Posts

The Universe of Hacked and Leaked Emails from 2016: DNC Emails

When Mueller’s team released George Papadopoulos’ plea deal last year, I noted that the initial denials that Papadopoulos had advance warning of the emails the Russians were preparing to hack and leak did not account for the entire universe of emails known to have been stolen. A year and several Mueller indictments later, we still don’t have a complete understanding of what emails were being dealt when. Because that lack of understanding hinders understanding what Mueller might be doing with Roger Stone, I wanted to lay out what we know about four sets of emails. This series will include posts on the following:

  • DNC emails
  • Podesta emails
  • DCCC emails
  • Emails Hillary deleted from her server

The series won’t, however, account for two more sets of emails, anything APT 29 stole when hacking the White House and State Department in 2015, or anything released via the several FOIAs of the Hillary emails turned over to the State Department from her home server. It also won’t deal with the following:

  • Emails from two Hillary staffers who had their emails released via dcleaks
  • The emails of other people released by dcleaks, which includes Colin Powell, some Republican party officials (including some 2015 emails Peter Smith sent to the IL Republican party), and others with interests in Ukraine
  • A copy of the Democrats’ analytics program copied on AWS
  • The NGP/VAN file, which was not directly released by Guccifer 2.0, but is central to one of the skeptics’ theories about an alternative source other than Russia

DNC Emails

The “DNC emails” are generally thought of as the 44,000 emails WikiLeaks released on July 22, 2016. The GRU indictment describes the theft and conveyance of those emails this way:

Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees. During that time, YERMAKOV researched PowerShell commands related to accessing and managing the Microsoft Exchange Server.

[snip]

On or about June 22, 2016, Organization 1 sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.” The Conspirators responded, “ok . . . i see.” Organization 1 explained, “we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

After failed attempts to transfer the stolen documents starting in late June 2016, on or about July 14, 2016, the Conspirators, posing as Guccifer 2.0, sent Organization 1 an email with an attachment titled “wk dnc link1.txt.gpg.” The Conspirators explained to Organization 1 that the encrypted file contained instructions on how to access an online archive of stolen DNC documents. On or about July 18, 2016, Organization 1 confirmed it had “the 1Gb or so archive” and would make a release of the stolen documents “this week.”

On or about July 22, 2016, Organization 1 released over 20,000 emails and other documents stolen from the DNC network by the Conspirators. This release occurred approximately three days before the start of the Democratic National Convention. Organization 1 did not disclose Guccifer 2.0’s role in providing them. The latest-in-time email released through Organization 1 was dated on or about May 25, 2016, approximately the same day the Conspirators hacked the DNC Microsoft Exchange Server.

Raffi Khatchadourian (who has done as much work as anyone else on the known universe of emails) noted that by the time the July 14 exchange had happened, Julian Assange had already said he had emails and Guccifer 2.0 had already said he had shared them with WikiLeaks.

On June 12th, three days before the creation of Guccifer 2.0, Assange announced that he had a substantial trove of Clinton-related e-mails that were pending publication. Likewise, Guccifer 2.0 proclaimed, on its very first post on the WordPress site, “The main part of the papers, thousands of files and mails, I gave to Wikileaks. They will publish them soon.” Again and again, the G.R.U. officers tried to drive home this point—which, of course, was evidently the main point of creating the persona. “I sent a big part of docs to WikiLeaks,” Guccifer 2.0 told the editor of the Smoking Gun that same day. On June 17th, Guccifer 2.0 said in another e-mail, “I gave WikiLeaks the greater part of the files.” (For e-mail, the G.R.U. gave Guccifer 2.0 another fake identity: Stephan Orphan.)

In other words, both the G.R.U. and Assange appear to have confessed to the transmission and reception of a large trove of Clinton-related e-mails in mid-June, before Guccifer 2.0 was apparently created. The indictment does not address this. There is no way to say precisely what that trove was—if it was the Podesta archive given to WikiLeaks much earlier than is generally presumed, or the D.N.C. e-mails, or both, or something else. (There is also the possibility that both parties were not speaking truthfully.) But, if Assange did have the D.N.C. e-mails before Guccifer 2.0 was created, then the details in the indictment take on new meaning. Some version of the following may be true: it is mid-June, with the convention approaching, and Assange is about to release a bombshell, when he notices the sudden appearance of Guccifer 2.0, a “hacker” edging into his turf, inviting journalists to write in. So he writes in, asking for material that interests him. He has already gone through the D.N.C. e-mails and has recognized that the trove highlights conflict within the Democratic Party. He signals that he wants more on that specific issue. The G.R.U. is happy to comply, through its new cutout. Perhaps some of it overlaps with what the G.R.U. already provided, making Guccifer 2.0’s confessions literally accurate. Perhaps it is the same irrelevant dross that Guccifer 2.0 fed to others.

Last year, I visited Assange several times in the Ecuadorian Embassy in London. He often emphasized to me that the sourcing of his election publications was complex. I usually took this as a dodge. But the sourcing may indeed have been multilayered. There are many conceivable ways that G.R.U. officers could have provided e-mails to WikiLeaks before they created Guccifer 2.0. They could have used the WikiLeaks anonymous-submission system. They could have used a different fictitious online persona. They could have used a human intermediary. Last year, James Clapper told me, “It was done by a cutout, which of course afforded Assange plausible deniability.” In January, 2017, Clapper oversaw a formal intelligence assessment on Russian meddling. At the time, more than one news organization reported that a classified version of the assessment made clear that the intermediaries between the G.R.U. and WikiLeaks were already known. (Certainly, the intelligence community would also have been in possession of Guccifer 2.0’s Twitter D.M.s at that time, too.) One intelligence official, describing the report, indicated to Reuters last year that the e-mails relayed to WikiLeaks had followed a “circuitous route,” by a series of handoffs, on their journey from Moscow. Such a scenario seems to be at odds with the idea that Guccifer 2.0 merely sent WikiLeaks an encrypted link to download it all in one swoop.

An earlier Khatchadourian piece describes WikiLeaks experiencing some pressure to publish before the convention.

In early July, for example, Guccifer 2.0 told a Washington journalist that WikiLeaks was “playing for time.” There was no public evidence for this, but from the inside it was clear that WikiLeaks was overwhelmed. In addition to the D.N.C. archive, Assange had received e-mails from the leading political party in Turkey, which had recently experienced a coup, and he felt that he needed to rush them out. Meanwhile, a WikiLeaks team was scrambling to prepare the D.N.C. material. (A WikiLeaks staffer told me that they worked so fast that they lost track of some of the e-mails, which they quietly released later in the year.) On several occasions, and in different contexts, Assange admitted to me that he was pressed for time. “We were quite concerned about meeting the deadline,” he told me once, referring to the Democratic National Convention.

His original release date for the D.N.C. archive, he explained, was July 18th, the Monday before the Convention; his team missed the deadline by four days. “We were only ready Friday,” he said. “We had these hiccups that delayed us, and we were given a little more time—” He stopped, and then added, strangely, “to grow.”

Khatchadourian’s earlier mention of a July 18 deadline is quite interesting, given the response from WikiLeaks to a Guccifer 2.0 email, promising to publish that week, on the 18th.

Khatchadourian also describes WikiLeaks as doing significant work to verify the emails — more than they could have done in the time between July 14 and July 22.

Once they were in Assange’s hands, his overriding concern was to insure that they were genuine. “We had quite some difficulties to overcome, in terms of the technical aspects, and making sure we were comfortable with the forensics,” he recalled. As an Australian, he had only a vague grasp of the way the D.N.C. operated, which made deciphering the political significance of the e-mails difficult. “It’s like looking at a very complex Hieronymus Bosch painting from a distance,” he told me. “You have to get close and interact with it, then you start to get a feel.” Often, a first encounter with a WikiLeaks database submission can be overwhelming—as one former staffer told me, “My heart sinks a bit.”

To work on the material, Assange had to coördinate with operatives outside the building, and avoid surveillance inside it. “I have a lot of security issues in the Embassy,” he told me. “It’s not like you can be comfortable with your source material and read it.” He would not tell me how many people worked on the project, except that the number was small. “We’re all secret squirrels now,” he said.

All this raises questions about how much verification WikiLeaks did, and if instead this was a tale told to Khatchadourian, not to mention why they had confidence publishing them would not blow up on them.

Now, I have suggested that one possible second source of the emails — or at least one alternate explanation that Russia and WikiLeaks might claim that could provide GRU some plausible deniability — would be via the contents of email boxes stolen using passwords released just before the DNC hack from Yevgeniy Nikulin’s past hacks of Linked-In and MySpace. Nikulin has utterly stalled his prosecution until February by refusing not only to cooperate with his defense (though he has had repeated contacts from Russian diplomatic officials), but also with a competency evaluation. So we won’t learn anything (and Nikulin won’t be coerced to cooperate) anytime soon as a result of his extradition to the US.

But, as part of an effort to track changes to WikiLeaks’ website and the DNC emails, Emma Best identified what at first appeared to be a change in one email but ultimately just revealed that the cache includes both the sent and received copies of some emails.

After pointing this out on Twitter and listing the 36 known instances, one user checked a copy of the DNC emails they had retrieved months before. They found what appeared to be a modification to the email – a missing piece of metadata that identified the internal IP address that sent the email. After several hours of searching and comparing five different caches of DNC emails, the difference was both confirmed and explained – WikiLeaks’ copy of the DNC emails comes from several accounts, which resulted in some duplicates in their cache. The internal message ID for the duplicates would be the same, but differences in metadata would appear based on whether the email was being sent or received, and in the case of the former what device and client was sending the emails. Since the x-originating-ip metadata which seemed to appear and then disappear is added by the server when it’s sent, it would naturally be missing from the sender’s copy of the email. This addresses the most alarming question regarding the DNC emails, but does nothing to address the rest.

There are reasons to believe that this means the email in question comes from the Microsoft Exchange server and not from someone’s own mailbox (Update: though I may be 100% wrong on this point). Which, if my speculation that WikiLeaks might invoke the Nikulin alternate theory, might still show Assange got the emails in one batch early on, but then published what he got via the delivery identified in the indictment and didn’t spend much time vetting that delivery.

Meanwhile, it’s crucial to note, as Khatchadourian does in his earlier piece, that emails Guccifer 2.0 claimed were DNC documents when he released them the day after the WaPo revealed the DNC had been hacked didn’t come from the DNC; those that have been identified came, instead, from John Podesta. It wasn’t until July 6 that the Guccifer 2.0 documents billed as DNC ones actually were.

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had. The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

The notion that the Guccifer 2.0 persona may have — in addition to discrediting the WaPo article and providing a quick cover for the Russian attribution of the hack — served to pressure Assange to keep to some kind of July 18 deadline raises more stakes on that detail from the GRU indictment, but also may relate to the kind of signaling we saw elsewhere.

Update: I should have laid out some of the logic behind emails we’ve got. First, WikiLeaks has claimed that all the emails they have come from the “accounts” of seven identified people.

The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10520 emails), National Finance Director Jordon Kaplan (3799 emails), Finance Chief of Staff Scott Comer (3095 emails), Finanace Director of Data & Strategic Initiatives Daniel Parrish (1742 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails).

Khatchadourian says they actually come from ten accounts.

The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.)

DNC automatically deleted emails after 30 days if they weren’t specifically saved (which is where this exfiltration estimate came from, which was off from the Mueller date by a week). Emails that precede the 30 day window (so April 19 or 25) or that weren’t part of one of the identified accounts may indicate another source.

As I disclosed July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Offering John Podesta Emails While Selling Deleted Hillary Emails

Back in April 2017, I noted something problematic with Democratic theories about the advance knowledge of Roger Stone — and by association, the Trump camp — of Russia’s hack and leak plans: Democrats have largely focused on Stone’s warning, on August 21, 2016, that “it would soon be the Podesta’s time in the barrel,” arguing it reflected foreknowledge of the October 2016 dump of John Podesta’s emails. Stone has said he was talking about blaming Tony Podesta for his corruption, and while that does appear to be a projection-focused defense of Paul Manafort as his own corruption posed problems for the Trump campaign, none of that explains how Stone implicated John in his brother’s sleaze.

That one comment aside, virtually every time Stone predicted a WikiLeaks October Surprise, he implied it would be Clinton Foundation documents or other ones she deleted from her home server, not Podesta emails. That is, while Stone appears to have known the general timing of the October dump, Stone didn’t predict the Podesta emails. He predicted emails deleted from Hillary’s home server, emails that never got published. Here’s how it looks in a timeline (partly lifted from this CNN timeline).

