Posts

Roger Stone’s Rat-Eating Swiss Cheese Denials

/44 Comments/in , , , /by

Back when Roger Stone leaked his September testimony to HPSCI, I noted that it misrepresented the key allegations against him, meaning he never denied the important parts.

I’m even more interested in how he depicts what he claims are the three allegations made against him.

Members of this Committee have made three basic assertions against me which bust be rebutted her today. The charge that I knew in advance about, and predicted, the hacking of the Clinton campaign chairman John Podesta’s email, that I had advanced knowledge of the source or actual content of the WikiLeaks disclosures regarding Hillary Clinton or that, my now public exchange with a persona that our intelligence agencies claim, but cannot prove, is a Russian asset, is anything but innocuous and are entirely false.

In point of fact, this tripartite accusation is actually a misstatement of the allegations against him (though in his rebuttal of them, he is helped immensely by the sloppiness of public statements made by Democrats, especially those on the panel, which I’ve criticized myself). Generally, the accusation is more direct: that in conversing with both Julian Assange (though a cut-out) and Guccifer 2.0, Stone was facilitating or in some way helping the Trump campaign maximally exploit the Russian releases that were coming.

The same is true of his interview with Chuck Todd yesterday.

I’m most interested in the way Stone addresses his direct exchange with Guccifer 2.0, then restricts the rest of his denials to Wikileaks. When Todd asks Stone why he reached out to both Guccifer and Wikileaks, Stone focuses his attention on the former.

Todd: Why did you reach out to Guccifer? Why did you reach out to Wikileaks?

Stone: First of all, my direct messages with Guccifer 2.0, if that’s who it really is, come six weeks, almost six weeks after the DNC emails had been published by Wikileaks. So in order to collude in their hacking, which I had nothing whatsoever to do with, one would have needed a time machine. Secondarily, I wrote a very long piece, you can find it still at the Stone Cold Truth. I doubt that Guccifer is, indeed, a Russian operative. I also once believed that he had hacked the DNC. I don’t believe that anymore either. I believe it was an inside job and the preponderance of evidence points to a load to a thumb drive or some other portable device and the device is coming out the back door. But, Chuck, ten days ago, the Washington Post that based on the Democratic minority that the Russians had sent documents to me for review. I never received any documents from the Russians or anybody representing them. I never had any contact with any

Todd: Did you receive any documents and you didn’t know it was a Russian?

Stone: I never received any documents from anyone purporting to be a Russian or otherwise, and I never saw the Wikileaks documents in advance.

In his response he does the following:

  • Raises doubts that he was actually talking to Guccifer 2.0 (even though Guccifer 2.0’s only identity was virtual, so Stone’s online interactions with any entity running the Guccifer Twitter account would by definition be communication with Guccifer 2.0)
  • Repeats his earlier doubts that Guccifer 2.0 is a Russian operative
  • Emphasizes that he couldn’t have couldn’t have been involved in any hack of the DNC Guccifer 2.0 had done because he first spoke to him six weeks after the email release (in reality, he was speaking to him three weeks after the Wikileaks release)
  • Admits he once believed Guccifer 2.0 did the hack but (pointing to the Bill Binney analysis, and giving it a slightly different focus than he had in September) claims he no longer believes that
  • Invents something about a WaPo report that’s not true, thereby shifting the focus to receiving documents (as opposed to, say, information)
  • Denies he received documents from anyone but not that he saw documents (other than the Wikileaks ones) before they were released

This denial stops well short of explaining why he reached out to Guccifer. And it does nothing to change the record — one backed by his own writing — that Stone reached out because he believed Guccifer, whoever he might be, had hacked the DNC.

At the time Stone reached out to Guccifer (as I pointed out, he misrepresented the timing of this somewhat in his testimony), he believed Guccifer had violated the law by hacking the DNC.

He never does explain to Todd why he did reach out.

Guccifer 2.0 never comes back in the remainder of the interview. The first time Todd asks Stone if there had been “collusion” with the Russians, Stone answers it generally, insisting Trump needed no help to beat Hillary.

Todd: You have made the case here that there was no collusion here that you’re aware of. Would it have been wrong to collude with a foreign adversary to undermine Hillary Clinton’s campaign?

Stone: Well, there’s no evidence that this happened, you’re asking me to answer a hypothetical question. It seems to me that Mr. Steele was colluding with the Russians.

Todd: Let me ask you this. Do you think it’s fair game to get incriminating evidence from a foreign government about your political opponent?

Stone: But that didn’t happen, Chuck, so I’m not going to answer a hypothetical question. It was unnecessary. The idea that Donald Trump needed help from the Russians to beat Hillary Clinton it’s an excuse, a canard, a fairy tale. I don’t believe it ever happened.

The next time — when Stone first labels then backs way the fuck off labeling conspiring with the Russians as treason — Stone then focuses on how such conspiring would only be treason if you believed that Assange was a Russian agent.

Stone: Chuck I’ve been accused of being a dirty trickster. There’s one trick that’s not in my bag. That’s treason. I have no knowledge or involvement with Russians–

Todd: And you believe

Stone: And I have no knowledge of anybody else who does.

Todd: Let me establish something. You believe, if unbeknownst to you, there is somebody on the Trump campaign who worked with the Russians on these email releases, that’s a treasonous act?

Stone: No, actually, I don’t think so because for it to be a treasonous act, Assange would have to be provably a Russian asset, and Wikileaks would have to be a Russian front and I do not believe that’s the case.

Todd: Let me back you up there. You think it’s possible Wikileaks and the Trump campaign coordinated the release?

Stone: I didn’t say that at all. I have no knowledge of that and I make no such claim.

Todd: No, I understand that. You just issued that hypothetical. So what you’re saying is had that occurred you don’t believe that’s, you don’t believe, you don’t believe that that’s against the law?

Stone: This is all based on a premise that Wikileaks is a Russian front and Assange is a Russian agent. As I said I reject that. On the other hand I have no knowledge that that happened. It’s certainly did not happen in my case. That isn’t something I was involved in.

When asked whether it would be illegal to work with Wikileaks (Stone’s contacts with Guccifer at a time he believed Guccifer to have hacked the DNC go unmentioned) Stone again focuses on whether Wikileaks was Russian, not on the conspiracy to hack and leak documents.

This focus on Wikileaks instead of Guccifer 2.0 carries over to the statement Stone issued to ABC:

I never received anything whatsoever from WikiLeaks regarding the source, content or timing of their disclosures regarding Hillary Clinton, the DNC or Podesta. I never received any material from them at all. I never received any material from any source that constituted the material ultimately published by WikiLeaks. I never discussed the WikiLeaks disclosures regarding Hillary Clinton or the DNC with candidate or President Donald Trump before during or after the election. I don’t know what Donald Trump knew about the WikiLeaks disclosures regarding Hillary or the DNC if anything and who he learned it from if anyone.

No one, including Sam Nunberg is in possession If any evidence to the contrary because such evidence does not exist … This will be an impossible case to bring because the allegation that I knew about the WikiLeaks disclosures beyond what Assange himself had said in interviews and tweets or that I had and shared this material with anyone in the Trump campaign or anyone else is categorically false. Assange himself has said and written that I never predicted anything that he had not already stated in public.

There’s very good reason Stone would want to focus on Wikileaks rather than Guccifer.

Even by his own dodgy explanation, at the time he reached out to Guccifer, he believed that Guccifer had hacked the DNC. While it’s true that the public record shows Stone stopping short of accepting documents from Guccifer (all this ignores Stone’s reported involvement in a Guccifer-suggested Peter Smith effort to obtain Hillary’s Clinton Foundation emails), Stone’s interest in coordinating with the hack-and-leak is clear.

And it seems Sam Nunberg may fear that his past testimony and communications with Stone would document that interest. If he knows Stone did have non-public communications with Guccifer, but didn’t believe Guccifer to be Russian, it would also explain why Nunberg said he thought Putin was too smart to collude with Trump, but that his testimony might hurt Stone.

Adding one more point to this: early in the interview, Stone goes to some lengths to say that he proved he had actually separated from the Trump campaign by contemporaneously showing two reporters his resignation letter. This is akin to something Carter Page did in his HPSCI testimony. But given how many of those conspiring with Russia on the Trump campaign (Carter Page — especially after his departure, George Papadopoulos, and Paul Manafort) didn’t have formal roles, it’s not clear that letter would be definitive. Indeed, it might be the opposite, one of a group of people who arranged plausible deniability by getting or staying off the campaign payroll.

Update: Fixed my misrepresentation of Stone’s claim about the six week delay, and fact-checked it to note it was only three weeks.

NYT Does Not Have the Smoking Gun on Trump Campaign Email Knowledge

/25 Comments/in , /by

The NYT had a complex story today, reporting three things:

  1. The counterintelligence investigation into the Trump campaign followed from a drunken conversation George Papadopoulos had in May 2016 with Aussie Ambassador to the UK, Alexander Downer
  2. Papadopoulos was more influential than Trump’s team has made out
  3. Papadopoulos pitched an April 2016 Trump foreign policy speech as a signal to Russia that Trump would be willing to meet

It’s the first detail that has attracted all the attention. NYT reported it this way:

During a night of heavy drinking at an upscale London bar in May 2016, George Papadopoulos, a young foreign policy adviser to the Trump campaign, made a startling revelation to Australia’s top diplomat in Britain: Russia had political dirt on Hillary Clinton.

