Posts

How John Durham Buried Evidence He Had Been Doing the Work of Russian Spies … and then Tulsi Gabbard Buried More

/25 Comments/in /by

As I’ve been showing, the Durham classified annex goes to significant lengths to hide that a Russian email discussing creating a conspiracy theory about the American Deep State, which he dates to July 26, precedes the draft SVR memo he claims has animated his years-long hunt, which dates to July 27 or later.

You can date the draft SVR memo (Durham doesn’t provide its date at all in the unclassified report, and if he does here, the date has been redacted) by tracking the inputs (red arrows) into the fake emails on which the draft memo is purportedly based (blue arrows), as I lay out here.

You can review a live copy of this (without the arrows) at this link.

The fake email integrated into the memo itself — bearing the date of July 25 but mentioning the Olympics — derives from the Thomas Rid story and the real Tim Maurer email — but it appears to have been altered to add the reference to the Olympics on July 27 (because a copy without the Olympics mention is attached to an email dated July 27).

And the fake email, bearing the date of July 27, claiming that Hillary approved a plan on July 26 appears to derive from the real July 27 Julianne Smith email soliciting a totally innocuous letter condemning Trump’s attack on NATO. We might learn more about its creation, except the email to which it is attached is entirely redacted in the annex.

That is, so long as his claim that the Deep State memo is dated “the day after” two emails purporting to be dated June 25 is accurate, then the emails and draft report that guided his entire investigation were the conspiracy theory proposed on July 26. Durham did the work of Russian spies for four years.

If this is, indeed, the timeline, then Durham — as well as John Ratcliffe and Kash Patel — should have recognized they were pursuing an investigation of Hillary Clinton based off a deliberate Russian spy hoax.

There’s one more thing that supports this argument — and reveals how problematic it is for Durham (who continued his investigation for two more years after he would have concluded the emails were “composites”) and the others: the extent to which he, as well as the person who redacted this for release, tried to obscure all this in the classified annex.

This kind of deceit was not remotely unusual for Durham (as I’ll return to when I review what Durham did do after concluding he was using a clear Russian hoax as his excuse to investigate Hillary Clinton). Andrew DeFilippis, especially, did this kind of stuff all the time. Here, where he used email timestamps in two different time zones to falsely suggest that Fusion was the source for a public link about the Alfa Bank anomalies, is just one such example.

The list below is overwhelming. The most important detail, however, is how Durham treats the real email from Julianne Smith asking people to sign onto some totally innocuous letter criticizing Trump’s attacks on NATO. Durham obtained one copy of the email from the SVR trove and another from a subpoena, presumably to Smith or CNAS, where she worked.

The annex separates the disclosure that Julianne Smith had also been hacked (noted in footnote 27) from the discussion of the email she sent on July 27, obscuring that Durham obtained two copies of that email, one from the SVR collection (cited in the annex as Document Classified Appendix Document 9, which also includes the Maurer email), and one via subpoena (cited in the unclassified report as XXXX-0014561). He does that even though discussion of the “certain emails, attachments, and documents that contain language and references with the exact same or similar verbiage to the materials referenced above” precedes that discussion. In the unclassified report, he treats this email differently, effectively treating it as corroboration for the claims in the fake report, rather than a source used to fabricate it (though he later uses it as corroboration after concluding that the underlying emails are composites based on … that email).

In either case, however, if he is treating Smith’s July 27 email as a source (and that’s one place it appears in his report), then the draft memo must post-date the July 26 Deep State email.

On July 26, Russian spies decided it’d be cool to start a conspiracy theory about the Deep State. And on July 27, having stolen that Smith email, they decided to claim that Hillary — as opposed to some other Deep State entity — decided to smear Donald Trump.

And everyone involved in this is working really hard to hide that they knew that.

Update: On the topic of Smith’s email, I’ve been puzzling over the redaction in this passage; I wondered if Durham expressed some obnoxious opinion about her.

It was suggested to me, however, that that redaction might hide Durham speculating about what Russian spooks thought — maybe something like, “it is a logical deduction that [Russian spies believed that]”… The mention of the spies would therefore justify classification on classification bases. But holy hell if it were something like that, it would mean Durham was trying to rationalize why Russian spooks fabricated emails to make up this claim.

Durham’s deceits

By July 2021, John Durham had evidence to conclude the emails behind a draft SVR memo on which his entire investigation rested were “composites,” that is, fabrications. But he continued on for two more years, attempting and failing to create evidence to substantiate that Russian disinformation by prosecuting Michael Sussmann and Igor Danchenko. To hide that he had done that, he engaged in a great deal of deceit in both his unclassified and classified reports.

  • Durham frames his focus around three bullets John Ratcliffe included in his 2020 memo sending these materials to Lindsey Graham. The first bullet claims to focus on “Russian intelligence analysis,” suggesting that his focus was on a draft SVR report that leads the narrative in the classified appendix, but is actually the last document temporally. But the second bullet refers to John Brennan notes that quote not the purported end analysis, but an email advancing the plot to frame Hillary.
  • The two exhibits — Brennan’s notes and a referral from the CIA that he couldn’t prove ever got sent to FBI — include redactions that obscure the actual content of both. Importantly, witnesses were not shown the full exhibits, though Brennan correctly stated that Durham misrepresented what his notes were about.
  • Durham misrepresented how many witnesses (and who) testified that they had not seen the referral memo.
  • Thereafter in the unclassified report, Durham referred to “Clinton Plan intelligence” as if it focused on that discreet claim or even the draft memo, when it referred to the larger body of intelligence obtained via the Dutch, and so in context the plan to frame Hillary. In the classified report, Durham referred to Clinton campaign plan, rather than the intelligence asserting it.
  • Durham mentioned two Leonard Benardo emails early in the annex (there were actually four documents claiming to be emails in the report), then discussed the earlier, apparently finished, intelligence from earlier 2016 implicating Loretta Lynch, suggesting they were the emails. He returns to this strategy later in the appendix.
  • Then, the beginning of the section focused on the SVR documents starts with the draft memo, not the specific emails. He keeps moving the ball.
  • The date of the draft memo appears nowhere in the unclassified report and may not appear in the classified report either (if it is there, it is redacted).
  • The annex separates the disclosure that Julianne Smith had also been hacked (noted in footnote 27) from the discussion of the email she sent on July 27, obscuring that Durham obtained two copies of that email, one from the SVR collection (cited in the annex as Document Classified Appendix Document 9, which also includes the Maurer email), and one via subpoena (cited in the unclassified report as XXXX-0014561). He does that even though discussion of the email appears after the introduction, “certain emails, attachments, and documents that contain language and references with the exact same or similar verbiage to the materials referenced above.” In the unclassified report, he treats this email differently, effectively treating it as corroboration for the claims in the fake email, rather than a source used to fabricate it (though he also uses it as corroboration after concluding that the underlying emails are composites based on … that email). In either case, however, if he is treating Smith’s July 27 email as a source, then the draft memo must post-date the July 26 Deep State email talking about ginning up a conspiracy theory.
  • After introducing the Benardo emails, the annex discloses there were several versions of the July 25 one, which helps to obscure that one copy of the earliest version was attached to a July 27 email, which in turn suggests the reference to the Olympics was added on July 27. As noted, the redactions exacerbate this sleight of hand.
  • The annex hides that the Deep State email predates the draft memo by discussing the two versions of the July 25 Benardo email in-between.
  • The annex doesn’t appear to explain that one of two copies of the first fake July 25 email (without the Olympics) is considered part of the same document as the July 27 “vilify” email.
  • The description that the real Tim Maurer email is the same date as the fake July 25 emails gives the impression that they were made the same day, when at least the revisions of the fake email probably happened on July 27.
  • Durham provides a description of this (then-dated) article about a voting hacker for hire, but does not provide a description of the Thomas Rid article discussed in the email, which is not only a clear source for the draft memo, but should make analysts look twice at the Russian idiom in English in the fake Benardo email, because Rid discusses the language games behind the Guccifer 2.0 persona at some length.
  • When Durham concedes the emails to which the draft memo is sourced are composites, he does not name CNAS, where Smith worked, even though earlier in the section he says she was hacked too.

Lying with redactions

  • The introduction to the draft memo redacts details about what is in it, most notably the emails the entire annex purports to focus on.
  • That continues in the redactions after the draft memo. This obscures which email was incorporated into the draft memo: the one referring to the Olympics. The redaction introducing the first fake July 25 email further obscures this, making it harder to figure out that Classified Appendix Document 6 is a July 27 email with one of the first versions of the July 25 email (that is, before the Olympics were added) attached.
  • The redaction of the email after the July 27 “vilify” one obscures that the July 27 Benardo email discussing Hillary’s approval is attached to that redacted email and not the “vilify” one, further obscuring that the emails dated July 25 were likely revised on July 27, to add the Olympics reference.
Share this entry

John Durham’s Guccifer Gaps

/2 Comments/in /by

In this post, I reviewed the two premises of John Durham’s investigation into Hillary Clinton:

  • Documents stolen from Russian spies claimed Hillary Clinton had a plan to smear Donald Trump because of his ties to Russia (to which Durham added a plan that she would fabricate evidence against Trump)
  • The FBI should have taken that into consideration before they relied on the Steele dossier or investigated the Alfa Bank anomalies

I also showed that Durham was lying about what document he built that premise off of, which he claimed was a draft SVR report, the date of which he never disclosed (but which appears to date to July 27). In fact, the notice that CIA gave to FBI of that alleged plan was almost certainly a different one, one which made it clear that Hillary didn’t have a plan to frame Trump, but instead that SVR had a plan to frame Hillary.

As part of that argument, I showed how the referral memo — a memo CIA drafted to send to the FBI in early September 2016, but which appears never got sent — doesn’t actually match the draft SVR report (reporting that Hillary would smear Trump), but instead matches emails that show SVR would frame Hillary.

I noted that the memo refers to “an exchange,” not a draft memo.

But I also noted that there was a redaction pertaining to Guccifer 2.0 that, in 2020 — two years after Robert Mueller indicted GRU for Guccifer 2.0 — John Ratcliffe didn’t want to share publicly.

That’s where I may have misstated. I claimed that the report had nothing that could match that kind of Guccifer 2.0 reference. But it actually may. There’s a redaction in the excerpted report in the Durham annex right after a discussion of Guccifer 2.0 (the only reference to Guccifer in the declassified material), which then picks back up with questions of attribution that had been the subject of discussion of one of the only real emails found to be quoted in the report.

In other words, I could be wrong that Guccifer does not feature prominently in this report. It may be that Durham hid it, just like John Ratcliffe hid it in the referral memo.

Still, what’s clear is that the Deep State email that almost certainly launched this effort did tie Guccifer to Hillary.

Effectively, this exchange says, “fuck, they’re onto Guccifer, let’s start a conspiracy theory about Hillary! dark forces!! Deep State!!!” And then the follow-up email describes the conspiracy theory in terms of “vilifying” Putin and Trump.

