Posts

A Roger Stone Pardon for MacronLeaks Isn’t As Crazy as It Sounds

In April 2020, DOJ released the warrants from the Roger Stone investigation. With six of those, DOJ redacted broad swaths of the justifications behind the warrants, none of which were shared with him as part of his obstruction prosecution.

September 26, 2018: Mystery Twitter Account

September 27, 2018: Mystery Facebook and Instagram Accounts

September 27, 2018: Mystery Microsoft include Skype

September 27, 2018: Mystery Google

September 27, 2018: Mystery Twitter Accounts 2

October 5, 2018: Mystery Multiple Googles

All six were obtained by Patrick Myers, an FBI agent located in Pittsburgh, whereas almost all the warrants obtained before that were signed by agents located in DC (in earlier weeks, Myers had also obtained a warrant targeting a second account used by the GRU persona, Guccifer 2.0).

In his order releasing the warrants, Judge Christopher Cooper explained that all the redacted information (and so the information justifying these warrants) was redacted to protect, “the private information of non-parties, financial information, and non-public information concerning other pending criminal investigations.”

One of those warrants explicitly said that the government requested a gag on the provider involved (in that case, Twitter) because Roger Stone seemed not to understand the full extent of the investigation into him.

It does not appear that Stone is currently aware of the full nature and scope of the ongoing FBI investigation. Disclosure of this warrant to Stone could lead him to destroy evidence or notify others who may delete information relevant to the investigation.

In addition to the crimes for which Mueller declined to charge Stone (foreign donations) or of which he was convicted (witness tampering and obstructing an investigation), the warrant sought evidence of conspiracy (18 USC 371), two foreign agent laws (18 USC 951 and 22 USC 611), and computer hacking (18 USC 1030).

These warrants strongly suggest that in April 2020, as Bill Barr was making unprecedented efforts to limit Stone’s punishment for the crimes of which he had been convicted, DOJ continued to investigate whether Stone conspired with foreign entities — and given that a Guccifer 2.0 warrant is among this series, Russia would be that foreign entity — to engage in computer hacking.

That’s important background to the seizure from Trump’s office of document reflecting Executive Clemency for Stone that appears to have a link to a French President, possibly Emmanuel Macron.

If Stone were involved with the MacronLeaks operation on which the GRU teamed up with alt-Right figures in Stone’s orbit, it’s conceivable Trump secretly pardoned him to prevent him from being included in the indictment covering that operation.

Based on the FOIA exemptions in various versions of the Mueller Report released, the Stone investigation that continued after Mueller closed up shop appears to have been closed between September 18, 2020 and November 2, 2020. On the latter date — literally the day before the 2020 election — DOJ provided Jason Leopold a version of the Mueller Report with newly-unsealed passages. It revealed for the first time that, on page 178, a footnote modified the discussion in the body of the Report about whether Stone could be prosecuted for conspiring with Russia on computer hacking by explaining that Mueller had referred the issue to DC US Attorney’s Office for further investigation.

The Office determined that it could not pursue a Section 1030 conspiracy charge against Stone for some of the same legal reasons. The most fundamental hurdles, though, are factual ones.1279

1279 Some of the factual uncertainties are the subject of ongoing investigations that have been referred by this Office to the D.C. U.S. Attorney’s Office.

A version of the report released to Leopold on June 3, 2019 redacted that footnote because of an ongoing investigation. And a spreadsheet justifying all continued redactions released on September 18, 2020 seems to have redacted it too. The unredacted publication of it on November 2, 2020 suggests whatever investigation in Stone DOJ had been pursuing had been closed.

Stone’s wasn’t the only investigation that got shut down in the months before Donald Trump would lose the presidency. In that period, previously redacted references to investigations into two of Paul Manafort’s businesses, and an investigation into a suspected $10 million cash infusion during the 2016 election from an Egyptian state-owned bank were unsealed — though both were unsealed by the time of that September filing. There was even reference to a warrant for Erik Prince’s phone, suggesting any investigation into him had similarly been shut down.