About three weeks earlier, Mr. Papadopoulos had been told that Moscow had thousands of emails that would embarrass Mrs. Clinton, apparently stolen in an effort to try to damage her campaign.

Exactly how much Mr. Papadopoulos said that night at the Kensington Wine Rooms with the Australian, Alexander Downer, is unclear. But two months later, when leaked Democratic emails began appearing online, Australian officials passed the information about Mr. Papadopoulos to their American counterparts, according to four current and former American and foreign officials with direct knowledge of the Australians’ role.

[snip]

Not long after, however, he opened up to Mr. Downer, the Australian diplomat, about his contacts with the Russians. It is unclear whether Mr. Downer was fishing for that information that night in May 2016. The meeting at the bar came about because of a series of connections, beginning with an Israeli Embassy official who introduced Mr. Papadopoulos to another Australian diplomat in London.

It is also not clear why, after getting the information in May, the Australian government waited two months to pass it to the F.B.I. In a statement, the Australian Embassy in Washington declined to provide details about the meeting or confirm that it occurred.

NYT’s story does pose a good question: why the Australians didn’t tell the US about this conversation until July, after Wikileaks started releasing DNC emails.

But the few GOPers who have responded to this news raise another question: did the Aussies even know what emails Papadopoulos was talking about?

As I noted in October, we actually don’t know what emails Joseph Misfud was talking about when he told Papadopoulos the Russians had dirt on Hillary. Trumpsters are now suggesting these emails might be those Guccifer 1.0 stole from Hillary, but they could be a range of other emails.

This story would be far more damning if the NYT knew for sure that the emails were ones freshly stolen from DNC, John Podesta, or the Hillary campaign itself, but they don’t.

The uncertainty about what emails Papadopoulos learned about — and revealed to Downer — might explain why the Aussies didn’t tell the US right away. If the Australians didn’t know what emails the Russians had, it might explain their lack of urgency. If the emails were known Guccifer 1.0 emails, it wouldn’t be news. But it doesn’t explain why the Aussies didn’t tell the US in June, when Guccifer 2.0 started releasing documents, but instead waited until their own citizen, Julian Assange, started releasing some on July 22.

All this could be a lot more easily explained if we knew the one detail the NYT admits it didn’t confirm: whether and when Papadopoulos told the campaign that the Russians had emails (and whether he knew which emails the Russians had).

In late April, at a London hotel, Mr. Mifsud told Mr. Papadopoulos that he had just learned from high-level Russian officials in Moscow that the Russians had “dirt” on Mrs. Clinton in the form of “thousands of emails,” according to court documents. Although Russian hackers had been mining data from the Democratic National Committee’s computers for months, that information was not yet public. Even the committee itself did not know.

Whether Mr. Papadopoulos shared that information with anyone else in the campaign is one of many unanswered questions. He was mostly in contact with the campaign over emails. The day after Mr. Mifsud’s revelation about the hacked emails, he told Mr. [Stephen] Miller in an email only that he had “interesting messages coming in from Moscow” about a possible trip. The emails obtained by The Times show no evidence that Mr. Papadopoulos discussed the stolen messages with the campaign.

NYT makes clear Papadopoulos (who was, after all, remote and traveling a lot) primarily communicated via emails. But the emails they obtained (but didn’t share) don’t include any evidence of him telling the campaign about the emails (much less which ones they were).

Which brings us to a point I made in November: when the FBI arrested Papadopoulos in July, they believed he lied to hide whether he told the campaign about the emails, but they de-emphasized that detail in the October plea deal.

[T]he description of the false statements makes the import of them far more clear (import that the Special Counsel seems to want to obscure for now). Papadopoulos lied about the circumstances of his conversations with Mifsud — the FBI appears to have believed when they arrested him in July — as part of a story to explain why, after having heard about dirt in the form of thousands of emails from Hillary, he didn’t tell anyone else on the campaign about them. Laid out like this, it’s clear Papadopoulos was trying to hide both when he learned about the emails (just three days before the DNC did, as it turns out, not much earlier as he seems to have suggested in January), but also how important he took those emails to be (which in his false story, he tied to to a false story about how credible he found Mifsud to be).

FBI found those lies to be significant enough to arrest him over because they obscured whether he had told anyone on the campaign that the Russians had dirt in the form of Hillary emails.

To be sure, nothing in any of the documents released so far answer the questions that Papadopoulos surely spent two months explaining to the FBI: whether he told the campaign (almost certainly yes, or he wouldn’t have lied in the first place) and when (with the big import being on whether that information trickled up to Paul Manafort and Jared Kushner before they attended a meeting on June 9, 2016 in hopes of obtaining such dirt).

I’m sure that’s intentional. You gotta keep everyone else guessing about what Mueller knows.

The NYT’s sources are described as “four current and former American and foreign officials with direct knowledge of the Australians’ role,” though this statement — and a past willingness on behalf of Papadopoulos’ fiancée to provide details and emails — suggests that people close to Papadopoulos cooperated as well: ” Papadopoulos’s lawyers declined to provide a statement.”

The point being, we still don’t have the most important detail of this story: whether Papadopoulos told the campaign about the emails, but more importantly, what the emails were.

Thus far, everyone seems intent on withholding that detail.

John Sipher’s Garbage Post Arguing the Steele Dossier Isn’t Garbage

/18 Comments/in , , , /by

I generally find former CIA officer John Sipher’s work rigorous and interesting, if not always persuasive. Which is why I find the shoddiness of this post — arguing, just as Republicans in Congress and litigious Russians start to uncover information about the Christopher Steele dossier, that the dossier is not garbage  — so telling.

I don’t think the Steele dossier is garbage.

But neither do I think it supports the claim that it predicted a lot of information we’ve found since, something Sipher goes to great pains to argue. And there are far more problems with the dossier and its production than Sipher, who claims to be offering his wisdom about how to interpret raw intelligence, lets on. So the dossier isn’t garbage (though the story behind its production may well be). But Sipher’s post is. And given that it appears to be such a desperate — and frankly, unnecessary — attempt to reclaim the credibility of the dossier, it raises questions about why he feels the need.

Making and claiming accuracy for a narrative out of raw intelligence

Sipher’s project appears to be taking what he admits is raw intelligence and providing a narrative that he says we should continue to use to understand Trump’s Russian ties.

Close to the beginning of his piece, Sipher emphasizes that the dossier is not a finished intelligence report, but raw intelligence; he blames the media for not understanding the difference.

I spent almost thirty years producing what CIA calls “raw reporting” from human agents.  At heart, this is what Orbis did.  They were not producing finished analysis, but were passing on to a client distilled reporting that they had obtained in response to specific questions.  The difference is crucial, for it is the one that American journalists routinely fail to understand.

[snip]

Mr. Steele’s product is not a report delivered with a bow at the end of an investigation.  Instead, it is a series of contemporaneous raw reports that do not have the benefit of hindsight.

Sipher explains that you need analysts to make sense of these raw reports.

The onus for sorting out the veracity and for putting the reporting in context against other reporting – which may confirm or deny the new report – rests with the intelligence community’s professional analytic cadre.

He then steps into that role, an old clandestine services guy doing the work of the analysts. The result, he says, is a narrative he says we should still use — even in the wake of eight months of aggressive reporting since the dossier came out — in trying to understand what went on with the election.

As a result, they offer an overarching framework for what might have happened based on individuals on the Russian side who claimed to have insight into Moscow’s goals and operational tactics.  Until we have another more credible narrative, we should do all we can to examine closely and confirm or dispute the reports.

[snip]

Looking at new information through the framework outlined in the Steele document is not a bad place to start.

How to read a dossier

One thing Sipher aspires to do — something that would have been enormously helpful back in January — is explain how an intelligence professional converts those raw intelligence reports into a coherent report. He describes the first thing you do is source validation.

In the intelligence world, we always begin with source validation, focusing on what intelligence professionals call “the chain of acquisition.”  In this case we would look for detailed information on (in this order) Orbis, Steele, his means of collection (e.g., who was working for him in collecting information), his sources, their sub-sources (witting or unwitting), and the actual people, organizations and issues being reported on.

He goes to great lengths to explain how credible Steele is, noting even that he “was the President of the Cambridge Union at university.” I don’t dispute that Steele is, by all accounts, an accomplished intelligence pro.

But Sipher unwisely invests a great deal of weight into the fact that the FBI sought to work with Steele.

The fact that the FBI reportedly sought to work with him and to pay him to develop additional information on the sources suggest that at least some of them were worth taking seriously.  At the very least, the FBI will be able to validate the credibility of the sources, and therefore better judge the information.  As one recently retired senior intelligence officer with deep experience in espionage investigations quipped, “I assign more credence to the Steele report knowing that the FBI paid him for his research.  From my experience, there is nobody more miserly than the FBI.  If they were willing to pay Mr. Steele, they must have seen something of real value.”

This is flat-out dumb for two reasons. First, it is one of the things the GOP has used to discredit the dossier and prosecution — complaining (rightly) that the FBI was using a document designed as opposition research, possibly even to apply for a FISA warrant. If the FBI did that, I’m troubled by it.

More importantly, the actual facts about whether FBI did pay Steele are very much in dispute, with three different versions in the public record and Chuck Grassley claiming the FBI has been giving conflicting details about what happened (it’s likely that FBI paid Steele’s travel to the US but not for the dossier itself).