And that matters because shortly after this email, Russia launched a sustained, two-fold campaign, both to undermine the attribution of Guccifer 2.0 and to frame Hillary Clinton. Indeed, just days after SVR set out to frame Hillary Clinton, the effort to debunk the Guccifer attribution expanded, not least with Roger Stone, who reversed course on the Russian attribution over a matter of days in early August 2016, as if he were reading right from the SVR script.

A few days after that, Julian Assange picked up the Seth Rich conspiracy started, a conspiracy theory that provided an alternative source for the documents stolen by GRU, one that played on dark forces involved with the Clintons.

And where did that come from?

SVR reports purporting to date back to July 13 — the very same stash of documents that fabricated a plan by Hillary Clinton to smear Donald Trump.

ISIKOFF: Exactly. She was puzzled about all the conspiracy theories swirling around the case that she was investigating. So she finally turns to the U.S. intelligence community. She had a security clearance as a assistant U.S. attorney. She asked them to help her figure out, where’s all this stuff coming from? And they come back with a bombshell. They provide Sines with copies, English translations of copies of intelligence bulletins that were circulated by the Russian SVR – that’s Russia’s version of the CIA – just three days after Seth Rich’s death, July 13, 2016. In the intel – that first intelligence bulletin, the SVR suggests – it doesn’t suggest – asserts that Seth Rich was on his way to talk to the FBI that early Sunday morning when he was gunned down by a squad of assassins working for Hillary Clinton.

And this was, as far as we can tell, the first time that a conspiracy theory about Seth Rich’s death was put out there. That very same day, July 13, it pops up on an obscure website, called whatdoesitmean.com, which, when you look at it and examine it, it’s filled with all sorts of stories attributed to Russian intelligence officials, Russian foreign ministry officials, Russian press reports. It’s effectively a vehicle for Kremlin propaganda. And they apparently took this SVR bulletin that had been intercepted by U.S. intelligence officials and used it to put out this wild conspiracy theory that played right into that far-right conspiratorial meme I mentioned before about the Clintons’ – a Clinton body count and assassins working for the Clintons who go around rubbing out inconvenient people in their political path.

The efforts to undermine the Guccifer 2.0 attribution didn’t much survive the other public attributions, including confirmation in the Intelligence Community Assessment, to say nothing of the Mueller indictment of GRU.

Except, of course, for this guy.

I actually suspect that Durham’s team aspired to include the whole muddle. After all, when interviewing Manos Antonakakis in the days after Durham should have given up his conspiracy theory, Andrew DeFilippis attacked the DNS researcher for deigning to try to attribute Guccifer 2.0.

Finally, I will leave you with an anecdote and a thought. During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, “Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?” Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DoJ’s special council would question whether US researchers working for DARPA should conduct investigations in this matter is “acceptable”! While I was tempted to say back to him “What if this hacker hacked GOP? Would you want me to investigate him then?”, I kept my cool and I told him that this is a question for DARPA’s director, and not for me to answer.

So the effort to frame Hillary Clinton had to be spun free of the effort to muddle attribution of Guccifer 2.0.

But not when SVR first launched this campaign.

Share this entry

How Chuck Grassley’s Politicized Redactions Gave Putin Leverage over Trump

/13 Comments/in /by

After making Canada, Japan, Vietnam, and Switzerland go to the US and making the EU go to Trump’s golf course in Scotland to negotiate tariffs, Trump sent his real estate developer buddy, Steve Witkoff, to Moscow to negotiate tariffs with Vladimir Putin.

I would have low expectations that Witkoff, who has gotten his ass handed to him at every turn, would negotiate a reasonable deal with Russia in any case.

All the more so given the politicized release of old documents on Russia that Tulsi Gabbard has orchestrated in recent weeks.

Consider just this redaction in the classified Durham appendix that Chuck Grassley released last week.

As I laid out here, the redaction is designed to fool readers in several ways.

First, it helps to sustain a fiction that the draft SVR memo purporting to report Hillary Clinton approving a plan to smear Donald Trump is the first document in a series, and not the last. That, in turn, serves to suggest that what I call the Deep State memo, laying out a plan by SVR to frame Hillary came after the draft memo, rather than laid out a plan to fabricate the memo, complete with fabricated emails including Russian idioms attributed to Leonard Benardo.

But that’s not right. The Deep State email was, Durham described, sent on July 26. The draft SVR email incorporates an email fabricated on July 27.

Indeed, after this Deep State email, Russian spies talked about “mak[ing] [something]” — that is, fabricating emails — to “illuminate” how Clinton wanted to “vilif[y]” Trump and Putin, proposing an initial fabricated July 25 email promising to, “put more oil into the fire,” but not yet adding reference to the doping scandal that was contemporaneously a very sore subject for Russia. The email with the reference to the Olympics, dated July 25 but almost certainly fabricated on July 27, is the one that was incorporated into the draft SVR memo.

In response, those Russian spies said … we don’t know what, but we do know that they attached the fabricated July 27 email purporting to reflect Hillary approving that plan on July 26.

I’d love to know what that email says; it may make it more clear that this was all a great plan to frame Hillary Clinton, or it may reveal other parts of the plan, possibly pertaining to Guccifer 2.0. But I don’t need to know what it says to know that the email gives Putin great leverage over Donald Trump at the moment that Trump finally tries to assert a strong hand with the Russian dictator.

By hiding that email in an attempt to hide that what Trump has claimed for eight years was an effort by Hillary to frame Trump was — is, still — a wildly successful attempt by SVR to frame Hillary, Trump’s top spies — Director of National Intelligence Tulsi Gabbard, CIA Director and Useful Idiom John Ratcliffe, and FBI Director Kash Patel — have all sustained a secret with Russia’s spies, a secret Kash has been chasing all that time, a secret that could legally implicate at least Ratcliffe and Kash (not least because they sustained this campaign during the time they were private citizens) in a crime.

Trump’s top spies are keeping a secret: the secret that for the last eight years Trump has carried out precisely the plan to frame Hillary Clinton that those SVR spies first ginned up on July 26, 2016.

And here’s the thing. Putin’s spies know much of what is behind that redaction. They can reverse engineer it because the footnote to it shows that the email in question is the one to which those Russian spies attached that fake July 27 email, nine years ago. They still have that email. Hell, it’s probably hanging in a gilt-edged frame somewhere, Putin’s trophy from a wildly successful attempt to compromise the Main Enemy.

So that redaction is not, as a classification redaction should, keeping any secrets from our adversaries. The Russian spies know what is too embarrassing for Grassley and Tulsi and Kash and Ratcliffe to release.

But we don’t.

And that’s why this entire frenzy to release more secrets just in advance of this meeting with Putin has made Trump far, far weaker.

Donald Trump cares more about his claims of grievance, a fake grievance that has always gotten him out of jams, than he does about America, to say nothing of Ukraine.

And Chuck Grassley’s willful protection of this secret between Putin’s spies and Trump’s has only served to give Putin leverage over Trump and over the United States.

Share this entry

Russia’s Useful Idiom, John Ratcliffe: Lost in Two Translations

/17 Comments/in /by

John Ratcliffe keeps going on propaganda channels to parrot Russian idioms (and make false claims) shamelessly. Whichever Russian spy wrote that disinformation package years ago must have gotten a new dacha to reward him for how he has turned America’s CIA Director into an unabashed useful idiom for Russia.

Ratcliffe might want to rein in his boisterousness, however. Because Chuck Grassley and Tulsi Gabbard — or whoever actually did the declassification of the Durham appendix — left just enough breadcrumbs to suggest there’s a material difference between the FBI and some other government agency’s translation of the Deep State email reflecting an SVR plan to frame Hillary Clinton. Ratcliffe may not realize just how clear it is that John Durham framed Hillary Clinton, with Ratcliffe’s help.

I started down this rabbit hole when I puzzled through this footnote, revealing that there are multiple translations of “some” of the items in question.

So I made a table of all the documents identified as exhibits to the appendix, showing which footnote referred to which document and the language of the document.

The first thing this exercise disclosed were two missing documents — or rather, documents the discussions of which are entirely redacted.

The first appears in a discussion of a 2017 CIA review that concluded these SVR reports — it’s not clear whether the report reviewed just the Loretta Lynch ones, or all of them; I have a hunch this report also discusses Oleg Deripaska — were not fabrications. Note missing footnote 76 here.

The second is more interesting–but it’s part of a far more important discovery. At least according to the footnotes, the redactions in these two passages (which bracket the draft report that Durham falsely claims was the basis of his investigation) serve to obscure which fake Leonard Benardo email was incorporated into which SVR document.

The reference to “The above-referenced [SVR] memorandum included the English text of a document” pertains to the Benardo email that appears second in the appendix — the one with the (stupid, obviously Russian) references to the Olympics.

There are at least two versions of the Benardo email (identified as Appendix Documents 5 and 6 in footnote 36) that lack the Olympics reference.

And one of those, Appendix Document 6, is what was attached to the July 27 email described in the unredacted passage here.

The fake Benardo email dated July 27 — which these redactions tried hard to suggest was attached to the email mentioning “vilif[ying] Moscow” — was actually attached to another communication completely obscured by this redaction, the second missing document. Footnote 40 and footnote 41 both cite Classified Appendix Document 8.

This clarifies the process by which the draft report that Durham falsely claimed was the basis of his investigation was made.

The first email in the chain is the July 26 Deep State one — the one saying it’d be cool to frame Hillary.

The second is that July 27 email — basically a discussion about how they were going to frame Hillary, attaching one of the fake Benardo emails without mention of the Olympics. Again, that’s what got mentioned in John Brennan’s notes, not the report. At that point, one of the spies must have thought it would be cute to make a reference to what appears to be the Olympics doping scandal, which was ongoing at the time, something that mattered to the Russians but probably not Benardo or Julianne Smith, and so they altered the fake Benardo email for inclusion in the eventual report, to add the Olympics.

And then a third email between Russian spies — the one that is completely redacted — attached the fake Benardo email, dated July 27, claiming Hillary had approved this plan. The email reflecting approval came after the spies decided to frame Hillary (not like it matters since the emails were all fake anyway).

Now, as I keep saying, the report that Durham falsely claimed was the basis of his investigation had to come after that missing email, because that’s what they fabricated to claim that Hillary had actually approved the plan. The report was the last document, not the first, as Durham misleadingly suggested by putting it at the beginning of his discussion. The unredacted report would make clear that both the approval and the Olympics reference were deliberately added to take Benardo emails, and then incorporated in the draft report itself.