What made Stone’s case different, however, is that DOJ never told us what the investigation was about (indeed, two referrals that likely pertain to Stone were redacted in that November 2020 release, which they shouldn’t have been if the cases were really closed).

The most important referral from the Mueller investigation, then — the one that Billy Barr was hired to make go away — simply got deep-sixed sometime in the months when it looked like Trump would lose the election, with no explanation as to what the investigation even was. And, again, it appears to have happened between September 18 and November 2, 2020.

As it happens, DOJ rolled out an indictment against GRU on October 19, just 15 days before the election (and just 14 days before DOJ released the language pertaining to Stone). It covered six GRU attacks, though focused especially on the 2018 Olympic Destroyer attack on the Pyeongchang Olympics.

But it included, almost as a throwaway, GRU’s role in the 2017 MacronLeaks campaign. By description, it held just one of the charged individuals accountable for the spearphishing part of the MacronLeaks campaign: Anatoliy Kovalev, the one guy (as noted) also charged in the DNC hack.

Defendant ANATOLIY SERGEYEVICH KOVALEV was a Russian military intelligence officer assigned to Military Unit 74455. KOVALEV sent spearphishing emails targeting a wide variety of entities and individuals, including those associated with French local government entities, political parties, and campaigns; the 2018 Winter Olympics; the DSTL; and a Georgian media entity. KOVALEV also engaged in spearphishing campaigns for apparent personal profit, including campaigns targeting large Russian real estate companies, auto dealers, and cryptocurrency miners, as well as cryptocurrency exchanges located outside of Russia. KOVALEV is a charged defendant in federal indictment number 18-CR-215 in the District of Columbia. [my emphasis]

In the Mueller indictment of the GRU, Kovalev is described as the guy responsible for the hacking that targeted voting infrastructure — the kind of stuff that really could have affected the outcome, especially in North Carolina.

72. In or around July 2016, KOVALEV and his co-conspirators hacked the website of a state board of elections (“SBOE 1”) and stole information related to approximately 500,000 voters, including names, addresses, partial social security numbers, dates of birth, and driver’s license numbers.

[snip]

75. In or around October 2016, KOVALEV and his co-conspirators further targeted state and county offices responsible for administering the 2016 U.S. elections. For example, on or about October 28, 2016, KOVALEV and his co-conspirators visited the websites of certain counties in Georgia, Iowa, and Florida to identify vulnerabilities.

76. In or around November 2016 and prior to the 2016 U.S. presidential election, KOVALEV and his co-conspirators used an email account designed to look like a Vendor 1 email address to send over 100 spearphishing emails to organizations and personnel involved in administering elections in numerous Florida counties. The spearphishing emails contained malware that the Conspirators embedded into Word documents bearing Vendor 1’s logo.

The Olympic Destroyer indictment obtained weeks before the election held Kovalev (and the GRU) accountable for the spearphish and communications with some French participants.

27. From on or about April 3, 2017, through on or about May 3, 2017 (during the days leading up to the May 7, 201 7, presidential election in France), the Conspirators conducted seven spearphishing campaigns targeting more than 100 individuals who were members of now-President Macron’s “La Republique En Marche!” (“En Marche!”) political party, other French politicians and high-profile individuals, and several email addresses associated with local French governments. The topics of these campaigns included public security announcements regarding terrorist attacks, email account lockouts, software updates for voting machines, journalist scoops on political scandals, En Marche! press relationships, and En Marchel internal cybersecurity recommendations.

28. KOVALEV participated in some of these campaigns. For example, on or about April 21, 2017, KOVALEV developed and tested a technique for sending spearphishing emails themed around file sharing through Google Docs. KOVALEV then crafted a malware-laced document entitled “Qui_peut_parler_ aux journalists.docx” (which translates to “Who can talk to journalists”) that purported to list nine En Marche! staff members who could talk to journalists about the previous day’s terrorist attack on the Champs-Elysees in Paris. Later that day, the Conspirators used an email account that mimicked the name of then-candidate Macron’s press secretary to send a Google Docs-themed spearphishing email to approximately 30 En Marche! staff members or advisors, which purported to share this document.