August 12, 2016: Roger Stone says, “I believe Julian Assange — who I think is a hero, fighting the police state — has all of the emails that Huma and Cheryl Mills, the two Clinton aides thought that they had erased. Now, if there’s nothing damning or problematic in those emails, I assure you the Clintonites wouldn’t have erased them and taken the public heat for doing so. When the case is I don’t think they are erased. I think Assange has them. I know he has them. And I believe he will expose the American people to this information you know in the next 90 days.”

August 15, 2016: Stone tells WorldNetDaily that, “’In the next series of emails Assange plans to release, I have reason to believe the Clinton Foundation scandals will surface to keep Bill and Hillary from returning to the White House,’ … The next batch, Stone said, include Clinton’s communications with State Department aides Cheryl Mills and Huma Abedin.”

August 26, 2016: Stone tells Breitbart Radio that “I’m almost confident Mr. Assange has virtually every one of the emails that the Clinton henchwomen, Huma Abedin and Cheryl Mills, thought that they had deleted, and I suspect that he’s going to drop them at strategic times in the run up to this race.”

August 29, 2016: Stone suggests Clinton Foundation information might lead to prison. “Perhaps he has the smoking gun that will make this handcuff time.”

September 16, 2016: Stone says that “a payload of new documents” that Wikileaks will drop “on a weekly basis fairly soon … will answer the question of exactly what was erased on that email server.”

September 18, 2016 and following: Stone asks Randy Credico to get from Assange any emails pertaining to disrupting a peace deal in Libya, making it clear he believes Assange has emails that WikiLeaks has not yet released.

In a Sept. 18, 2016, message, Mr. Stone urged an acquaintance who knew Mr. Assange to ask the WikiLeaks founder for emails related to Mrs. Clinton’s alleged role in disrupting a purported Libyan peace deal in 2011 when she was secretary of state, referring to her by her initials.

“Please ask Assange for any State or HRC e-mail from August 10 to August 30–particularly on August 20, 2011,” Mr. Stone wrote to Randy Credico, a New York radio personality who had interviewed Mr. Assange several weeks earlier. Mr. Stone, a longtime confidant of Donald Trump, had no formal role in his campaign at the time.

Mr. Credico initially responded to Mr. Stone that what he was requesting would be on WikiLeaks’ website if it existed, according to an email reviewed by the Journal. Mr. Stone, the emails show, replied: “Why do we assume WikiLeaks has released everything they have ???”

In another email, Mr. Credico then asked Mr. Stone to give him a “little bit of time,” saying he thought Mr. Assange might appear on his radio show the next day. A few hours later, Mr. Credico wrote: “That batch probably coming out in the next drop…I can’t ask them favors every other day .I asked one of his lawyers…they have major legal headaches riggt now..relax.”

As I further noted, when WikiLeaks started dumping Podesta emails in October (including excerpts of Hillary’s private speeches), Stone focused more on accusing Bill Clinton of rape, another projection-based defense of Donald Trump (especially in light of the Access Hollywood tape) than he focused on the Podesta emails.

In other words, Stone may not have exhibited foreknowledge of the Podesta dump. By all appearances, he seemed to expect that WikiLeaks would publish emails obtained via the Peter Smith efforts — efforts that involved soliciting Russian hackers for assistance. That actually makes Stone’s foreknowledge more damning, as it suggests he was part of the conspiracy to pay Russian hackers for emails they had purportedly already hacked from Hillary’s server and that he expected WikiLeaks would be an outlet for the emails, as opposed to just learning that Podesta’s emails had been hacked some months after they had been.

It was Guccifer 2.0, not Assange, who claimed anyone had Clinton server documents (including in a tweet responding to my observation he was falsely billing documents as Clinton Foundation ones).

And Guccifer 2.0 was (according to Politico, not WSJ) in the loop of this effort, so may have been trying to pressure WikiLeaks to publish sets of files already sent, as he had tried to do with DCCC files earlier in August.

[Chuck] Johnson said he and [Peter] Smith stayed in touch, discussing “tactics and research” regularly throughout the presidential campaign, and that Smith sought his help tracking down Clinton’s emails. “He wanted me to introduce to him to Bannon, to a few others, and I sort of demurred on some of that,” Johnson said. “I didn’t think his operation was as sophisticated as it needed to be, and I thought it was good to keep the campaign as insulated as possible.”

Instead, Johnson said, he put the word out to a “hidden oppo network” of right-leaning opposition researchers to notify them of the effort. Johnson declined to provide the names of any of the members of this “network,” but he praised Smith’s ambition.

“The magnitude of what he was trying to do was kind of impressive,” Johnson said. “He had people running around Europe, had people talking to Guccifer.” (U.S. intelligence agencies have linked the materials provided by “Guccifer 2.0”—an alias that has taken credit for hacking the Democratic National Committee and communicated with Republican operatives, including Trump confidant Roger Stone—to Russian government hackers.)

Johnson said he also suggested that Smith get in touch with Andrew Auernheimer, a hacker who goes by the alias “Weev” and has collaborated with Johnson in the past. Auernheimer—who was released from federal prison in 2014 after having a conviction for fraud and hacking offenses vacated and subsequently moved to Ukraine—declined to say whether Smith contacted him, citing conditions of his employment that bar him from speaking to the press.

Two interesting issues of timing arise out of that, then.

First, to the extent that Stone’s tweets during the week of October 7 (the ones that exhibited foreknowledge of timing, if not content) predicted the timing of the next leak, they would seem to reflect an expectation that deleted emails were coming, not necessarily that Podesta ones were.

[O]n Saturday October 1 (or early morning on October 2 in GMT; the Twitter times in this post have been calculated off the unix time in the source code), Stone said that on Wednesday (October 5), Hillary Clinton is done.

Fewer of these timelines note that Wikileaks didn’t release anything that Wednesday. It did, however, call out Guccifer 2.0’s purported release of Clinton Foundation documents (though the documents were real, they were almost certainly mislabeled Democratic Party documents) on October 5. The fact that Guccifer 2.0 chose to mislabel those documents is worth further consideration, especially given public focus on the Foundation documents rather than other Democratic ones. I’ll come back to that.

Throughout the week — both before and after the Guccifer 2.0 release — Stone kept tweeting that he trusted the Wikileaks dump was still coming.

Monday, October 3:

Wednesday, October 5 (though this would have been middle of the night ET):

Thursday, October 6 (again, this would have been nighttime ET, after it was clear Wikileaks had not released on Wednesday):

But it also makes the October 11 email — which was shared with still unidentified recipients via foldering, not sent — reported by WSJ the other day all the more interesting. The email seems to suggest that on October 11, the “students” who were really pleased with email releases they had seen so far were talking about the Podesta emails.

“[A]n email in the ‘Robert Tyler’ [foldering] account [showing] Mr. Smith obtained $100,000 from at least four financiers as well as a $50,000 contribution from Mr. Smith himself.” The email was dated October 11, 2016 and has the subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative.” It came from someone calling himself “ROB,” describing the funding as supporting “the Washington Scholarship Fund for the Russian students.” The email also notes, “The students are very pleased with the email releases they have seen, and are thrilled with their educational advancement opportunities.”

In a follow-up, WSJ confirmed the identities of three of the four alleged donors (they’re still trying to track down the real ID of the fourth).

He reached out to businessmen as financial backers, including Maine real-estate developer Michael Liberty, Florida-based investor John “Jack” Purcell and Chicago financier Patrick Haynes. They were named in an email reviewed by the Journal as among a group of people who pledged to contribute $100,000 to the effort, along with $50,000 of Mr. Smith’s own money.

If the Smith conspirators were referring to the Podesta emails stolen by GRU in the same breath as a funding solicitation for Clinton Foundation ones, it suggests that whoever Smith’s co-conspirators were, as late as October 11, they were referring to the Podesta emails in the same breath as the Clinton server ones they were still hunting for.

As I said in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The DNC-Centric Focus of the HPSCI Investigation

Through the duration of the various Russia investigations, skeptics always harp on two questions pertaining to the Russian election year hacks — why the Democrats never turned over the DNC “server,” singular, to the FBI, allegedly leaving the FBI to rely on Crowdstrike’s work, and whether several sets of files released via Guccifer 2.0 showed signs of non-Russian origin. That is, skeptics look exclusively at the DNC, not the totality of the known Russian targeting.

Looking at the list of witnesses the House Intelligence Committee called (which the committee will release in the coming weeks) shows one reason why: that the most public and propagandist of all the Russia investigations focused on the DNC to the detriment of other known Democratic targets.

Here’s what the list of the HPSCI interviews looks like arranged by date (HPSCI will not be releasing the bolded interviews).

  1. [Comey, Jim (May 2 and 4, 2017): Intel]
  2. [Rogers, Mike (May 4, 2017): Intel]
  3. [Brennan, John (May 23, 2017): Intel]
  4. Coats, Dan (June 22, 2017): Intel
  5. Farkas, Evelyn (June 26, 2017): Ukraine/RU DOD
  6. Podesta, John (June 27, 2017): Clinton Chair
  7. Caputo, Michael (July 14, 2017): RU tied Trump
  8. Clapper, James (July 17, 2017): Intel
  9. Kushner, Jared (July 25, 2017): June 9 etc
  10. Carlin, John (July 27, 2017): Early investigation
  11. Gordon, JD (July 26, 2017): Trump NatSec
  12. Brown, Andrew (August 30, 2017): DNC CTO
  13. Tamene, Yared (August 30, 2017): DNC tech contractor
  14. Rice, Susan (September 6, 2017): Obama response to hack/unmasking
  15. Stone, Roger (September 26, 2017): Trump associate
  16. Epshteyn, Boris (September 28, 2017): RU-tied Trump
  17. Tait, Matthew (October 6, 2017): Solicit hack
  18. Safron, Jonathan (October 12, 2017): Peter Smith
  19. Power, Samantha (October 13, 2017): Obama response to hack/unmasking
  20. Catan, Thomas (October 18, 2017): Fusion
  21. Fritsch, Peter (October 18, 2017): Fusion
  22. Lynch, Loretta (October 20, 2017): Investigation
  23. Parscale, Brad (October 24, 2017): Trump’s data
  24. Cohen, Michael (October 24, 2017): Trump lawyer
  25. Rhodes, Benjamin (October 25, 2017): Obama response to hack/unmasking
  26. McCord, Mary (November 1, 2017): Early investigation
  27. Kaveladze, Ike (November 2, 2017): June 9 meeting
  28. Yates, Sally (November 3, 2017): Early investigation
  29. Schiller, Keith (November 7, 2017): Trump bodyguard
  30. Akhmetshin, Rinat (November 13, 2017): June 9
  31. Samachornov, Anatoli (November 28, 2017): June 9
  32. Sessions, Jeff (November 30, 2017): Trump transition
  33. Podesta, John (December 4, 2017): Dossier
  34. Denman, Diana (December 5, 2017): RNC platform
  35. Henry, Shawn (December 5, 2017): Crowdstrike
  36. Trump, Jr. Donald (December 6, 2017): June 9
  37. Phares, Walid (December 8, 2017): Trump NatSec
  38. Clovis, Sam (December 12, 2017): Trump NatSec
  39. Goldfarb, Michael (December 12, 2017): Dossier
  40. Elias, Marc (December 13, 2017): Dossier
  41. Nix, Alexander (December 14, 2017): Cambridge Analytica
  42. Goldstone, Rob (December 18, 2017): June 9
  43. Sussmann, Michael (December 18, 2017): Hack and dossier
  44. McCabe, Andrew (December 19, 2017): Early investigation
  45. Kramer, David (December 19, 2017): Dossier
  46. Sater, Felix (December 20, 2017): RU connected Trump
  47. Gaeta, Mike (December 20, 2017): Dossier go-between
  48. Sullivan, Jake (December 21, 2017): Dossier
  49. [Rohrabacher, Dana (December 21, 2017): Russian compromise]
  50. [Wasserman Schultz, Debbie (December 21, 2017): dossier]
  51. Graff, Rhona (December 22, 2017): June 9
  52. Kramer, David (January 10, 2018): Dossier
  53. Bannon, Stephen (January 16, 2018): Trump official
  54. Lewandowski, Corey (January 17, 2018): Trump official
  55. Dearborn, Rick (January 17, 2018): Trump official
  56. Bannon, Stephen (February 15, 2018): Trump official
  57. Hicks, Hope (February 27, 2018): Trump official
  58. Lewandowski, Corey (March 8, 2018): Trump official

While John Podesta, one of the earliest spearphishing victims, was one of  the earliest witnesses (and, as HPSCI shifted focus to the dossier, one of the last as well), the other hack witnesses, DNC CTO Andrew Brown and DNC IT contractor Yared Tamene, represent the DNC. Perhaps that’s because of the NYT’s big story on the hack, which was obviously misleading in real time and eight months old by the time of those interviews. While Perkins Coie lawyer and former DOJ cyber prosecutor Michael Sussmann would surely have real insight into the scope of all the Democratic targets, he was interviewed during HPSCI’s dossier obsession, not alongside Brown and Tamene.