Which brings me back to where I started. Aside from two documents of little interest here (a document on Benardo that could be a SVR profile of him or could just be his bio, Classified Appendix Document 1) and the entirely redacted reference associated with the 2017 CIA review (Classified Appendix Document 10), there are six documents in Russian:

  • The January 2016 report mentioning Loretta Lynch and Jim Comey
  • The March 2016 report mentioning Loretta Lynch
  • The July 26 Deep State email discussing framing Hillary
  • The July 27 email, to which one of the fake July 25 Benardo emails that did not mention the Olympics was attached
  • The missing document, to which the fake July 27 Benardo email was attached
  • The draft report, to which the fake July 25 Benardo email that mentioned the Olympics was incorporated

The January and March reports are actually the same document, Classified Appendix Document 2. Durham describes both were “in Russian,” with the discussion of translation redacted; this discussion tracks the DOJ IG Report closely, and so may have used those same versions.

As you can see above, the discussion about who translated the July 27 email and the missing one is entirely redacted. The same is true of the draft report itself.

Not the July 26 Deep State email, though.

The intro to that states clearly that Durham used an FBI translation: “The FBI’s translation of this email is as follows.”

In other words, the July 26 Deep State email showing that Russian spies decided to frame Hillary before they fabricated emails supporting their effort exists in at least two versions.

And John Ratcliffe, rattling off Russian idioms on every Fox show, may not know that.

Update: I’m reviewing the Michael Sussmann case, and Andrew DeFilippis played a similar temporal gimmick twice during that trial.

Share this entry

John Ratcliffe and Kash Patel — and Durham Himself — Committed the Crime John Durham Was Hunting

/11 Comments/in /by

By July 2021, John Durham had virtually all the evidence he needed to know that both premises of his investigation — that Hillary Clinton had a plan to frame Donald Trump, and FBI learned about that plan but ignored it when they relied on the Steele dossier and accepted the Alfa Bank allegations — were false. Yet he continued going for two more years anyway, pursuing prosecutions of Michael Sussmann and Igor Danchenko, both of which resulted in acquittals.

You might be forgiven, more than two years after John Durham closed up shop, if you’ve forgotten why he even spent four years chasing what is now clear was Russian disinformation, effectively investigating people because they had been hacked by Russian spies who framed them as part of a plan to, “put more oil into the fire.”

There are several explanations “why” Durham conducted this investigation, including:

  • Bill Barr determined, before he even saw the evidence acquired by Mueller (if he ever did), there should be an investigation to avenge the Russian investigation
  • Durham got snookered into chasing Russian conspiracy theories designed to stoke polarization, doing great damage in the process
  • In 2020, John Ratcliffe reported a referral from the CIA to the FBI

Durham’s report misleadingly suggests it was the last one: the declassification of the SVR report that John Ratcliffe did — first a report about the SVR allegation, then two exhibits about it — in September and October 2020. By that point, Durham had done at least four interviews focused primarily on the SVR allegation: a September 17, 2019 interview with the FBI analyst who knew that collection best, a February 27, 2020 interview with some kind of spook, two July 8, 2020 interviews with some IC officers, and an interview with another IC officer the day Ratcliffe released the exhibits. (Given that Ratcliffe boasted about how many times he met with Durham, that October 7 interview could well be Ratcliffe himself.)

The Office also considered as part of its investigation the government’s handling of certain intelligence that it received during the summer of 2016. That intelligence concerned the purported “approval by Hillary Clinton on July 26, 2016 of a proposal from one of her foreign policy advisors to vilify Donald Trump by stirring up a scandal claiming interference by the Russian security services.” 391 We refer to that intelligence hereafter as the “Clinton Plan intelligence.” DNI John Ratcliffe declassified the following information about the Clinton Plan intelligence in September 2020 and conveyed it to the Senate Judiciary Committee:

  • In late July 2016, U.S. intelligence agencies obtained insight into Russian intelligence analysis alleging that U.S Presidential candidate Hillary Clinton had approved a campaign plan to stir up a scandal against U.S. Presidential candidate Donald Trump by tying him to Putin and the Russians’ hacking of the Democratic National Committee. The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.
  • According to his handwritten notes, CIA Director Brennan subsequently briefed President Obama and other senior national security officials on the intelligence, including the “alleged approval by Hillary Clinton on July 26, 2016 of a proposal from one of her foreign policy advisors to vilify Donald Trump by stirring up a scandal claiming interference by Russian security services.”
  • On 07 September 2016, U.S. intelligence officials forwarded an investigative referral to FBI Director James Comey and Deputy Assistant Director of Counterintelligence Peter Strzok regarding “U.S. Presidential candidate Hillary Clinton’s approval of a plan concerning U.S. Presidential candidate Donald Trump and Russian hackers hampering U.S. elections as a means of distracting the public from her use of a private mail server.” 392

The Clinton Plan intelligence was relevant to the Office’s investigation for two reasons.

First, the Clinton Plan intelligence itself and on its face arguably suggested that private actors affiliated with the Clinton campaign were seeking in 2016 to promote a false or exaggerated narrative to the public and to U.S. government agencies about Trump’s possible ties to Russia. Given the significant quantity of materials the FBI and other government agencies did in fact receive during the 2016 presidential election season and afterwards that originated with and/or were funded by the Clinton campaign or affiliated persons (i.e., the Steele Dossier reports, the Alfa Bank allegations, and the Yotaphone allegations), the Clinton Plan intelligence prompted the Office to consider (i) whether there was in fact a plan by the Clinton campaign to tie Trump to Russia in order to “stir[] up a scandal” in advance of the 2016 presidential election, and (ii) if such a plan existed, whether an aspect or component of that plan was to intentionally provide knowingly false and/or misleading information to the FBI or other agencies in furtherance of such a plan. 393

Second, the Clinton Plan intelligence was also highly relevant to the Office’s review and investigation because it was part of the mosaic of information that became known to certain U.S. officials at or before the time they made critical decisions in the Crossfire Hurricane case and in related law enforcement and intelligence efforts. Because these officials relied, at least in part, on materials provided or funded by the Clinton campaign and/or the DNC when seeking FISA warrants against a U.S. citizen (i.e., the Steele Dossier reports) and taking other investigative steps, the Clinton Plan intelligence had potential bearing on the reliability and credibility of those materials. Put another way, this intelligence-taken at face value-was arguably highly relevant and exculpatory because it could be read in fuller context, and in combination with other facts, to suggest that materials such as the Steele Dossier reports and the Alfa Bank allegations (discussed below and in greater detail in Section IV.E. l) were part of a political effort to smear a political opponent and to use the resources of the federal government’s law enforcement and intelligence agencies in support of a political objective. The Office therefore examined whether, and precisely when, U.S. law enforcement and intelligence officials became aware of the Clinton Plan intelligence; whether they vetted and analyzed the intelligence to understand its potential significance; and whether those officials, in turn, incorporated the intelligence into their decision-making regarding the investigation of individuals who were part of the Trump campaign and had possible ties to Russian election interference efforts.

I’ll come back to the significance of precisely what Ratcliffe and Kash declassified.

Durham depends on a different conspiracy theory in each report

For now, consider how each of his two volumes (unclassified, classified) confess that one of these two prongs — Clinton had a plan, and the FBI ignored that she did — was false, but then obscures that the other was, too.

This post, which explains Durham’s Clinton conspiracy conspiracy theory, holds up very well (if I do say so myself) even after the annex was declassified. It shows that Durham:

  • Falsely claimed the Russian intelligence report alleging Hillary had a plan to smear Trump about his ties to Russia did — or would even have to — rely on false information
  • Misrepresented the nature of the report about Hillary, thereby misrepresenting the dissemination of SVR intelligence within the Intelligence Community
  • Only found any confirmation for his Clinton conspiracy conspiracy theory from witnesses whose memories had been radically altered by the threat of criminal prosecution; everyone else disclaimed every shred of Durham’s Clinton conspiracy conspiracy theory

There are just a few things structurally that seeing the classified annex adds. Here’s how the two sections map.

Both tell the story of the SVR Report (just the classified annex describes the underlying documents or concedes they were fabricated). Both describe how none of Hillary’s people knew anything about Durham’s Clinton conspiracy conspiracy theory. Both point to true things — reliance on an accurate Franklin Foer story that Durham miscites, interest in whether the FBI was investigating, and an effort to condemn Trump for his attacks on NATO — to bolster Durham’s case that his Clinton conspiracy conspiracy theory is true, though in the classified annex, Durham puts these details in his “The authenticity of the Benardo emails” section.

Both include a section that points to some other part of his (or the right wing’s) obsessions to bolster the Clinton conspiracy conspiracy theory. The unclassified report has a section that misrepresents both Fusion’s dissemination of the Steele dossier and Clinton’s media push of the Alfa Bank allegations (in the process, conflicting with other parts of his report and the results of his investigations) to buck up his theory. The classified annex has a section (after the conclusion that the emails were “composites” and a section describing other times the US Intelligence Community treated these SVR documents as authentic) pointing to Loretta Lynch’s “odd” reaction to a briefing on the two SVR reports claiming she was intervening in the Clinton email investigation. It’s the inclusion of that briefing (Durham conveniently ignores both that the FBI found these documents to be “objectively false” and the reference to Jim Comey throwing the election for Republicans) that allows Durham to decide that, while the emails on which the report was based were probably “composites,” the Clinton plan might be true (this is the conclusion Sean Davis and with him FBI Director Kash Patel cling to) and so his investigation into the FBI’s purported receipt of a report about it legitimate.

The other remarkable difference between the unclassified and classified report is in the way Durham describes his certainty that what he calls a referral ever got to the FBI — or more specifically, Peter Strzok — in the first place. His unclassified report includes an entire paragraph describing that no one on the Crossfire Hurricane team remembered seeing it.

The Office showed portions of the Clinton Plan intelligence to a number of individuals who were actively involved in the Crossfire Hurricane investigation. Most advised they had never seen the intelligence before, and some expressed surprise and dismay upon learning of it. For example, the original Supervisory Special Agent on the Crossfire Hurricane investigation, Supervisory Special Agent-1, reviewed the intelligence during one of his interviews with the Office. 428 After reading it, Supervisory Special Agent-1 became visibly upset and emotional, left the interview room with his counsel, and subsequently returned to state emphatically that he had never been apprised ofthe Clinton Plan intelligence and had never seen the aforementioned Referral Memo. 429 Supervisory Special Agent-1 expressed a sense of betrayal that no one had informed him ofthe intelligence. When the Office cautioned Supervisory Special Agent-1 that we had not verified or corroborated the accuracy of the intelligence and its assertions regarding the Clinton campaign, Supervisory Special Agent-1 responded firmly that regardless of whether its contents were true, he should have been informed of it. 430

During Durham’s testimony to Congress, Strzok revealed that 1) contrary to Durham’s insinuations, he had spoken with with Durham’s investigators and 2) the copy of the referral that Durham’s team showed him was not an FBI copy, suggesting that Durham also had no proof the document ever made it to the FBI.

So in the unclassified report, Durham confesses his entire premise — that the FBI received this report and didn’t respond as he thinks they should have — may be utter bullshit, because they never received it.

