Posts

John Durham’s Show Trials: A Preview of Coming Attractions

/12 Comments/in /by

On May 20, 2022 — a year after John Durham had obtained evidence showing that the draft SVR report that he always claimed was the basis of his investigation was based on “composite” emails, and as such, proof that the SVR was framing Hillary Clinton — his lead prosecutor, Andrew DeFilippis, openly defied a judge’s order. DeFilippis instructed Hillary Clinton’s former campaign manager, Robby Mook, to read a quote from Jake Sullivan about the Alfa Bank anomalies saying, “This secret hotline may be the key to unlocking the mystery of Trump’s ties to Russia. It certainly seems the Trump Organization felt it had something to hide, given that it apparently took steps to conceal the link when it was discovered by journalists.”

The quote seemed to confirm the conspiracy theory that Durham had otherwise failed to substantiate, that Hillary had a plan to frame Donald Trump.

The inclusion of the Tweet as trial evidence immediately created a firestorm among credulous journalists, leading right wingers, including Elon Musk, to claim this was proof of “an elaborate hoax about Trump and Russia.”

DeFilippis’ stunt introducing prejudicial hearsay he had just been ordered to exclude led to a redaction of the transcript and Tweet he contemptuously had Mook read. But, as Sussmann’s lawyer complained after Durham’s team pulled several more stunts like this, “the bell” of hearing prohibited testimony, “can never be unrung.” By cheating, Durham’s team presented six elements of the conspiracy theory based on the SVR attack on Hillary to the jury, in spite of rulings prohibiting them from doing so.

It didn’t help his case; less than two weeks later, a jury returned a humiliating acquittal, the first of two.

Yet Durham broke the rules to tell his manufactured story, and it worked in the public sphere.

Trump prosecutors already staged show trials

The prosecution of Michael Sussmann should never have gotten that far. Once Durham had the evidence to conclude that the emails behind the draft SVR report he claimed to be working off of were “composites,” he should have closed up shop. Instead, he charged Michael Sussmann and Igor Danchenko in an effort to sustain the story imagined by Russian spies five years earlier anyway.

Durham’s goals with Danchenko were modest (and fairly pathetic): to attempt to rewrite the genesis of the Steele dossier to make the business networking of a Democrat — and not Russian sources — the author of key claims in the dossier, and to attempt to turn Sergei Millian into the victim of the Steele dossier. After the judge in the case threw out one charge because Durham had charged Danchenko for lying about the pee tape in a literally true response he gave to an FBI question, the jury acquitted on four other counts pertaining to Millian.

Durham’s goals with Sussmann were far more ambitious: to use a single invented false statement as a lever to get inside Democratic networks to find the conspiracy that — even after concluding that the genesis of his entire investigation was an SVR fabrication — Durham nevertheless still believed had to exist.

It was utter madness. It was an egregious abuse of Sussmann’s rights — as I said here, Durham committed the precise crime that he claimed to be hunting. And it serves as a roadmap for where the sequel investigation Pam Bondi just announced might go.

In part because it serves as a roadmap for the stunt prosecutions Trump is ordering up, I want to take two posts to describe what happened. This post will use known interviews and my coverage of both cases — see also this earlier post attempting a similar project — to review the tactics Durham used to get this case to trial. In a follow-up, I hope to show how Durham’s show trials failed.

Pivot

What should have been the two final interviews on Durham’s Clinton conspiracy conspiracy theory investigation — the July 21 interview in which Julianne Smith disclaimed any knowledge of the Clinton plan and a July 8 2021 grand jury appearance where Peter Strzok denied receiving a referral mentioning it — happened almost five years after the events in question. The clock on any 5-year state of limitation was ticking.

So Durham pivoted.

The closest Durham came in his report to offering an explanation for why he continued after concluding these documents were fabricated came from speculation offered up by Brian Auten, the lead analyst on the team (and a MAGAt target ever since). At a time Durham knew he had no proof that the CIA referral to FBI had actually gotten to the Crossfire Hurricane team, he invited Auten to speculate.

Auten stated that it was possible he hand-delivered this Referral Memo to the FBI, as he had done with numerous other referral memos,419 and noted that he typically shared referral memos with the rest of the Crossfire Hurricane investigative team, although he did not recall if he did so in this instance. 420

[snip]

For example, Brian Auten stated that he could not recall anything that the FBI did to analyze, or otherwise consider the Clinton Plan intelligence, stating that it was “just one data point.”423

419 OSC Report of Interview of Brian Auten on July 26, 2021 at 13.

420 Id.

[snip]

423 OSC Report of interview of Brian Auten on July 26, 2021 at 13.

That interview was on July 26, 2021, at precisely the moment Durham should have packed up and gone home.

But consider the circumstances of that interview. At the Danchenko trial, Danchenko’s attorney Danny Onorato started his cross-examination of Auten by getting the FBI analyst to recall how — after his testimony in numerous other investigations was deemed credible — Durham started his first interview with Auten by informing him he was considered a subject of the investigation. (In that interview and one shortly thereafter, Durham seems to have used the threat of charges relating to the Carter Page FISA warrants to threaten Auten and one of the Crossfire Hurricane agents, precisely the theory of criminality that his investigation started to violate in those days.)

Q Does July 26 of 2021 sound fair?

A Yes, it does.

Q Okay. And when you met with them for the first time after you were meeting with people for 25 or 30 hours, did your status change from a witness to a subject of an investigation?

A Yes, it did.

Q Okay. And in your work for the FBI, has anyone ever told you that you are a subject of a criminal inquiry? A No.

Q Was that scary?

A Yes.

Hours later, after having walked Auten through a long list pertinent things Durham had not shown Auten when soliciting specific answers that incriminated Danchenko, including part of Auten’s own notes that he had underlined, Onorato got Auten to concede that his opinion about the credibility of Danchenko on the topic of Sergei Millian changed after that July 26, 2021 interview, in which he had been named a subject.

Yet even in that context, under threat of prosecution, Auten had no real memory of the referral and treated it as a data point if he actually did share it with Crossfire Hurricane. That’s what Durham rebuilt his debunked investigation on.

And having thus scripted an excuse to continue, Durham charged Sussmann on the very last day possible, September 16, 2021; he charged Danchenko in early November. As I wrote in those contemporaneous posts, both used ticky tack alleged lies to spin networked materiality claims insinuating a conspiracy that led sloppy journalists to adopt larger claims of conspiracy.