All of which is to say that the HPSCI investigation of the hack was an investigation of the hack of the DNC, not of the full election year attack.

To get a sense of some of what that missed, consider the victims described in the GRU indictment (which leaves out some of the earlier Republican targets, such as Colin Powell). I’ve included relevant paragraph numbers to ID these victims.

  1. Spearphish victim 3, March 21, 2016 (Podesta)
  2. Spearphish victim 1 Clinton aide, March 25, 2016 (released via dcleaks)
  3. Spearphish victim 4 (DCCC Employee 1), April 12, 2016 ¶24
  4. Spearphish victim 5 (DCCC Employee), April 15, 2016
  5. Spearphish victim 6 (possibly DCCC Employee 2), April 18, 2016 ¶26
  6. Spearphish victim 7 (DNC target), May 10, 2016
  7. Spearphish victim 2 Clinton aide, June 2, 2016 (released via dcleaks)
  8. Spearphish victim 8 (not described), July 6, 2016
  9. Ten DCCC computers ¶24
  10. 33 DNC computers ¶26
  11. DNC Microsoft Exchange Server ¶29
  12. Act Blue ¶33
  13. Third party email provider used by Clinton’s office ¶22 (in response to July 27 Trump request)
  14. 76 email addresses at Clinton campaign ¶22 (in response to July 27 Trump request)
  15. DNC’s Amazon server ¶34
  16. Republican party websites ¶71
  17. Illinois State Board of Elections ¶72
  18. VR Systems ¶73
  19. County websites in GA, IA, and FL ¶75
  20. VR Systems clients in FL ¶76

Effectively, HPSCI (and most hack skeptics) focused exclusively on item 11, the DNC Microsoft Exchange server from which the emails sent to WikiLeaks were stolen.

Yet, at least as laid out by Mueller’s team, the election year hack started elsewhere — with Podesta, then the DCCC, and only after that the DNC. It continued to target Hillary through the year (though with less success than they had with the DNC). And some key things happened after that — such as the seeming response to Trump’s call for Russia to find more Hillary emails, the Info-Ops led targeting of election infrastructure in the summer and fall, and voter registration software. Not to mention some really intriguing research on Republican party websites. And this barely scratches on the social media campaign, largely though not entirely carried out by a Putin-linked corporation.

HPSCI would get no insight on the overwhelming majority of the election year operation, then, by interviewing the witnesses they did. Of particular note, HPSCI would not review how the targeting and release of DCCC opposition research gave Republican congressmen a leg up over their Democratic opponents.

And while HPSCI did interview the available June 9 meeting witnesses, they refused to subpoena the information needed to really understand it. Nor did they interview all the witnesses or subpoena available information to understand the Stone operation and the Peter Smith outreach.

Without examining the other multiple threads via which Russia recruited Republicans, most notably via the NRA, HPSCI wouldn’t even get a sense of all the ways Russia was trying to make Republicans and their party infrastructure into the tools of a hostile foreign country. And there are other parts of the 2016 attack that not only don’t appear in these interviews, but which at least one key member on the committee was utterly clueless about well past the time the investigation finished.

The exception to the rule that HPSCI didn’t seek out information that might damn Republicans, of course, is the interview of Dana Rohrabacher, who (along with President Trump) proved reliably willing to entertain Russian outreach via all known channnels. But that’s one of the interviews Republicans intend to keep buried because — according to an anonymous Daily Beast source — they don’t want Rohrabacher’s constituents to know how badly Russia has pwned him before November 6.

“The Republicans are trying to conceal from the voters their colleague Dana Rohrabacher’s Russia investigation testimony,” said a committee source familiar with the issue. “There were highly concerning contacts between Rohrabacher and Russians during the campaign that the public should hear about.”

By burying the Comey, Rogers, and Brennan transcripts, Republicans suppress further evidence of the degree to which Russia specifically targeted Hillary, and did so to help not just Trump, but the Republican party.

I’m sure there will be some fascinating material in these transcripts when they’re released. But even before the selective release, designed to hide any evidence gathered of how lopsided the targeting was, the scope of these interviews makes clear that the HPSCI investigation was designed to minimize, as much as possible, evidence showing how aggressively Russia worked to help Republicans.

As I laid out in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Roger Stone’s Excuse for His “Podesta Time in a Barrel” Comment Is Even Stupider Given the Paul Manafort Prosecution

In addition to Randy Credico, Jerome Corsi will testify before the Mueller grand jury on Friday. That means that the grand jury will hear testimony from two people who can address the truth of two claims Roger Stone made before the House Intelligence Committee on September 26, 2017.

First, there’s Stone’s claim he learned about WikiLeaks’ plans to release the John Podesta emails in October via Credico.

Now, let me address the charge that I had advance knowledge of the timing, content and source of the WikiLeaks disclosures from the DNC. On June 12, 2016, WikiLeaks’ publisher Julian Assange, announced that he was in possession of Clinton DNC emails. I learned this by reading it on Twitter. I asked a journalist who I knew had interviewed Assange to independently confirm this report, and he subsequently did. This journalist assured me that WikiLeaks would release this information in October and continued to assure me of this throughout the balance of August and all of September. This information proved to be correct. I have referred publicly to this journalist as an, “intermediary”, “go-between” and “mutual friend.” All of these monikers are equally true.

Credico has not only said this is not true, but that Stone threatened him to prevent him from testifying as much.

Then, there’s Stone’s claim (first made publicly by Corsi the previous March) that his tweet predicting John Podesta would soon catch political heat pertained to a project he and Corsi were working on at the time.

My Tweet of August 21, 2016, in which I said, “Trust me, it will soon be the Podesta’s time in the barrel. #CrookedHillary” Must be examined in context. I posted this at a time that my boyhood friend and colleague, Paul Manafort, had just resigned from the Trump campaign over allegations regarding his business activities in Ukraine. I thought it manifestly unfair that John Podesta not be held to the same standard. Note, that my Tweet of August 21, 2016, makes no mention, whatsoever, of Mr. Podesta’s email, but does accurately predict that the Podesta brothers’ business activities in Russia with the oligarchs around Putin, their uranium deal, their bank deal, and their Gazprom deal, would come under public scrutiny. Podesta’s activities were later reported by media outlets as diverse as the Wall Street Journal and Bloomberg. My extensive knowledge of the Podesta brothers’ business dealings in Russia was based on The Panama Papers, which were released in early 2016, which revealed that the Podesta brothers had extensive business dealings in Russia. The Tweet is also based on a comprehensive, early August opposition research briefing provided to me by investigative journalist, Dr. Jerome Corsi, which I then asked him to memorialize in a memo that he sent me on August 31st , all of which was culled from public records. There was no need to have John Podesta’s email to learn that he and his presidential candidate were in bed with the clique around Putin.

I noted at the time that that Corsi’s explanation didn’t make any sense, because while the July 31 report did pertain to John Podesta, his August 31 report focused exclusively on Tony (the Corsi materials start at page 39 of Stone’s HPSCI testimony; note the conflation of Tony for John got repeated in Craig Murray’s explanations for the WikiLeaks’ go-between he met in September).

But the explanation is even less credible given what has happened since: Paul Manafort, whose plight the Corsi report was (per Stone) explicitly a response to, got indicted in part because he told Tony Podesta to hide his ties to Russian-backed Ukrainian politicians. Indeed, in classic Corsi style, he describes Podesta’s role in Manafort’s crime, without disclosing that Podesta was in legal trouble because of Manafort’s effort to hide his own crimes; Corsi presented them as equal partners in this crime.

CNN further reported on Aug. 19 the Podesta Group had issued a statement affirming the firm has retained the boutique Washington-based law http://www.capdale.com firm Caplin & Drysdale “to determine if we were mislead by the Centre for a Modern Ukraine or any other individuals with potential ties to foreign governments or political parties.” The Podesta Group statement issued to CNN continued: “When the Centre became a client, it certified in writing that ‘none of the activities of the Centre are directly or indirectly supervised, directed, controlled, financed or subsidized in whole or in part by a government of a foreign country or a foreign political party.’ We relied on that certification and advice from counsel in registering and reporting under the Lobbying Disclosure Act rather than the Foreign Agents Registration Act.”

The CNN statement concluded with the statement, “We will take whatever measures are necessary to address this situation based on Caplin & Drysdale’s review, including possible legal action against the Centre.” In breaking the story that the Podesta Group had hired Caplin & Drysdale, Buzz Feed https://www.buzzfeed.com/rosiegray/top-lobbying-firm-hiresoutside-counsel-in-ukraine-manafort?utm term=.duLexkeKBx#.rj4gn3gmln reported on Aug. 19, that both the Podesta Group and Manafort’s D.C. political firm were working under contract with the same group advising Yanukovych and his Ukrainian Party of Regions – namely the non-profit European Centre for a Modern Ukraine based in Brussels. On Dec. 20, 2013, Reuters reported http://www.reuters.com/article/us-usaukraine-lobbying-idUSBRE9BJ1B220131220#6oTXxKZp25obYxzF.99 the European Centre for a Modern Ukraine paid $900,000 to the Podesta Group for a two-year contract aimed at improving the image of the Yanukovych government in the United States that the Podesta Group told Reuters they were implementing through contacts with key congressional Democrats.

That detail is important of a number of reasons. First, because it makes it entirely unlikely that Stone (who was meeting with Rick Gates during this period, if not his “boyhood friend” Manafort himself) learned of Podesta’s ties via Panama Papers and not from Manafort himself. But it also provides a reason why Corsi and Stone would be focusing on Tony at the time — to draw attention away from Manafort, and with it, the corruption that Manafort implicated the Trump Administration in. Indeed, the Manafort EDVA court record shows that Gates and Manafort were using a range of financial and political means of doing the same at precisely that time.

It’s clear, given what we’ve learned as part of the Manafort prosecutions, that the effort to impugn Tony Podesta had everything (as Stone partly tells truthfully)to do with the plight of Manafort at the time.

Which is to say, it didn’t have anything to do with John, and so can’t be used to explain that tweet.

On top of everything else. Mueller appears to be finishing up false statements charges against Stone.

The Access Hollywood Search Doesn’t Mean Trump Coordinated with Assange

As I noted, yesterday several outlets reported that among the things included in the FBI warrant for Michael Cohen’s premises was communications between Trump, Cohen, and others (whom I suspect to include Steve Bannon and Marc Kasowitz) “regarding the infamous ‘Access Hollywood'” video.

FBI agents who raided the home, office and hotel of Donald Trump’s personal lawyer sought communications that Trump had with attorney Michael Cohen and others regarding the infamous “Access Hollywood” tape that captured Trump making lewd remarks about women a month before the election, according to sources familiar with the matter.

[snip]

The search warrant also sought communications between then-candidate Trump and his associates regarding efforts to prevent disclosure of the tape, according to one of the sources. In addition, investigators wanted records and communications concerning other potential negative information about the candidate that the campaign would have wanted to contain ahead of the election. The source said the warrant was not specific about what this additional information would be.

From that, people on both the right and the left have assumed, without presenting hard evidence, that this means there must be a tie to Russia. Most often, people assume this must mean Trump somehow managed the events of October 7, when the Intelligence Committee report blaming Russia for the DNC hack, the Access Hollywood video, and the first Podesta emails all came out in quick succession.

That’s certainly possible, but thus far there’s no reason to believe that’s the case.

Mueller and Rosenstein referred this

That’s true, first of all, because after consulting with Rod Rosenstein, Robert Mueller referred this to the Southern District of New York for execution and prosecution, rather than dealing with it himself. He did that surely knowing what a sieve for leaks SDNY is, and therefore knowing that doing so would undercut his remarkably silent teamwork thus far.

In spite of a lot of reporting on this raid this week, we don’t yet have a clear understanding of why the two chose to refer it (or, tangentially, why interim SDNY US Attorney Geoffrey Berman recused himself from this matter).

There are two options. The first is that Rosenstein believed hush payments and taxi medallion money laundering sufficiently attenuated to the Russian investigation that it should properly be referred. In which case, the fact that it was referred is itself reason to believe that Mueller — even while he had abundant evidence supporting the search warrant — has no reason to believe those releases were orchestrated with Wikileaks, and therefore have no direct interest to his investigation (though they may cough up one to three witnesses who will be more willing to cooperate when faced with their own fraud indictments). In which case, the Access Hollywood video would be just another example, like the Stormy Daniels and the Karen McDougal payoffs, of Trump’s efforts to bury embarrassing news, using whatever means necessary.