Yet in his classified report, he states as fact, three different times, that it was sent to the FBI. He says this twice in the section purporting to validate the import of this report because the Intelligence Community responded to it, section 4 above.

In addition, as described in the unclassified report, on September 7, 2016, the CIA sent the FBI an “investigative referral” memorandum that referred to, among other information, the purported Clinton campaign plan.

[snip]

The DNI also declassified a portion of former CIA Director Brennan’s handwritten notes that describe the August 3, 2016 meeting with President Obama and the CIA Referral Memorandum sent to Director Comey and Deputy Assistant Director of Counterintelligence Peter Strzok. [my emphasis]

And then in the conclusion — the one Davis is impressed with — finding that even though the email on which this conspiracy theory was based is a composite, nevertheless it was important because the CIA sent a referral memo that he falsely suggests actually arrived at its destination.

Moreover, in early September 2016, the CIA prepared a referral memorandum on the information regarding the purported “plan” that went to the FBI [my emphasis]

So looking at these two together, the classified annex concludes that the emails behind the report that launched this whole project are “composites,” but because the CIA sent the FBI a referral memo, argues it was a legitimate exercise to review how the FBI responded to that referral memo. Then the unclassified report concedes it has no proof the CIA referral ever made it to the Crossfire Hurricane team, but the investigation was legitimate because Clinton may have shared knowingly false allegations about Trump with the FBI.

John Ratcliffe committed the crime John Durham was hunting

Now consider how those Ratcliffe declassifications cabined the investigation.

He describes that in interviews with Clinton and FBI people (to the extent that he’s not covering up FBI interviews that don’t help him), he used the declassified files with people who lacked clearance (including, with Jennifer Palmieri, the referral document rather than the report itself) and used a redacted version of the emails with people who had clearance, as well as Leonard Benardo. So his question about “Clinton plan” all focused on how fevered right wingers defined it.

I’ve already talked about the blind spots built into John Brennan’s notes. These notes span the fifth and sixth pages of Brennan’s notes, meaning a whole lot of the briefing was more important. They’re described as offering insight into “Russian activities,” not Hillary’s (the CIA couldn’t investigate Hillary’s in any case). The first redacted paragraph likely describes the SVR targets in question.

But there’s a bullet before the description of the purported Hillary plan, and who knows how much after it.

Now check out where the word, “vilify” appears in the known SVR documents. The actual draft report — the purported subject of this investigation — used the word, “smear.” The two emails dated July 25 using a Russian idiom, along with the email between spooks discussing starting a conspiracy theory, use the word, “demonize.” The purported July 27 email from Benardo doesn’t use any such word.

The word “vilify” appears in this email between spooks — the one that follows the one in which they discuss a plan to start a conspiracy theory about the Deep State.

Even in the classified appendix, Durham provides very little of the email, and half of what is there is redacted.

Now look at the referral memo.

It refers to “an exchange,” not a draft memo, which is what the memo in question is. It’s hard to imagine, at this point, what could be behind that redaction about Guccifer. And while there’s a mention in the report itself to Guccifer, that doesn’t pertain to Hillary. It’s a claim about what the FBI has discovered:

Clinton’s supporters in the FBI lack conclusive irrefutable evidence of the Russian Federation’s involvement in the scandal, tied to the theft of the DNC’s correspondence. In the meantime, during the launched investigation, there has been a multitude of circumstantial evidence that the alias of Guccifer 2.0 (the name of the hacker who accepted responsibility for the incident) was, in fact, used to cover up a special unit of the GRU of the Russian Federation Defense Ministry’s General Staff.

The email between the two spooks — which could fairly be called “an exchange” — ties the attribution to Guccifer directly to the plan to start a conspiracy theory about Hillary.

Effectively, this exchange says, “fuck, they’re onto Guccifer, let’s start a conspiracy theory about Hillary! dark forces!! Deep State!!!” And then the follow-up email describes the conspiracy theory in terms of “vilifying” Putin and Trump.

Both these reports — the Brennan notes and the CIA referral to FBI — appear to refer not to the draft report about Hillary’s claimed plan, but instead to communications between the Russian spooks reflecting a plan to invent a conspiracy theory about Hillary to muddle the Guccifer attribution (which is precisely what Roger Stone immediately did).

If that’s right, it means it was never a Clinton plan, it was an SVR plan. That makes sense; after all, John Brennan wouldn’t be permitted to investigate Hillary Clinton’s plans to do oppo research, but he would be permitted to investigate SVR’s plans to frame Hillary. And that’s what he told Durham:  he was focused not on Hillary’s plan but Russia’s.

When interviewed, Brennan generally recalled reviewing the materials but stated he did not recall focusing specifically on its assertions regarding the Clinton campaign’s purported plan. 400 Brennan recalled instead focusing on Russia’s role in hacking the DNC. 401

And having apparently mischaracterized what actually elicited CIA attention, Durham then spent paragraphs and paragraphs talking about how if the FBI had simply factored in a conspiracy theory invented by SVR to muddle the GRU attribution, then they might not have relied on the Steele dossier (itself being injected with Russian disinformation) or accepted the Alfa Bank allegations.

Indeed, Durham actually considered whether Peter Strzok committed a crime by ignoring his misrepresentation of the referral that he had no evidence Strzok ever received.

Whether these failures by U.S. officials amounted to criminal acts, however, is a different question. In order for the above-described facts to give rise to criminal liability under federal civil rights statutes, the Office would need to, for example, identify one or more persons who (i) knew the Clinton campaign intended to falsely accuse its opponent with specific information or allegations, (ii) intentionally disregarded a particular civil right of a particular person (such as the right to be free of unreasonable searches or seizures), and (iii) then intentionally aided that effort by taking investigative steps based on those allegations while knowing that they were false.

[snip]

Although the evidence we collected revealed a troubling disregard for the Clinton Plan intelligence and potential confirmation bias in favor of continued investigative scrutiny of Trump and his associates, it did not yield evidence sufficient to prove beyond a reasonable doubt that any FBI or CIA officials494 intentionally furthered a Clinton campaign plan to frame or falsely accuse Trump of improper ties to Russia.

But Durham never factors into his own investigation those other two emails between spooks, both of which likely precede the report he claimed he was investigating. He never mentions them at all. Had he factored those in, all of this would have been shut down in 2021.

And after claiming that Clinton had a plan to falsely accuse her opponent rather than that SVR had a plan to falsely accuse Hillary, Durham used all this to get warrants targeting Michael Sussmann and Igor Danchenko. He, “intentionally disregarded a particular civil right of [Sussmann and Danchenko] (such as the right to be free of unreasonable searches or seizures), and (iii) then intentionally aided that effort by taking investigative steps based on those allegations while knowing that they were false.”

Once you see those two other emails between the Russian spooks — the one linking Guccifer directly to the plan to talk about the Deep State and the one using the word “vilify,” both of which Durham disregarded — then you have evidence that Kash, Ratcliffe, and Durham himself knew the SVR intended to falsely accuse Hillary, then took investigative steps based on those allegations that were clearly fabricated.

They took four whole years of investigative steps.

No wonder Durham allegedly tried to bury all this in burn bags.

Update: Remember that Kash, at a time he was a private citizen, was making claims making insinuations about Hillary making a plan in July 2016.

Update: And Ratcliffe was similarly making false claims on this topic while a private citizen.

Share this entry

Tulsi Gabbard and John Ratcliffe Reveal Putin “Was Counting on” a Trump Win

/21 Comments/in /by

It’s funny, reading the two rehashes of the 2017 ICA that John Ratcliffe and Tulsi Gabbard released in the last weeks.

There are parallels and common judgments between them (probably in part because the CIA one was limited to “CIA materials provided to congressional oversight investigations”). Both say the confidence level for the judgment that Putin “aspired” to help then-candidate Donald Trump win the election was too high. Both say John Brennan big-footed the process in a problematic way. Both complain about the short timeline. Both complain that “the highest classified version of the ICA had been shared with more than 200 US officials;” neither acknowledge that that was neither anticipated nor, presumably, the fault of Obama appointees, who were long-gone by the time Trump’s appointees disseminated it that broadly (and in fact other documents Tulsi released suggest that ICA drafters intentionally planned a less-classified version to be disseminated at that level, to avoid the problem Trump’s appointees complain about). Both complain about how the Steele dossier was added as an appendix, though (as I’ll show in a follow-up) they’re inconsistent about how they claim it was.

But there are differences. the document from Ratcliffe — who released the first of the SRV documents contemporaneously with the HPSCI report that obsessed about them — doesn’t appear to mention them at all.

The two reports treat three pieces of intelligence on which the “aspired” judgment was based differently (the CIA one may not treat one of the HPSCI complaints at all). As I’ll note in my main post on the HPSCI report, CIA treats one document that HPSCI considers problematic as reliable but compartmented in a way that made inclusion problematic.

Perhaps the most interesting detail you get from reading both in tandem pertains to one phrase in a document about which “a senior CIA operations officer observed, ‘We don’t know what was meant by that’ and ‘five people read it five ways,'” basically, about whether that phrase hade been read the correct way. As of a few weeks ago, in Ratcliffe’s report, the CIA was still trying to protect this intelligence, but not Tulsi. She declassified most of four pages of discussion about the phrase, with information about the access — the source was well-established, had authoritative access to something but second-hand access to this information, but for some reason the CIA was not able to clarify what the source meant by the phrase. The HPSCI Report complains that the ICA didn’t note that this person had an “anti-Trump bias” (emphasis original).

And Tulsi declassified what the intelligence said (even though she hadn’t in the less classified version of the ICA she had released a day earlier).

Putin had made this decision [to leak DNC emails in July] after he had come to believe that the Democratic nominee had better odds of winning the U.S. presidential election, and that [Trump], whose victory Putin was counting on, most likely would not be able to pull off a convincing victory.

The HPSCI memo goes on to complain that Brennan included this. It invents a number of other readings this could have meant, besides that Putin wanted to help Trump win. Maybe Putin expected Trump to win, in July 2016 when no one else did? Maybe Putin counted on a Trump win at the RNC? They even tried to undermine the intelligence by claiming that all the things Putin did to tamper in the election could have served the other goals he also had.

None of the confirmed activities — leaks, public statements, social media messaging, and traditional propaganda — corroborate the ICA interpretation of the fragment, because these activities were all consistent with Putin’s objectives to undermine faith in US democracy, without regard for candidate Trump’s fate.

Putin approved the DNC leak because he was counting on Trump to win, the fragment said, and HPSCI Republicans want to believe that maybe Putin just wanted to undermine faith in democracy.

Well, anyway, as I said, Ratcliffe didn’t declassify any of that. He did send analysts back to review the underlying intelligence, and here’s what they said.

The DA Review examined the underlying raw intelligence and confirmed that the clause was accurately represented in the serialized report, and that the ICA authors’ interpretation of its meaning was most consistent with the raw intelligence.