29. From on or about April 12, 2017, until on or about April 26, 2017, a GRU-controlled social media account communicated with various French individuals offering to provide them with internal documents from En Marche! that the user(s) of the account claimed to possess.

But it professed utter and complete ignorance about how the stolen documents started to get leaked.

30. On or about May 3 and May 5, 2017, unidentified individuals began to leak documents purporting to be from the En Marche! campaign’s email accounts.

But they weren’t unidentified, at least not all of them! As a DFIR report released 15-months before this indictment laid out, while there was a Latvian IP address that hadn’t been publicly identified at that point (one the FBI surely had some ability to unpack), the American alt-right, including Stone associate Jack Posobiec, made the campaign go viral, all in conjunction with WikiLeaks.

First there was a rumor spread from that Latvian IP to 4Chan to William Craddick to Jack Posobiec.

Last but not least came the “#MacronGate” rumor. Two hours before the final televised debate between Macron and Le Pen, on Wednesday, May 3, at 7:00 p.m.,41 a user with a Latvian IP address posted two fake documents on 4chan. The documents suggested that Macron had a company registered in Nevis, a small Caribbean island, and a secret offshore bank account at the First Caribbean Bank, based in the Cayman Islands. Again, the rumor itself was not entirely new. Macron himself had seen it coming. More than two weeks earlier on TV he warned that this type of rumor was likely to appear: “This week, you will hear ‘Mr. Macron has a hidden account in a tax haven, he has money hidden at this or that place.’ This is totally false, I always paid all my taxes in France and I always had my accounts in France.”42 What was new this time, however, was the release of two documents supposedly proving this rumor. The user who posted the two documents on 4chan did it purposefully on the evening on the final televised debate to attract more attention, and even suggested a French hashtag: “If we can get #MacronCacheCash trending in France for the debates tonight, it might discourage French voters from voting Macron”43.

Then the rumor spread on Twitter. The 4chan link was first posted by Nathan Damigo, founder of the American neo-Nazi and white-supremacist group Identity Evropa, and was further circulated by William Craddick, founder of Disobedient Media and notorious for his contribution to the Pizzagate conspiracy theory that targeted the US Democratic Party during the 2016 American presidential campaign. The first real amplifier was Jack Posobiec—an American alt-right and pro-Trump activist with 111,000 followers at the time: his tweet was retweeted almost 3,000 times. Only after 10:00 p.m. did the rumor begin to spread in French, mostly through far-right accounts using the #MacronCacheCash hashtag. The first tweets in French seemed to have been automatically translated from English.44

[snip]

The same user with the Latvian IP address who posted the fake documents on Wednesday announced on Friday morning that more were coming, promising, “We will soon have swiftnet logs going back months and will eventually decode Macron’s web of corruption.”49 Those responsible for #MacronGate thereby provided evidence that they were the same people responsible for the #MacronLeaks that were released later that day.

Then there were the leaked files themselves, which followed the same pattern: an anonymous leak to Craddick to Posobiec to WikiLeaks.

The files were initially posted on Archive.org, an online library site, supposedly in the morning63 (the time of first release on the website cannot be determined, as these original threads have since been deleted). At 7:59 p.m., the links to the threads were posted on PasteBin, a file-sharing site, under the name “EMLEAKS.” At 8:35 p.m., they were shared on 4chan. Then came their appearance on Twitter: Craddick was again the first to share the link to the PasteBin dump at 8:47 p.m., quickly followed by Jack Posobiec at 8:49 p.m., who provided a link to the 4chan thread with, for the first time, the hashtag #MacronLeaks.64 Contrary to what would later become a widespread misconception, Posobiec was not the first to tweet, Craddick was. However, Posobiec was the first to use the hashtag that would lend its name to the entire operation, hence the confusion. Posobiec’s tweet and hashtag was retweeted eighty-seven times within five minutes. He later said he had been alerted to the incoming dump by the user with a Latvian IP address who had posted the #MacronGate fake documents two days prior: “The same poster of the financial documents said to stay tuned tomorrow for a bigger story–so I pretty much spent the next 24 hours hitting refresh on the site.”65