The belated investigation into false statements charged as a conspiracy

In the Sussmann case, Durham had been poring through subpoenaed documents from participants he imagined had played a part in his theory of conspiracy for over a year, but neither that nor immunized testimony from David Dagon in August had confirmed key premises of his conspiracy. Having failed to substantiate a conspiracy, then, Durham charged a different crime, a false statement charge. Such a belated change in prosecutorial strategy might explain how epically unprepared Durham was to prosecute the crime he actually charged. In the weeks and months that followed, Durham would serially confess he hadn’t taken some of the most basic investigative steps before indicting Sussmann, including:

  • Interviewing any full-time Clinton campaign staffer before accusing Sussmann of coordinating with the campaign (he would interview Jennifer Palmieri, Jake Sullivan, Victoria Nuland, James Clapper, John Podesta, and — just days before jury selection — Hillary Clinton in the eight months that followed); Durham’s report doesn’t reflect a Robby Mook interview; he was called as a defense witness at trial
  • Repeating FBI’s 2016 errors in belated interviews of DNS-related service providers
  • Testing the story Sussmann told Congress, under oath: that he reached out to the FBI to alert them to a story before the NYT covered it, which turned out to be confirmed by documentary records Durham only belatedly found at FBI
  • Learning how closely the FBI worked with Rodney Joffe on DNS-related issues
  • Checking how closely Michael Sussmann worked with the FBI, especially on the response to the Russian hacks; this was especially egregious as it debunked one of the ways he tried to implicate Julianne Smith in a made-up plot
  • Finding the January 31, 2017 CIA meeting record at which Sussmann clearly explained he was sharing an allegation at the request of a client
  • Finding notes from a May 2017 that debunked Durham’s accusations
  • Asking DOJ IG for evidence from their closely related investigation
  • Discovering a similar DNS tip that Sussmann had anonymously shared with DOJ IG on behalf of Rodney Joffe
  • Obtaining two James Baker phones, one of which Durham had been informed about years earlier
  • Subpoenaing or seizing Baker’s iCloud account for the text which would debunk Baker’s early memories and confirm Sussmann’s explanation
  • Searching FBI records for evidence that someone else — someone who once claimed to work for a Russian front company — had played a role Durham attributed to his conspirators

In short, Durham had little to sustain his 27-page indictment beyond theories of conspiracy that assumed as true the conspiracy theory he should have abandoned in July.

It really seems like, before that, Durham believed he would eventually find witnesses to a conspiracy who would confirm what only he believed to be true, and as a result never took the investigative steps that might — and did — debunk his conspiracy theory.

After embracing Russian disinformation, Durham embraced Russian grievances

One way Durham attempted to compensate for his failure to take very basic investigative steps was to embrace what Russians were peddling.

There were always hints that Durham went seeking (dis)information from Russians or people assumed to be Russian-assets involved in this operation. They was the famous junket to Italy looking for Joseph Mifsud. There were Ukrainians, who remain unnamed, but whose identity might explain why Durham reacted oddly when Andrii Derkach’s allies were sanctioned in early 2021. There’s even an email showing that future Charles McGonigal defense attorney Seth DuCharme treated Andrew McCabe request for help from Oleg Deripaska as an investigative lead, an email that might explain why Durham suppressed Deripaska’s centrality in this story.

But after he charged these flimsy indictments, Durham made purportedly aggrieved Russians a key prong of his strategy to turn a debunked Russian effort to frame Hillary into criminal prosecutions.

On the Danchenko prosecution, Durham insanely initially relied solely on Sergei Millian’s Tweets to substantiate the four charges associated with Millian. He did so without first interviewing George Papadopoulos, whom Millian seemed to be cultivating in precisely the period when Durham’s conspiracy theory was born and for months thereafter. As soon as I noted how problematic that was, Millian started getting squirrely.

Durham did eventually interview Millian, three months after charging Danchenko. But Millian refused to show up and answer questions under oath.

That left Durham stuck trying to admit inadmissible evidence, without which he was left with no substantive evidence for those four charges. All the while, Millian was ginning up the frothers, including (as we’ll see in my follow-up), to spin up Durham’s own misleading claims.

When Onorato introduced evidence of Millian’s communications with Papadopoulos at trial, Durham protested, “it certainly sounds creepy.” Nevertheless, Durham built four charges of an indictment around the Twitter claims of a guy involved in creepy outreach even before SVR’s imagined Clinton conspiracy was born, creepy outreach that by itself debunked the Russian conspiracy theory.

The way Millian handed Durham his ass would be funny if it didn’t totally upend Danchenko’s life.

But the way Durham piggybacked on Alfa Bank’s lawfare (lawfare pursued long after Mueller described how Vladimir Putin would make demands of oligarchs like Alfa Bank’s Petr Aven) is more troubling. In dual lawsuits in FL and PA, Alfa Bank purported to be trying to figure out who allegedly faked DNS records to make it look like Alfa was in contact with Trump back in 2016 so it could sue those people. Rather than finding anyone to sue, however, it instead spent its time subpoenaing experts to learn as much as it could about how the US tracks DNS records to prevent cyberattacks by — among other hostile countries — Russia.

After the Sussmann indictment, Alfa deposed several people targeted in the Sussmann investigation, including Fusion GPS tech person Laura Seago (from whom Durham ultimately obtained immunized testimony at trial) and Rodney Joffe (who was one of Durham’s key targets). Durham used that information as a sword in later privilege fights, but ignored sworn denials of key parts of his conspiracy theory. When Alfa pushed to accelerate this process even in spite of the ongoing criminal investigation, DC Superior Judge Shana Frost Matini observed that claims in the Alfa Bank lawsuit and Durham’s indictment see like, “they were written by the same people in some way.”

[R]ight now, given the — if the closeness of Alpha’s allegations, I mean, quite frankly, it’s — reading Alpha’s submissions and what the — and that compared to the indictment, there’s — it’s almost like they were written by the same people in some way. [Alpha misspelling original]

In the Sussmann case, Durham seemed to be delaying steps he took much earlier in the Danchenko prosecution, as if he was waiting for Alfa Bank to do that work for him.

All that ended with the Russian invasion of Ukraine and the sanctioning of Alfa Bank, which seemed to lead Durham to adopt a new strategy.

The Rodney Joffe statute of limitation

Two pieces of background are useful — particularly if Sussmann’s prosecution serves as a lesson of how Pam Bondi might try to wrench new prosecutions out of these same old tired events.

First, Durham went to great lengths to sustain his ability to charge Rodney Joffe, the source of the DNS records in question, which led Judge Charles Cooper to make a shitty ruling preventing Sussmann from calling Joffe to provide testimony that would entirely exonerate him. Durham was doing so, transparently, in hopes he might charge Joffe for a crime with a longer statute of limitations than lying: defrauding DOD.

But the successful bid to keep Joffe off the stand implicated something else: Durham’s attempt to suppress things he had discovered about the DNS data in question.

The month before Durham charged Sussmann, by mid-August, 2021, Durham’s team learned that the data Rodney Joffe and others used to conduct their research was absolutely real. In addition to debunking the most simplistic “DNC fabrication” theories Durham was chasing, the discovery made it impossible for Durham to continue to rely on the expert his team had been using.

The first thing Durham did in response was ask one of the two FBI agents who had fucked up the investigation in 2016 — the other of whom is a possible source of Durham’s false claim that the SVR conspiracy theory about Hillary claimed she was going to fabricate evidence against Trump — to serve as an expert to replace the one who knew Durham’s theories were false.