WaPo reported that Steele had reached a verbal agreement that the FBI would pay him to continue his investigation of Russia’s involvement with Trump after still unnamed Democrats stopped paying him after the election. CNN then reported that FBI actually had paid Steele for his expenses. Finally, NBC reported Steele backed out of the deal before it was finalized.

If the FBI planned to pay Steele, but got cold feet after Steele briefed David Corn for a piece that made explicit reference to the dossier, it suggests FBI may have decided the dossier was too clearly partisan for its continued use. In any case, citing a “recently retired senior intelligence officer” claiming the FBI did pay Steele should either be accompanied by a “BREAKING, confirming the detail no one else has been able to!” tag, or should include a caveat that the record doesn’t affirmatively support that claim.

After vouching for Steele (again, I don’t dispute Steele’s credentials), Sipher lays out the other things that need to happen to properly vet raw intelligence, which he claims we can’t do.

The biggest problem with confirming the details of the Steele “dossier” is obvious: we do not know his sources, other than via the short descriptions in the reports.  In CIA’s clandestine service, we spent by far the bulk of our work finding, recruiting and validating sources.  Before we would ever consider disseminating an intelligence report, we would move heaven and earth to understand the access, reliability, trustworthiness, motivation and dependability of our source.  We believe it is critical to validate the source before we can validate the reliability of the source’s information.  How does the source know about what he/she is reporting?  How did the source get the information?  Who are his/her sub-sources?  What do we know about the sub-sources?  Why is the source sharing the information?  Is the source a serious person who has taken appropriate measures to protect their efforts?

The thing is, we actually know answers to two of these questions. First, Steele’s sources shared the information (at least in part) because they were paid. [Update, 11/15: According to CNN, Glenn Simpson testified that Steele did not pay his sources. That somewhat conflicts with suggestions made by Mike Morell, who said Steele paid intermediaries who paid his sources, but Simpson’s testimony may simply be a cute legal parse.] That’s totally normal for spying, of course, but if Sipher aspires to explain to us how to assess the dossier, he needs to admit that money changes hands and that’s just the way things are done (again, that’s all the more important given that it’s one of the bases the GOP is using to discredit the report).

More importantly, Sipher should note that Steele worked one step removed — from London, rather than from Moscow — than an intelligence officer otherwise might. The reports may still be great, but that additional step introduces more uncertainty into the validation. It’s all the more important that Sipher address these two issues, because they’re the ones the GOP has been and will continue to use to discredit the dossier.

Ultimately, though, in his section on vetting the document, Sipher doesn’t deal with some key questions about the dossier. Way at the end of his piece, he questions whether we’re looking at the entire dossier.

We also don’t know if the 35 pages leaked by BuzzFeed is the entirety of the dossier.  I suspect not.

He doesn’t raise two other key questions about the provenance of the dossier we’ve been given, some of which I laid out when the dossier came out when I also noted that the numbering of the dossier by itself makes it clear it’s not the complete dossier. Importantly: is the copy of the dossier leaked to BuzzFeed an unaltered copy of what Steele delivered to Fusion, in spite of the weird textual artifacts in it? And how and why did the dossier get leaked to BuzzFeed, which Steele has told us was not one of the six outlets that he briefed on its contents.

Finally, Sipher includes the obligation to “openly acknowledge the gaps in understanding” outside of the section on vetting, which is telling given that he notes only a few of the obvious gaps in this dossier.

Sipher claims the dossier predicted what wasn’t known

So there are a lot of aspects of vetting Sipher doesn’t do, whether or not he has the ability to. But having done the vetting of checking Steele’s college extracurricular record, he declares the dossier has proven to be “stunningly accurate.”

Did any of the activities reported happen as predicted?

To a large extent, yes.

The most obvious occurrence that could not have been known to Orbis in June 2016, but shines bright in retrospect is the fact that Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump, as the U.S. intelligence community itself later concluded.  Well before any public knowledge of these events, the Orbis report identified multiple elements of the Russian operation including a cyber campaign, leaked documents related to Hillary Clinton, and meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents.  Mr. Steele could not have known that the Russians stole information on Hillary Clinton, or that they were considering means to weaponize them in the U.S. election, all of which turned out to be stunningly accurate.

Now as I said above, I don’t believe the dossier is junk. But this defense of the dossier, specifically as formulated here, is junk. Central to Sipher’s proof that Steele’s dossier bears out are these claims:

  • Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump
  • The Orbis report identified multiple elements of the Russian operation including
    • A cyber campaign
    • Leaked documents related to Hillary Clinton
    • Meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents

As I’ll show, these claims are, with limited exceptions, not actually what the dossier shows. Far later into the dossier, the reason Sipher frames it this way is clear. He’s taking validation from recent details about the June 9, 2016 meeting.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

The Steele dossier was way behind contemporary reporting on the hack-and-leak campaign

I consider the dossier strongest in its reports on early ties between Trump associates and Russians, as I’ll lay out below. But one area where it is — I believe this is the technical term — a shit-show is the section claiming the report predicted Russia’s hacking campaign.

Here’s how Sipher substantiates that claim.

By late fall 2016, the Orbis team reported that a Russian-supported company had been “using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Hackers recruited by the FSB under duress were involved in the operations. According to the report, Carter Page insisted that payments be made quickly and discreetly, and that cyber operators should go to ground and cover their tracks.

[snip]

Consider, in addition, the Orbis report saying that Russia was utilizing hackers to influence voters and referring to payments to “hackers who had worked in Europe under Kremlin direction against the Clinton campaign.” A January 2017 Stanford study found that “fabricated stories favoring Donald Trump were shared a total of 30 million times, nearly quadruple the number of pro-Hillary Clinton shares leading up to the election.”  Also, in November, researchers at Oxford University published a report based on analysis of 19.4 million Twitter posts from early November prior to the election.  The report found that an “automated army of pro-Trump chatbots overwhelmed Clinton bots five to one in the days leading up to the presidential election.”  In March 2017, former FBI agent Clint Watts told Congress about websites involved in the Russian disinformation campaign “some of which mysteriously operate from Eastern Europe and are curiously led by pro-Russian editors of unknown financing.”

The Orbis report also refers specifically to the aim of the Russian influence campaign “to swing supporters of Bernie Sanders away from Hillary Clinton and across to Trump,” based on information given to Steele in early August 2016. It was not until March 2017, however, that former director of the National Security Agency, retired Gen. Keith Alexander in Senate testimony said of the Russian influence campaign, “what they were trying to do is to drive a wedge within the Democratic Party between the Clinton group and the Sanders group.”

Here’s what the dossier actually shows about both kompromat on Hillary and hacking.

June 20: In the first report, issued 6 days after the DNC announced it had been hacked by Russia, and 5 days after Guccifer 2.0 said he had sent stolen documents to WikiLeaks, the dossier spoke of kompromat on Hillary, clearly described as years old wiretaps from when she was visiting Russia. While the report conflicts internally, one part of it said it had not been distributed abroad. As I note in this post, if true, that would mean the documents Natalia Veselnitsaka shared with Trump folks on June 9 was not the kompromat in question.

July 19: After Guccifer 2.0 had released 7 posts, most with documents, and after extended reporting concluding that he was a Russian front, the second report discussed kompromat — still seemingly meaning that dated FSB dossier — as if it were prospective.

July 26: Four days after WikiLeaks released DNC emails first promised in mid-June, Steele submitted a report claiming that Russian state hackers had had “only limited success in penetrating the ‘first tier’ of foreign targets. These comprised western (especially G7 and NATO) governments, security and intelligence services and central banks, and the IFIs.” There had been public reports of FSB-associated APT 29’s hacking of such targets since at least July 2015, and public reporting on their campaigns that should have been identified when DNC did a Google search in response to FBI’s warnings in September 2015. It’s stunning anyone involved in intelligence would claim Russia hadn’t had some success penetrating those first tier targets.

Report 095: An undated report, probably dating sometime between July 26 and July 30, did state that a Trump associate admitted Russia was behind WikiLeaks release of emails, something that had been widely understood for well over a month.

July 30: A few weeks before WikiLeaks reportedly got the second tranche of (Podesta) emails, a report states that Russia is worried that the email hacking operation is spiraling out of control so “it is unlikely that these [operations] would be ratcheted up.”

August 5: A report says Dmitry Peskov, who is reportedly in charge of the campaign, is “scared shitless” about being scapegoated for it.

August 10: Just days before WikiLeaks purportedly got the Podesta tranche of emails, a report says Sergei Ivanov said “Russians would not risk their position for the time being with new leaked material, even to a third party like WikiLeaks.”

August 10: Months after a contentious primary and over two weeks after Debbie Wasserman Schultz’s resignation during the convention (purportedly because of DNC’s preference for Hillary), a report cites an ethnic Russian associate of Russian US presidential candidate Donald TRUMP campaign insider, not a Russian, saying the email leaks were designed to “swing supporters of Bernie SANDERS and away from Hillary CLINTON and across to TRUMP.” It attributes that plan to Carter Page, but does not claim any Russian government involvement in that strategy. Nor would it take a genius for anyone involved in American politics to pursue such a strategy.

August 22: A report on Manafort’s “demise” doesn’t mention emails or any kompromat.

September 14: Three months after Guccifer 2.0 first appeared, the dossier for the first time treated the Russians’ kompromat as the emails, stating that more might be released in late September. That might coincide with Craig Murray’s reported contact with a go-between (Murray has been very clear he did not ferry the emails themselves though he did have some contact in late September).