So far, this conversation was exclusively Anglophone. This makes it clear that the hashtag #MacronLeaks was launched and spread in the United States, by the American alt-right. It was WikiLeaks that internationalized the spread, at 9:31 p.m., by tweeting: “#MacronLeaks: A significant leak. It is not economically feasible to fabricate the whole. We are now checking parts,” with a link to the files on PasteBin. Only then came the first French amplifiers, who happened to be Le Pen supporters

MacronLeaks was, openly and proudly, a joint venture between the GRU, far right influencers in Stone’s immediate orbit, and WikiLeaks. It was an attempt to repeat the 2016 miracle that elected Donald Trump, by supporting the Russian-supporting Marine Le Pen by damaging Macron.

There’s something unusual about the indictment, too. Alone among the indictments obtained by the Pittsburgh US Attorney’s office that month (October 2020), it was the single one signed in wet blue ink by the US Attorney, Scott Brady. Both the copy released by DOJ and the one docketed in PACER also lacked a jury foreperson’s signature.

Admittedly, most of the indictments WDPA obtained that month were fairly podunk crimes that wouldn’t need heightened security: a fentanyl dealer, a cocaine dealer, two unhoused men charged with theft, an aggravated assault, manufacturing a controlled substance, Social Security fraud, VA benefit fraud, all were signed in black ink, at least some of them electronically. But a child sexual trafficking indictment and a CSAM possession indictment, both originally filed under seal, also bear the foreperson’s signature and that black ink signature. Even a ransomware indictment rolled out nationally on October 15 — which would have the same kind of international sensitivities and national coordination as the GRU indictment — had a normal jury foreperson’s signature.

While Brady was not a surprising choice for US Attorney in Pittsburgh (he had previously been an AUSA), he was perhaps the most politicized of Trump’s US Attorneys. He’s the guy whom Barr put in charge of ingesting the dirt on Hunter Biden that Rudy Giuliani was getting from suspected Russian agents.

To be clear: There’s no public allegation that Stone had anything to do with MacronLeaks, though HateWatch places him at a Milo Yiannopoulos party where MacronLeaks appears to have come up, after the leaks but before the French election. I’m not saying that Stone was involved in the MacronLeaks operation.

But the response to the Stone reference in the subpoena receipt has assumed that the Stone reference cannot be related to the French President reference, all assumptions made by journalists that never covered the ongoing aspects into whether Stone conspired with Russia on a hack. If Trump did issue his rat-fucker a secret pardon for follow-on cooperation with Russian hackers, though, it would explain a number of things about the aftermath of the Mueller investigation, including what happened to the investigation into whether Stone conspired with Russia on hacking campaigns.

For his part, Trump included a bit of a tirade about the Stone reference in his motion for a Special Master last night.

In addition, did the affiant to the warrant fairly disclose any pretextual “dual” purpose at work in obtaining the warrant? For example, the Receipt for Property largely fails to identify seized documents with particularity, but it does refer to the seizure of an item labelled “Executive Grant of Clemency re: Roger Jason Stone, Jr.” Aside from demonstrating that this was an unlawful general search, it also suggests that DOJ simply wanted the camel’s nose under the tent so they could rummage for either politically helpful documents or support other efforts to thwart President Trump from running again, such as the January 6 investigation.

This is legally and politically nonsensical. If the pardon is the known pardon, then it’s not politically damaging at all. If it’s a real pardon of any kind — as a pardon written on a cocktail napkin arguably would be — then it’s a Presidential Record and squarely within the scope of the warrant (which permits seizure of any Presidential record created during Trump’s term). If the information about the French President is part of the document and appears to be sensitive, then it would qualify as a likely classified document. If the pardon were found in Trump’s safe next to his leatherbound box of TS/SCI documents, then it would be covered by the proximal search protocol laid out in the warrant. The pardon was legally seized.

Trump’s claims are nonsensical. But they’re also the the kind of squealing that invites further attention to what the clemency document really is.