And Ratcliffe also backs the quality of the source behind this claim.

The DA Review does not dispute the quality and credibility of the highly classified CIA serialized report that the ICA authors relied on to drive the “aspired” judgment.

So between them, Tulsi and Ratcliffe provided us something genuinely new. According to a reliable but ambiguous intelligence fragment, CIA got intelligence that said Putin approved the DNC leak  “because he was counting on” Trump’s victory.

Update: I’ve fixed the quotation mark in the title: just the “counting on” is a direct quote.

Links

A Dossier Steal: HPSCI Expertly Discloses Their Own Shoddy Cover-Up

Think of the HPSCI Report as a Time Machine to Launder Donald Trump’s Russia Russia Russia Claims

Tulsi Gabbard and John Ratcliffe Reveal Putin “Was Counting on” a Trump Win

Tulsi Gabbard Teams Up with Russian Spies to Wiretap and Unmask Hillary Clinton

The Secrets about Russia’s Influence Operation that Tulsi Gabbard Is Still Keeping from Us

Tulsi Gabbard Accuses Kash Patel of Covering Up for the Obama Deep State

Share this entry

Tulsi Gabbard Teams Up with Russian Spies to Wiretap and Unmask Hillary Clinton

/14 Comments/in /by

I joked the other day that it’s as if Trump offered his cabinet members a free condo for whomever best distracted from his Epstein problem.

Tulsi Gabbard is, thus far, winning the contest for the sheer shamelessness of her ridiculous claims.

She has manufactured claims of sedition out of her conflation — whether deliberate or insanely ignorant — of voting machines and the DNC server, built on top of President Obama’s perfectly reasonable request to document all the ways Russia tampered in the 2016 election. Then, she released a different report — a 2020 GOP HPSCI report complaining about Intelligence Community tradecraft in the 2017 Intelligence Community Assessment. The HPSCI Report not only exhibits all the tradecraft failure it complains about, but it conflicts in some ways with her original propaganda.

In a presser at the White House yesterday (skip ahead to 12:30), Tulsi went one better, presenting the contents of the HPSCI report without context, focusing closely on a section that cites a cherrypicked selection of Russian intelligence reports purportedly (but not certainly) based off documents stolen from Democrats, the State Department, and a think tank.

Tulsi stood at the podium of the White House press room and delivered Russian intelligence, with an occasional “allegedly” thrown in, without explaining clearly that’s what she was doing.

In so doing, the Director of National Intelligence effectively teamed up with Russian spies, parroting analysis those Russian spies did on documents stolen from Hillary and people associated with her, without masking Hillary’s identity as required by intelligence protocol. This is precisely the kind of (then unsubstantiated) abuse that first animated right wing grievance back in 2017, outrage over the possible politicized unmasking of political adversaries, carried out by the head of intelligence from the White House podium.

They have become the monsters they warned about.

The SVR documents

Let me explain the documents. By 2016, there were actually two parallel Russian hacking campaigns targeting Hillary (and others). One, starting in 2016 and conducted by Russia’s military intelligence (GRU, often referred to as APT 28), obtained and caused the dissemination of documents during the election — the hack-and-leak campaign that Trump exploited to win the election. But starting years before that, Russia’s foreign intelligence service (SVR, often referred to as APT 29) targeted a number of traditional spying targets, including the White House, DOD, and State, some think tanks viewed as adversarial to Russia, and the DNC.

Here’s a report on APT 29’s hacking campaigns published in September 2015, which I wrote about here. Here’s a more recent history that includes those earlier hacks. I’ve been told that the interactions between APT 29 and APT 28 hackers inside Democratic servers was visible, but reluctant. APT 29 had and still has the more skillful hackers.

Unlike GRU, SVR did not use most of the files it stole in a hack-and-leak campaign. Russian spies analyzed the documents and wrote reports on them, like normal spying. But then someone — some other spying service, probably — spied on their spying efforts. And that entity shared what they found, including both the things SVR stole and the reports that Russian spies wrote about those stolen files, with the US Intelligence Community. And starting at least by 2018, right wingers have been obsessed with those stolen files and Russian intelligence reports, using them to feed one after another investigation into Democrats.

This gets a bit confusing, because we’re seeing the results of that obsession out of order. We first saw a right wing campaign based off them when John Ratcliffe, then the Director of National Intelligence, released a report about one particular analytical report, then released background documents; both were used as part of the effort to undermine the Mike Flynn prosecution in advance of the 2020 election. That particular report — allegedly claiming that in July 2016, Hillary endorsed a plan to focus on Trump’s ties to Russia to distract from the Clinton email investigation — served as the animating force for the Durham investigation, though Durham had to fabricate new details in the intelligence to do so. For years, Chuck Grassley has been frothing to release a classified appendix of the 2018 DOJ IG Report on the Clinton email investigation that pertained to the SVR documents, which Pam Bondi released the other day. Yesterday’s propaganda presser was based on the release of a 2020 critique of the 2017 Intelligence Community Assessment of the 2016 hack (there were earlier versions in which Kash Patel was involved), written by Republicans on the House Intelligence Committee (HPSCI).

We’re surely not done. There’s a classified annex to the Durham report in which he tries to justify treating Russian intelligence product as true. And yesterday, Grassley and House Intelligence Chair Rick Crawford asked to get more of the SVR files, this time focused on Barack Obama.

So, these documents were addressed at length by Michael Horowitz (it’s not yet clear how prominently they figure in earlier HPSCI work), then packaged up as part of Trump’s reelection bid in 2020, then further fluffed up by Durham in his failed prosecution effort and, on top of these recent releases, will no doubt feed the frothers indefinitely. But this order matters, because right wingers kept forgetting what they learned in earlier iterations of this obsession.

 The 2018 classified annex

The DOJ IG classified annex considers FBI’s treatment of two kinds of files from that SVR collection: first, report(s) claiming that Loretta Lynch was trying to cover up the Clinton investigation and Jim Comey was trying to exacerbate it (Comey only appears in one), and, also, a set of files that might have raw State Department documents stolen by Russia that could be used to investigate Hillary.

The reports became important to Horowitz’ discussion of the Clinton email investigation because Jim Comey claimed in June 8, 2017 congressional testimony that one reason why he decided to make the prosecutorial decision on the Clinton investigation is because he worried that the two reports on Lynch might leak.

The raw intelligence became a focus because early on, alleged Trump adversary Peter Strzok sought to review the raw collection, a request that ultimately fell through the cracks, which Grassley uses to claim the investigation was not diligent enough.

A several page section of the report describing the collection — eight thumb drives, along with a set of data provided via other means — makes clear that, on top of normal concerns about allowing the FBI to review stolen US person data, the hesitation to access the data arose from the large number of privileged files, from the White House, from State, and from Congress, in there.

  • Thumb drives 1-5: These thumb drives included files stolen from US victims, including the Executive Office of the President, the State Department, and the House of Representatives, probably including a number of unknown US victims. The FBI did analyze these files, which helped them to identify where the Obama ones came from, that the Russians had obtained “advance intelligence about a planned FBI arrest of a Russian citizen,” and network maps of classified US government systems. Two drives, drives 3 and 4, “focused primarily on State Department communications,” as did much of the content of the other thumb drives. The FBI never comprehensively reviewed these files because of concerns about Executive and Congressional privileges tied to the victims. The FBI has queried them, three times:
    • In early 2016, FBI queried the drives using some approved keywords, apparently to understand Russia’s targets.
    • FBI later conducted a second set of limited queries, without reading the actual content. It did, however, create a “word cloud” of what was in the US victim data, which FBI treated as an index.
    • In August 2017, FBI OGC permitted an analyst working with Mueller to query the word cloud index on Clinton and clintonemail.com.
  • Thumb drives 6 and 7: These drives appear to include Russia’s reports about their hacks; victim data was included as attachments. The FBI permitted analysts to review non-victim data for foreign intelligence and evidentiary purposes, but not any content from the Executive Office of the President, State, or Congress.
  • Thumb drive 8: This data was never uploaded until 2018 and by the time of this report (also 2018) had never been reviewed. It was believed to include data redundant to what was on drives 1-5, including privileged material.
  • Post-8 data: This data appears to have come to the FBI via a medium other than a thumb drive. Their source filtered out certain kinds of victim data before passing it on. It also was unlikely to have the privileged sources of information — from EoP, State, and the House of Representatives — that presented concerns about the data on thumb drives 1-5. The FBI was permitted to review this data under the same rules as applied to Thumb drives 6 and 7 — that is, they could review the non-victim information.

Staring in August 2016, Andy McCabe started asking to access all eight drives. While the Obama White House told the FBI in October 2016 that their request for access was overly broad, they never got around to negotiating that access because the FBI was too busy working on the Russian investigation and exploiting Anthony Weiner’s laptop. White House Counsel Neil Eggleston circled back on this issue in his last day on the job, January 19, 2017.

Ironically, the most aggressive attempt to access these files up to the IG Report came from an analyst on the Mueller team — no doubt someone who has subsequently been fired. The IG Report describes that this person likely exceeded search protocols prohibiting searches on victim information, including on Clinton and clintonemail. Now, however, Trump will undoubtedly use Tulsi’s propaganda campaign as an excuse to read emails stolen from Barack Obama, waiving any privilege concerns (indeed, that should be understood as one goal of the task force Bondi set up yesterday, to collude with Russian spies to spy on President Obama).

For the purposes of understanding how Tulsi colluded with Russian spies yesterday, the most important detail from the classified annex is that the FBI didn’t treat the two Loretta Lynch reports as credible — the report describes that FBI considered them “objectively false.”

[W]itnesses told us that the reports were not credible on their face for various reasons, including that they contained information that the FBI knew to be “objectively false.”

One reason they likely believed that is because one of the two Lynch reports said that Comey was deliberately trying to stall the investigation.

Comey is leaning more to the [R]epublicans, and most likely he will be dragging this investigation until the presidential elections; in order to effectively undermine the chances for the [Democratic Party] to win the presidential elections. [brackets original]

It also revealed that the FBI never found the underlying stolen documents on which the reports were purportedly based — at one point, the DOJ IG Report notes that it wasn’t clear “if such communications in fact existed.”

The FBI didn’t believe these documents were credible.

But if you do believe the reports are credible — if you treat the reports as “true” — then it is not just “true” that Jim Comey was stalling the Clinton email investigation to help Republicans, but Russia believed that Comey was stalling the Clinton email investigation to help Republicans win the election.

HPSCI’s Jim Comey problem

The HPSCI report includes these SVR files, years after the FBI determined at least two of them were not credible, as “true” statements of Putin’s belief. I’ll write up the entire report separately; parts of it are quite rigorous and interesting, while the section on the Steele dossier was riddled with errors and this part — the part that relies on these SVR reports — was sort of an exercise in desperation to find as many reasons to discredit the claim that Putin tried to help Trump get elected as possible. This section is the mirror image of what the report alleges John Brennan was engaged in with the 2017 ICA Report, intelligence analysis that came to a conclusion and then found intelligence to back that conclusion. They include the SVR reports to argue that if Putin really wanted Trump to win, he would have released all these reports.