DeFilippis. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

[snip]

Berkowitz. And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table there, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

After that, Durham sought out another (legit) expert, but asked him to do a review that deliberately blinded him to what Joffe, through Sussmann, had shared with the government.

The only thing the FBI’s top experts offer to debunk, other than the Tor node claim that the FBI knew the researchers had dropped, was a complaint about visibility. But their complaints about visibility were entirely manufactured by the scope of the review Durham requested and possibly by the curious status of the Blue Thumb Drive, as well as (if Durham is telling the truth about these being the same experts) willful forgetting of a review they had done on related issues less than a year earlier.

Durham created this blindness. By ensuring all the experts remain blind to visibility, Durham ensured the review would conclude that the researchers didn’t have the visibility that, the FBI knew well, they had.

So in parallel with Durham’s efforts to sustain an SVR hoax he had debunked in July 2021, he went to great length to invent false claims about real data to sustain a judgement from the two FBI Agents who fucked up this investigation in the first place. He did so at the last minute, long after he should have finalized his plans for expert witnesses.

Abusing privilege

He did one more thing at the last minute: he asked Judge Cooper to review a documents for privilege.

As NYT reported back in 2023, Durham started playing games with his DC grand jury not long before he concluded the entire SVR thing was a fabrication. After then-Chief Judge Beryl Howell rejected a bid to get a warrant for Leonard Benardo’s emails, they obtained them via the Open Society Fund directly, perhaps on threat of subpoena.

Mr. Durham set out to prove that the memos described real conversations, according to people familiar with the matter. He sent a prosecutor on his team, Andrew DeFilippis, to ask Judge Beryl A. Howell, the chief judge of the Federal District Court in Washington, for an order allowing them to seize information about Mr. Benardo’s emails.

But Judge Howell decided that the Russian memo was too weak a basis to intrude on Mr. Benardo’s privacy, they said. Mr. Durham then personally appeared before her and urged her to reconsider, but she again ruled against him.

Rather than dropping the idea, Mr. Durham sidestepped Judge Howell’s ruling by invoking grand-jury power to demand documents and testimony directly from Mr. Soros’s foundation and Mr. Benardo about his emails, the people said. (It is unclear whether Mr. Durham served them with a subpoena or instead threatened to do so if they did not cooperate.)

Rather than fighting in court, the foundation and Mr. Benardo quietly complied, according to people familiar with the matter. But for Mr. Durham, the result appears to have been another dead end.

A month before trial (and just weeks after the newly sanctioned Alfa Bank gave up its lawsuits), as part of a request that Cooper review the privilege claims that the Democrats, Joffe, and Fusion had made, Durham revealed he had been bypassing Howell.

In response, Sussmann accused Durham of abusing the same grand jury process he abused with Benardo (abuse, ironically, that debunked Durham’s conspiracy theory).

First, the Special Counsel’s Motion is untimely. Despite knowing for months, and in some cases for at least a year, that the non-parties were withholding material as privileged, he chose to file this Motion barely a month before trial—long after the grand jury returned an Indictment and after Court-ordered discovery deadlines had come and gone.

Second, the Special Counsel’s Motion should have been brought before the Chief Judge of the District Court during the pendency of the grand jury investigation, as the rules of this District and precedent make clear.

Third, the Special Counsel has seemingly abused the grand jury in order to obtain the documents redacted for privilege that he now challenges. He has admitted to using grand jury subpoenas to obtain these documents for use at Mr. Sussmann’s trial, even though Mr. Sussmann had been indicted at the time he issued the grand jury subpoenas and even though the law flatly forbids prosecutors from using grand jury subpoenas to obtain trial discovery. The proper remedy for such abuse of the grand jury is suppression of the documents.

Fourth, the Special Counsel seeks documents that are irrelevant on their face. Such documents do not bear on the narrow charge in this case, and vitiating privilege for the purpose of admitting these irrelevant documents would materially impair Mr. Sussmann’s ability to prepare for his trial.

He also revealed that some of those privilege claims went back to August — that is, the weeks after Durham should have closed up shop.

Email from Andrew DeFilippis, Dep’t of Just., to Patrick Stokes, Gibson, Dunn & Crutcher LLP, et al. (Aug. 9, 2021) (requesting a call to discuss privilege issues with a hope “to avoid filing motions with the Court”); Email from Andrew DeFilippis, Dep’t of Just., to Patrick Stokes, Gibson, Dunn & Crutcher LLP, et al. (Aug. 14, 2021) (stating that the Special Counsel “wanted to give all parties involved the opportunity to weigh in before we . . . pursue particular legal process, or seek relief from the Court”). And since January— before the deadline to produce unclassified discovery had passed—the Special Counsel suggested that such a filing was imminent, telling the DNC, for example, that he was “contemplating a public court filing in the near term.” Email from Andrew DeFilippis, Dep’t of Just., to Shawn Crowley, Kaplan Hecker & Fink LLP (Jan. 17, 2022). [my emphasis]

In a hearing on May 4, right before trial, Joffe’s lawyer revealed they had demanded Durham press a legal claim much earlier, in May 2021.

MR. TYRRELL: So if they wanted to challenge our assertion of privilege as to this limited universe of documents — again, which is separate from the other larger piece with regard to HFA — they should have done so months ago. I don’t know why they waited until now, Your Honor, but I want to be clear. I want to say without hesitation that it’s not because there was ever any discussion with us about resolving this issue without court intervention.

THE COURT: That was my question. Were you adamant a year ago?

MR. TYRRELL: Pardon me?

THE COURT: Were you adamant a year ago that —

MR. TYRRELL: Yes. We’ve been throughout. We were not willing to entertain resolution of this without court intervention.

THE COURT: Very well.

Ultimately, Cooper did bow to Durham’s demand, but prohibited them from using those documents at trial.

That didn’t prevent DeFilippis from attempting to use the privileged documents to perjury trap his one Fusion witness, the kind of perjury trap that might have provided a way to continue the madness indefinitely.

There must have been nothing interesting there: most of the Fusion documents were utterly irrelevant to the Sussmann charges, but could implicate the Danchenko ones, but Durham didn’t use them there, nor did he explain their content in his final report.

Scripting witnesses

I’ll end where I begin: How Durham managed to coach witnesses testimony by threatening them with charges.

In addition to Auten, Durham did this, over and over again, with his star Sussmann witness Jim Baker.

Perhaps most interestingly, he did it in the weeks before trial with witnesses who, documentary evidence showed, had been informed or would have assumed that Michael Sussmann was representing the DNC, the key thing Durham claimed Sussmann could have credibly lied to hide.

The first time FBI Agent Ryan Gaynor testified to John Durham in October 2020, for example, he told prosecutors that the DNC was the source of the allegation.

Q. Okay. So in your first meeting with the government, you — this is October of 2020, correct?

A. Yes.

Q. You told them multiple times that you believed that the Democratic National Committee was the source of the allegations of connections between Alfa-Bank and Russia, correct?