What Fake French News Looks Like (to a British Consulting Company)

Along with reports that APT 28 targeted Emmanuel Macron that don’t prominently reveal that Macron believes he withstood the efforts to phish his campaign, the post-mortem on the first round of the French election has also focused on the fake news that supported Marine Le Pen.

As a result, this study — the headline from which claimed 25% of links shared during the French election pointed to fake news — has gotten a lot of attention.

The study, completed by a British consulting firm (though the lead on the study is a former French journalist) and released in full only in English, is as interesting for its assumptions as anything else.

Engagement studies aren’t clear what they’re showing, but this one is aware of that

Before I explain why, let me stipulate that accept the report’s conclusion that a ton of Le Pen supporters (though it doesn’t approach it from that direction) relied on fake news and/or Russian sources. The methodology appears to suffer from the same problem some of BuzzFeed’s reporting on fake news does, in that it doesn’t measure the value of shared news, but at least it admits that methodological problem (and promises to discuss it at more length in a follow-up).

Sharing is the overt act of taking an article or video or image that one sees in social media and, literally, sharing it digitally with one’s own followers or even into the public domain. Sharing therefore implies an elevated level of interest: people share articles that they feel others should see. While there are tools that help us track and quantify how many articles are shared, they cannot explain the sharer’s intention. It seems plausible, particularly in a political context, that sharing implies endorsement, yet even this is problematic as sharing can often imply shock and disagreement. In the third instalment [sic] of this study, Bakamo will explore in depth the extent to which people agree or disagree with what they share, but for this report (and the second, updated version), the simple act of sharing—whatever the intention—is nonetheless highly relevant. It provides a way of gauging activity and engagement.

[snip]

These are the “likes” or “shares” in Facebook, or “favourites” or “retweets” in Twitter. While these can be counted, we do not know whether the person has actually clicked through to read the content being shared before they like or retweet. This information is only available to the account owner. One of the questions that is often raised about social media is whether users do indeed read the article or respond simply to the headlines that appear in their newsfeed. We are unable to comment on this.

In real word terms, engagement can be two things. It can be agreement—whether reflexive or reflective—with the content shared. It can also, however, be disagreement: Facebook’s nuanced “like” system (in which anger is a valid form of engagement) or Twitter’s citations that enable a user to comment on the link while sharing it both permit these negative expressions.

The study is perhaps most interesting for what it shows about the differing sharing habits from different parts of its media economy, with no overlap between those who share what it deems “traditional” media and those who share what I’d deem conspiracist media. That finding, more than almost any other one, suggests what might be needed to engage in a dialogue across these clusters. Ultimately, what the study shows is increased media polarization not on partisan grounds, but on response to globalization.

Russian media looks very important when you only track Russian media

As I noted, one of the headlines that has been taken away from this study is that Le Pen voters shared a lot of Russian news sources — and I don’t contest that.

But there are two interesting details about how that finding came to be that important to this study.

First, the study defines everything in contradistinction from what it calls “traditional” media.

There are broad five sections of the Media Map. They are defined by their editorial distance from traditional media narratives. The less accepting a source is of traditional media narratives, the farther away it is (spatially) on the Map.

In the section defining traditional media, the study focuses on establishment and commercialism (including advertising), even while pointing to — but not proving — that all traditional media “adher[e] to journalistic standards” (which is perhaps a fairer assumption still in France than in the US or UK, but nevertheless it is an assumption).

This section of the Media Map is populated by media sources that belong to the established commercial and conventional media landscape, such as websites of national and regional newspapers, TV and radio stations, online portals adhering to journalistic standards, and news aggregators.

It does this, but insists that this structure that privileges “traditional” media without proving that it merits that privilege is not meant to “pass moral judgement or to define what is ‘good’ or ‘evil’.”

Most interesting of all, the study includes — without detail or interrogation — international media sources “exhibiting these same characteristics” in its traditional media category.

These are principally France-based sources; however, French-speaking international media sources exhibiting these same characteristics were also placed into the Traditional Media section.

But, having defined some international news sources as “traditional,” the study then uses Russian influence as a measure of whether a media cluster was non-traditional.

The analysis only identified foreign influence connected with Russia. No other foreign source of influence was detected.