The other option is that Mueller does have evidence that Trump in some way managed the October 7 events, which would be one of the most inflammatory pieces of evidence we would have heard of so far, but that there was some other reason to refer the matter.

Michael Cohen wasn’t serving as an attorney for much of the reported documents

The really good reason to refer the warrant would be so that SDNY would serve as a natural clean team, sorting through seized items for privileged communications, only to hand them back to Mueller’s team in DC once they’ve sorted through them. It’s an idea Preet Bharara and Matt Miller, among others, have floated.

Before we conclude that SDNY is only serving as a clean team for Mueller’s team here, consider that coverage has vastly overstated the degree to which the items being searched will fall under attorney-client privilege.

The search also sought information on Cohen’s taxi medallions, a business in which he has had really corrupt partners, some Russian, with their own legal problems, and one that has reportedly left Cohen with some debt problems that make his purported personal payment to Stormy Daniels all the more sketchy.

In addition, as soon as Trump claimed to know nothing of the hush payment to Daniels last Friday, the government could credibly claim that either Cohen was not representing Trump when paying off Daniels, or involved in fraud.

The NYT has reported that the raid also sought all communications between Cohen and National Enquirer’s top brass, communications that would in no way be privileged.

Even the reported communications about the Access Hollywood video may not be privileged. If they involved four people, then the only way they’d be covered by privilege is if they counted as campaign emails and Marc Kasowitz, not Cohen, was the attorney providing privileged advice in question. In that case, Cohen would have been playing the press contact role he often did during the campaign.

Still, just because Cohen was not playing the role of an attorney during most of the activities the FBI is interested in doesn’t mean the FBI won’t be really careful to make sure they don’t violate privilege, and I’m sure they’ll still use a taint team.

Mueller has already dealt with (at least) two sensitive attorney-client relationships in his investigation

Even on top of the eight members of the White House Counsel’s office who have spoken with the Special Counsel, Mueller’s team has dealt with (at least) two other sensitive attorney-client relationships.

The first was Melissa Laurenza, a lawyer for Paul Manafort whom he had write false declarations for FARA registry. Judge Amy Berman Jackson permitted Mueller’s team to ask her seven of eight proposed question after proving Manafort had used her services to engage in fraud.

More recently, we’ve gotten hints — but only hints — of what must be extensive cooperation from Skadden Arps and its partner Greg Craig, describing how Manafort and Gates laundered money to pay the firm loads of money to write a report they hoped would exonerate Ukraine’s persecution of Yulia Tymoshenko. While the cooperation of Skadden itself was probably effusive in its voluntary nature (the firm seems determined to avoid the taint that Tony Podesta’s firm has acquired in this process), Mueller did subpoena Alex Van der Zwaan and it’s unclear what methods the FBI used to obtain some of the materials he tried to hide from prosecutors.

Neither of those exchanges involves a search warrant. But they do show that Mueller is willing to take on the tricky issue of attorney testimony first-hand. Using SDNY as a clean team still may be the easiest option in the Cohen case, but Mueller clearly isn’t shying away from managing all such issues in-house in other cases.

The other possible explanations for the Access Hollywood search and the October 7 timing

Which brings us finally to the other possibilities behind the Access Hollywood search.

It’s certainly possible that the coincidental release of all these things was coordination, entirely orchestrated by the Trump campaign. But there are a number of reasons — on top of the fact that Mueller isn’t keeping this search far tighter under his own control — I think that’s not the most likely explanation.

Consider this story, arguing that the real story of Access Hollywood isn’t that it leaked on October 7 — the piece notes that David Farenthold had only received it that day — but that it didn’t leak earlier in the process, when it might have led Trump to lose the primary.

t is just impossible to believe that the tape not coming out at the start of Trump’s campaign, when logic dictates that it would have blown Trump instantly out of the water (before he was in a position where Republicans had no choice other than to keep backing him against the evil Hillary Clinton), was anything but a highly unethical political decision by someone at NBC. The fact that no one has ever even gotten an answer from NBC about how this could have happened is equally unfathomable and yet, given the news media’s overall incompetence, kind of expected.

[snip]

It has always struck me as EXTREMELY odd that it was the Washington Post, not NBC, who first released the tape on Friday Oct. 7, 2016, barely beating NBC which, it should be noted, was clearly ready to go with it immediately after the Post did. I presumed that perhaps NBC wanted this to be the case because it might take some of the focus off why they had not released it during the primaries (and thus chose not to prematurely kill off the media’s Golden Goose which was Trump’s ratings-friendly campaign).

However, there is another aspect of the Post being the outlet which got the big scoop that has always struck me as potentially very significant. The Post’s reporter, David Fahrenthold, has said that he was only made aware of the tape, via an unnamed source, THAT day — which is a clear indication that whomever was trying to get the Post to release it had decided to do so in tremendous haste. After all, if the source had planned it sooner they would have made contact with Fahrenthold well before then because he might have been out of pocket that day.

[snip]

For instance, what if it was actually someone from the TRUMP team who leaked the tape. At first glance, this seems ludicrous because no one thought that Trump would be anything but greatly harmed by the tape (though he clearly was not). But what if someone in Trump World got wind that the tape was about to be released and decided that stepping all over the Russia news (which would normally have dominated the narrative for the remainder of the campaign) would at least create the least bad outcome for them?

I don’t agree that the release was released when it was to distract from the Russia announcement that day. As I’ve long noted, in reality, the Access Hollywood distracted from the Podesta emails, effectively burying the most damning release in the bunch, the excerpts of Hillary’s speeches that even Democrats had been demanding she release since the primary. And while the Trump team might claim they didn’t control the release of the Podesta emails directly — and Roger Stone’s predictions that Wikileaks would release Clinton Foundation rather than Podesta emails were dead wrong — the Trump team at least knew something was coming (indeed, Wikileaks had made that clear themselves). So there’s little reason they would stomp on what they had long welcomed with the Access Hollywood tape. As this post alludes, I also think the Trump team and Russians or Wikileaks may have been squabbling over whether Wikileaks would release possibly faked Clinton Foundation emails that week, only to scramble when Wikileaks refused to release whatever the Peter Smith effort had gotten dealt to them.

Like the Mediate piece, I’m interested in the way that Steve Bannon had Clinton accusers all lined up to go that weekend (indeed, I noted how quickly Stone moved to that after having raised expectations for a Clinton Foundation release). But I also think there are some reasons to believe that attack was in the works for other reasons (though I agree it might reflect advance knowledge that the video might come out, or even that Stormy Daniels might come forward).  Finally, I don’t think the release came from Trump because of all the reports of Republicans trying to convince Trump to step down (though it’s possible the GOP dropped the video in one last bid to get him to do so).

One alternative narrative, then, is that the real story about the Access Hollywood suppression goes back months or years earlier, as one of the things Trump managed to suppress throughout the campaign, but something happened internally to breach that agreement. And, separately, that either Assange by himself, with Russian help, or with Trump assistance, timed the Podesta emails to come out as the Russian attribution was coming out. That is, it could be that the real story remains that whoever orchestrated the Wikileaks release did so in an attempt to bury the Russian attribution, but that the coincidental release of the Access Hollywood video in turn buried the Podesta emails.

Finally, it’s possible that Democrats got ahold of the Access Hollywood video and they released it to (successfully) drown out the Podesta emails, which they (and the intelligence community) also would have known were coming, but by doing so, they also drowned out the all-important Russian attribution in the process.

The point is, we don’t know. And nothing we know thus far about the process leading to this warrant or about the suppression and release of either the video or the women’s stories suggest it all took place that week of October. Trump’s usual m.o. is about suppression, not timing.

That said, I’m curious if this raid will reveal details about one other item Trump probably tried to suppress: the nude Melania photos that NYPost released on July 31, 2016, just as campaign season got going in earnest.

Roger Stone’s Rat-Eating Swiss Cheese Denials

Back when Roger Stone leaked his September testimony to HPSCI, I noted that it misrepresented the key allegations against him, meaning he never denied the important parts.

I’m even more interested in how he depicts what he claims are the three allegations made against him.

Members of this Committee have made three basic assertions against me which bust be rebutted her today. The charge that I knew in advance about, and predicted, the hacking of the Clinton campaign chairman John Podesta’s email, that I had advanced knowledge of the source or actual content of the WikiLeaks disclosures regarding Hillary Clinton or that, my now public exchange with a persona that our intelligence agencies claim, but cannot prove, is a Russian asset, is anything but innocuous and are entirely false.

In point of fact, this tripartite accusation is actually a misstatement of the allegations against him (though in his rebuttal of them, he is helped immensely by the sloppiness of public statements made by Democrats, especially those on the panel, which I’ve criticized myself). Generally, the accusation is more direct: that in conversing with both Julian Assange (though a cut-out) and Guccifer 2.0, Stone was facilitating or in some way helping the Trump campaign maximally exploit the Russian releases that were coming.

The same is true of his interview with Chuck Todd yesterday.

I’m most interested in the way Stone addresses his direct exchange with Guccifer 2.0, then restricts the rest of his denials to Wikileaks. When Todd asks Stone why he reached out to both Guccifer and Wikileaks, Stone focuses his attention on the former.

Todd: Why did you reach out to Guccifer? Why did you reach out to Wikileaks?

Stone: First of all, my direct messages with Guccifer 2.0, if that’s who it really is, come six weeks, almost six weeks after the DNC emails had been published by Wikileaks. So in order to collude in their hacking, which I had nothing whatsoever to do with, one would have needed a time machine. Secondarily, I wrote a very long piece, you can find it still at the Stone Cold Truth. I doubt that Guccifer is, indeed, a Russian operative. I also once believed that he had hacked the DNC. I don’t believe that anymore either. I believe it was an inside job and the preponderance of evidence points to a load to a thumb drive or some other portable device and the device is coming out the back door. But, Chuck, ten days ago, the Washington Post that based on the Democratic minority that the Russians had sent documents to me for review. I never received any documents from the Russians or anybody representing them. I never had any contact with any

Todd: Did you receive any documents and you didn’t know it was a Russian?

Stone: I never received any documents from anyone purporting to be a Russian or otherwise, and I never saw the Wikileaks documents in advance.

In his response he does the following:

  • Raises doubts that he was actually talking to Guccifer 2.0 (even though Guccifer 2.0’s only identity was virtual, so Stone’s online interactions with any entity running the Guccifer Twitter account would by definition be communication with Guccifer 2.0)
  • Repeats his earlier doubts that Guccifer 2.0 is a Russian operative
  • Emphasizes that he couldn’t have couldn’t have been involved in any hack of the DNC Guccifer 2.0 had done because he first spoke to him six weeks after the email release (in reality, he was speaking to him three weeks after the Wikileaks release)
  • Admits he once believed Guccifer 2.0 did the hack but (pointing to the Bill Binney analysis, and giving it a slightly different focus than he had in September) claims he no longer believes that
  • Invents something about a WaPo report that’s not true, thereby shifting the focus to receiving documents (as opposed to, say, information)
  • Denies he received documents from anyone but not that he saw documents (other than the Wikileaks ones) before they were released

This denial stops well short of explaining why he reached out to Guccifer. And it does nothing to change the record — one backed by his own writing — that Stone reached out because he believed Guccifer, whoever he might be, had hacked the DNC.

At the time Stone reached out to Guccifer (as I pointed out, he misrepresented the timing of this somewhat in his testimony), he believed Guccifer had violated the law by hacking the DNC.

He never does explain to Todd why he did reach out.

Guccifer 2.0 never comes back in the remainder of the interview. The first time Todd asks Stone if there had been “collusion” with the Russians, Stone answers it generally, insisting Trump needed no help to beat Hillary.

Todd: You have made the case here that there was no collusion here that you’re aware of. Would it have been wrong to collude with a foreign adversary to undermine Hillary Clinton’s campaign?

Stone: Well, there’s no evidence that this happened, you’re asking me to answer a hypothetical question. It seems to me that Mr. Steele was colluding with the Russians.

Todd: Let me ask you this. Do you think it’s fair game to get incriminating evidence from a foreign government about your political opponent?

Stone: But that didn’t happen, Chuck, so I’m not going to answer a hypothetical question. It was unnecessary. The idea that Donald Trump needed help from the Russians to beat Hillary Clinton it’s an excuse, a canard, a fairy tale. I don’t believe it ever happened.

The next time — when Stone first labels then backs way the fuck off labeling conspiring with the Russians as treason — Stone then focuses on how such conspiring would only be treason if you believed that Assange was a Russian agent.

Stone: Chuck I’ve been accused of being a dirty trickster. There’s one trick that’s not in my bag. That’s treason. I have no knowledge or involvement with Russians–

Todd: And you believe

Stone: And I have no knowledge of anybody else who does.