October 12: A week after the Podesta emails first started appearing, a report states that “a stream of further hacked CLINTON materials already had been injected by the Kremlin into compliant media outlets like Wikileaks, which remained at least “plausibly deniable”, so the stream of these would continue through October and up to the election, something Julian Assange had made pretty clear. See this report for more.

October 18, 19, 19: Three reports produced in quick succession describe Michael Cohen’s role in covering up the Trump-Russia mess, without making any explicit (unredacted) mention of emails. See this post on that timing.

December 13: A virgin birth report produced as the US intelligence community scrambled to put together the case against Russia for the first time ties Cohen to the emails in unredacted form).

What the timeline of the hacking allegations in the Steele dossier (and therefore also “predictions” about leaked documents) reveal is not that his sources predicted the hack-and-leak campaign, but on the contrary, he and his sources were unbelievably behind in their understanding of Russian hacking and the campaign generally (or his Russian sources were planting outright disinformation). Someone wanting to learn about the campaign would be better off simply hanging out on Twitter or reading the many security reports issued on the hack in real time.

Perhaps Sipher wants to cover this over when he claims that, “The Russian effort was aggressive over the summer months, but seemed to back off and go into cover-up mode following the Access Hollywood revelations and the Obama Administration’s acknowledgement of Russian interference in the fall, realizing they might have gone too far and possibly benefitted Ms. Clinton.” Sure, that’s sort of (though not entirely) what the dossier described. But the reality is that WikiLeaks was dropping new Podesta emails every day, Guccifer 2.0 was parroting Russian (and Republican) themes about a rigged election, and Obama was making the first ever cyber “red phone” call to Moscow because of Russia’s continued probes of the election infrastructure (part of the Russian effort about which both the dossier and Sipher’s post are silent).

The quotes Sipher uses to defend his claim are even worse. The first passage includes two clear errors. The report in question was actually the December 13 one, not “late fall 2016” one. And the Trump associate who agreed (in the alleged August meeting in Prague, anticipating that Hillary might win) to making quick payments to hackers was Michael Cohen, not Carter Page. [Update, 12/10/17: Just Security has fixed this error.] Many things suggest this particular report should be read with great skepticism, not least that it post-dated both the disclosure of the existence of the dossier and the election, and that this intelligence was offered up to Steele, not solicited, and was offered for free.

Next, Sipher again cites the December 13 report to claim Steele predicted something reported in a November Oxford University report (and anyway widely reported by BuzzFeed for months), which seems to require either a time machine or an explanation for why Steele didn’t report that earlier. He attributes a quote sourced to a Trump insider as indicating Russian strategy, which that report doesn’t support. And if you need Keith Alexander to suss out the logic of Democratic infighting that had been clear for six months, then you’re in real trouble!

Sipher would have been better off citing the undated Report 095 (which is another report about which there should be provenance questions), which relies on the same ethnic Russian Trump insider as the August 10 report, which claims agents/facilitators within the Democratic Party and Russian émigré hackers working in the United States — a claim that is incendiary but (short of proof that the Al-Awan brothers or Seth Rich really were involved) — one that has not been substantiated.

In short, the evidence in the dossier simply doesn’t support the claim it predicted two of the three things Sipher claims it does, at least not yet.

The dossier is stronger in sketchy contacts with Russians

The dossier is stronger with respect to some, but not all Trump associates. But even there, Sipher’s defense demonstrates uneven analytic work.

First, note that Sipher relies on “renowned investigative journalist” Michael Isikoff to validate some of these claims.

Renowned investigative journalist Michael Isikoff reported in September 2016 that U.S. intelligence sources confirmed that Page met with both Sechin and Divyekin during his July trip to Russia.

[snip]

A June 2017 Yahoo News article by Michael Isikoff described the Administration’s efforts to engage the State Department about lifting sanctions “almost as soon as they took office.”

Among the six journalists Steele admits he briefed on his dossier is someone from Yahoo.

The journalists initially briefed at the end of September 2016 by [Steele] and Fusion at Fusion’s instruction were from the New York Times, the Washington Post, Yahoo News, the New Yorker and CNN. [Steele] subsequently participated in further meetings at Fusion’s instruction with Fusion and the New York Times, the Washington Post and Yahoo News, which took place in mid-October 2016.

That the Yahoo journalist is Isikoff would be a cinch to guess. But we don’t have to guess, because Isikoff made it clear it was him in his first report after the dossier got leaked.

Another of Steele’s reports, first reported by Yahoo News last September, involved alleged meetings last July between then-Trump foreign policy adviser Carter Page and two high-level Russian operatives, including Igor Sechin — a longtime associate of Russian President Vladimir Putin who became the chief executive of Rosneft, the Russian energy giant.

In other words, Sipher is engaging in navel-gazing here, citing a report based on the Steele dossier, to say it confirms what was in the Steele dossier.

Sipher similarly cites a NYT article that was among the most criticized for the way it interprets “senior Russian intelligence officials” loosely to include anyone who might be suspect of being a spook.

We have also subsequently learned of Trump’s long-standing interest in, and experience with Russia and Russians.  A February 2017 New York Times article reported that phone records and intercepted calls show that members of Trump’s campaign and other Trump associates had repeated contacts with senior Russian officials in the year before the election.  The New York Times article was also corroborated by CNN and Reuters independent reports.

The two reports he claims corroborate the NYT one fall far short of the NYT claim about talks with Russian intelligence officials — a distinction that is critical given what Sipher claims about Sergey Kislyak, which I note below.

Carter Page

Sipher cites the Carter Page FISA order as proof that some of these claims have held up.

What’s more, the Justice Department obtained a wiretap in summer 2016 on Page after satisfying a court that there was sufficient evidence to show Page was operating as a Russian agent.

But more recent reporting, by journalists Sipher elsewhere cites approvingly, reveals that Page had actually been under a FISA order as early as 2014.

Page had been the subject of a secret intelligence surveillance warrant since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.

Paul Manafort

I have no complaint with Sipher’s claims about Manafort — except to the extent he suggests Manafort’s Ukrainian corruption wasn’t know long before the election. Sipher does, however, repeat a common myth about Manafort’s influence on the GOP platform.

The quid pro quo as alleged in the dossier was for the Trump team to “sideline” the Ukrainian issue in the campaign.  We learned subsequently the Trump platform committee changed only a single plank in the 60-page Republican platform prior to the Republican convention.  Of the hundreds of Republican positions and proposals, they altered only the single sentence that called for maintaining or increasing sanctions against Russia, increasing aid for Ukraine and “providing lethal defensive weapons” to the Ukrainian military.  The Trump team changed the wording to the more benign, “appropriate assistance.”

Republicans have credibly challenged this claim about the platform. Bob Dole is credited with making the platform far harsher on China in the service of his Taiwanese clients. And Trump’s team also put in language endorsing the revival of Glass-Steagall, with support from Manafort and/or Carl Icahn.

Michael Cohen

Sipher’s discussion of Trump lawyer Michael Cohen is the weirdest of all, not least because the Cohen reports are the most incendiary but also because they were written at a time when Steele had already pitched the dossier to the media (making it far more likely the ensuing reports were the result of disinformation). Here’s how Sipher claims the Steele dossier reports have been validated.

We do not have any reporting that implicates Michael Cohen in meetings with Russians as outlined in the dossier.  However, recent revelations indicate his long-standing relationships with key Russian and Ukrainian interlocutors, and highlight his role in a previously hidden effort to build a Trump tower in Moscow. During the campaign, those efforts included email exchanges with Trump associate Felix Sater explicitly referring to getting Putin’s circle involved and helping Trump get elected.

Go look at that “recent revelations” link. It goes to this Josh Marshall post which describes its own sourcing this way:

TPM Reader BR flagged my attention to this 2007 article in The New York Post.

[snip]

Because two years ago, in February 2015, New York real estate trade sheet The Real Deal reported that Cohen purchased a $58 million rental building on the Upper East Side.

This is not recent reporting!! Again, this is stuff that was publicly known before the election.

More importantly, given Cohen’s rebuttal to the dossier, Marshall supports a claim that Cohen has ties to Ukraine, not Russia. The dossier, however, claims Cohen has ties to the latter, as Cohen mockingly notes.

Felix Sater

Then there are the Trump associates who are now known to have been central to any ties between Trump and the Russians that the Steele dossier didn’t cite — as least not as subjects (all could well be sources, which raises other questions). The first is Felix Sater, whom Sipher discusses three times in suggesting that the dossier accurately predicts Cohen’s involvement in the Russian negotiations.

To take one example, the first report says that Kremlin spokesman Dmitry Peskov was responsible for Russia’s compromising materials on Hillary Clinton, and now we have reports that Michael Cohen had contacted Peskov directly in January 2016 seeking help with a Trump business deal in Moscow (after Cohen received the email from Trump business associate Felix Sater saying “Our boy can become president of the USA and we can engineer it. I will get all of Putins team to buy in on this.”).

[snip]

Following the inauguration, Cohen was involved, again with Felix Sater, to engage in back-channel negotiations seeking a means to lift sanctions via a semi-developed Russian-Ukrainian plan (which also included the hand delivery of derogatory information on Ukrainian leaders) also fits with Orbis reporting related to Cohen.

