, who claims FBI offered him a plea deal involving admitting he hacked the DNC), I’m particularly interested in the shift in sanctions from NY to San Francisco, where Nikulin and Dokuchaev’s victims are located.

The FBI was also responsible for generating the list of Russian operatives working under diplomatic cover to expel, drawn from a roster the bureau maintains of suspected Russian intelligence agents in the United States.

[snip]

The roster of expelled spies included several operatives who were suspected of playing a role in Russia’s election interference from within the United States, officials said. They declined to elaborate.

More broadly, the list of 35 names focused heavily on Russians known to have technical skills. Their names and bios were laid out on a dossier delivered to senior White House officials and Cabinet secretaries, although the list was modified at the last minute to reduce the number of expulsions from Russia’s U.N. mission in New York and add more names from its facilities in Washington and San Francisco.

And the WaPo’s reports confirm what was also obvious: the two compounds got shut down (and were a priority) because of all the spying they were doing.

The FBI had long lobbied to close two Russian compounds in the United States — one in Maryland and another in New York — on the grounds that both were used for espionage and placed an enormous surveillance burden on the bureau.

[snip]

Rice pointed to the FBI’s McCabe and said: “You guys have been begging to do this for years. Now is your chance.”

The administration gave Russia 24 hours to evacuate the sites, and FBI agents watched as fleets of trucks loaded with cargo passed through the compounds’ gates.

Finally, given Congress’ bipartisan fearmongering about Kaspersky Lab, I’m most interested that at one point Treasury wanted to include them in sanctions.

Treasury Department officials devised plans that would hit entire sectors of Russia’s economy. One preliminary suggestion called for targeting technology companies including Kaspersky Lab, the Moscow-based cybersecurity firm. But skeptics worried that the harm could spill into Europe and pointed out that U.S. companies used Kaspersky systems and software.

In spite of all the fearmongering, no one has presented proof that Kaspersky is working for Russia (there are even things, which I won’t go in to for the moment, that suggest the opposite). But we’re moving close to de facto sanctions against Kaspersky anyway, even in spite of the fact (or perhaps because) they’re providing better intelligence on WannaCry than half the witnesses called as witnesses to Congress. But discrediting Kaspersky undercuts one of the only security firms in the world who, in addition to commenting on Russian hacking, will unpack America’s own hacking. You sanction Kaspersky, and you expand the asymmetry with which security firms selectively scrutinize just Russian hacking, rather than all nation-state hacking.

The looming cyberattack and the silence about Shadow Brokers

Which brings me to the last section of the article, where, over 8000 words in, the WaPo issues a threat against Russia in the form of a looming cyberattack Obama approved before he left.

WaPo’s early description of this suggests the attack was and is still in planning stages and relies on Donald Trump to execute.

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

But if readers make it all the way through the very long article, they’ll learn that’s not the case. The finding has already been signed, the implants are already being placed (implants which would most likely be discovered by Kaspersky), and for Trump to stop it, he would have to countermand Obama’s finding.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.

Whatever else this article is designed to do, I think, it is designed to be a threat to Putin, from long gone Obama officials.

Given the discussion of a looming cyberattack on Russia, it’s all the more remarkable WaPo breathed not one word about Shadow Brokers, which is most likely to be a drawn out cyberattack by Russian affiliates on NSA. Even ignoring the Shadow Brokers’ derived global ransomware attack in WannaCry, Shadow Brokers has ratcheted up the severity of its releases, including doxing NSA’s spies and hacks of the global finance system, It has very explicitly fostered tensions between the NSA and private sector partners (as well as the reputational costs on those private sector partners). And it has threatened to leak still worse, including NSA exploits against current Microsoft products and details of NSA’s spying on hostile nuclear programs.

The WaPo is talking about a big cyberattack, but an entity that most likely has close ties to Russia has been conducting one, all in plain sight. I suggested back in December that Shadow Brokers was essentially holding NSA hostage in part as a way to constrain US intelligence retaliation against Russia. Given ensuing events, I’m more convinced that is, at least partly, true.

But in this grand narrative of CIA’s early warning and Obama’s inadequate response, details like that remain unsaid.