Todd: Let me establish something. You believe, if unbeknownst to you, there is somebody on the Trump campaign who worked with the Russians on these email releases, that’s a treasonous act?

Stone: No, actually, I don’t think so because for it to be a treasonous act, Assange would have to be provably a Russian asset, and Wikileaks would have to be a Russian front and I do not believe that’s the case.

Todd: Let me back you up there. You think it’s possible Wikileaks and the Trump campaign coordinated the release?

Stone: I didn’t say that at all. I have no knowledge of that and I make no such claim.

Todd: No, I understand that. You just issued that hypothetical. So what you’re saying is had that occurred you don’t believe that’s, you don’t believe, you don’t believe that that’s against the law?

Stone: This is all based on a premise that Wikileaks is a Russian front and Assange is a Russian agent. As I said I reject that. On the other hand I have no knowledge that that happened. It’s certainly did not happen in my case. That isn’t something I was involved in.

When asked whether it would be illegal to work with Wikileaks (Stone’s contacts with Guccifer at a time he believed Guccifer to have hacked the DNC go unmentioned) Stone again focuses on whether Wikileaks was Russian, not on the conspiracy to hack and leak documents.

This focus on Wikileaks instead of Guccifer 2.0 carries over to the statement Stone issued to ABC:

I never received anything whatsoever from WikiLeaks regarding the source, content or timing of their disclosures regarding Hillary Clinton, the DNC or Podesta. I never received any material from them at all. I never received any material from any source that constituted the material ultimately published by WikiLeaks. I never discussed the WikiLeaks disclosures regarding Hillary Clinton or the DNC with candidate or President Donald Trump before during or after the election. I don’t know what Donald Trump knew about the WikiLeaks disclosures regarding Hillary or the DNC if anything and who he learned it from if anyone.

No one, including Sam Nunberg is in possession If any evidence to the contrary because such evidence does not exist … This will be an impossible case to bring because the allegation that I knew about the WikiLeaks disclosures beyond what Assange himself had said in interviews and tweets or that I had and shared this material with anyone in the Trump campaign or anyone else is categorically false. Assange himself has said and written that I never predicted anything that he had not already stated in public.

There’s very good reason Stone would want to focus on Wikileaks rather than Guccifer.

Even by his own dodgy explanation, at the time he reached out to Guccifer, he believed that Guccifer had hacked the DNC. While it’s true that the public record shows Stone stopping short of accepting documents from Guccifer (all this ignores Stone’s reported involvement in a Guccifer-suggested Peter Smith effort to obtain Hillary’s Clinton Foundation emails), Stone’s interest in coordinating with the hack-and-leak is clear.

And it seems Sam Nunberg may fear that his past testimony and communications with Stone would document that interest. If he knows Stone did have non-public communications with Guccifer, but didn’t believe Guccifer to be Russian, it would also explain why Nunberg said he thought Putin was too smart to collude with Trump, but that his testimony might hurt Stone.

Adding one more point to this: early in the interview, Stone goes to some lengths to say that he proved he had actually separated from the Trump campaign by contemporaneously showing two reporters his resignation letter. This is akin to something Carter Page did in his HPSCI testimony. But given how many of those conspiring with Russia on the Trump campaign (Carter Page — especially after his departure, George Papadopoulos, and Paul Manafort) didn’t have formal roles, it’s not clear that letter would be definitive. Indeed, it might be the opposite, one of a group of people who arranged plausible deniability by getting or staying off the campaign payroll.

Update: Fixed my misrepresentation of Stone’s claim about the six week delay, and fact-checked it to note it was only three weeks.

NYT Does Not Have the Smoking Gun on Trump Campaign Email Knowledge

The NYT had a complex story today, reporting three things:

  1. The counterintelligence investigation into the Trump campaign followed from a drunken conversation George Papadopoulos had in May 2016 with Aussie Ambassador to the UK, Alexander Downer
  2. Papadopoulos was more influential than Trump’s team has made out
  3. Papadopoulos pitched an April 2016 Trump foreign policy speech as a signal to Russia that Trump would be willing to meet

It’s the first detail that has attracted all the attention. NYT reported it this way:

During a night of heavy drinking at an upscale London bar in May 2016, George Papadopoulos, a young foreign policy adviser to the Trump campaign, made a startling revelation to Australia’s top diplomat in Britain: Russia had political dirt on Hillary Clinton.

About three weeks earlier, Mr. Papadopoulos had been told that Moscow had thousands of emails that would embarrass Mrs. Clinton, apparently stolen in an effort to try to damage her campaign.

Exactly how much Mr. Papadopoulos said that night at the Kensington Wine Rooms with the Australian, Alexander Downer, is unclear. But two months later, when leaked Democratic emails began appearing online, Australian officials passed the information about Mr. Papadopoulos to their American counterparts, according to four current and former American and foreign officials with direct knowledge of the Australians’ role.

[snip]

Not long after, however, he opened up to Mr. Downer, the Australian diplomat, about his contacts with the Russians. It is unclear whether Mr. Downer was fishing for that information that night in May 2016. The meeting at the bar came about because of a series of connections, beginning with an Israeli Embassy official who introduced Mr. Papadopoulos to another Australian diplomat in London.

It is also not clear why, after getting the information in May, the Australian government waited two months to pass it to the F.B.I. In a statement, the Australian Embassy in Washington declined to provide details about the meeting or confirm that it occurred.

NYT’s story does pose a good question: why the Australians didn’t tell the US about this conversation until July, after Wikileaks started releasing DNC emails.

But the few GOPers who have responded to this news raise another question: did the Aussies even know what emails Papadopoulos was talking about?

As I noted in October, we actually don’t know what emails Joseph Misfud was talking about when he told Papadopoulos the Russians had dirt on Hillary. Trumpsters are now suggesting these emails might be those Guccifer 1.0 stole from Hillary, but they could be a range of other emails.

This story would be far more damning if the NYT knew for sure that the emails were ones freshly stolen from DNC, John Podesta, or the Hillary campaign itself, but they don’t.

The uncertainty about what emails Papadopoulos learned about — and revealed to Downer — might explain why the Aussies didn’t tell the US right away. If the Australians didn’t know what emails the Russians had, it might explain their lack of urgency. If the emails were known Guccifer 1.0 emails, it wouldn’t be news. But it doesn’t explain why the Aussies didn’t tell the US in June, when Guccifer 2.0 started releasing documents, but instead waited until their own citizen, Julian Assange, started releasing some on July 22.

All this could be a lot more easily explained if we knew the one detail the NYT admits it didn’t confirm: whether and when Papadopoulos told the campaign that the Russians had emails (and whether he knew which emails the Russians had).

In late April, at a London hotel, Mr. Mifsud told Mr. Papadopoulos that he had just learned from high-level Russian officials in Moscow that the Russians had “dirt” on Mrs. Clinton in the form of “thousands of emails,” according to court documents. Although Russian hackers had been mining data from the Democratic National Committee’s computers for months, that information was not yet public. Even the committee itself did not know.

Whether Mr. Papadopoulos shared that information with anyone else in the campaign is one of many unanswered questions. He was mostly in contact with the campaign over emails. The day after Mr. Mifsud’s revelation about the hacked emails, he told Mr. [Stephen] Miller in an email only that he had “interesting messages coming in from Moscow” about a possible trip. The emails obtained by The Times show no evidence that Mr. Papadopoulos discussed the stolen messages with the campaign.

NYT makes clear Papadopoulos (who was, after all, remote and traveling a lot) primarily communicated via emails. But the emails they obtained (but didn’t share) don’t include any evidence of him telling the campaign about the emails (much less which ones they were).

Which brings us to a point I made in November: when the FBI arrested Papadopoulos in July, they believed he lied to hide whether he told the campaign about the emails, but they de-emphasized that detail in the October plea deal.

[T]he description of the false statements makes the import of them far more clear (import that the Special Counsel seems to want to obscure for now). Papadopoulos lied about the circumstances of his conversations with Mifsud — the FBI appears to have believed when they arrested him in July — as part of a story to explain why, after having heard about dirt in the form of thousands of emails from Hillary, he didn’t tell anyone else on the campaign about them. Laid out like this, it’s clear Papadopoulos was trying to hide both when he learned about the emails (just three days before the DNC did, as it turns out, not much earlier as he seems to have suggested in January), but also how important he took those emails to be (which in his false story, he tied to to a false story about how credible he found Mifsud to be).

FBI found those lies to be significant enough to arrest him over because they obscured whether he had told anyone on the campaign that the Russians had dirt in the form of Hillary emails.

To be sure, nothing in any of the documents released so far answer the questions that Papadopoulos surely spent two months explaining to the FBI: whether he told the campaign (almost certainly yes, or he wouldn’t have lied in the first place) and when (with the big import being on whether that information trickled up to Paul Manafort and Jared Kushner before they attended a meeting on June 9, 2016 in hopes of obtaining such dirt).

I’m sure that’s intentional. You gotta keep everyone else guessing about what Mueller knows.

The NYT’s sources are described as “four current and former American and foreign officials with direct knowledge of the Australians’ role,” though this statement — and a past willingness on behalf of Papadopoulos’ fiancée to provide details and emails — suggests that people close to Papadopoulos cooperated as well: ” Papadopoulos’s lawyers declined to provide a statement.”

The point being, we still don’t have the most important detail of this story: whether Papadopoulos told the campaign about the emails, but more importantly, what the emails were.

Thus far, everyone seems intent on withholding that detail.

John Sipher’s Garbage Post Arguing the Steele Dossier Isn’t Garbage

I generally find former CIA officer John Sipher’s work rigorous and interesting, if not always persuasive. Which is why I find the shoddiness of this post — arguing, just as Republicans in Congress and litigious Russians start to uncover information about the Christopher Steele dossier, that the dossier is not garbage  — so telling.

I don’t think the Steele dossier is garbage.

But neither do I think it supports the claim that it predicted a lot of information we’ve found since, something Sipher goes to great pains to argue. And there are far more problems with the dossier and its production than Sipher, who claims to be offering his wisdom about how to interpret raw intelligence, lets on. So the dossier isn’t garbage (though the story behind its production may well be). But Sipher’s post is. And given that it appears to be such a desperate — and frankly, unnecessary — attempt to reclaim the credibility of the dossier, it raises questions about why he feels the need.

Making and claiming accuracy for a narrative out of raw intelligence

Sipher’s project appears to be taking what he admits is raw intelligence and providing a narrative that he says we should continue to use to understand Trump’s Russian ties.

Close to the beginning of his piece, Sipher emphasizes that the dossier is not a finished intelligence report, but raw intelligence; he blames the media for not understanding the difference.

I spent almost thirty years producing what CIA calls “raw reporting” from human agents.  At heart, this is what Orbis did.  They were not producing finished analysis, but were passing on to a client distilled reporting that they had obtained in response to specific questions.  The difference is crucial, for it is the one that American journalists routinely fail to understand.

[snip]

Mr. Steele’s product is not a report delivered with a bow at the end of an investigation.  Instead, it is a series of contemporaneous raw reports that do not have the benefit of hindsight.

Sipher explains that you need analysts to make sense of these raw reports.

The onus for sorting out the veracity and for putting the reporting in context against other reporting – which may confirm or deny the new report – rests with the intelligence community’s professional analytic cadre.

He then steps into that role, an old clandestine services guy doing the work of the analysts. The result, he says, is a narrative he says we should still use — even in the wake of eight months of aggressive reporting since the dossier came out — in trying to understand what went on with the election.

As a result, they offer an overarching framework for what might have happened based on individuals on the Russian side who claimed to have insight into Moscow’s goals and operational tactics.  Until we have another more credible narrative, we should do all we can to examine closely and confirm or dispute the reports.

[snip]

Looking at new information through the framework outlined in the Steele document is not a bad place to start.

How to read a dossier

One thing Sipher aspires to do — something that would have been enormously helpful back in January — is explain how an intelligence professional converts those raw intelligence reports into a coherent report. He describes the first thing you do is source validation.

In the intelligence world, we always begin with source validation, focusing on what intelligence professionals call “the chain of acquisition.”  In this case we would look for detailed information on (in this order) Orbis, Steele, his means of collection (e.g., who was working for him in collecting information), his sources, their sub-sources (witting or unwitting), and the actual people, organizations and issues being reported on.

He goes to great lengths to explain how credible Steele is, noting even that he “was the President of the Cambridge Union at university.” I don’t dispute that Steele is, by all accounts, an accomplished intelligence pro.

But Sipher unwisely invests a great deal of weight into the fact that the FBI sought to work with Steele.