Given that Sater’s publicly known links between mobbed up Russians and Trump go back a decade, why isn’t he mentioned in the dossier? And why does the dossier seemingly contradict these claims about an active Trump Tower deal?

Aras Agalarov and Rinat Akhmetshin

There are far more significant silences about two other Trump associates, Aras Agalarov and Rinat Akhmetshin.

To be fair, the dossier isn’t entirely silent about the former, noting in at one place that Agalarov would be the guy to go to to learn about dirt on Trump in Petersburg (elsewhere he could be a source).

Far, far more damning is the dossier’s silence (again, at least as a subject rather than source) about Akhmetshin. That’s long been one of the GOP complaints about the dossier — that Akhmetshin was closely involved with Fusion GPS on Magnitsky work in parallel with the Trump dossier, which (if Akhmetshin really is still tied to Russian intelligence) would provide an easy feedback loop to the Russians. The dossier’s silence on someone well known to Fusion GPS is all the more damning given the way that Sipher points to the June 9 meeting (which the dossier didn’t report, either) as proof that the dossier has been vindicated.

It was also apparently news to investigators when the New York Times in July 2017 published Don Jr’s emails arranging for the receipt of information held by the Russians about Hillary Clinton. How could Steele and Orbis know in June 2016 that the Russians were working actively to elect Donald Trump and damage Hillary Clinton?

[snip]

To take another example, the third Orbis report says that Trump campaign manager Paul Manafort was managing the connection with the Kremlin, and we now know that he was present at the June 9 2016 meeting with Donald Trump, Jr., Russian lawyer Natalia Veselnitskaya and Rinat Akhmetshin, who has reportedly boasted of his ties to ties and experience in Soviet intelligence and counterintelligence.  According to a recent New York Times story, “Akhmetshin told journalists that he was a longtime acquaintance of Paul J. Manafort.”

There’s no allegation that investigations didn’t know about June 2016 plan to hurt Hillary (indeed, the Guccifer 2.0 stuff that Sipher ignores was public to all). Rather they didn’t know — but neither did Fusion, who has an established relationship with Akhmetshin — about the meeting involving Akhmetshin. If you’re going to claim the June 9 meeting proves anything, it’s that the dossier as currently known has a big hole right in Fusion’s client/researcher list.

Sergey Kislyak

Which brings me — finally! — to Sipher’s weird treatment of Sergey Kislyak. Sipher argues (correctly) that Trump associates’ failure to report details of their contacts with Russians may support a conspiracy claim.

 Of course, the failure of the Trump team to report details that later leaked out and fit the narrative may make the Steele allegations appear more prescient than they otherwise might.  At the same time, the hesitancy to be honest about contacts with Russia is consistent with allegations of a conspiracy.

Of course, Trump’s folks have failed to report details of that June 9 meeting as well as meetings with Sergey Kislyak. Having now invested his vindication story on that June 9 meeting, he argues that reports about Kislyak (on which the NYT article he cites approvingly probably rely) are misguided; we need to look to that June 9 meeting intead.

It should be noted in this context, that the much-reported meetings with Ambassador Kislyak do not seem to be tied to the conspiracy. He is not an intelligence officer, and would be in the position to offer advice on politics, personalities and political culture in the United States, but would not be asked to engage in espionage activity.  It is likewise notable that Ambassador Kislyak receives only a passing reference in the Steele dossier and only having to do with his internal advice on the political fallout in the U.S. in reaction to the Russian campaign.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

This seems utterly bizarre. We know what happened after June 9, in part: Per Jared Kushner (who also is not mentioned in the dossier or Sipher’s column), immediately after the election Kislyak started moving towards meeting about Syria (not Ukraine). But in the process, Kushner may have asked for a back channel and at Kislyak’s urging, Kushner took a meeting with the head of a sanctioned bank potentially to talk about investments in his family’s debt-ridden empire. And all that is the lead-up to the Mike Flynn calls with Kislyak about sanctions relief which provide some of the proof that Trump was willing to deliver the quo that the dossier claims got offered for quids.

That latter story — of the meetings Kushner and Flynn did in the wake of the election and events that may have taken place since — is every bit as coherent a narrative as the Steele dossier or the entirely new narratives tied to the June 9 meeting (which Sipher claims are actually the Steele narrative).

Of course, neither is yet evidence of collusion. And that’s, frankly, what we as citizens should be after.

A narrative offered up by an intelligence contractor who was always trying to catch up to the central part of the story — the hack-and-leak — is not what we should be striving for. That’s why this dossier is probably mostly irrelevant to the Mueller probe, no matter how the GOP would like to insinuate the opposite. If there was collusion (or rather, coordination on all this stuff between the campaign and Russia), we should expect evidence of it. The Steele dossier, as I have noted, left out one of the key potential proofs of that, in spite of having ties with someone who attended the meeting.

All that said, it would be useful for someone responsible to respond to GOP criticisms and, where invented (such as with the claim that Steele paying sources diminishes its value), demonstrate that. It would be useful for someone to explain what we should take from the dossier.

Sipher didn’t do that, though. Indeed, his post largely suffers from the same bad analysis he accuses the media of.

Update: In the original I got the date of the final report incorrect. That has been corrected.

Update, 12/10/17: I didn’t realize it, but Just Security updated Sipher’s post to include this language, which it explains with an editor’s note saying “Editor’s note: This article was update to provide additional analysis on Carter Page.” Compare this with this. Here’s the language.

Admittedly, Isikoff’s reporting may have relied on Steele himself for that information. Isikoff, however, also reported that U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it. There are also other indicia that are also consistent with the Orbis report but only developed or discovered later. In early December 2016, Page returned to Moscow where he said he had “the opportunity to meet with an executive from” Sechin’s state oil company. In April 2017, Page confirmed that he met with and passed documents to a Russian intelligence officer in 2013. Court documents include an intercept in April 2013 of conversations between the Russians discussing their effort to recruit Page as “as an intelligence source.” A Russian intelligence officer said of Page: “He got hooked on Gazprom … I don’t know, but it’s obvious that he wants to earn lots of money … For now his enthusiasm works for me. I also promised him a lot … You promise a favor for a favor. You get the documents from him and tell him to go fuck himself.” In late December 2016, Sechin’s chief of staff, Oleg Erovinkin “who may have been a source for ex-British spy Christopher Steele’s Trump dossier,” according to multiple reports, was found dead in the back of his car in Moscow.

But this passage introduces new errors for Sipher’s post!

First, here’s the language (in an article Just Security never links) Sipher relies on to justify using Isikoff’s Steele-based reporting to claim Steele had been proven correct.

After one of those briefings, Senate minority leader Harry Reid wrote FBI Director James Comey, citing reports of meetings between a Trump adviser (a reference to Page) and “high ranking sanctioned individuals” in Moscow over the summer as evidence of “significant and disturbing ties” between the Trump campaign and the Kremlin that needed to be investigated by the bureau.

Some of those briefed were “taken aback” when they learned about Page’s contacts in Moscow, viewing them as a possible back channel to the Russians that could undercut U.S. foreign policy, said a congressional source familiar with the briefings but who asked for anonymity due to the sensitivity of the subject. The source added that U.S. officials in the briefings indicated that intelligence reports about the adviser’s talks with senior Russian officials close to President Vladimir Putin were being “actively monitored and investigated.”

A senior U.S. law enforcement official did not dispute that characterization when asked for comment by Yahoo News. “It’s on our radar screen,” said the official about Page’s contacts with Russian officials. “It’s being looked at.”

It is true that “U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it,” and that Harry Reid was leaking from the Steele dossier just like Isikoff was. But the “senior US law enforcement officer” does not back the identities of those Page met with, just that “it’s being looked at.”

That’s important for the way that Page’s meetings with people other than Igor Sechin have been used to claim the dossier has borne out. Not-A = A. Which is what Sipher does here, by pointing to Page saying he met with Rosneft but not Sechin. “Page says he was not referring to Sechin in his remarks,” the linked AP story says (as does Page’s congressional testimony).

Then Sipher points to language unsealed in a court filing in January 2015 that Page admitted — after reporting on it — was him. That Page was wrapped up in an earlier Russian spy prosecution is another of those things one might ask why Steele didn’t know, particularly given that the filing and the case was already public.

But the citation also exacerbates the problems with Sipher’s reliance on Page’s FISA wiretap as proof the Steele dossier proved out. As I noted above, later reports stated Page had been under FISA wiretap “since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.” That means it wasn’t the meetings in Russia, per se, that elicited the interest, but (at least) the earlier interactions with Russian spies.

Finally, Sipher points to the death of Oleg Erovinkin, something I’ve pointed to myself (and which would only be “Carter Page” analysis if Page actually had met with Sechin). Since Sipher updated this post, however, Luke Harding wrote (on page 101),

Steele was adamant that Erovinkin wasn’t his source and “not one of ours.”

As a person close to Steele put it to me: “Sometimes people just die.”

I’m not sure I find Harding entirely reliable elsewhere, and I can see why Steele would deny working with Erovinkin if the leak of his work had gotten the man killed. But if you buy Harding, then Erovinkin no longer proves the value of the Steele dossier either.

Update, 12/10: According to the Wayback Machine this change was made between October 25 and November 6. Ryan Goodman explained that he didn’t give me a hat-tip for this correction because he’s not sure whether he corrected because of me because a Daily Caller reporter also weighed in.

It is true that Chuck Ross (with whom I discuss the dossier regularly) tweeted that Sipher’s Isikoff reference was self-confirming on November 4, shortly before the change was made.