It did this — measuring Russian influence as a measure of non-traditional status — even though the study showed this was true primarily on the hard right and among conspiracists.

Syria as a measure of journalistic standards

Among the other kinds of content that this study measures, it repeatedly describes how those outlets it has clustered as non-traditional (primarily those it calls reframing outlets) deal with Syria.

It asserts that those who treat Bashar al-Assad as a “protagonist” in the Syrian civil war as being influenced by Russian sources.

A dominant theme reflected by sources where Russian influence is detected is the war in Syria, the various actors involved, and the refugee crisis. In these articles, Bachar Assad becomes the protagonist, a perspective opposite to that which is reported by traditional media. Articles touching on refugees and migrants tend to reinforce anti-Islam and anti-migrant positions.

The anti-imperialists focus on Trump’s ineffectual missile strike on Syria which — the study concludes — must derive from Russian influence.

Trump’s “téléréalité” attack on Syria is a more recent example of content in this cluster. This is not surprising, however, as Russian influence is detectable on a number of sites in this cluster.

It defines conspiracists as such because they say the US supports terrorist groups (and also because they portray Assad as trustworthy).

Syria is an important theme in this cluster. Per these sources, and contrary to reports in traditional media, the Western powers are supporting the terrorist, while Bashar Assad is trustworthy and tolerant leader, as witness reports prove.

The pro-Islam non-traditional (!!) cluster is defined not because of its distance from “traditional” news (which the study finds it generally is not) but in part because its outlets suggest the US has been supporting Assad.

American imperialism is another dominant theme in this cluster, driven by the belief that the US has been secretly supporting the Assad regime.

You can see, now, the problem here. It is a demonstrable fact that America’s covert funding did, for some time, support rebel groups that worked alongside Al Qaeda affiliates (and predictably and with the involvement of America’s Sunni allies saw supplies funneled to al Qaeda or ISIS as a result). It is also the case that both historically (when the US was rendering Maher Arar to Syria to be tortured) and as an interim measure to forestall the complete collapse of Syria under Obama, the US’ opposition to Assad has been half-hearted, which may not be support but certainly stopped short of condemnation for his atrocities.

And while we’re not supposed to talk about these things — and don’t, in part, because they are an openly acknowledged aspect of our covert operations — they are a better representation of the complex clusterfuck of American intervention in Syria than one might get — say — from the French edition of the BBC. They are, of course, similar to the American “traditional” news insistence that Obama has done “nothing” in Syria, long after Chuck Hagel confirmed our “covert” operations there. Both because the reality is too complex to discuss easily, and because there is a “tradition” of not reporting on even the most obvious covert actions if done by the US, Syria is a subject on which almost no one is providing an adequately complex picture of what is going on.

On both sides of the Atlantic, the measure of truth on Syria has become the simplified narrative you’re supposed to believe, not what the complexity of the facts show. And that’s before you get to where we are now, pretending to be allied with both Turkey and the Kurds they’re shooting at.

The shock at the breakdown of the left-right distinction

What’s most fascinating about the study, however, is the seeming distress with which it observes that “reframing” media — outlets it claims is reinterpreting the real news — doesn’t break down into a neat left-right axis.

Media sources in the Reframe section share the motivation to counter the Traditional Media narrative. The media sources see themselves as part of a struggle to “reinform” readers of the real contexts and meanings hidden from them when they are informed by Traditional Media sources. This section breaks with the traditions of journalism, expresses radical opinions, and refers to both traditional and alternative sources to craft a disruptive narrative. While there is still a left-right distinction in this section, a new narrative frame emerges where content is positioned as being for or against globalisation and not in left-right terms. Indeed, the further away media sources are from the Traditional section, the less a conventional left-right attribution is possible.

[snip]

The other narrative frame detectable through content analysis is the more recent development referred to in this study as the global versus local narrative frame. Content published in this narrative frame is positioned as being for or against globalisation and not in left-right terms. Indeed, the further away media sources are from the Traditional section, the less a conventional left-right attribution is possible. While there are media sources in the Reframe section on both on the hard right and hard left sides, they converge in the global versus local narrative frame. They take concepts from both left and right, but reframe them in a global-local context. One can find left or right leanings of media sources located in the middle of Reframe section, but this mainly relates to attitudes about Islam and migrants. Otherwise, left and right leaning media sources in the Reframe section share one common enemy: globalisation and the liberal economics that is associated with it.