The fact that the FBI reportedly sought to work with him and to pay him to develop additional information on the sources suggest that at least some of them were worth taking seriously.  At the very least, the FBI will be able to validate the credibility of the sources, and therefore better judge the information.  As one recently retired senior intelligence officer with deep experience in espionage investigations quipped, “I assign more credence to the Steele report knowing that the FBI paid him for his research.  From my experience, there is nobody more miserly than the FBI.  If they were willing to pay Mr. Steele, they must have seen something of real value.”

This is flat-out dumb for two reasons. First, it is one of the things the GOP has used to discredit the dossier and prosecution — complaining (rightly) that the FBI was using a document designed as opposition research, possibly even to apply for a FISA warrant. If the FBI did that, I’m troubled by it.

More importantly, the actual facts about whether FBI did pay Steele are very much in dispute, with three different versions in the public record and Chuck Grassley claiming the FBI has been giving conflicting details about what happened (it’s likely that FBI paid Steele’s travel to the US but not for the dossier itself).

WaPo reported that Steele had reached a verbal agreement that the FBI would pay him to continue his investigation of Russia’s involvement with Trump after still unnamed Democrats stopped paying him after the election. CNN then reported that FBI actually had paid Steele for his expenses. Finally, NBC reported Steele backed out of the deal before it was finalized.

If the FBI planned to pay Steele, but got cold feet after Steele briefed David Corn for a piece that made explicit reference to the dossier, it suggests FBI may have decided the dossier was too clearly partisan for its continued use. In any case, citing a “recently retired senior intelligence officer” claiming the FBI did pay Steele should either be accompanied by a “BREAKING, confirming the detail no one else has been able to!” tag, or should include a caveat that the record doesn’t affirmatively support that claim.

After vouching for Steele (again, I don’t dispute Steele’s credentials), Sipher lays out the other things that need to happen to properly vet raw intelligence, which he claims we can’t do.

The biggest problem with confirming the details of the Steele “dossier” is obvious: we do not know his sources, other than via the short descriptions in the reports.  In CIA’s clandestine service, we spent by far the bulk of our work finding, recruiting and validating sources.  Before we would ever consider disseminating an intelligence report, we would move heaven and earth to understand the access, reliability, trustworthiness, motivation and dependability of our source.  We believe it is critical to validate the source before we can validate the reliability of the source’s information.  How does the source know about what he/she is reporting?  How did the source get the information?  Who are his/her sub-sources?  What do we know about the sub-sources?  Why is the source sharing the information?  Is the source a serious person who has taken appropriate measures to protect their efforts?

The thing is, we actually know answers to two of these questions. First, Steele’s sources shared the information (at least in part) because they were paid. [Update, 11/15: According to CNN, Glenn Simpson testified that Steele did not pay his sources. That somewhat conflicts with suggestions made by Mike Morell, who said Steele paid intermediaries who paid his sources, but Simpson’s testimony may simply be a cute legal parse.] That’s totally normal for spying, of course, but if Sipher aspires to explain to us how to assess the dossier, he needs to admit that money changes hands and that’s just the way things are done (again, that’s all the more important given that it’s one of the bases the GOP is using to discredit the report).

More importantly, Sipher should note that Steele worked one step removed — from London, rather than from Moscow — than an intelligence officer otherwise might. The reports may still be great, but that additional step introduces more uncertainty into the validation. It’s all the more important that Sipher address these two issues, because they’re the ones the GOP has been and will continue to use to discredit the dossier.

Ultimately, though, in his section on vetting the document, Sipher doesn’t deal with some key questions about the dossier. Way at the end of his piece, he questions whether we’re looking at the entire dossier.

We also don’t know if the 35 pages leaked by BuzzFeed is the entirety of the dossier.  I suspect not.

He doesn’t raise two other key questions about the provenance of the dossier we’ve been given, some of which I laid out when the dossier came out when I also noted that the numbering of the dossier by itself makes it clear it’s not the complete dossier. Importantly: is the copy of the dossier leaked to BuzzFeed an unaltered copy of what Steele delivered to Fusion, in spite of the weird textual artifacts in it? And how and why did the dossier get leaked to BuzzFeed, which Steele has told us was not one of the six outlets that he briefed on its contents.

Finally, Sipher includes the obligation to “openly acknowledge the gaps in understanding” outside of the section on vetting, which is telling given that he notes only a few of the obvious gaps in this dossier.

Sipher claims the dossier predicted what wasn’t known

So there are a lot of aspects of vetting Sipher doesn’t do, whether or not he has the ability to. But having done the vetting of checking Steele’s college extracurricular record, he declares the dossier has proven to be “stunningly accurate.”

Did any of the activities reported happen as predicted?

To a large extent, yes.

The most obvious occurrence that could not have been known to Orbis in June 2016, but shines bright in retrospect is the fact that Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump, as the U.S. intelligence community itself later concluded.  Well before any public knowledge of these events, the Orbis report identified multiple elements of the Russian operation including a cyber campaign, leaked documents related to Hillary Clinton, and meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents.  Mr. Steele could not have known that the Russians stole information on Hillary Clinton, or that they were considering means to weaponize them in the U.S. election, all of which turned out to be stunningly accurate.

Now as I said above, I don’t believe the dossier is junk. But this defense of the dossier, specifically as formulated here, is junk. Central to Sipher’s proof that Steele’s dossier bears out are these claims:

  • Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump
  • The Orbis report identified multiple elements of the Russian operation including
    • A cyber campaign
    • Leaked documents related to Hillary Clinton
    • Meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents

As I’ll show, these claims are, with limited exceptions, not actually what the dossier shows. Far later into the dossier, the reason Sipher frames it this way is clear. He’s taking validation from recent details about the June 9, 2016 meeting.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

The Steele dossier was way behind contemporary reporting on the hack-and-leak campaign

I consider the dossier strongest in its reports on early ties between Trump associates and Russians, as I’ll lay out below. But one area where it is — I believe this is the technical term — a shit-show is the section claiming the report predicted Russia’s hacking campaign.

Here’s how Sipher substantiates that claim.

By late fall 2016, the Orbis team reported that a Russian-supported company had been “using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Hackers recruited by the FSB under duress were involved in the operations. According to the report, Carter Page insisted that payments be made quickly and discreetly, and that cyber operators should go to ground and cover their tracks.

[snip]

Consider, in addition, the Orbis report saying that Russia was utilizing hackers to influence voters and referring to payments to “hackers who had worked in Europe under Kremlin direction against the Clinton campaign.” A January 2017 Stanford study found that “fabricated stories favoring Donald Trump were shared a total of 30 million times, nearly quadruple the number of pro-Hillary Clinton shares leading up to the election.”  Also, in November, researchers at Oxford University published a report based on analysis of 19.4 million Twitter posts from early November prior to the election.  The report found that an “automated army of pro-Trump chatbots overwhelmed Clinton bots five to one in the days leading up to the presidential election.”  In March 2017, former FBI agent Clint Watts told Congress about websites involved in the Russian disinformation campaign “some of which mysteriously operate from Eastern Europe and are curiously led by pro-Russian editors of unknown financing.”

The Orbis report also refers specifically to the aim of the Russian influence campaign “to swing supporters of Bernie Sanders away from Hillary Clinton and across to Trump,” based on information given to Steele in early August 2016. It was not until March 2017, however, that former director of the National Security Agency, retired Gen. Keith Alexander in Senate testimony said of the Russian influence campaign, “what they were trying to do is to drive a wedge within the Democratic Party between the Clinton group and the Sanders group.”

Here’s what the dossier actually shows about both kompromat on Hillary and hacking.

June 20: In the first report, issued 6 days after the DNC announced it had been hacked by Russia, and 5 days after Guccifer 2.0 said he had sent stolen documents to WikiLeaks, the dossier spoke of kompromat on Hillary, clearly described as years old wiretaps from when she was visiting Russia. While the report conflicts internally, one part of it said it had not been distributed abroad. As I note in this post, if true, that would mean the documents Natalia Veselnitsaka shared with Trump folks on June 9 was not the kompromat in question.

July 19: After Guccifer 2.0 had released 7 posts, most with documents, and after extended reporting concluding that he was a Russian front, the second report discussed kompromat — still seemingly meaning that dated FSB dossier — as if it were prospective.

July 26: Four days after WikiLeaks released DNC emails first promised in mid-June, Steele submitted a report claiming that Russian state hackers had had “only limited success in penetrating the ‘first tier’ of foreign targets. These comprised western (especially G7 and NATO) governments, security and intelligence services and central banks, and the IFIs.” There had been public reports of FSB-associated APT 29’s hacking of such targets since at least July 2015, and public reporting on their campaigns that should have been identified when DNC did a Google search in response to FBI’s warnings in September 2015. It’s stunning anyone involved in intelligence would claim Russia hadn’t had some success penetrating those first tier targets.

Report 095: An undated report, probably dating sometime between July 26 and July 30, did state that a Trump associate admitted Russia was behind WikiLeaks release of emails, something that had been widely understood for well over a month.

July 30: A few weeks before WikiLeaks reportedly got the second tranche of (Podesta) emails, a report states that Russia is worried that the email hacking operation is spiraling out of control so “it is unlikely that these [operations] would be ratcheted up.”

August 5: A report says Dmitry Peskov, who is reportedly in charge of the campaign, is “scared shitless” about being scapegoated for it.

August 10: Just days before WikiLeaks purportedly got the Podesta tranche of emails, a report says Sergei Ivanov said “Russians would not risk their position for the time being with new leaked material, even to a third party like WikiLeaks.”

August 10: Months after a contentious primary and over two weeks after Debbie Wasserman Schultz’s resignation during the convention (purportedly because of DNC’s preference for Hillary), a report cites an ethnic Russian associate of Russian US presidential candidate Donald TRUMP campaign insider, not a Russian, saying the email leaks were designed to “swing supporters of Bernie SANDERS and away from Hillary CLINTON and across to TRUMP.” It attributes that plan to Carter Page, but does not claim any Russian government involvement in that strategy. Nor would it take a genius for anyone involved in American politics to pursue such a strategy.

August 22: A report on Manafort’s “demise” doesn’t mention emails or any kompromat.

September 14: Three months after Guccifer 2.0 first appeared, the dossier for the first time treated the Russians’ kompromat as the emails, stating that more might be released in late September. That might coincide with Craig Murray’s reported contact with a go-between (Murray has been very clear he did not ferry the emails themselves though he did have some contact in late September).

October 12: A week after the Podesta emails first started appearing, a report states that “a stream of further hacked CLINTON materials already had been injected by the Kremlin into compliant media outlets like Wikileaks, which remained at least “plausibly deniable”, so the stream of these would continue through October and up to the election, something Julian Assange had made pretty clear. See this report for more.

October 18, 19, 19: Three reports produced in quick succession describe Michael Cohen’s role in covering up the Trump-Russia mess, without making any explicit (unredacted) mention of emails. See this post on that timing.

December 13: A virgin birth report produced as the US intelligence community scrambled to put together the case against Russia for the first time ties Cohen to the emails in unredacted form).

What the timeline of the hacking allegations in the Steele dossier (and therefore also “predictions” about leaked documents) reveal is not that his sources predicted the hack-and-leak campaign, but on the contrary, he and his sources were unbelievably behind in their understanding of Russian hacking and the campaign generally (or his Russian sources were planting outright disinformation). Someone wanting to learn about the campaign would be better off simply hanging out on Twitter or reading the many security reports issued on the hack in real time.

Perhaps Sipher wants to cover this over when he claims that, “The Russian effort was aggressive over the summer months, but seemed to back off and go into cover-up mode following the Access Hollywood revelations and the Obama Administration’s acknowledgement of Russian interference in the fall, realizing they might have gone too far and possibly benefitted Ms. Clinton.” Sure, that’s sort of (though not entirely) what the dossier described. But the reality is that WikiLeaks was dropping new Podesta emails every day, Guccifer 2.0 was parroting Russian (and Republican) themes about a rigged election, and Obama was making the first ever cyber “red phone” call to Moscow because of Russia’s continued probes of the election infrastructure (part of the Russian effort about which both the dossier and Sipher’s post are silent).

The quotes Sipher uses to defend his claim are even worse. The first passage includes two clear errors. The report in question was actually the December 13 one, not “late fall 2016” one. And the Trump associate who agreed (in the alleged August meeting in Prague, anticipating that Hillary might win) to making quick payments to hackers was Michael Cohen, not Carter Page. [Update, 12/10/17: Just Security has fixed this error.] Many things suggest this particular report should be read with great skepticism, not least that it post-dated both the disclosure of the existence of the dossier and the election, and that this intelligence was offered up to Steele, not solicited, and was offered for free.