Ryan and I had a conversation about the errors in this piece on September 6, when the post first came out, both on Twitter then–late that evening–on DM. I included a link to my post.

I guess Ryan is now confessing he never read this post, and let notice of egregious errors sit unreviewed for two months, because he didn’t like my tone.

 

Democrats Demand DOJ Release the Information that Has Christopher Steele Hiding for His Life

/24 Comments/in /by

I have to say, the Democrats are beginning to convince me Russia’s involvement in the DNC hack is just one hoax.

Don’t get me wrong. I believe there is plenty of evidence — in public and stuff I’ve been told by people close to the hack — that the Russians did hack the DNC and John Podesta and share those documents with Wikileaks.

But given the bozo way the Democrats are trying to politicize it, I can only conclude the Democrats think this is less serious than I have believed and than Democrats claim. That’s because they’re now demanding that FBI give them the very same information that — we’ve been told by public reporting — led former MI6 officer Christopher Steele to hide for his life.

This morning, David Corn wrote a piece complaining about “the mysterious disappearance of the biggest scandal in Washington.”

After reviewing some of the facts in this case (and asserting without proof that Putin’s interference in the election “achieved its objectives,” which is only partly backed by declassified intelligence reports on the hack) and giving an incomplete list of the congressional committees that have announced investigations into the hack, Corn gave this inventory of what he claims to be the lack of outcry over the hack.

Yet these behind-closed-doors inquiries have generated minimum media notice, and, overall, there has not been much outcry.

Certainly, every once in a while, a Democratic legislator or one of the few Republican officials who have bothered to express any disgust at the Moscow meddling (namely Sens. John McCain, Lindsey Graham, and Marco Rubio) will pipe up. House Democratic leader Nancy Pelosi days ago called on the FBI to investigate Trump’s “financial, personal and political connections to Russia” to determine “the relationship between Putin, whom he admires, and Donald Trump.” Sen. Chris Murphy (D-Conn.), responding to Trump’s comparison of the United States to Putin’s repressive regime, said on CNN, “What is this strange relationship between Putin and Trump? And is there something that the Russians have on him that is causing him to say these really bizarre things on an almost daily basis?” A few weeks ago, Graham told me he wanted an investigation of how the FBI has handled intelligence it supposedly has gathered on ties between Trump insiders and Russia. And last month, Sen. Ron Wyden (D-Ore.) pushed FBI Director James Comey at a public hearing to release this information. Yet there has been no drumbeat of sound bites, tweets, or headlines. In recent days, the story has gone mostly dark.

The funniest detail in this is how Corn describes Chris Murphy’s response to the exchange that took up the entire weekend of news — Trump’s nonplussed response when Bill O’Reilly called Putin a killer.

O’Reilly: Do you respect Putin?

Trump: I do respect him but —

O’Reilly: Do you? Why?

Trump: Well, I respect a lot of people but that doesn’t mean I’m going to get along with him. He’s a leader of his country. I say it’s better to get along with Russia than not. And if Russia helps us in the fight against ISIS, which is a major fight, and Islamic terrorism all over the world — that’s a good thing. Will I get along with him? I have no idea.

O’Reilly: But he’s a killer though. Putin’s a killer.

Trump: There are a lot of killers. We’ve got a lot of killers. What do you think — our country’s so innocent. You think our country’s so innocent?

O’Reilly: I don’t know of any government leaders that are killers.

Trump: Well — take a look at what we’ve done too. We made a lot of mistakes. I’ve been against the war in Iraq from the beginning.

O’Reilly: But mistakes are different than —

Trump: A lot of mistakes, but a lot of people were killed. A lot of killers around, believe me.

This was a Super Bowl interview, for fuck’s sake, and both before and after the interview, political pundits on both sides of the aisle were up in arms about Trump’s affinity for Putin’s murderous ways! Google counts more than 70,000 articles on the exchange.

But to Corn, that translated into only one comment from Murphy.

From there, Corn goes onto complain that the White House press briefings — which have been a noted shitshow inhabited by people like Infowars — has only featured direct questions about the investigation twice, and that the questions about Trump’s call to Putin weren’t about the investigation (as opposed to, say, Trump’s ignorant comments about the START treaty, which could get us all killed).

The crazier thing is that, best as I can tell, Mother Jones — the media outlet that David Corn has a bit of influence over — seems to have ignored the indictment of Hal Martin yesterday, the arrest on treason charges of two FSB officers, allegedly for sharing information with the US intelligence community, or even today’s Senate Foreign Relations Committee hearing on our relations with Russia. Among other things, today’s hearing discussed the hack, Trump’s comments about Putin the killer, weaponization of information, sanctions, Trump’s lukewarm support for NATO. It also included multiple Democratic calls for a bipartisan investigation and assurances from Chairman Corker and Ranking Member Cardin that that would happen.

So effectively, David Corn should be complaining about his own outlet, which isn’t covering the things relating to the hack others of us are covering.

No matter. Corn made his sort of ridiculous call, that call got liked or RTed over 3,000 times, and as if magically in response, Jerry Nadler introduced a resolution of inquiry, calling on the Administration to (in part) release any document that relates or refers to “any criminal or counterintelligence investigation targeting President Donald J. Trump, National Security Advisor Michael Flynn, Paul Manafort, Carter Page, Roger Stone, or any employee of the Executive Office of the President.”

As I’ve already noted, two FSB officers recently got arrested on treason charges, an event many people fear came in response to details revealed about this investigation and if so would badly undermine any investigation. People equally wonder whether the curious death of former FSB General Oleg Erovinkin relates to the leaked Steele dossier that Corn himself played a central role in magnifying, which would represent another lost intelligence source. And, of course, there are the reports that the former MI6 officer that compiled the dossier, Christopher Steele, on which these allegations rest fled from his home out of fear for his life because of the way it got publicized.

Either Putin is a ruthless thug or he’s not. Either Steele had reason to flee because the dossier is true or he didn’t. Either this thuggery is serious or it’s just a political stunt.

I really do believe it is the former (though I have real questions about the provenance of the dossier, questions which Corn could but has not helped to provide clarity on). Which is why I’m absolutely mystified that Democrats are demanding every document pertaining to any counterintelligence investigation into it, the kind of exposure which —  recent history may already show — is totally counterproductive to actually pursuing that investigation.

As I’ll write shortly, I do deeply suspect the Senate Intelligence Committee investigation (especially) is designed to be counterproductive. The Hal Martin indictment yesterday seems to suggest FBI doesn’t have the evidence to figure out who Shadow Brokers is, if even it has ties to the DNC hack (as much evidence suggests it does). But I also think political stunts like this don’t help things.

But maybe that’s not the point?

Sanctioning GRU … and FSB

/7 Comments/in , , /by

While I was out and about today, President Obama rolled out his sanctions against Russia to retaliate for the Russian hack of Democrats this year. Effectively, the White House sanctioned two Russian intelligence agencies (GRU — Main Intelligence, and FSB –Federal Security Service), top leaders from one of them, and two named hackers.

In addition to sanctioning GRU, the White House also sanctioned FSB. I find that interesting because (as I laid out here), GRU has always been blamed for the theft of the DNC and John Podesta documents that got leaked to WikiLeaks. While FSB also hacked the DNC, there’s no public indication that it did anything aside from collect information — the kind of hacking the NSA and CIA do all the time (and have done during other countries’ elections). Indeed, as the original Crowdstrike report described, FSB and GRU weren’t coordinating while snooping around the DNC server.

At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario. “Putin’s Hydra: Inside Russia’s Intelligence Services”, a recent paper from European Council on Foreign Relations, does an excellent job outlining the highly adversarial relationship between Russia’s main intelligence services – Федеральная Служба Безопасности (FSB), the primary domestic intelligence agency but one with also significant external collection and ‘active measures’ remit, Служба Внешней Разведки (SVR), the primary foreign intelligence agency, and the aforementioned GRU. Not only do they have overlapping areas of responsibility, but also rarely share intelligence and even occasionally steal sources from each other and compromise operations. Thus, it is not surprising to see them engage in intrusions against the same victim, even when it may be a waste of resources and lead to the discovery and potential compromise of mutual operations.

Data provided by FireEye to War on the Rocks much later in the year suggested that the DNC hack was the only time both showed up in a server, which it took to mean the opposite of what Crowdstrike had, particularly high degree of coordination.

According to data provided for this article by the private cybersecurity company, FireEye, two separate but coordinated teams under the Kremlin are running the campaign. APT 28, also known as “FancyBear,” has been tied to Russia’s foreign military intelligence agency, the Main Intelligence Agency or GRU. APT 29, aka “CozyBear,” has been tied to the Federal Security Service or FSB. Both have been actively targeting the United States. According to FireEye, they have only appeared in the same systems once, which suggests a high level of coordination — a departure from what we have seen and come to expect from Russian intelligence.

The sanctioning materials offers only this explanation for the FSB sanction: “The Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB) assisted the GRU in conducting the activities described above.”

So I’m not sure what to make of the fact that FSB was sanctioned along with GRU. Perhaps it means there was some kind of serial hack, with FSB identifying an opportunity that GRU then implemented — the more extensive coordination that FireEye claims. Perhaps it means the US has decided it’s going to start sanctioning garden variety information collection of the type the US does.

But I do find it an interesting aspect of the sanctions.