A. Correct, which was wrong.

Q. Okay. But you said that you thought the Democratic party itself was who provided the information, correct?

A. I did say that in the meeting.

That’s even what he wrote in a briefing document he kept in Fall 2016.

At the end of that October 2020 interview, prosecutors threatened Gaynor with prosecution.

In trial prep testimony, however, starting on May 13, 2022, he came to claim to believe that Sussmann was representing himself, because otherwise his client would have been material — precisely the materiality claim Durham needed to make the charges stick.

More striking was how Durham’s star cyber witness (one of the guys who botched the investigation in September 2016 without examining the data closely) explained why the text he received from his boss, Nate Batty, referring to the white paper as a “DNC report” on September 21, 2016, didn’t amount to notice that Sussmann brought the report on behalf of the DNC.

At trial, Michael Sussmann lawyer Sean Berkowitz asked Hellman how it could be that he would see a reference to a DNC report and not take from that it was a DNC report. Hellman described “the only explanation that … was discussed” — which is that it was a typo.

Q. What’s your explanation for it?

A. I have no recollection of seeing that link message. And there is — have absolutely no belief that either me or Agent Batty knew where that data was coming from, let alone that it was coming from DNC. The only explanation that popped or was discussed was that it could have been a typo and somebody was trying to refer to DNS instead of DNC.

Q. So you think it was a typo?

A. I don’t know.

Q. When you said the only one suggesting it — isn’t it true that it was Mr. DeFilippis that suggested to you that it might have been a typo recently?

A. That’s correct.

Q. Okay. You didn’t think that at the time. Right?

A. I did not. I had never seen it or had any memory of seeing it ever before it was put in front of me.

With some prodding, Hellman admitted that when he referred to “discussing explanations,” he meant doing so with Andrew DeFilippis. This exchange was, quite literally, Berkowitz eliciting Hellman to describe that DeFilippis told him what to think about evidence that should have sunk his case years earlier.

As I said, DeFilippis cheated. With lesser attorneys or more exhausted witnesses, it might have worked.

And they’re about to try again.

Share this entry

Gravity and Trump’s Conspiracy Cabinet

/31 Comments/in , , , , /by

This paragraph, describing the role that aspiring FBI Director Kash Patel played in Trump’s video collaboration with a bunch of mostly-violent Jan6ers, appears about two thirds of the way through a very good NYT review of how Trump has rewritten the history of January 6.

Mr. Trump recorded his contribution at his Mar-a-Lago residence in Florida, while the choir was recorded with a phone in the Washington jail. The song — a fund-raising effort that the Trump loyalist Kash Patel, now the president-elect’s nominee to head the F.B.I., helped produce — concludes with a defiant echo of the “U.S.A.!” chants that resounded during the Jan. 6 attack.

Kash Patel has been central to the success of Trump’s repackaging of his own crimes as grievance from the start.

And I’ve been trying to figure out how that’ll work as I contemplate what I think of as Trump’s Conspiracy Cabinet.

I’ve been thinking of his nominations as a combination of a highly competent Christian nationalist core (led by Stephen Miller and Russ Vought), largely filled out with people who’ll be in the business of graft and other kinds of corruption — whether for their own benefit or Trump’s. But the most unpredictable element is how Trump plans to fill government with embodiments of the conspiracies that have become central to his movement.

That’s most evident in virtually of Trump’s health-related appointments, starting with Bobby Kennedy (who might yet lose his confirmation battle). I don’t, for a second, believe the claim from someone adjacent to Roger Stone that Trump picked RFK and Tulsi Gabbard as a way to tap into a realignment of Democrats. Rather, Trump had to appoint them to keep the likes of Matthew Livelsberger , who invoked RFK in his manifesto, engaged, no matter the cost. And so after having presided over a heroic rush to develop a COVID vaccine in his first term, Trump will hand over America’s scientific crown jewels to people who don’t believe in science.

What will happen when these conspiracists confront the immutable laws of science? What will happen when gravity hits?

And how many children will die as a result?

The damage that Tulsi will be able to do (again, her confirmation is not assured) at National Intelligence is more measurable. US intelligence has been politicized for years. Forever. Such politicization as often as not cause self-perpetuating scandal cycles. And if not, Bad Things will likely result that will harm the US and lead to avoidable catastrophes that Trump should own.

It’s the damage posed by Kash’s likely installation at FBI — he has a better shot at confirmation than either RFK or Tulsi — that I can’t fully grok.

Back in the halcyon days of the Durham investigation, I came to believe that gravity would defeat these grievance myths, would defeat the kinds of conspiracies Kash sows, too. Even with Durham, Kash helped facilitate the false claims Durham spun out of theories of conspiracy hung on two false statements indictments. A key prong of the Sussmann prosecution — into what he said to the CIA in January 2017 — arose out of a question Kash somehow knew to ask on December 18, 2017. Then, after Durham deliberately misrepresented legitimate intelligence that Georgia Tech discovered dating to the Obama Administration to insinuate that Trump had been spied on, Kash made a number of unhinged claims to expand on Durham’s already false claim.

But the oddest statement came from “Former Chief Investigator for Russia Gate [sic]” and current key witness to an attempted coup, Kash Patel, sent out by the fake Think Tank that hosts some of the former Trumpsters most instrumental in covering up for Trump corruption.

Taken literally (which one should not do because it is riddled with false claims), the statement is a confession by Kash that he knew of what others are calling “spying” on Trump and did nothing to protect the President.

Let’s start, though, by cataloguing the false claims made by a man who played a key role in US national security for the entirety of the Trump Administration.

First, he claims that the Hillary Campaign, “ordered … lawyers at Perkins Coie to orchestrate a criminal enterprise to fabricate a connection between President Trump and Russia.” Thus far, Durham has made no claims about any orders coming from the Hillary Campaign (and the claim that there were such orders conflicts with testimony that Kash himself elicited as a Congressional staffer). The filing in question even suggests Perkins Coie may be upset about what Sussmann is alleged to have done.

Latham – through its prior representation of Law Firm-1 – likely possesses confidential knowledge about Law Firm-1’s role in, and views concerning, the defendant’s past activities.

In fact, in one of the first of a series of embarrassing confessions in this prosecution, Durham had to admit that Sussmann wasn’t coordinating directly with the Campaign, as alleged in the indictment.

Kash then claims that “Durham states that Sussmann and Marc Elias (Perkins Coie) … hired .. Rodney Joffe … to establish an ‘inference and narrative’ tying President Trump to Russia.” That’s false. The indictment says the opposite: Joffe was paying Perkins Coie, not the other way around. Indeed, Durham emphasized that Joffe’s company was paying Perkins Coie a lot of money.  And in fact, Durham shows that the information-sharing also went the other way. Joffe put it together and brought it to Perkins Coie. Joffe paid Perkins Coie and Joffe brought this information to them.