Next, Sipher again cites the December 13 report to claim Steele predicted something reported in a November Oxford University report (and anyway widely reported by BuzzFeed for months), which seems to require either a time machine or an explanation for why Steele didn’t report that earlier. He attributes a quote sourced to a Trump insider as indicating Russian strategy, which that report doesn’t support. And if you need Keith Alexander to suss out the logic of Democratic infighting that had been clear for six months, then you’re in real trouble!

Sipher would have been better off citing the undated Report 095 (which is another report about which there should be provenance questions), which relies on the same ethnic Russian Trump insider as the August 10 report, which claims agents/facilitators within the Democratic Party and Russian émigré hackers working in the United States — a claim that is incendiary but (short of proof that the Al-Awan brothers or Seth Rich really were involved) — one that has not been substantiated.

In short, the evidence in the dossier simply doesn’t support the claim it predicted two of the three things Sipher claims it does, at least not yet.

The dossier is stronger in sketchy contacts with Russians

The dossier is stronger with respect to some, but not all Trump associates. But even there, Sipher’s defense demonstrates uneven analytic work.

First, note that Sipher relies on “renowned investigative journalist” Michael Isikoff to validate some of these claims.

Renowned investigative journalist Michael Isikoff reported in September 2016 that U.S. intelligence sources confirmed that Page met with both Sechin and Divyekin during his July trip to Russia.

[snip]

A June 2017 Yahoo News article by Michael Isikoff described the Administration’s efforts to engage the State Department about lifting sanctions “almost as soon as they took office.”

Among the six journalists Steele admits he briefed on his dossier is someone from Yahoo.

The journalists initially briefed at the end of September 2016 by [Steele] and Fusion at Fusion’s instruction were from the New York Times, the Washington Post, Yahoo News, the New Yorker and CNN. [Steele] subsequently participated in further meetings at Fusion’s instruction with Fusion and the New York Times, the Washington Post and Yahoo News, which took place in mid-October 2016.

That the Yahoo journalist is Isikoff would be a cinch to guess. But we don’t have to guess, because Isikoff made it clear it was him in his first report after the dossier got leaked.

Another of Steele’s reports, first reported by Yahoo News last September, involved alleged meetings last July between then-Trump foreign policy adviser Carter Page and two high-level Russian operatives, including Igor Sechin — a longtime associate of Russian President Vladimir Putin who became the chief executive of Rosneft, the Russian energy giant.

In other words, Sipher is engaging in navel-gazing here, citing a report based on the Steele dossier, to say it confirms what was in the Steele dossier.

Sipher similarly cites a NYT article that was among the most criticized for the way it interprets “senior Russian intelligence officials” loosely to include anyone who might be suspect of being a spook.

We have also subsequently learned of Trump’s long-standing interest in, and experience with Russia and Russians.  A February 2017 New York Times article reported that phone records and intercepted calls show that members of Trump’s campaign and other Trump associates had repeated contacts with senior Russian officials in the year before the election.  The New York Times article was also corroborated by CNN and Reuters independent reports.

The two reports he claims corroborate the NYT one fall far short of the NYT claim about talks with Russian intelligence officials — a distinction that is critical given what Sipher claims about Sergey Kislyak, which I note below.

Carter Page

Sipher cites the Carter Page FISA order as proof that some of these claims have held up.

What’s more, the Justice Department obtained a wiretap in summer 2016 on Page after satisfying a court that there was sufficient evidence to show Page was operating as a Russian agent.

But more recent reporting, by journalists Sipher elsewhere cites approvingly, reveals that Page had actually been under a FISA order as early as 2014.

Page had been the subject of a secret intelligence surveillance warrant since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.

Paul Manafort

I have no complaint with Sipher’s claims about Manafort — except to the extent he suggests Manafort’s Ukrainian corruption wasn’t know long before the election. Sipher does, however, repeat a common myth about Manafort’s influence on the GOP platform.

The quid pro quo as alleged in the dossier was for the Trump team to “sideline” the Ukrainian issue in the campaign.  We learned subsequently the Trump platform committee changed only a single plank in the 60-page Republican platform prior to the Republican convention.  Of the hundreds of Republican positions and proposals, they altered only the single sentence that called for maintaining or increasing sanctions against Russia, increasing aid for Ukraine and “providing lethal defensive weapons” to the Ukrainian military.  The Trump team changed the wording to the more benign, “appropriate assistance.”

Republicans have credibly challenged this claim about the platform. Bob Dole is credited with making the platform far harsher on China in the service of his Taiwanese clients. And Trump’s team also put in language endorsing the revival of Glass-Steagall, with support from Manafort and/or Carl Icahn.

Michael Cohen

Sipher’s discussion of Trump lawyer Michael Cohen is the weirdest of all, not least because the Cohen reports are the most incendiary but also because they were written at a time when Steele had already pitched the dossier to the media (making it far more likely the ensuing reports were the result of disinformation). Here’s how Sipher claims the Steele dossier reports have been validated.

We do not have any reporting that implicates Michael Cohen in meetings with Russians as outlined in the dossier.  However, recent revelations indicate his long-standing relationships with key Russian and Ukrainian interlocutors, and highlight his role in a previously hidden effort to build a Trump tower in Moscow. During the campaign, those efforts included email exchanges with Trump associate Felix Sater explicitly referring to getting Putin’s circle involved and helping Trump get elected.

Go look at that “recent revelations” link. It goes to this Josh Marshall post which describes its own sourcing this way:

TPM Reader BR flagged my attention to this 2007 article in The New York Post.

[snip]

Because two years ago, in February 2015, New York real estate trade sheet The Real Deal reported that Cohen purchased a $58 million rental building on the Upper East Side.

This is not recent reporting!! Again, this is stuff that was publicly known before the election.

More importantly, given Cohen’s rebuttal to the dossier, Marshall supports a claim that Cohen has ties to Ukraine, not Russia. The dossier, however, claims Cohen has ties to the latter, as Cohen mockingly notes.

Felix Sater

Then there are the Trump associates who are now known to have been central to any ties between Trump and the Russians that the Steele dossier didn’t cite — as least not as subjects (all could well be sources, which raises other questions). The first is Felix Sater, whom Sipher discusses three times in suggesting that the dossier accurately predicts Cohen’s involvement in the Russian negotiations.

To take one example, the first report says that Kremlin spokesman Dmitry Peskov was responsible for Russia’s compromising materials on Hillary Clinton, and now we have reports that Michael Cohen had contacted Peskov directly in January 2016 seeking help with a Trump business deal in Moscow (after Cohen received the email from Trump business associate Felix Sater saying “Our boy can become president of the USA and we can engineer it. I will get all of Putins team to buy in on this.”).

[snip]

Following the inauguration, Cohen was involved, again with Felix Sater, to engage in back-channel negotiations seeking a means to lift sanctions via a semi-developed Russian-Ukrainian plan (which also included the hand delivery of derogatory information on Ukrainian leaders) also fits with Orbis reporting related to Cohen.

Given that Sater’s publicly known links between mobbed up Russians and Trump go back a decade, why isn’t he mentioned in the dossier? And why does the dossier seemingly contradict these claims about an active Trump Tower deal?

Aras Agalarov and Rinat Akhmetshin

There are far more significant silences about two other Trump associates, Aras Agalarov and Rinat Akhmetshin.

To be fair, the dossier isn’t entirely silent about the former, noting in at one place that Agalarov would be the guy to go to to learn about dirt on Trump in Petersburg (elsewhere he could be a source).

Far, far more damning is the dossier’s silence (again, at least as a subject rather than source) about Akhmetshin. That’s long been one of the GOP complaints about the dossier — that Akhmetshin was closely involved with Fusion GPS on Magnitsky work in parallel with the Trump dossier, which (if Akhmetshin really is still tied to Russian intelligence) would provide an easy feedback loop to the Russians. The dossier’s silence on someone well known to Fusion GPS is all the more damning given the way that Sipher points to the June 9 meeting (which the dossier didn’t report, either) as proof that the dossier has been vindicated.

It was also apparently news to investigators when the New York Times in July 2017 published Don Jr’s emails arranging for the receipt of information held by the Russians about Hillary Clinton. How could Steele and Orbis know in June 2016 that the Russians were working actively to elect Donald Trump and damage Hillary Clinton?

[snip]

To take another example, the third Orbis report says that Trump campaign manager Paul Manafort was managing the connection with the Kremlin, and we now know that he was present at the June 9 2016 meeting with Donald Trump, Jr., Russian lawyer Natalia Veselnitskaya and Rinat Akhmetshin, who has reportedly boasted of his ties to ties and experience in Soviet intelligence and counterintelligence.  According to a recent New York Times story, “Akhmetshin told journalists that he was a longtime acquaintance of Paul J. Manafort.”

There’s no allegation that investigations didn’t know about June 2016 plan to hurt Hillary (indeed, the Guccifer 2.0 stuff that Sipher ignores was public to all). Rather they didn’t know — but neither did Fusion, who has an established relationship with Akhmetshin — about the meeting involving Akhmetshin. If you’re going to claim the June 9 meeting proves anything, it’s that the dossier as currently known has a big hole right in Fusion’s client/researcher list.

Sergey Kislyak

Which brings me — finally! — to Sipher’s weird treatment of Sergey Kislyak. Sipher argues (correctly) that Trump associates’ failure to report details of their contacts with Russians may support a conspiracy claim.

 Of course, the failure of the Trump team to report details that later leaked out and fit the narrative may make the Steele allegations appear more prescient than they otherwise might.  At the same time, the hesitancy to be honest about contacts with Russia is consistent with allegations of a conspiracy.

Of course, Trump’s folks have failed to report details of that June 9 meeting as well as meetings with Sergey Kislyak. Having now invested his vindication story on that June 9 meeting, he argues that reports about Kislyak (on which the NYT article he cites approvingly probably rely) are misguided; we need to look to that June 9 meeting intead.

It should be noted in this context, that the much-reported meetings with Ambassador Kislyak do not seem to be tied to the conspiracy. He is not an intelligence officer, and would be in the position to offer advice on politics, personalities and political culture in the United States, but would not be asked to engage in espionage activity.  It is likewise notable that Ambassador Kislyak receives only a passing reference in the Steele dossier and only having to do with his internal advice on the political fallout in the U.S. in reaction to the Russian campaign.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

This seems utterly bizarre. We know what happened after June 9, in part: Per Jared Kushner (who also is not mentioned in the dossier or Sipher’s column), immediately after the election Kislyak started moving towards meeting about Syria (not Ukraine). But in the process, Kushner may have asked for a back channel and at Kislyak’s urging, Kushner took a meeting with the head of a sanctioned bank potentially to talk about investments in his family’s debt-ridden empire. And all that is the lead-up to the Mike Flynn calls with Kislyak about sanctions relief which provide some of the proof that Trump was willing to deliver the quo that the dossier claims got offered for quids.

That latter story — of the meetings Kushner and Flynn did in the wake of the election and events that may have taken place since — is every bit as coherent a narrative as the Steele dossier or the entirely new narratives tied to the June 9 meeting (which Sipher claims are actually the Steele narrative).

Of course, neither is yet evidence of collusion. And that’s, frankly, what we as citizens should be after.

A narrative offered up by an intelligence contractor who was always trying to catch up to the central part of the story — the hack-and-leak — is not what we should be striving for. That’s why this dossier is probably mostly irrelevant to the Mueller probe, no matter how the GOP would like to insinuate the opposite. If there was collusion (or rather, coordination on all this stuff between the campaign and Russia), we should expect evidence of it. The Steele dossier, as I have noted, left out one of the key potential proofs of that, in spite of having ties with someone who attended the meeting.

All that said, it would be useful for someone responsible to respond to GOP criticisms and, where invented (such as with the claim that Steele paying sources diminishes its value), demonstrate that. It would be useful for someone to explain what we should take from the dossier.

Sipher didn’t do that, though. Indeed, his post largely suffers from the same bad analysis he accuses the media of.

Update: In the original I got the date of the final report incorrect. That has been corrected.

Update, 12/10/17: I didn’t realize it, but Just Security updated Sipher’s post to include this language, which it explains with an editor’s note saying “Editor’s note: This article was update to provide additional analysis on Carter Page.” Compare this with this. Here’s the language.

Admittedly, Isikoff’s reporting may have relied on Steele himself for that information. Isikoff, however, also reported that U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it. There are also other indicia that are also consistent with the Orbis report but only developed or discovered later. In early December 2016, Page returned to Moscow where he said he had “the opportunity to meet with an executive from” Sechin’s state oil company. In April 2017, Page confirmed that he met with and passed documents to a Russian intelligence officer in 2013. Court documents include an intercept in April 2013 of conversations between the Russians discussing their effort to recruit Page as “as an intelligence source.” A Russian intelligence officer said of Page: “He got hooked on Gazprom … I don’t know, but it’s obvious that he wants to earn lots of money … For now his enthusiasm works for me. I also promised him a lot … You promise a favor for a favor. You get the documents from him and tell him to go fuck himself.” In late December 2016, Sechin’s chief of staff, Oleg Erovinkin “who may have been a source for ex-British spy Christopher Steele’s Trump dossier,” according to multiple reports, was found dead in the back of his car in Moscow.