In a page and a half, the HPSCI report cites one after another of these reports.

  • In September 2016, Russian spies claimed that President Obama found Hillary’s health to be “extraordinary alarming.”
  • Russian spies claimed it had communications showing Hillary was suffering from “psycho-social problems” and even (Tulsi parroted there in the White House) “was placed on a regimen of ‘heavy tranquilizers’.”
  • Russian spies claimed Hillary had Type 2 Diabetes and deep vein thrombosis.
  • The claim — which John Ratcliffe noted could “reflect exaggeration or fabrication” in his report in 2020 — that Hillary had a plan to link Trump and Putin to distract from the Clinton email investigation.
  • Russian spies claimed Hillary traded financial funding for electoral support with religious organizations in post-Soviet countries.
  • US allies in London, Berlin, Paris, and Rome doubted her ability to perform the functions of President.
  • European government experts assessed that Trump’s only chance of winning was allegations about the Clinton Foundation.

The HPSCI Report includes in three bullets the allegations laid out in the two reports described in the IG Report, split up across two pages, as if they represent three reports.

[snip]

Not only do they ignore that the FBI viewed at least some of these reports as “not credible,” nor address the question of whether these reflected real intercepts at all.

But they don’t mention that the first of those two reports (probably the January 2016 one) also claimed that Jim Comey was going to stall the investigation to help Trump win.

If you believe the reports were “true,” then you believe that Jim Comey had a plan to help Trump win — much like what he did do — and that Putin shared that same belief.

It was bad enough that a bunch of right wing Congressmen desperate to create a propaganda document to help Trump get elected in 2020 exhibited such shoddy tradecraft.

But yesterday, the Director of National Intelligence stood at a White House podium and repeated one after another Russian intelligence report about which multiple entities have raised serious questions as to its accuracy.

In the guise of complaining about politicized spies exercising inadequate due diligence, Tulsi Gabbard just parroted these Russian intelligence reports — reports that either rely on intercepts of an American citizen or just make shit up — uncritically.

This was Russian spy product, delivered from the White House, from the head of US intelligence.

Links

A Dossier Steal: HPSCI Expertly Discloses Their Own Shoddy Cover-Up

Think of the HPSCI Report as a Time Machine to Launder Donald Trump’s Russia Russia Russia Claims

Tulsi Gabbard and John Ratcliffe Reveal Putin “Was Counting on” a Trump Win

Tulsi Gabbard Teams Up with Russian Spies to Wiretap and Unmask Hillary Clinton

The Secrets about Russia’s Influence Operation that Tulsi Gabbard Is Still Keeping from Us

Tulsi Gabbard Accuses Kash Patel of Covering Up for the Obama Deep State

Share this entry

Whiskey Pete’s Dirty Desktop

/22 Comments/in /by

We continue to get more details of Whiskey Pete Hegseth’s abysmal operational security.

Today, NYT revisited the issue of Pete Hegseth’s shoddy operational security, tracking all the other accounts he had registered under the phone number with which he used Signal.

Mr. Hegseth had a significant social media presence, a WhatsApp profile and a Facebook page, which he still has.

On Aug. 15, 2024, he used his personal phone number to join Sleeper.com, a fantasy football and sports betting site, using the username “PeteHegseth.” Less than two weeks later, a phone number associated with his wife, Jennifer, also joined the site. She was included in one of the two Signal chats about the strikes.

Mr. Hegseth also left other digital breadcrumbs, using his phone to register for Airbnb and Microsoft Teams, a video and communications program.

Mr. Hegseth’s number is also linked to an email address that is in turn linked to a Google Maps profile. Mr. Hegseth’s reviews on Google Maps include endorsements of a dentist (“The staff is amazing”), a plumber (“Fast, honest, and quality work”), a mural painter (“Painted 2 beautiful flags for us — spot on”) and other businesses. (Google Maps street view blurs out Mr. Hegseth’s former home.)

What they don’t say is the accessibility of his personal phone number could have made it easier to ID the IP address for the computer that (per the AP) Hegseth set up in his office so he could access Signal.

Defense Secretary Pete Hegseth had an internet connection that bypassed the Pentagon’s security protocols set up in his office to use the Signal messaging app on a personal computer, two people familiar with the line told The Associated Press.

The existence of the unsecured internet connection is the latest revelation about Hegseth’s use of the unclassified app and raises the possibility that sensitive defense information could have been put at risk of potential hacking or surveillance.

Known as a “dirty” internet line by the IT industry, it connects directly to the public internet where the user’s information and the websites accessed do not have the same security filters or protocols that the Pentagon’s secured connections maintain.

Other Pentagon offices have used them, particularly if there’s a need to monitor information or websites that would otherwise be blocked.

But the biggest advantage of using such a line is that the user would not show up as one of the many IP addresses assigned to the Defense Department — essentially the user is masked, according to a senior U.S. official familiar with military network security.

[snip]

Hegseth initially was going to the back area of his office where he could access Wi-Fi to use his devices, one of the people familiar said, and then he requested a line at his desk where he could use his own computer.

That meant at times there were three computers around his desk — a personal computer; another for classified information; and a third for sensitive defense information, both people said.

Because electronic devices are vulnerable to spying, no one is supposed to have them inside the defense secretary’s office. Important offices at the Pentagon have a cabinet or drawer where staff or visitors are required to leave devices.

But there’s a detail that remains unexplained, one which makes this more interesting.

In addition to the texts themselves, Jeffrey Goldberg provided a number of useful details about the Houthi PC small group thread.

He included the list of the 19 people who belonged to it when he left.

We see the Principals add people (and Mike Waltz add someone believed to be Stephen Miller) along the way.

Goldberg also included metadata showing Mike Waltz setting the disappearing messages. In addition, we see Marco Rubio adding a second account for himself, “MAR added MAR.”

Rubio might have done that if he had a second device.

Given that that was all public by March 26 — which was, itself, nine days after Goldberg dropped off the list — it raises questions about why, on both March 26 and March 28 (per a CIA filing in the American Oversight lawsuit), people were fiddling with administrative settings.

I understand that the Director’s personal Signal account was reviewed and a screenshot of the Signal Chat at issue was captured from the Director’s account on 31 March 2025, and transferred to Agency records systems the same day. I understand that the screenshot reflects the information available at the time the screenshot was captured, which I characterized as “residual administrative content” in my initial declaration. I used that terminology because the screenshot does not include substantive messages from the Signal chat; rather, it captures the name of the chat, “Houthi PC small group”, and reflects administrative notifications from 26 March and 28 March relating to changes in participants’ administrative settings in this group chat, such as profile names and message settings.

That is, the only thing left on John Ratcliffe’s personal cell phone when they went to archive messages covered by the Federal Records Act was a version of the screen shot above — with the name of the chat, the dates March 26 and 28, changes in message settings (perhaps Mike Waltz trying to undo the damage of his disappearing timeline), and changes in profile names.

It’s the last bit that is most interesting. It might reflect people, in addition to the 19, who were added after Goldberg dropped off, people who were even more problematic to be included in the chat than Jeffrey Goldberg. It shouldn’t reflect people changing their own screen names; at that point, after Goldberg published, there would be no point.

But there’s also something that remains unexplained, given the new information we have.

We know from the second of three DOD declarations in the same American Oversight lawsuit that someone — the passive voice is used — did a search of Whiskey Pete’s “mobile device,” whence the “available Signal application messages that are at issue in this case have been preserved.” We know from the third declaration that a search — possibly the only one — that was conducted (the passive voice is used again) on March 27, between the day of the first admin changes reflected on Ratcliffe’s personal phone, March 26, and the day of the second administrative changes, March 28.

What we don’t have, however, is any indication how Hegseth accessed Signal via two different devices, the personal cell that was searched (passive voice) and the desktop in his office hooked up to the dirty old Internet — that is, whether he had a second account, maybe called WarFightersLoveWhiskey or just Pete, or whether he did in fact use his publicly identifiable phone number on the desktop hooked up to the dirty old Internet. That’s actually one possible explanation for the changes on March 26 and 28.

Perhaps we could answer that question by searching the device in Whiskey Pete’s office for Federal Records Act compliance?

Or maybe, as I said, there was someone added in the nine days after Goldberg left.

Share this entry

Tulsi Gabbard’s NIE Lies Make Dick Cheney Look Honest by Comparison

/48 Comments/in /by

Yesterday, Tulsi Gabbard posted this tweet.

The last sentence of the tweet, referencing an “assessment that the foreign terrorist organization, Tren De Aragua, is acting with the support of the Maduro Regime,” makes clear it pertains to a National Intelligence Estimate described last week by WaPo (and that Tulsi’s bossy claims about leak investigations pertains to the story itself, which I’ll return to).

As WaPo described it, 17 of 18 intelligence agencies say Tulsi is lying.

According to WaPo, the NIE says that,

although there are some low-level contacts between the Maduro government and Tren de Aragua, or TdA, the gang does not operate at the direction of Venezuela’s leader.

[snip]

The finding was nearly unanimous among the U.S. intelligence agencies with the exception of the FBI, which assessed a moderate level of cooperation between the gang and the Venezuelan government, two people familiar with the matter said.

At least as WaPo describes, Tulsi may even be overstating the FBI conclusion that TdA had a moderate level of cooperation with the government, instead spinning that as, “Tren De Aragua, is acting with the support of the Maduro Regime.”

If WaPo’s reporting is accurate — and we can be virtually certain it is — Tulsi is trying to rewrite the NIE to support Trump’s view, all the while screaming about weaponization.

WaPo describes the stakes of this dispute, but not very clearly. Whether TdA operates at the direction of Venezuela is one key prong on which Trump’s bid to deport Venezuelan makeup artists and soccer players with no due process to Nayib Bukele’s concentration camp in El Salvador.

Trump’s manic bid to deport hundreds of migrants to Nayob Bukele’s concentration camp rests on a series of tactics. Many of the tactics were evident in the mad rush last Friday, in the face of a legal injunction prohibiting deportation under the Alien Enemies Act in Southern District of Texas, to instead load a bunch of Venezuelans on planes in Northern District of Texas, from the Bluebonnet Detention Center.

Most of this (the bottom four entries describing how Trump is trying to use AEA deportations) is a bid to use the Alien Enemies Act in a particular way: to bypass deportation proceedings, providing last minute notice (reportedly in English) that guards demand detainees sign, rather than information about the availability of habeas corpus petitions, loading them onto flights where there is not yet an injunction, with demands that men sign documents affirming they are TdA members along the way. Those tactics are what we’re seeing in one frantic legal fight after another.