As of August 29, 2016, Not All High Risk Users at NSA Had Two-Factor Authentication

/9 Comments/in , /by

For the last several weeks, all of DC has been wailing that Russia hacked the election, in part because John Podesta didn’t have two-factor authentication on his Gmail account.

So it should scare all of you shitless that, as of August 29, 2016, not all high risk users at NSA had 2FA.

That revelation comes 35 pages  into the 38 page HPSCI report on Edward Snowden. It describes how an IG Report finished on August 29 found that NSA still had not closed the Privileged Access-Related holes in the NSA’s network.

That’s not the only gaping hole: apparently even server racks in data centers were not secure.

And note that date: August 29? Congress would have heard about these glaring problems just two weeks after the first Shadow Brokers leak, and days after Hal Martin got arrested with terabytes of NSA data in his backyard shed.

I think I can understand why James Clapper and Ash Carter want to fire Mike Rogers.

Lefties Learn to Love Leaks Again

/12 Comments/in , , , , /by

Throughout the presidential campaign, observers have noted with irony that many on the right discovered a new-found love for WikiLeaks. Some of the same people who had earlier decried leaks, even called Chelsea Manning a traitor, were lapping up what Julian Assange was dealing on a daily basis.

There was a similar, though less marked, shift on the left. While many on the left had criticized — or at least cautioned about — WikiLeaks from the start, once Assange started targeting their presidential candidate, such leaks became an unprecedented, unparalleled assault on decency, which no one seemed to say when similar leaks targeted Bashar al-Assad.

Which is why I was so amused by the reception of this story yesterday.

After revealing that Donald Trump’s Secretary of State nominee “was the long-time director of a US-Russian oil firm based in the tax haven of the Bahamas, leaked documents show” in the first paragraph, the article admits, in the fourth paragraph that,

Though there is nothing untoward about this directorship, it has not been reported before and is likely to raise fresh questions over Tillerson’s relationship with Russia ahead of a potentially stormy confirmation hearing by the US senate foreign relations committee. Exxon said on Sunday that Tillerson was no longer a director after becoming the company’s CEO in 2006.

The people sharing it on Twitter didn’t seem to notice that (nor did the people RTing my ironic tweet about leaks seem to notice). Effectively, the headline “leaks reveal details I have sensationalized” served its purpose, with few people reading far enough to the caveats that admit this is fairly standard international business practice (indeed, it’s how Trump’s businesses work too). This is a more sober assessment of the import of the document detailing Tillerson’s ties with the Exxon subsidiary doing business in Russia.

This Guardian article worked just like all the articles about DNC and Podesta emails worked, even with — especially with — the people decrying the press for the way it irresponsibly sensationalized those leaks.

The response to this Tillerson document is all the more remarkable given the source of this leak. The Guardian reveals it came from an anonymous source for Süddeutsche Zeitung, which in turn shared the document with the Guardian and the International Consortium of Investigative Journalists.

The leaked 2001 document comes from the corporate registry in the Bahamas. It was one of 1.3m files given to the Germany newspaper Süddeutsche Zeitung by an anonymous source.

[snip]

The documents from the Bahamas corporate registry were shared by Süddeutsche Zeitung with the Guardian and the International Consortium of Investigative Journalists in Washington DC.

That is, this document implicating Vladimir Putin’s buddy Rex Tillerson came via the very same channel that the Panama Papers had, which Putin claimed, back in the time Russia was rifling around the DNC server, was a US intelligence community effort to discredit him and his kleptocratic cronies, largely because that was the initial focus of the US-NGO based consortium that managed the documents adopted, a focus replicated at outlets participating.

See this column for a worthwhile argument that Putin hacked the US as retaliation for the Panama Papers, which makes worthwhile points but would only work chronologically if Putin had advance notice of the Panama Papers (because John Podesta got hacked on March 19, before the first releases from the Panama Papers on April 3).

There really has been a remarkable lack of curiosity about where these files came from. That’s all the more striking in this case, given that the document (barely) implicating Tillerson comes from the Bahamas, where the US at least was collecting every single phone call made.

That’s all the more true given the almost non-existent focus on the Bahamas leaks before — from what I can tell just one story has been done on this stash, though the documents are available in the ICIJ database. Indeed, if the source for the leaks was the same, it would seem to point to an outside hacker rather than an inside leaker. That doesn’t mean the leak was done just to hurt Tillerson. The leak, which became public on September 21, precedes the election of Trump, much less the naming of Tillerson. But it deserves at least some notice.

For what it’s worth, I think it quite possible the US has been involved in such leaks — particularly given how few Americans get named in them. But I don’t think the Panama Papers, which implicated plenty of American friends and even the Saudis, actually did target Putin.

Still, people are going to start believing Putin’s claims that this effort is primarily targeted at him if documents conveniently appear from the leak as if on command.

I am highly interested in who handed off documents allegedly stolen by Russia’s GRU to Wikileaks. But I’m also interested in who the source enabling asymmetric corruption claims, as if on demand, is.

Just Before Obama Weighs in on the Russian Hack, John Brennan Tells Everyone What He Says Others Said

/13 Comments/in , /by

At 2:20, WaPo published a story basically saying, “Anonymous source says CIA Director Wrote a Letter Claiming FBI Director and Director of National Intelligence Agree with Him,” but you wouldn’t know that from the headline.

At 2:40, President Obama entered the White House briefing room to give his last press conference of the year, which was scheduled to start at 2:15. Everyone anticipated, correctly, the presser would be dominated by questions about Russia’s role in the election.

So:

2:15: scheduled start for the President to comment on Russia’s hacking and what the intelligence says.

2:20: WaPo tells you what an anonymous leaker says CIA’s Director says FBI’s Director and Director of National Intelligence say, which differs somewhat from what Obama says.

2:40: Obama walks to the podium as, presumably, everyone waiting is reading WaPo’s scoop.

Who says only Vladimir Putin is good at information ops?

Mind you, once you get into the body of the article, there’s a significant difference between what WaPo says CIA says today and what its anonymous sources said CIA said a week ago, the last time it stomped on Obama’s efforts to introduce some deliberation into the claims about Russia’s hacks. Last week, WaPo said the CIA view was this:

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

[snip]

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill last week, in which agency officials cited a growing body of intelligence from multiple sources. Agency briefers told the senators it was now “quite clear” that electing Trump was Russia’s goal, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters. [my emphasis]

Goal, singular.

Here’s what the lead says in today’s article.

FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the presidency, according to U.S. officials.

With this further elaboration below.

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill about two weeks ago in which agency officials cited a growing body of intelligence from multiple sources. Specifically, CIA briefers told the senators it was now “quite clear” that electing Trump was one of Russia’s goals, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters.

CIA and FBI officials do not think Russia had a “single purpose” by intervening during the presidential campaign. In addition to helping Trump, intelligence officials have told lawmakers that Moscow’s other goal included undermining confidence in the U.S. electoral system. [my emphasis]

WaPo still makes no mention of the most obvious goal, that Russia hacked Hillary to retaliate for real and perceived slights covertly carried out by Hillary and CIA, something that Hillary claimed just before the WaPo story and the Obama presser.

In any case, if you look at CNN’s far more sober version of this, it appears that there is still some difference in emphasis about whether Russia was trying to elect Trump (and Brennan’s statement appears not to lay out what the consensus view is).

The nuance lay in a stronger view by the CIA that the hacking was intended to help elect Trump, and the CIA leans more strongly in that view than the FBI does.

Ah well, in the waning days of a great empire, who cares about deference to the outgoing President?

Update: This exchange between Obama and Martha Raddatz most directly addresses what Obama wants to say about the hack (elsewhere he says there was no evidence Russia hacked any polls).

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

Q Which hack?

THE PRESIDENT: The hack of the DNC and the hack of John Podesta.

Now, the — but again, I think this is exactly why I want the report out, so that everybody can review it. And this has been briefed, and the evidence in closed session has been provided on a bipartisan basis — not just to me, it’s been provided to the leaders of the House and the Senate, and the chairman and ranking members of the relevant committees. And I think that what you’ve already seen is, at least some of the folks who have seen the evidence don’t dispute, I think, the basic assessment that the Russians carried this out.

Q But specifically, can you not say that —

THE PRESIDENT: Well, Martha, I think what I want to make sure of is that I give the intelligence community the chance to gather all the information. But I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

The DNC’s Evolving Story about When They Knew They Were Targeted by Russia

/29 Comments/in , , /by

This week’s front page story about the Democrats getting hacked by Russia starts with a Keystone Kops anecdote explaining why the DNC didn’t respond more aggressively when FBI first warned them about being targeted in September. The explanation, per the contractor presumably covering his rear-end months later, was that the FBI Special Agent didn’t adequately identify himself.

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

This has led to (partially justified) complaints from John Podesta about why the FBI didn’t make the effort of driving over to the DNC to warn the higher-ups (who, the article admitted, had decided not to spend much money on cybersecurity).

This NYT version of the FBI Agent story comes from a memo that DNC’s contractor, Yared Tamene, wrote at some point after the fact. The NYT describes the memo repeatedly, though it never describes the recipients of the memo nor reveals precisely when it was written (it is clear it had to have been written after April 2016).