But this passage introduces new errors for Sipher’s post!

First, here’s the language (in an article Just Security never links) Sipher relies on to justify using Isikoff’s Steele-based reporting to claim Steele had been proven correct.

After one of those briefings, Senate minority leader Harry Reid wrote FBI Director James Comey, citing reports of meetings between a Trump adviser (a reference to Page) and “high ranking sanctioned individuals” in Moscow over the summer as evidence of “significant and disturbing ties” between the Trump campaign and the Kremlin that needed to be investigated by the bureau.

Some of those briefed were “taken aback” when they learned about Page’s contacts in Moscow, viewing them as a possible back channel to the Russians that could undercut U.S. foreign policy, said a congressional source familiar with the briefings but who asked for anonymity due to the sensitivity of the subject. The source added that U.S. officials in the briefings indicated that intelligence reports about the adviser’s talks with senior Russian officials close to President Vladimir Putin were being “actively monitored and investigated.”

A senior U.S. law enforcement official did not dispute that characterization when asked for comment by Yahoo News. “It’s on our radar screen,” said the official about Page’s contacts with Russian officials. “It’s being looked at.”

It is true that “U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it,” and that Harry Reid was leaking from the Steele dossier just like Isikoff was. But the “senior US law enforcement officer” does not back the identities of those Page met with, just that “it’s being looked at.”

That’s important for the way that Page’s meetings with people other than Igor Sechin have been used to claim the dossier has borne out. Not-A = A. Which is what Sipher does here, by pointing to Page saying he met with Rosneft but not Sechin. “Page says he was not referring to Sechin in his remarks,” the linked AP story says (as does Page’s congressional testimony).

Then Sipher points to language unsealed in a court filing in January 2015 that Page admitted — after reporting on it — was him. That Page was wrapped up in an earlier Russian spy prosecution is another of those things one might ask why Steele didn’t know, particularly given that the filing and the case was already public.

But the citation also exacerbates the problems with Sipher’s reliance on Page’s FISA wiretap as proof the Steele dossier proved out. As I noted above, later reports stated Page had been under FISA wiretap “since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.” That means it wasn’t the meetings in Russia, per se, that elicited the interest, but (at least) the earlier interactions with Russian spies.

Finally, Sipher points to the death of Oleg Erovinkin, something I’ve pointed to myself (and which would only be “Carter Page” analysis if Page actually had met with Sechin). Since Sipher updated this post, however, Luke Harding wrote (on page 101),

Steele was adamant that Erovinkin wasn’t his source and “not one of ours.”

As a person close to Steele put it to me: “Sometimes people just die.”

I’m not sure I find Harding entirely reliable elsewhere, and I can see why Steele would deny working with Erovinkin if the leak of his work had gotten the man killed. But if you buy Harding, then Erovinkin no longer proves the value of the Steele dossier either.

Update, 12/10: According to the Wayback Machine this change was made between October 25 and November 6. Ryan Goodman explained that he didn’t give me a hat-tip for this correction because he’s not sure whether he corrected because of me because a Daily Caller reporter also weighed in.

It is true that Chuck Ross (with whom I discuss the dossier regularly) tweeted that Sipher’s Isikoff reference was self-confirming on November 4, shortly before the change was made.

Ryan and I had a conversation about the errors in this piece on September 6, when the post first came out, both on Twitter then–late that evening–on DM. I included a link to my post.

I guess Ryan is now confessing he never read this post, and let notice of egregious errors sit unreviewed for two months, because he didn’t like my tone.

 

Democrats Demand DOJ Release the Information that Has Christopher Steele Hiding for His Life

I have to say, the Democrats are beginning to convince me Russia’s involvement in the DNC hack is just one hoax.

Don’t get me wrong. I believe there is plenty of evidence — in public and stuff I’ve been told by people close to the hack — that the Russians did hack the DNC and John Podesta and share those documents with Wikileaks.

But given the bozo way the Democrats are trying to politicize it, I can only conclude the Democrats think this is less serious than I have believed and than Democrats claim. That’s because they’re now demanding that FBI give them the very same information that — we’ve been told by public reporting — led former MI6 officer Christopher Steele to hide for his life.

This morning, David Corn wrote a piece complaining about “the mysterious disappearance of the biggest scandal in Washington.”

After reviewing some of the facts in this case (and asserting without proof that Putin’s interference in the election “achieved its objectives,” which is only partly backed by declassified intelligence reports on the hack) and giving an incomplete list of the congressional committees that have announced investigations into the hack, Corn gave this inventory of what he claims to be the lack of outcry over the hack.

Yet these behind-closed-doors inquiries have generated minimum media notice, and, overall, there has not been much outcry.

Certainly, every once in a while, a Democratic legislator or one of the few Republican officials who have bothered to express any disgust at the Moscow meddling (namely Sens. John McCain, Lindsey Graham, and Marco Rubio) will pipe up. House Democratic leader Nancy Pelosi days ago called on the FBI to investigate Trump’s “financial, personal and political connections to Russia” to determine “the relationship between Putin, whom he admires, and Donald Trump.” Sen. Chris Murphy (D-Conn.), responding to Trump’s comparison of the United States to Putin’s repressive regime, said on CNN, “What is this strange relationship between Putin and Trump? And is there something that the Russians have on him that is causing him to say these really bizarre things on an almost daily basis?” A few weeks ago, Graham told me he wanted an investigation of how the FBI has handled intelligence it supposedly has gathered on ties between Trump insiders and Russia. And last month, Sen. Ron Wyden (D-Ore.) pushed FBI Director James Comey at a public hearing to release this information. Yet there has been no drumbeat of sound bites, tweets, or headlines. In recent days, the story has gone mostly dark.

The funniest detail in this is how Corn describes Chris Murphy’s response to the exchange that took up the entire weekend of news — Trump’s nonplussed response when Bill O’Reilly called Putin a killer.

O’Reilly: Do you respect Putin?

Trump: I do respect him but —

O’Reilly: Do you? Why?

Trump: Well, I respect a lot of people but that doesn’t mean I’m going to get along with him. He’s a leader of his country. I say it’s better to get along with Russia than not. And if Russia helps us in the fight against ISIS, which is a major fight, and Islamic terrorism all over the world — that’s a good thing. Will I get along with him? I have no idea.

O’Reilly: But he’s a killer though. Putin’s a killer.

Trump: There are a lot of killers. We’ve got a lot of killers. What do you think — our country’s so innocent. You think our country’s so innocent?

O’Reilly: I don’t know of any government leaders that are killers.

Trump: Well — take a look at what we’ve done too. We made a lot of mistakes. I’ve been against the war in Iraq from the beginning.

O’Reilly: But mistakes are different than —

Trump: A lot of mistakes, but a lot of people were killed. A lot of killers around, believe me.

This was a Super Bowl interview, for fuck’s sake, and both before and after the interview, political pundits on both sides of the aisle were up in arms about Trump’s affinity for Putin’s murderous ways! Google counts more than 70,000 articles on the exchange.

But to Corn, that translated into only one comment from Murphy.

From there, Corn goes onto complain that the White House press briefings — which have been a noted shitshow inhabited by people like Infowars — has only featured direct questions about the investigation twice, and that the questions about Trump’s call to Putin weren’t about the investigation (as opposed to, say, Trump’s ignorant comments about the START treaty, which could get us all killed).

The crazier thing is that, best as I can tell, Mother Jones — the media outlet that David Corn has a bit of influence over — seems to have ignored the indictment of Hal Martin yesterday, the arrest on treason charges of two FSB officers, allegedly for sharing information with the US intelligence community, or even today’s Senate Foreign Relations Committee hearing on our relations with Russia. Among other things, today’s hearing discussed the hack, Trump’s comments about Putin the killer, weaponization of information, sanctions, Trump’s lukewarm support for NATO. It also included multiple Democratic calls for a bipartisan investigation and assurances from Chairman Corker and Ranking Member Cardin that that would happen.

So effectively, David Corn should be complaining about his own outlet, which isn’t covering the things relating to the hack others of us are covering.

No matter. Corn made his sort of ridiculous call, that call got liked or RTed over 3,000 times, and as if magically in response, Jerry Nadler introduced a resolution of inquiry, calling on the Administration to (in part) release any document that relates or refers to “any criminal or counterintelligence investigation targeting President Donald J. Trump, National Security Advisor Michael Flynn, Paul Manafort, Carter Page, Roger Stone, or any employee of the Executive Office of the President.”

As I’ve already noted, two FSB officers recently got arrested on treason charges, an event many people fear came in response to details revealed about this investigation and if so would badly undermine any investigation. People equally wonder whether the curious death of former FSB General Oleg Erovinkin relates to the leaked Steele dossier that Corn himself played a central role in magnifying, which would represent another lost intelligence source. And, of course, there are the reports that the former MI6 officer that compiled the dossier, Christopher Steele, on which these allegations rest fled from his home out of fear for his life because of the way it got publicized.

Either Putin is a ruthless thug or he’s not. Either Steele had reason to flee because the dossier is true or he didn’t. Either this thuggery is serious or it’s just a political stunt.

I really do believe it is the former (though I have real questions about the provenance of the dossier, questions which Corn could but has not helped to provide clarity on). Which is why I’m absolutely mystified that Democrats are demanding every document pertaining to any counterintelligence investigation into it, the kind of exposure which —  recent history may already show — is totally counterproductive to actually pursuing that investigation.

As I’ll write shortly, I do deeply suspect the Senate Intelligence Committee investigation (especially) is designed to be counterproductive. The Hal Martin indictment yesterday seems to suggest FBI doesn’t have the evidence to figure out who Shadow Brokers is, if even it has ties to the DNC hack (as much evidence suggests it does). But I also think political stunts like this don’t help things.

But maybe that’s not the point?

Sanctioning GRU … and FSB

While I was out and about today, President Obama rolled out his sanctions against Russia to retaliate for the Russian hack of Democrats this year. Effectively, the White House sanctioned two Russian intelligence agencies (GRU — Main Intelligence, and FSB –Federal Security Service), top leaders from one of them, and two named hackers.

In addition to sanctioning GRU, the White House also sanctioned FSB. I find that interesting because (as I laid out here), GRU has always been blamed for the theft of the DNC and John Podesta documents that got leaked to WikiLeaks. While FSB also hacked the DNC, there’s no public indication that it did anything aside from collect information — the kind of hacking the NSA and CIA do all the time (and have done during other countries’ elections). Indeed, as the original Crowdstrike report described, FSB and GRU weren’t coordinating while snooping around the DNC server.

At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario. “Putin’s Hydra: Inside Russia’s Intelligence Services”, a recent paper from European Council on Foreign Relations, does an excellent job outlining the highly adversarial relationship between Russia’s main intelligence services – Федеральная Служба Безопасности (FSB), the primary domestic intelligence agency but one with also significant external collection and ‘active measures’ remit, Служба Внешней Разведки (SVR), the primary foreign intelligence agency, and the aforementioned GRU. Not only do they have overlapping areas of responsibility, but also rarely share intelligence and even occasionally steal sources from each other and compromise operations. Thus, it is not surprising to see them engage in intrusions against the same victim, even when it may be a waste of resources and lead to the discovery and potential compromise of mutual operations.

Data provided by FireEye to War on the Rocks much later in the year suggested that the DNC hack was the only time both showed up in a server, which it took to mean the opposite of what Crowdstrike had, particularly high degree of coordination.

According to data provided for this article by the private cybersecurity company, FireEye, two separate but coordinated teams under the Kremlin are running the campaign. APT 28, also known as “FancyBear,” has been tied to Russia’s foreign military intelligence agency, the Main Intelligence Agency or GRU. APT 29, aka “CozyBear,” has been tied to the Federal Security Service or FSB. Both have been actively targeting the United States. According to FireEye, they have only appeared in the same systems once, which suggests a high level of coordination — a departure from what we have seen and come to expect from Russian intelligence.

The sanctioning materials offers only this explanation for the FSB sanction: “The Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB) assisted the GRU in conducting the activities described above.”

So I’m not sure what to make of the fact that FSB was sanctioned along with GRU. Perhaps it means there was some kind of serial hack, with FSB identifying an opportunity that GRU then implemented — the more extensive coordination that FireEye claims. Perhaps it means the US has decided it’s going to start sanctioning garden variety information collection of the type the US does.

But I do find it an interesting aspect of the sanctions.