The Administration seems to want to get the AEA interpreted in this instance to allow virtually no due process — nothing more than Stephen Miller screeching on Fox News that you are TdA, without proof — to deport people who presented in the US, often making asylum claims.

But the larger scheme will only work if courts uphold the AEA in this context, for use in peacetime against a population from one particular home country. Here’s how Trump pitched TdA in the declaration itself.

Tren de Aragua (TdA) is a designated Foreign Terrorist Organization with thousands of members, many of whom have unlawfully infiltrated the United States and are conducting irregular warfare and undertaking hostile actions against the United States. TdA operates in conjunction with Cártel de los Soles, the Nicolas Maduro regime-sponsored, narco-terrorism enterprise based in Venezuela, and commits brutal crimes, including murders, kidnappings, extortions, and human, drug, and weapons trafficking. TdA has engaged in and continues to engage in mass illegal migration to the United States to further its objectives of harming United States citizens, undermining public safety, and supporting the Maduro regime’s goal of destabilizing democratic nations in the Americas, including the United States.

TdA is closely aligned with, and indeed has infiltrated, the Maduro regime, including its military and law enforcement apparatus. TdA grew significantly while Tareck El Aissami served as governor of Aragua between 2012 and 2017. In 2017, El Aissami was appointed as Vice President of Venezuela. Soon thereafter, the United States Department of the Treasury designated El Aissami as a Specially Designated Narcotics Trafficker under the Foreign Narcotics Kingpin Designation Act, 21 U.S.C. 1901 et seq. El Aissami is currently a United States fugitive facing charges arising from his violations of United States sanctions triggered by his Department of the Treasury designation.

Like El Aissami, Nicolas Maduro, who claims to act as Venezuela’s President and asserts control over the security forces and other authorities in Venezuela, also maintains close ties to regime-sponsored narco-terrorists. Maduro leads the regime-sponsored enterprise Cártel de los Soles, which coordinates with and relies on TdA and other organizations to carry out its objective of using illegal narcotics as a weapon to “flood” the United States. In 2020, Maduro and other regime members were charged with narcoterrorism and other crimes in connection with this plot against America.

Over the years, Venezuelan national and local authorities have ceded ever-greater control over their territories to transnational criminal organizations, including TdA. The result is a hybrid criminal state that is perpetrating an invasion of and predatory incursion into the United States, and which poses a substantial danger to the United States. Indeed, in December 2024, INTERPOL Washington confirmed: “Tren de Aragua has emerged as a significant threat to the United States as it infiltrates migration flows from Venezuela.” Evidence irrefutably demonstrates that TdA has invaded the United States and continues to invade, attempt to invade, and threaten to invade the country; perpetrated irregular warfare within the country; and used drug trafficking as a weapon against our citizens. [my emphasis]

Some of this (we’re not at war no matter how inflammatory Trump claims migration is) is not legally apt to the statute. Some of this (the specific ties between Maduro and the gang, including his intent to use the gang as a weapon) is not true.

Which is why Tulsi is attempting to claim it is. Thus the stakes on the NIE. Thus Tulsi’s need to claim the NIE concluded something other than it concluded.

As ACLU is arguing in cases challenging the use of the AEA around the country (in this case, men in NDTX saved from deportation by SCOTUS’ intervention on Saturday), the Trump Administration shouldn’t be able to use the AEA at all in this context, because the US is not at war, and the convoluted assertions Trump made to claim we are — that the US is being invaded by a gang backed by Venezuela — does not hold up.

In a Proclamation signed on March 14 but not made public until March 15 (after the government had already attempted to use it), the President invoked a war power, the Alien Enemies Act of 1798 (“AEA”), to summarily remove noncitizens from the U.S. and bypass the immigration laws Congress has enacted. See Invocation of the Alien Enemies Act (Mar. 15, 2025) (“Proclamation”).1 The AEA permits the President to invoke the AEA only where the United States is in a “declared war” with a “foreign government or nation” or a ‘foreign government or nation” is threatening to, or has engaged in, an “invasion or predatory incursion” against the “territory of the United States.” The Proclamation targets Venezuelan noncitizens accused of being part of Tren de Aragua (“TdA”), a criminal gang, and claims that the gang is engaged in an “invasion and predatory incursion” within the meaning of the AEA.

[snip]

Petitioners contend that the Proclamation is invalid under the AEA for several reasons. First, the Proclamation fails to the AEA’s statutory predicates because TdA is not a “foreign nation or government,” nor is TdA is engaged in an “invasion” or “predatory incursions” within the meaning of the AEA. Thus, the government’s attempt to summarily remove Venezuelan noncitizens exceeds the wartime authority that Congress delegated in the AEA. Second, the Proclamation violates both the Act and due process by failing to provide notice and a meaningful opportunity for individuals to challenge their designation as alien enemies. Third, the Proclamation violates the process and protections that Congress has prescribed for the removal of noncitizens in the immigration laws, including protection against being sent to a country where they will be tortured.

If ACLU successfully argues that there’s an NIE that shows even the Intelligence Community knows the basis on which Trump declared AEA is false, then it will undermine the entire effort to use AEA to achieve due process-free deportations.

As I said above, we can be pretty sure that Tulsi is lying on Xitter. That’s not just because her Global Threat Assessment, released a week after Trump invoked the AEA, makes no mention of such invasion or even Tren de Agua (which I noted here). But also because because when Joaquin Castro asked her about such assessment, she confessed that there were competing assessments.

Castro: I want to ask about the Alien Enemies Act, real quick, while I have time. The President has used the Alien Enemies Act, a wartime authority last used to detain German and Japanese nationals during World War II, to summarily deport people accused of being members of the Venezuelan gang, Tren de Aragua. To invoke this law, the President must demonstrate the United States is under invasion by a foreign nation or government. They have alleged that we are under invasion by the Venezuelan government. The idea that we are at war with Venezuela would come as a surprise to most Americans. The unclassified version of the Annual Threat Assessment the Intelligence Community just released makes no mention of any invasion or war that we are fighting with the nation of Venezuela. You would think our nation being at war would merit at least a small reference in this Threat Assessment. Director Ratcliffe, does the Intelligence Community assess that we are currently at war or being invaded by the nation of Venezuela?

Ratcliffe: We have no assessment that says that.

Castro: In invoking the law the President alleged that Venezuela is taking hostile actions at the direction — clandestine or otherwise — of the Maduro regime in Venezuela. Director Gabbard: Does the Intelligence Community assess the Venezuelan government is directing Tred de Aragua’s hostile actions against the United States.

Gabbard: There are varied assessments that came from different Intelligence Community elements. I’ll defer to Director Patel to speak specifically to the FBI assessment.

[Kash moves to speak.]

Castro: But let me ask you. So you’re saying there are conflicting assessments that have come from the IC?

Gabbard: That’s correct.

Castro: Thank you. We’ll take it up in closed session.

For his part, John Ratcliffe admitted that “we” (possibly meaning the CIA) has no assessment that backs Trump’s claim of invasion. The CIA would be one of the 17 agencies that debunked Trump’s claim.

So now that WaPo confirmed what was evident just from this exchange (the WaPo story notes that both Castro and Jim Himes raised the AEA during the hearing) Tulsi is trying to lie about the assessment by claiming this is an illegal leak, precisely the weaponization against which Trump ran.

The weaponization of intelligence to undermine the President’s agenda is an assault on democracy. Those behind this illegal leak of classified intelligence, twisted and manipulated to convey the exact opposite finding, will be held accountable under the full force of the law. Rooting out this politicization of intelligence is exactly what President Trump campaigned on and what Americans overwhelmingly voted for.

Blah blah blah.

Unless Tulsi wants to start going after her former House colleagues, it’s likely there was no classified leak. It goes little beyond what Tulsi herself said in this exchange with Castro, and otherwise relies on named expert sources.

“The idea that Maduro is directing Tren de Aragua members and sending criminals to infiltrate the United States is ludicrous,” said Geoff Ramsey, a Venezuela expert at the Atlantic Council, a Washington-based think tank.

The group, which started as a prison gang in the Venezuelan state of Aragua in 2014, has expanded into a transnational gang that has carried out brazen crimes from Santiago, Chile, to New York City. But it does not operate with a clearly defined hierarchical structure, Ramsey said.

“Tren de Aragua has become more like a brand that any group of carjackers from Miami down to Argentina can invoke to further their criminal activity, but there’s really no clear sense of hierarchy,” he said. “And the reality is that Tren de Aragua has not always gotten along with the Maduro government: We saw just a few years ago, the military in 2023, stormed a prison that Tren de Aragua controlled and allegedly carried out extrajudicial executions.”

And Tulsi is trying to silence experts with unbridled Orwellian claims that up is down — that the single FBI assessment, assessing moderate contacts — says that TdA is acting with Venezuelan support, a claim that even still falls well short of what Trump claimed in his declaration.

Tulsi built her entire career around opposing the wars that Dick Cheney ginned up two decades ago. Now, in Cheneyesque fashion, she’s grotesquely inventing a war that doesn’t exist so she can help Trump destroy the Constitution.

Update: In a CO case granting two detainees a Temporary Restraining Order forbidding their deportation under the AEA, Judge Charlotte Sweeny said this about the AEA:

According to Petitioners, the Proclamation exceeds the President’s “statutory authority in three critical respects.” ECF No. 2 at 11. First, there is no “invasion or predatory incursion.” Id. Second, any purported invasion is not perpetuated by a “foreign government or nation.” Id. And third, there is “no process to contest whether an individual falls within the Proclamation.” Id. Skepticism of the Proclamation’s contrary findings is required, Petitioners urge, to the point of satisfying their first TRO burden. Id.; see also M.G., 117 F.4th at 1238. The Court agrees.

That said, Sweeny’s analysis did not focus on the relationship between Tren de Aragua and the Maduro regime.

Petitioners contend, as with its failures to identify an “invasion” or “predatory incursion,” the Proclamation likewise fails to assert a “foreign nation or government” is “invading the United States.” ECF No. 2 at 14. The Court agrees with Petitioners. The Court discerns little reason to linger on this point, especially where, as Petitioners observe, the Proclamation finds TdA is “closely aligned with [and] infiltrated[] the Maduro regime.” Invocation of the Alien Enemies Act Regarding the Invasion of the United States by Tren de Aragua, 90 FR 13033. The Proclamation does not find TdA itself is a foreign nation, country, or government. At bottom, the Proclamation fails to adequately find or assert TdA is a “foreign nation or government,” § 21, sufficient to justify the Act’s invocation. Indeed, if TdA was such a “foreign nation or government,” id., there would be no need for it to “undertak[e] hostile actions . . . at the direction, clandestine or otherwise, of the Maduro regime in Venezuela,” Invocation of the Alien Enemies Act Regarding the Invasion of the United States by Tren de Aragua, 90 FR 13033 (emphasis added).

Rather, in lengthier analysis, she focused on the absence of military invasion. She did not rely on Ratcliffe’s comment, but she could have.