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

[snip]

“The F.B.I. thinks the D.N.C. has at least one compromised computer on its network and the F.B.I. wanted to know if the D.N.C. is aware, and if so, what the D.N.C. is doing about it,” Mr. Tamene wrote in an internal memo about his contacts with the F.B.I. He added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”

[snip]

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

[DNC technology director Andrew] Brown knew that Mr. Tamene, who declined to comment, was fielding calls from the F.B.I. But he was tied up on a different problem: evidence suggesting that the campaign of Senator Bernie Sanders of Vermont, Mrs. Clinton’s main Democratic opponent, had improperly gained access to her campaign data.

[snip]

One bit of progress had finally been made by the middle of April: The D.N.C., seven months after it had first been warned, finally installed a “robust set of monitoring tools,” Mr. Tamene’s internal memo says. [my emphasis]

The NYT includes a screen cap of part of that memo (which reveals that the DNC had already been exposed to ransomware attacks by September 2015), but not the other metadata or a link to the full memo.

One reason I raise all this is because the evidence laid out in the story contradicts, in several ways, this August report, relying on three anonymous sources (at least some of whom are probably members of Congress, but then so was the DNC Chair at the time).

The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

[snip]

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

In August, anonymous sources told Reuters that FBI never told DNC they were being attacked by Russians until … well, Reuters doesn’t actually tell us when the FBI told DNC the Russians were behind the attack, just that Democrats started taking it seriously in March.

But in the pre-Trump Russian hack bonanza, the NYT has now revealed that an internal memo says that the DNC had been informed in November, not March.

And even that part of the explanation doesn’t make sense. As a number of people have noted, Brown is basically saying he didn’t respond to a warning — given in November — that a DNC server was calling home to Russia because he was dealing with a NGP-VAN breach that happened on December 18. He would have had over two weeks to respond to Russia hacking the DNC before the NGP-VAN issue, and that would have been significantly handled by NGP.

Moreover, even the September narrative invites some skepticism. Tamene admits the FBI Special Agent, “told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.” And he describes “His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion.” Had Tamene Googled for “dukes malware” any time after September 17, 2015, this is what he would have found.

Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making. [my emphasis]

So had this initial report taken place after September 17, Tamene would have learned, thanks to the second sentence of a top Google return, that he was facing a “highly dedicated, and organized cyber-espionage group that has been working for the Russian government. ” Had he done the Google search he said he did, that is, he would almost certainly have learned he was facing down Russian hackers.

Had he clicked through to the report — which is where he would have gone to find the malware signatures to look for — he would have seen a big pink graphic tying the Dukes to Russia.

It’s certainly possible the alert came before the white paper was released (though if it came after, it explains why the FBI would have thought simply mentioning the Dukes would be sufficient). But that would suggest Tamene remembered the call and his Google search for the Dukes in detail sometime in April but not in September when this report got a fair amount of attention.

None of this is to excuse the FBI (I’ve already started a post on that part of this). But it’s clear that Democrats have been — at a minimum — inconsistent in their story to the press about why they didn’t respond to warnings sooner. And given the multiple problems with their explanation about what happened last fall, it’s likely they did get some warning, but just didn’t heed it.

Update: When I wrote this this morning, I had read this tweet stream and this story but not the underlying Shadow Brokers related post, by someone writing under the pseudonym Boceffus Cleetus it relates to, which is basically a Medium post introducing the latest sale of Shadow Broker tools. It wasn’t until I read this post — and then the second Boceffus Cleetus post that I realized Boceffus Cleetus posted (his) original post — along with a reference to the name magnified back when this hack started — the day after the NYT wrote a story of the hack from DNC’s perspective.

As the tweet stream lays out, Boceffus Cleetus is a play on ventriloquism, (duh, speaking for others) and the Dukes of Hazard. Both analyses of this argue that the reference to “Dukes of Hazard” is, in turn, a reference to the name given to the FSB hacking efforts (the other I’ve used is “Cozy Bear”) in the report I linked above — that is, to the name F-Secure had given the FSB hackers, most notably in the report I linked above. I didn’t make too much of it until I read this second Boceffus Cleetus post, which in seemingly one sentence lays out Bill Binney’s theory of the DNC hack (that is, that NSA handed it on) with a country drawl and a lot of conspiracy theory added.

After my shadow brokers tweet I was contacted by an anonymous source claiming to be FBI. Yep I know prove it? I wasn’t able to get’em to verify their identity. But y’all don’t be runnin away yet, suspend yer disbelief and check out their claims. What if the Russian’s ain’t hacking nothin? What if the shadow brokers ain’t Russian? Whatcha got as the next best theory? What if its a deep state civil war tween CIA and ole NSA? A deep state civil war to see who really runs things. NSA is Department of Defense, military. The majority of the military are high school grads, coming from rural “Red States”, conservatives. The NSA has the global surveillance capabilities to intercept all the DNC and Podesta emails. CIA is college grads only and has the traditions of the urban yankee northeastern and east coast ivy leaguers, “Blue State”, liberals.

It’s all mostly gratuitous — an attempt to feed (as explicitly named “fake news”) some of the alternate explanations out there right now.

But I find the portrayal of an NSA-CIA feud notable, in part, because the mostly likely reason FBI (which is where Boceffus Cleetus’ fictional source came from) didn’t tell the DNC who was hacking them back in September 2015 is because the actual tip — that Russia was hacking the DNC — came from the NSA. But FBI had to hide that. So instead, they used the name for FSB that was current at the time.

I’ll add, too, that this plays on Craig Murray’s claim that a national security person leaked him the Podesta documents.

So what’s the point? Dunno. I defer to theGrugq’s third post, in which he argues this post is signaling to show NSA the Russian hackers must have access to NSA’s classified networks, because they’ve accessed a map of everything.

This dump has a bit of everything. In fact, it has too much of everything. The first drop was a firewall ops kit. It had everything that was supposed to be used against firewalls. This dump, on the other hand, has too much diversity and each tool is comprehensive.

The depth and breadth of the tooling they reveal can only possibly be explained by:

  1. an improbable sequence of hack backs which got, in sequence, massive depth of codenamed implants, exploits, manuals,
  2. access to high side data

[snip]

It is obvious that this data would never leave NSA classified networks except by some serious operator error (as I believe was the case with the first ShadowBrokers leak.) For this dump though, it is simply not plausible. There is no way that such diverse and comprehensive ops tooling was accidentally exposed. It beggars belief to think that any operator could be so careless that they’d expose this much tooling, on multiple diverse operations.

There are, based on my count, twenty one (21) scripts/manuals for operations contained in this dump. They cover too many operations for a mistake, and they are too comprehensive for a mistake.

Remember, Obama has been stating assuredly that the US has far more defensive and offensive capability than Russia. The latter might well be true. But the latter is nuts, if for no other reason than we have so much more to secure. The former might be true. But not if hackers can log into NSA’s fridge and steal their beer.

I’m not entirely sure what to make of this. But against the background of increasing dick-wagging, it’ll be interesting to see how it plays out.

The NYT’s Legitimate Email Detail

/18 Comments/in , /by

The NYT has a long story describing the hack of the Democrats in the most favorable light to the party, one that blames “socialist” Bernie Sanders for the months-long delay before the DNC tech person responded to FBI warnings about being hacked, one that makes no mention of the widely reported detail that Democrats were happy to have an excuse to fire Debbie Wasserman Schultz.

Given that it puts things in a light so favorable to the Democrats, I wanted to look more closely at this passage, which has gotten a lot of attention.

Hundreds of similar phishing emails were being sent to American political targets, including an identical email sent on March 19 to Mr. Podesta, chairman of the Clinton campaign. Given how many emails Mr. Podesta received through this personal email account, several aides also had access to it, and one of them noticed the warning email, sending it to a computer technician to make sure it was legitimate before anyone clicked on the “change password” button.

“This is a legitimate email,” Charles Delavan, a Clinton campaign aide, replied to another of Mr. Podesta’s aides, who had noticed the alert. “John needs to change his password immediately.”

With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Mr. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” email, an error that he said has plagued him ever since.

It points to a detail that has always struck me about the stories about the hack of John Podesta. They note — as I did — that we can look at the email reportedly used to hack Podesta. Here’s the entirety of what Delavan sent to a woman named Sara Latham, who forwarded it to a woman named Milia Fisher:

This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.

He can go to this link: https://myaccount.google.com/security to do both. It is absolutely imperative that this is done ASAP.

If you or he has any questions, please reach out to me at [phone].

It may be that he mistyped legitimate for illegitimate. But he also said that Podesta should change his email password and added two-factor authentication. Perhaps the mistake was in forwarding the email with the link, rather than just responding by saying Podesta was being phished.

The part that has always puzzled me about this email — and the likely reason why he’s now telling a story that doesn’t entirely make sense — is that he also did the safe thing. He provided the real GMail address at which staffers could have changed the password and added 2FA. Had those staffers used that link, they could have avoided a whole lot of trouble and made any subsequent hack less likely.

I even, at one point, doubted whether this really could have been the email used to hack Podesta, because it shouldn’t have worked, given that he took the right steps (though the timing of the emails does correlate with the dates of what got released).

What is more likely to have happened is that one of the women used the bad URL to change the password (which would have appeared all shiny in the original), rather than the correct URL that Delavan provided. That is, it may be that Delavan is covering for one of the women.

Update; I realized after posting how the typo thing might make sense, and changed that part, but there’s still the point that he did the right thing here.

Update: Slate interviewed Delavan, who said the NYT got the phrasing wrong. The story still doesn’t seem to make sense entirely.