Now, I think some of the study’s clustering is artificial to create this split (for example, in the way it treats environmentalism as an extend rather than reframe cluster).

But even more, I find the confusion fascinating. Particularly in the absence of — as it did for Syria coverage — any indication of what is considered the “true” or “false” news about globalization. Opposition to globalization, as such, is the marker, not a measure of whether an outlet is reporting in factual manner on the status and impact and success at delivering the goals of globalization.

And if the patterns of sharing in the study are in fact accurate, what the study actually shows is that the ideologies of globalization and nationalism have become completely incoherent to each other. And purveyors of globalization as the “traditional” view do not, here, consider the status of globalization (on either side) as a matter of truth or falseness, as a measure whether the media outlet taking a side in favor of or against globalization adheres to the truth.

I’ve written a fair amount of the failure of American ideology — and of the confusion among priests of that ideology as it no longer exacts unquestioning sway.

This study on fake news in France completed by a British consulting company in English is very much a symptom of that process.

But the Cold War is outdated!

Which brings me to the funniest part of the paper. As noted above, the paper claims that anti-imperialists are influenced by Russian sources, which it explains for criticism of Trump’s Patriot missile strike on Syria. But it’s actually talking about what it calls a rump Communist Cold War ideology.

This cluster contains the remains of the traditional Communist groupings. They publish articles on the imperialist system. They concentrate on foreign politics and ex-Third World countries. They frame their worldview through a Cold War logic: they see the West (mainly the US) versus the East, embodied by Russia. Russia is idolised, hence these sites have a visible anti-American and antiZionist stance. The antiquated nature of a Cold War frame given the geo-political transformations of the last 25 years means these sources are often forced to borrow ideas from the extreme right.

Whatever the merit in its analysis here, consider what it means for a study the assumptions of which treat Russian influence as a special kind of international influence, even while conducting no reflection on whether the globalization/nationalization polarization it finds so striking can be measured in terms of fact claims.

The new Cold War seems unaware that the old Cold War isn’t so out of fashion after all.

NSA’s Spying on Le Pen Is Probably Working Better than GRU’s Spying on Macron

In advance of this report on APT 28 (the hacking group presumed to be tied to Russia’s military intelligence, GRU, blamed for the DNC hack-and-leak), Trend Micro got a lot of publicity for its report that APT 28 had targeted Emmanuel Macron, who just won the most votes in France’s presidential election and will face a run-off against Marine Le Pen in a few weeks.

At least according to Macron’s campaign, the attempts to phish his campaign were unsuccessful.

Mounir Mahjoubi, digital director of Mr. Macron’s campaign, confirmed the attempted hacking, saying that several staffers had received emails leading to the fake websites. The phishing emails were quickly identified and blocked, and it was unlikely others went undetected, Mr. Mahjoubi said.

“We can’t be 100% sure,” he said, “but as soon as we saw the intrusion attempts, we took measures to block access.”

The timing of all this is all rather interesting. Back in early February, France’s Le Canard Enchaîné exclusively reported that France’s security officials worried that Macron would be hacked, a vague report that was picked up really broadly without confirmation. Shortly thereafter, Macron claimed that his campaign had been the target of thousands of attacks from entities within Russia’s border, including a DDOS attack that took down his website for nine minutes. According to the sole mention of Macron in the Trend Micro report, the OneDrive-based phish targeting Macron took place a month later, on March 15.

These hacking attempts accompanied a great deal of fake news (and leaked gossip) targeting Macron. But at least if Macron’s own campaign is to believed, APT 28 never succeeded in its attempt to hack the favorite to be France’s next president, and so presumably has not yet succeeded in stealing emails that Russia might use to attack Macron during the run-off.

Which gives the hype about APT 28’s attempted hack a really curious character. It is treated as if Russia is the only state actor that might be spying on French presidential candidates.