Share this entry

Whiskey Pete Hegseth Finally Finds Some White Men to Purge

/40 Comments/in /by

Amid all the other news, the purge of suspected leakers Pete Hegseth announced last month has netted three targets — all white men, for a change! Politico has not only provided a roster, but described the scope of the leak investigation.

The Pentagon put a third top official on administrative leave Wednesday as part of a wide-ranging leak investigation, according to a defense official and a person familiar with the matter.

Colin Carroll, chief of staff to Deputy Defense Secretary Stephen Feinberg, was suspended a day after two other political appointees were placed on leave following a probe into potential leaks of sensitive information.

The leaks under investigation include [1] military operational plans for the Panama Canal, [2] a second carrier headed to the Red Sea, [3] Elon Musk’s controversial visit to the Pentagon to discuss China and a [4] pause in the collection of intelligence for Ukraine, according to the official.

[snip]

Dan Caldwell, a senior adviser to Defense Secretary Pete Hegseth, and Darin Selnick, the Defense Department’s deputy chief of staff, were escorted out of the Pentagon by security officers and had their building access suspended pending further investigation, the official said. Caldwell and Selnick both previously worked at Concerned Veterans for America, the nonprofit that Hegseth once led. [my annotation]

An Air Force Special Forces Command Chief Master Sergeant was also removed on Monday, though no one has said the investigation described to be targeting him is Pete Hegseth’s purge.

When this investigation was first reported by CNN, it focused on the disclosure to NYT, for a story published on March 20  [1], that Hegseth was about to give Elon Musk a briefing on US war plans against China.

The memo comes after President Donald Trump pushed back on a New York Times report that DOGE head Elon Musk would be briefed on US military plans for a potential war with China while at the Pentagon on Friday. Trump said he wouldn’t show such plans “to anybody.”

And surely that’s a big focus of this investigation. As news of these ousters broke, Marc Caputo released a story ret-conning Trump’s unhappiness with the briefing, claiming, against all sense, that Trump got mad at Elon but not, also, Hegseth about it.

  1. Defense Secretary Pete Hegseth suspended two top Pentagon officials, Dan Caldwell and Darin Selnick, as part of an investigation into who leaked word of a planned top-secret briefing on China for Elon Musk.
  2. Axios learned that Musk or Hegseth didn’t just decide to call off that briefing after the leak. President Trump himself ordered staffers to kill it.
  • “What the f**k is Elon doing there? Make sure he doesn’t go,” Trump said, a top official recalled to Axios.

Why it matters: Musk has annoyed several administration officials with his constant presence at the White House, his haphazard social media posts and his slash-and-burn tactics at his Department of Government Efficiency.

  • The planned Pentagon briefing, however, got him cross with the boss at the Resolute Desk.

Anyway, no one made sure Elon “doesn’t go;” the currently operative story is Elon went to the Pentagon, but didn’t get the briefing. If Trump were unhappy with the planned briefing, rather than its exposure, I doubt we’d have this kind of leak investigation, which purportedly prevented the briefing from happening.

But Politico mentions three more leaks targeted by the investigation:

  • A widely disseminated story [1] disclosing that DOD had developed military plans targeting the Panama Canal; NBC’s story was published March 13.
  • The deployment [2] of the USS Carl Vinson from Asia to the Red Sea; the Politico version, which noted USNI reported the news first, was like USNI’s report dated March 21. Both versions report the move first as a month-long extension of the deployment of the USS Harry S. Truman, which was damaged and then repaired in February after being struck by a merchant ship, with the Vinson sailing from East China to the Red Sea to overlap with it. On March 16, the Houthis attempted to attack the Truman in retaliation for the strikes on March 15 ordered up by Pete Hegseth’s signal chat, and potential Houthi disinformation has very recently claimed the Truman has been struck.
  • Stories [4] about a pause in intelligence sharing with Ukraine that were quickly and publicly confirmed by John Ratcliffe; here’s Politico’s March 5 version, bylined by one of the guys closely tracking the purge.

So in order, the leaks are:

  • March 5 story on Ukraine intelligence sharing
  • March 13 story on targeting Panama
  • March 20 story on the Elon briefing
  • March 21 story on the Vinson redeployment from the East China Sea to the Middle East

With that list in mind, let’s look at several aspects of the memo, dated the same day as the Vinson deployment, March 21, asking for the investigation.

It does, in fact, identify, “unauthorized disclosures of national security information involving sensitive communications with principals within the Office of the Secretary of Defense,” plural. So while the coverage focused on the Elon briefing, it reportedly entailed the others from the start, including the seemingly routine report on the Vinson deployment.

It not only mentioned “sensitive communications with principals within the Office of the Secretary of Defense,” but it asked for cooperation from “those responsible for maintaining and overseeing information security systems and in coordination with federal partners as required.” At first, in the days before Jeff Goldberg revealed Pete Hegseth conducts these discussions (including discussions about the Middle East operations like the Vinson deployment) via Signal chat, it seemed this might have been an investigation into DOD’s secure communications.

But given the inclusion of Dan Caldwell — the guy whom Hegseth instructed Mike Waltz to add as his representative to the famous Signal chat — as the first guy purged suggests this leak investigation could also be about the Signal chat.

Or other Signal chats. Mike Waltz apparently did this all the time.

American Oversight’s lawsuit seeking to preserve the signal chats Goldberg published already disclosed that the actual content of the chats did not get preserved on John Ratcliffe’s personal phone, and that between March 26 and March 28 — after Congress was already investigating — participants changed message settings.

In a filing asking James Boasberg to find that Ratcliffe defied his order submitted yesterday, American Oversight included this timeline of what we know from filings in that suit:

March 24: Excerpts of the Signal chat appear in The Atlantic.1

March 25: American Oversight files this action. On the same day, Defendant Ratcliffe testifies before the Senate Select Committee on Intelligence regarding his use of Signal.2

March 26: American Oversight files a motion for temporary restraining order. ECF No. 6. The same day, changes occur in the Signal chat “participants’ administrative settings . . . such as profile names and message settings.” Suppl. Blankenship Decl. ¶ 4, ECF No. 15-3. Also on the same day, The Atlantic publishes further excerpts from the Signal chat.3

March 27: This Court orders Defendants to “promptly make best efforts to preserve all Signal communications from March 11–15, 2025.” Min. Order, Mar. 27, 2025. The same day, the CIA’s Office of General Counsel reportedly issued a litigation hold notice. Blankenship Decl. ¶ 4, ECF No. 10-3.

March 28: Changes occur again in the Signal chat participants’ profile names and message settings. Suppl. Blankenship Decl. ¶ 4, ECF No. 15-3.

March 31: Defendant Ratcliffe’s Signal account is “reviewed” for the first time and found to contain no substantive messages from the Signal chat. Suppl. Blankenship Decl. ¶ 4, ECF No. 15-3.

1 See Jeffrey Goldberg, The Trump Administration Accidentally Texted Me Its War Plans, The Atlantic (Mar. 24, 2025), https://www.theatlantic.com/politics/archive/2025/03/trumpadministration-accidentally-texted-me-its-war-plans/682151/.

2 Sen. Select Comm. on Intel. Hr’g to Examine Worldwide Threats Tr., Mar. 25, 2025, available at https://www.dia.mil/Portals/110/Images/News/DIA%20in%20the%20News/Committee_Hearing _2025.pdf.

3 See Jeffrey Goldberg & Shane Harris, Here Are the Attack Plans that Trump’s Advisers Shared on Signal, The Atlantic (March 26, 2025), https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegsethgoldberg/682176.

All of that took place after Hegseth himself ordered an investigation into leaks including the extension of the Harry S. Truman deployment to fight the Houthis on March 21, the kind of thing that might have been on that Signal chat.

While American Oversight didn’t ask for any other declarations, it did note that the existing declarations [docket] raise real questions about who else, including Whiskey Pete, might have deleted these texts from their devices.

For example, rather than specifying which messages were preserved, the Supplemental DoD Declaration vaguely references the preservation of “existing Signal application messages,” which, as shown by the Supplemental Blankenship Declaration, could be none. Suppl. Bennett Decl. ¶ 2, ECF No. 15-1. Similarly, without specifying whether any substantive messages were preserved, the Supplemental State Declaration merely states that “images of the Signal chat”—including “any” images captured from the Secretary’s devices—have been preserved. See Decl. of Timothy J. Kootz ¶ 4, ECF No. 15-4. As with CIA, those “images of the Signal chat” may simply be the title of the group chat. The Supplemental State Declaration also suggests that Secretary Rubio accessed the Signal chat from multiple devices. Id. More broadly, the evidentiary issues identified in the Supplemental Blankenship Declaration raise substantial questions regarding what these other Defendants actually preserved.

In forthcoming filings, American Oversight will probe the clear deficiencies in Defendants’ recordkeeping practices evidenced by these standout omissions of whether and what substantive messages from the Signal chat still exist, as well as when and how any such messages were lost. [my emphasis]

All of which brings me to the last detail of the original leak announcement that has always struck me: it was set up not as conventional leak investigations are, as a referral to the FBI based on stories that include classified information. That’s how you find out who leaked what if you want all possible culprits involved. Rather, it was set up such that Hegseth himself would get reports on the findings, and from that point, the criminal referrals would go out.

This investigation will commence immediately and culminate in a report to the Secretary of Defense. The report will include a complete record of unauthorized disclosures within the Department of Defense and recommendations to improve such efforts. I expect to be informed immediately if this effort results in information identifying a party responsible for an unauthorized disclosure, and that such information will be referred to the appropriate criminal law enforcement entity for criminal prosecution. [my emphasis]

That is, this so-called leak investigation implicating the guy Hegseth would add to his inappropriate Signal chats was set up such that Hegseth himself gets to gatekeep who gets targeted by it.

He appears to have set it up that way, importantly, before he realized a journalist had witnessed him add Dan Caldwell to a Signal chat on which he himself would disseminate battle information to the personal cell phones of multiple list participants, including journalist Jeff Goldberg.

Update: Adding this for timeline considerations. Roger Wicker and Jack Reed asked DOD IG to investigate this on March 27, while participants in the Signal chat were altering names and retention.

[W]e ask that you conduct an inquiry into, and provide us with an assessment of, the following:

1. The facts and circumstances surrounding the above referenced Signal chat incident, including an accounting of what was communicated and any remedial actions taken as a result;

2. Department of Defense (DOD) policies and adherence to policies relating to government officers and employees sharing sensitive and classified information on non-government networks and electronic applications;

3. An assessment of DOD classification and declassification policies and processes and whether these policies and processes were adhered to;

4. How the policies of the White House, Department of Defense, the intelligence community, and other Departments and agencies represented on the National Security Council on this subject differ, if at all;

5. An assessment of whether any individuals transferred classified information, including operational details, from classified systems to unclassified systems, and if so, how;

6. Any recommendations to address potential issues identified.

Share this entry