Kash then claims that “Durham writes that he has evidence showing Joffe and his company were able to infiltrate White House servers.” Kash accuses the Hillary Campaign of “mastermind[ing] the most intricate and coordinated conspiracy against Trump when he was both a candidate and later President.” This betrays either real deceit, or ignorance about the most basic building blocks of the Internet, because nowhere does Durham claim that Joffe “infiltrated” any servers. Durham, who himself made some embarrassing technical errors in his filing, emphasizes that this is about DNS traffic. And while he does reveal that Joffe “maintain[ed] servers for the EOP,” that’s not infiltrating. These claims amount to a former AUSA (albeit one famously berated by a judge for his “ineptitude” and “spying”) accusing a conspiracy where none has been charged, at least not yet. Plus, if Joffe did what Kash claims starting in July 2016, as Kash claims, then Barack Obama would be the one with a complaint, not Trump.

Finally, Kash outright claims as fact that Joffe “exploited proprietary data, to hack Trump Tower and the Eisenhower Executive Office Building.” This claim is not substantiated by anything Durham has said and smacks of the same kind of conspiracy theorizing Louise Mensch once engaged in. Only, in this case, Kash is accusing someone who has not been charged with any crime — indeed, a five year statute of limitation on this stuff would have expired this week — of committing a crime. Again: a former AUSA, however inept, should know the legal risk of doing that.

Curiously, Kash specifies that the White House addresses involved were in the Eisenhower Executive Office Building. That could well be true, but Durham only claims they were associated with EOP, and as someone who worked there, Kash should know that one is a physical structure and the other is a bureaucratic designation. But to the extent Kash (who has flubbed basic Internet details already) believes this amounted to hacking the EOP, it is based off non-public data.

So, like I said, the piece is riddled with false claims, but with two claims that go beyond anything Durham has said.

This one-two punch — first Durham misrepresenting evidentiary claims and then Kash spinning Durham’s misrepresentations free of all mooring — resulted in Trump making death threats targeting Sussmann and an entire campaign targeting Rodney Joffe.

But in the end, even though Durham’s lawyers repeatedly defied Judge Christopher Cooper’s orders, they ultimately mostly failed to present the theory of conspiracy they had about Sussmann’s alleged false statement. Sussmann, after paying superb lawyers a bunch of money, having his career disrupted, and facing death threats ginned up by the former President, was acquitted.

The process worked, but not before a great many people’s lives were upended, irrevocably.

So even though only NYT joined me, in exposing the degree to which a theory of conspiracy, and not any real evidence, lay behind Durham’s insinuations of guilt, even though the legacy media chased Durham’s theory of conspiracy hook line and sinker, I at least believed that the system would work.

The Hunter Biden prosecution has disabused me of that faith. Between the fact that Hunter really did evade taxes — the presence of a crime that could substitute for all the unsubstantiated claims about him — and the way a multi-year revenge porn campaign solidified the legacy media belief he was too icky for due process, prosecutors continue to make outlandish claims with little pushback, much less curiosity about why a witness to a crime is overseeing the investigation into it.

As FBI Director Kash will have the ability to do what he did in advance of the Sussmann hearing, find some nugget, tangential to any topic at hand, on which to hand a larger conspiracy theory.

Amid all the focus on Trump naming his defense team to run DOJ, there has been little focus on the fact that Emil Bove, whom he named to PADAG (even though the position doesn’t require confirmation and once confirmed as DAG, Todd Blanche could presumably put anyone he wants in the position), presided over a serious discovery violation scandal at SDNY, which forced him out of DOJ. If judges continue to hold DOJ to already weak discovery requirements, due process might survive. But if DOJ institutionally permits prosecutors to ignore their ethical guidelines, it will become far, far easier to frame defendants.

And the press has simply stopped reporting on due process, choosing instead to chase whatever dick pics propagandists unpack in front of them.

Kash Patel earned his nomination to be FBI Director by being the self-described wizard of Trump’s grievance myth. He has done such a tremendous job spinning that myth that even some good faith Republican Senators believe that myth as true.

And while I’m sure that gravity will eventually catch up to RFK Jr, as it did in Samoa, while I have every expectation to continue doing what I do, if only to witness further assaults on due process, I’m far less sanguine about gravity’s effect on a Kash-run Bureau.

Share this entry

Andrew DeFilippis Had a Role in the Prosecution of Gal Luft’s Co-Conspirator-1

/20 Comments/in , , , /by

James Comer plans to rely on Gal Luft’s testimony in his efforts to gin up conspiracy theories against Joe Biden, even in spite of the indictment against Luft DOJ obtained before James Comer started pursuing his conspiracy theories.

Andrew DeFilippis handled the classified evidence in the Patrick Ho case

Because of that, I want to flag a detail about the Patrick Ho case, the case out of which this one arose.

Ho is the person described as Co-Conspirator-1 in the Luft indictment.

Ho was sentenced on March 25, 2019 for bribing Chadian and Ugandan officials; the former scheme started in a suite in Trump Tower in 2014.

Through a connection, HO was introduced to Cheikh Gadio, the former Minister of Foreign Affairs of Senegal, who had a personal relationship with President Déby. HO and Gadio met at CEFC China’s suite at Trump World Tower in midtown Manhattan, where HO enlisted Gadio to assist CEFC China in obtaining access to President Déby.

Days after Ho was sentenced, the two lead prosecutors on that case, Catherine Ghosh and Daniel Richenthal, flew to Brussels to meet with Luft. As alleged in the indictment, Luft lied to those prosecutors and four FBI agents about both the arms deals and Chinese influence peddling for which he has since been charged.

64. On or about March 28, 2019, in the Southern District of New York, Belgium, and elsewhere outside of the jurisdiction of any particular State or district of the United States, GAL LUFT, the defendant, who is expected to be first brought to and arrested in the Southern District of New York, a matter within the jurisdiction of the executive branch of the Government of the United States, knowingly and willfully made a materially false, fictitious, and fraudulent statement and representation, to wit, LUFT falsely stated during an interview at the United States Embassy in Brussels, Belgium with federal law enforcement officers and prosecutors, in connection with an investigation being conducted in the Southern District of New York, that LUFT had not sought to engage in or profit from arms deals, and instead merely had been asked by an Israeli friend who dealt in arms to check arms prices so that the friend could use this information in bidding on deals, a request that LUFT said he fulfilled by having CC-1 check prices with CC-2 and then relay this information to LUFT–when in fact LUFT had actively worked to broker numerous illegal arms deals for profit involving multiple different countries, both in concert with CC-1 and directly himself, including as described in paragraphs Forty-Four through Fifty-Three above.