Does anyone honestly believe that the United States is not spying on Le Pen, for example, given that the CIA and NSA have a history of spying on candidates with whom the US is even friendlier than Le Pen? Indeed, earlier this year, WikiLeaks published a tasking order for CIA to collect HUMINT and open source intelligence on all the parties in the 2012 French election, though without any cyber element specified. In 2010, the incumbent Pakistan People’s Party was included in NSA’s foreign government Section 702 certificate by name. And in 2012, CIA and NSA partnered to target Enrique Peña Nieto and nine of his closest associates in the weeks leading up to his victory. With both the PPP and EPN, these were nominally political parties friendly to US interests.

By comparison, it would seem that targeting Le Pen, at a time when the intelligence community has a very public concern about collusion between Russia and populist parties in Europe to destabilize Europe, would be a no-brainer.

And here’s what else gets left out of the coverage of GRU’s attempts to spy on Macron: how much easier a job the NSA might have than GRU, even ignoring NSA’s greater capabilities.

Many (though not all) of the phishing attempts detailed in the Trend Micro report pretend to be the email log-ins for US-based email providers: with virtually all the most detailed attention on Yahoo, Gmail, and Microsoft. The attempted Macron targeting exploited his campaign’s use of OneDrive. That means all the entities GRU targeted with phishes pretending to be US providers are available to NSA via Section 702, or PRISM.

In other words, to collect on the very same targets that GRU is targeting via phishing attacks that users continue to be better informed about (and that Macron claims to have withstood entirely), the NSA could just add LePen’s email address to the list over 93,000 targets being targeted under Section 702 (as they presumably did with PPP in 2010). And unlike a phishing campaign, which can be made more difficult with the use of two factor authentication, Le Pen would have no defense against collection targeting her or her campaign’s PRISM provider accounts, beyond encrypting everything that resided in an American-owned cloud (and even there, there would be a great deal of interesting metadata available). If she or key aides uses any of the major American tech providers, stealing their emails would be as easy as providing a foreign intelligence justification (one that would be bolstered by her close ties with Russia) and tracking to make sure her accounts are detasked when she comes to the US to visit Trump Tower.

All that’s on top of any more sophisticated targeting of Le Pen akin to what CIA and NSA did against EPN.

And therein lies the rub, the reason you shouldn’t be saying, “So what? We should spy on that fascist Le Pen, she’s a menace to civilization” (though I agree she is).

The NSA’s spying on Marine Le Pen is likely having more success than GRU’s spying on Emmanuel Macron. But is there any reason to believe — particularly given CIA’s targeting of all French parties in 2012 and given Trump’s stated preference for Le Pen — to think that NSA is not also targeting Macron, targeting his OneDrive in a way that would be immune from whatever defenses he is using against phishing attacks?

Here’s where folks will say, “but we don’t leak stolen communications,” in spite of some evidence that we have in the past, albeit perhaps not in a democratic election. (On that note, this Politico story exposing Mike Flynn’s ties, via his Turkish lobbying client, to Russia, relies on a WikiLeaks-released email, which is a notable instance where evidence made available by WikiLeaks may help those investigating Russia’s influence on the Trump administration.). Of course, GRU can only leak what it can steal, and Macron believes that GRU hasn’t succeeded in stealing anything.

Furthermore, we have no visibility what US policymakers in the past have done with intelligence collected on political parties. We certainly have no current limits on what Trump can do with it, aside from limits on the dissemination of that actual raw emails. We’ve always given the President great discretion on such issues, in the name of ensuring a unified foreign policy. And there are plenty of ways Trump’s administration could intervene to help Le Pen beyond just leaking any derogatory information on Macron.

All this is not to say that GRU’s reported continued attempts to hack democratic targets is not a concern (indeed, I’m at least as worried that FSB is conducting similar intelligence collection without the same easily identifiable tracks).

But it is to say that, particularly in the era where Donald Trump sets this country’s foreign policy, we need to be a lot more mindful of NSA’s own far more considerable ability to steal information on democratic candidates.