[snip]

84. On or about March 29, 2019, in the Southern District of New York, Belgium, and elsewhere outside of the jurisdiction of any particular State or district of the United States, GAL LUFT, defendant, who is expected to be first brought to and arrested in the Southern District of New York, in a matter within the jurisdiction of the executive branch the Government of the United States, knowingly and willfully made a materially false, fictitious, and fraudulent statement and representation, to wit, LUFT falsely stated during an interview at the United States Embassy in Brussels, Belgium with federal law enforcement officers and prosecutors, in connection with an investigation being conducted in the Southern District of New York, that LUFT had tried to prevent CEFC China from doing an oil deal with Iran, that LUFT had been excluded from CEFC China meetings with Iranians, and that LUFT did not know of any CEFC China dealings with Iran while he was affiliated with the company–when in fact, including as described above in paragraphs Sixty-Six through Eighty, LUFT personally attended at least one meeting between CEFC China and Iranians and assisted in setting up additional such meetings for the purpose of arranging deals for Iranian oil, and also worked to find a buyer of Iranian oil while concealing its origin.

Starting in early 2018, DeFilippis handled the classified evidence on the Ho case — both CIPA and a FISA order. He would have spent a great deal of time reviewing what the spooks had obtained on Ho and his associates, undoubtedly including Luft.

Andrew DeFilippis investigated John Kerry for a year

DeFilippis’ efforts on the Ho case took place in parallel with his efforts to gin up a criminal investigation against John Kerry. Here’s how Geoffrey Berman described being ordered to do that by Main Justice.

On May 9, the day after the second Trump tweet, the co-chiefs of SDNY’s national security unit, Ferrara and Graff, had a meeting at Main Justice with the head of the unit that oversees counterintelligence cases at DOJ, which is under the National Security Division.

He said that Main Justice was referring an investigation to us that concerned Kerry’s Iran-related conduct. The conduct that had annoyed the president was now a priority of the Department of Justice. The focus was to be on potential violations of the Logan Act.

[snip]

From the outset, I was skeptical that there was a case to be made. I knew enough about the Logan Act to have strong doubts. Politicians from both sides of the aisle have talked about it from time to time, suggesting that some opponent is in violation of it. It never goes anywhere.

But I figured if they bring us a possible case, we’ll do our best. We’ll look into it. We brought a prosecutor from the national security unit, Andrew DeFilippis, into the investigation.

Trump, meanwhile, kept on tweeting. “John Kerry had illegal meetings with the very hostile Iranian Regime, which can only serve to undercut our great work to the detriment of the American people,” he wrote that September. “He told them to wait out the Trump Administration! Was he registered under the Foreign Agents Registration Act? BAD!”

DeFilippis’ efforts extended into 2019, overlapping with the trial of Ho and the interview with Luft. National Security prosecutors at Main Justice kept pressuring SDNY to advance the investigation into Kerry, but first, Berman had DeFilippis research whether the Logan Act would be chargeable even if Kerry had committed it.

The next step would have been to conduct an inquiry into Kerry’s electronic communications, what’s known as a 2703(d) order. That would have produced the header information—the to, from, date, and subject fields—but not the contents. I decided that before moving forward, it made sense to evaluate whether we would ever have a viable, appropriate charge that matched up with Kerry’s alleged conduct.

At the risk of stating the obvious, under our system of law, pissing off the president is not a chargeable offense. I asked DeFilippis to conduct additional legal research into the Logan Act and other potentially applicable theories. “Look, we’re talking about going to the next step here,” I said.

“But before we do any further investigation, I want to know what the law is on the Logan Act. Let’s say we gather additional documents—I want to know, how is that helping us?”

I wanted to answer the question, even if these things happened, was it a crime? Let’s cut to the chase and find that out, because we’ve got plenty of other work to do and I don’t want us to just be spinning our wheels on this.

For the next several months, DeFilippis conducted extensive research into the Logan Act as well as statutes relating to possible criminal ethics violations by former senior government employees.

On April 22, 2019, Trump tweeted, “Iran is being given VERY BAD advice by @JohnKerry and people who helped him lead the U.S. into the very bad Iran Nuclear Deal. Big violation of Logan Act?”

The tweet was in the morning. That afternoon, Ferrara got a call from Main Justice. He was told that David Burns, the principal deputy assistant attorney general for national security, wanted to know why we were delaying. Why had we not proceeded with a 2703(d) order—the look into Kerry’s electronic communications?

The next day, Burns spoke to Ferrara, Graff, and DeFilippis and repeatedly pressed them about why they had not submitted the 2703(d) order. The team responded that additional analysis needed to be done before pursuing the order.

SDNY decided not to pursue the case against Kerry in fall of 2019.

We spent roughly a year exploring whether there was any basis to further investigate Kerry. Memos were written, revised, and thoroughly discussed.

Our deep dive into the Logan Act confirmed why no one has ever been successfully prosecuted under it in the more than 220 years it has been on the books: the law is not useful. It definitely does not prohibit a former US secretary of state from talking to a foreign official. We did not find that Kerry violated any ethics statutes or any laws having to do with the improper handling of classified material.

In September 2019, DeFilippis advised the National Security Division at Main Justice that we would not be pursuing the case further. He had earlier attempted to tell the specific NSD attorney assigned to the case of our decision, but he couldn’t connect because that attorney was engaged in another matter: the Craig trial.

Sometime after that, DeFilippis became the lead prosecutor on the Durham team, leading the prosecution of Michael Sussmann.

Andrew DeFilippis oversaw the most abusive parts of the John Durham prosecution

Over the course of the Michael Sussmann prosecution, DeFilippis and his prosecution team:

As noted above, Geoffrey Berman boasted that the investigation into Kerry didn’t leak. Even ignoring the inexplicably perfect concert between Alfa Bank’s efforts and Durham’s, it’s not clear the same can be said about the Durham investigation.

And it’s not just that DeFilippis routinely tried to introduce evidence that served his narrative rather than matched the facts. It’s that DeFilippis repeatedly — most notably in the alleged complaint that researchers working on a DARPA project would attempt to identify which Russians were interfering in the US election — proved more sympathetic of Russian efforts to help get Trump elected than to conduct an ethical prosecution.

Last August, shortly before Durham confessed the utter humiliation of his team at the hand of Sergei Millian, DeFilippis withdrew from the Durham team with almost no notice, left DOJ, and returned — in a Special Counsel role, not as Partner — to Sullivan & Cromwell.

These are just data points. There is no reason, yet, to believe that DeFilippis continues to unethically gin up conspiracy theories against Democrats.

But they are data points I thought worth collecting in one place.

Share this entry

John Durham’s Blind Man’s Bluff on DNS Visibility

/17 Comments/in , , /by

On September 16, 2021, John Durham indicted Michael Sussmann on a single count of lying to the FBI, just days before the statute of limitations for that crime expired. Durham accused Sussmann of lying to hide that he had a client or clients on whose behalf he was sharing allegations about DNS anomalies involving Trump Organization and Alfa Bank.

Durham adopts the “DNC fabrication” theory from agents who badly screwed up the original investigation

As I laid out here, the indictment adopted the “DNC fabrication” theory, the “fabrication” part of which was initially espoused in a hasty review by FBI Cyber agents Nate Batty and Scott Hellman by September 21, 2016, just two days after Sussmann shared a white paper describing anomalies involving Alfa Bank.

Durham adopted that theory in spite of proof, in their own summary, that the FBI agents had not closely reviewed the DNS logs included with the allegations, if they ever reviewed them at all. Durham adopted that theory in spite of irregularities in the chain of custody surrounding the handling of a Blue Thumb Drive that reportedly included DNS logs that were never reviewed. Durham adopted that theory in spite of the fact that Batty’s own Lync messages materially conflicted with a claim he made to Durham two years earlier: Batty claimed he had been refused information about the role of Sussmann in the allegations, when in fact his Lync messages showed he had been informed about Sussmann’s role from the start. Durham adopted that theory in spite of the fact that FBI started debunking parts of the “fabrication” story within hours of Batty and Hellman proposing it. Durham adopted that theory in spite of the fact that FBI’s own overt steps (during a pre-election period) and Alfa Bank’s curious lack of DNS logs made pursuing the allegations impossible.

That indictment was an insanely reckless thing for John Durham to do, building as it did on the investigative failures of Batty and Hellman, not to mention Batty’s own materially inconsistent claim.

Several things made that indictment even more reckless.

Durham fails to take basic investigative steps before indicting

First, in spite of the fact that Durham had already been investigating for 28 months by that point — Durham had already been investigating for six months longer than the entire Mueller investigation — there were a whole bunch of obvious investigative steps he had not yet taken. Between the indictment and the May 2022 trial, Durham would do the following:

Durham also revealed two other interviews he only conducted after charging Sussmann: one with someone identified as Listrak Employee-1 and other unidentified personnel on October 27, 2021 and another with the CEO and CTO of Cendyn on November 17, 2021. As described, their interviews pertained exclusively to email, not DNS, and Durham doesn’t appear to have asked Cendyn about the contacts via its Metron messaging product done for some other client with Alfa Bank in the same time period, nor about the contact that did exist between Cendyn and the affected Spectrum IP address. It also doesn’t mention that Listrak reported no emails to Alfa Bank, one of the Bank’s evolving explanations for the anomalies, and any mail to Spectrum was sent elsewhere.

In his report, Durham makes no mention of whether he interviewed anyone at Spectrum Health or Alfa Bank, though a DC judge would observe that it was almost like the Sussmann indictment and an Alfa Bank lawsuit, “were written by the same people in some way.” There were large gaps involved with both entities in the original investigation and it’s not clear Durham made any effort to close them.

Durham accused the FBI of skipping investigative steps on Crossfire Hurricane that might have discovered exculpatory evidence, but none of that comes close to the many investigative steps he had not yet pursued in the 28 months he had already been investigating before indicting Sussmann.

Durham’s indictment of Sussmann piled his own investigative failures on top of those by Batty and Hellman.

Durham discovers his DNC fabrication theory involves real data

More problematic than Durham’s investigative incompetence, though, the Special Counsel charged Michael Sussmann on September 16, 2021, in spite of the fact that a month earlier, by mid-August, 2021, Durham’s team learned that the data Rodney Joffe and others used to conduct their research was absolutely real. The nature of how this came about remains obscure, but in addition to debunking the most simplistic “DNC fabrication” theories, the discovery made it impossible for Durham to continue to rely on the expert his team had been using. The discovery that the data that Batty and Hellman had dismissed in just one day was real should have led Durham to reconsider everything about his case.

Instead, Durham barreled forward with his indictment.

Durham invites the guy who screwed up the investigation to be his expert

Instead of reassessing his case, Durham responded to losing his expert by proposing that Hellman serve as the replacement, even though by Hellman’s own admission he only knows the basics about DNS.

DeFilippis. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

[snip]

Berkowitz. And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table there, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

Hellman was one of just two people, aside from John Durham himself, who had a stake in sustaining the “DNC fabrication” theory he had floated before closely reviewing the evidence. That Durham even considered making him his expert is a testament that Durham was interested in protecting his “DNC fabrication” theory, not interested in expertise, much less what the actual evidence said.

Durham includes two expert reviews unmoored from any prosecutorial decision

And that’s why Durham’s inclusion of two expert reviews of the allegations Sussmann shared with the government is of interest:

  • 1671 FBI Cyber Technical Operations Unit, Trump/Alfa/Spectrum/Yota Observations and Assessment (undated; unpaginated).
  • 1635 FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report (April 20, 2022) (hereinafter “FBI Technical Analysis Report”) (SCO _ 094755)

With one exception, Durham describes those reviews in a 13-page section of his report that purports to be about the ongoing efforts by Rodney Joffe and others to chase down the Alfa Bank anomalies and some unusual traffic probably reflecting the presence of Yota Phones in the US. The section itself has no place in a prosecutorial memo, because the only interaction with the government described in that section involved a Georgia Tech researcher refusing HPSCI’s request to help chase down these allegations. The rest involves Joffe continuing to chase this issue with his own data, which insofar as it demonstrates Joffe’s sustained concern about this, independent of any election, undermines pretty much all of Durham’s conspiracy theories. The declination decision regarding fraud — which Andrew DeFilippis used to claim that Joffe was still a subject of the investigation more than five years after the events in question, thereby keeping him off the stand in Sussmann’s trial — didn’t even mention Joffe.

But the description of these reviews in this section really doesn’t have a place where Durham put it, because along with the Cendyn and Listrak interviews, one of the reviews appears to have been last minute prep for the Sussmann trial and the other played a key role in an affirmatively misleading court filing that led Trump to make death threats against Sussmann.

These reviews in Durham’s report supported his last-ditch effort to cement the belief that Hillary framed Donald Trump. They’re here to prove, once and for all, that Sussmann was wrong.

Here’s how Durham introduces his efforts to redo the work Batty and Hellman and others botched so many years ago:

This subsection first describes what our investigation found with respect to the allegation that there was a covert communications channel between the Trump Organization and Alfa Bank. It includes the information we obtained from interviews of Listrak and Cendyn employees. It then turns to the allegation that there was an unusual Russian phone operating on the Trump Organization networks and in the Executive Office of the President. We tasked subject matter experts from the FBI’s Cyber Technical Analysis and Operations Section to evaluate both of these allegations.

But as with so much else in this report, they don’t do what they claim to. Durham ensured his experts sustained the blindness that Batty and Hellman willfully adopted so many years ago to avoid concluding that the allegations might be real.

As I noted here, the two reviews purport to review the Alfa Bank allegations — shared with both the FBI and (in updated form) the CIA — and the YotaPhone allegations shared with the CIA. In one place, Durham claims “the same FBI experts” did both reviews, though he attributes them to different groups. But that’s important because if they are the same experts, then they should know of both reviews.

Durham incites death threats because Joffe investigated Barack Obama

The YotaPhone review must have been done first because, as I noted above and show below, the analysis matches claims Durham made in a filing purporting to raise conflicts but mostly airing allegations for which the statute of limitations had just expired. Here’s how Durham describes the allegations in the report:

Specifically, Sussmann provided the CIA with an updated version of the Alfa Bank allegations and a new set of allegations that supposedly demonstrated that Trump or his associates were using, in the vicinity of the White House and other locations, one or more telephones from the Russian mobile telephone provider Yotaphone. The Office’s investigation revealed that these additional allegations relied, in part, on the DNS traffic data that Joffe and others had assembled pertaining to the Trump Tower, Trump’s New York City apartment building, the EOP,1558 and Spectrum Health. Sussmann provided data to the CIA that he said reflected suspicious DNS lookups by these entities of domains affiliated with Yotaphone.1559 Sussmann further stated that these lookups demonstrated that Trump or his associates were using a Yotaphone in the vicinity of the White House and other locations.1560

Durham’s description of these allegations relies on redacted sections of two trial exhibits (but not a related one that shows Sussmann was not hiding having a client). Because the section of these trial exhibits was redacted, it’s not clear whether Durham is representing how these CIA witnesses described Sussmann’s claims fairly. That’s important because — as we’ll see — Durham misrepresents the YotaPhone white paper.

As Durham described, Sussmann provided four documents and 6 data files to the CIA.

During the meeting, Sussmann provided two thumb drives and four paper documents that, according to Sussmann, supported the allegations. 1564

1564 The titles of the four documents were: (i) “Network Analysis of Yota-Related Resolution Events”; (ii) ·’YotaPhone CSV File Collected on December 11th, 2016″; (iii) “Summary of Trump Network Communications”; and (iv) “ONINT [sic] on Trump Network Communications.” The two thumb drives contained six Comma Separated Value (“.CSV”) files containing IP addresses, domain names and date/time stamps.

Unlike the Red and Blue Thumb Drive, Durham makes clear that his experts actually examined these thumb drives.

Here are three of the documents:

I understand the csv files include:

  • yota-eop
  • yota-cpwest
  • yota-spectrum
  • yota-trumporg
  • sipper
  • 2016-05-04_2017-01-15_Trump_server.csv

I’ll say more about them below.

Durham’s description of the analysis, titled, “Trump/Alfa/Spectrum/Yota Observations and Assessment,” generally obscures whether it is rebutting a claim (redacted in the trial exhibits) made by Sussmann (“the presentation”) or included in the white paper and data (“the above-quoted white papers about the Yotaphone allegations” and “Yotaphone-related materials”) provided, and he doesn’t repeat or address the Alfa Bank side of these observations (which have no tie to the YotaPhone claims).

But the technical analysis does not, at all, debunk the YotaPhone observations.

The FBI DNS experts with whom we worked also identified certain data and information that cast doubt upon several assertions, inferences, and allegations contained in (i) the above-quoted white papers about the Yotaphone allegations, and (ii) the presentation and Yotaphone-related materials that Sussmann provided to the CIA in 2017. In particular:

  • Data files obtained from Tech Company-2, a cyber-security research company, as part of the Office’s investigation reflect DNS queries run by Tech Company-2 personnel in 2016, 2017, or later reflect that Yotaphone lookups were far from rare in the United States, and were not unique to, or disproportionately prevalent on, Trump-related networks. Particularly, within the data produced by Tech Company-2, queries from the United States IP addresses accounted for approximately 46% of all yota.ru queries. Queries from Russia accounted for 20%, and queries from Trump-associated IP addresses accounted for less than 0.01 %.
  • Data files obtained from Tech Company-1, Tech Company-2, and University-1 reflect that Yotaphone-related lookups involving IP addresses assigned to the EOP began long before November or December 2016 and therefore seriously undermine the inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP. In particular, this data reflects that approximately 371 such lookups involving Yotaphone domains and EOP IP addresses occurred prior to the 2016 election and, in at least one instance, as early as October 24, 2014. [bold and italics mine]

Compare that to the supposed debunking from the gratuitous conflicts filing that led to death threats.

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted. [bold mine]

The bolded narrative shows these are the same report. If 3 million is 46% of the total of around 6.521 million lookups globally, then 1,000 Trump-related queries would be .01% of the global total.

But it is an innumerate stat. I’m not the FBI, and definitely not a top FBI cyber expert. But even my humble little blog occasionally relies on William Ockham to explain things that should be bloody obvious to the Federal government, such as that 3 million DNS requests amount to one family’s worth of use.

Contra Durham, 3 million DNS requests for a related IP addresses over a four-year period means these requests are very rare.

For comparison purposes, my best estimate is that my family (7 users, 14 devices) generated roughly 2.9 million DNS requests just from checking our email during the same time frame. That’s not even counting DNS requests for normal web browsing.

If you’re going to make a federal case out of this, at least make some attempt to understand the topic.

Durham and his hand-picked experts in the FBI suggest that because, among the very rare number of global requests, almost half appear in the US, it means they aren’t rare. From that, Durham and his experts argue that the fact that Trump’s properties (and Spectrum and the Executive Office of the President) are part of this tiny club is not cause for concern.

They’re doing so even though among the domains included in the CSV tables is wimax-client-yota-ru, which shows up in Wordfence’s IOC lists for the GRU attack on the election. Durham and his FBI experts are arguing that it is not alarming that there would be several look-ups to such a domain in October 2016 from the Executive Office of the President, periodical look-ups to that domain from Trump Organization starting in August 2016, and persistent such look-ups from the suspect Spectrum IP address starting in November 2016.

And about those EOP look-ups. Durham claims, in the italicized language above, that there is an, “inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP.” Sussmann may have said that. But it’s not in the white paper. In fact, there’s just one reference to the EOP in the white paper at all, and it’s not included in the speculative paragraph that there may be a tie between the Spectrum traffic and the Trump traffic.

Network traffic analysis strongly suggests communications between Russian networks and Trump Tower, associated Trump properties, with artifacts also present at EOP. Spectrum Health resolver IP 167.73.110.8 in Grand Rapids MI is also observed making similar queries.

The traffic data indicates: (a) There are Russian-made cellular devices on these networks, seldom seen elsewhere in the US; and (b) these networks appear to be at- tempting SIP-connections to Russian networks which very few IPs globally are seen trying to resolve.

It is possible that one or more devices is at times travelling between locations as there are sometimes gaps possibly correlated to newsworthy events such as New York NY to Grand Rapids MI, lifting of some sanctions on Russia, and the disappearance of the queries from New York in mid December and from Grand Rapids MI in mid January 2017.

In other words, as he did when he invented an allegation against Hillary that the Russians didn’t even make, he’s inventing an inference here, the kinds of inferences he tried to criminalize when Joffe did them. Further, he suggests that Sussmann and Joffe didn’t reveal that the lookups started before the election, even though the CSV data included shows lookups starting on October 2, 2016, which last I checked was before the election.

Durham, who admits in his report that these lookups inexplicably ended before Inauguration, nevertheless falsely insinuated in a court filing that Sussmann and Joffe had based their claims on lookups that post-date Trump’s inauguration. Durham is debunking Durham now! And that false claim from Durham led Trump to suggest that because Joffe found an IOC associated with the people who hacked the election within EOP, Sussmann should be put to death.

That’s one reason that it matters that this technical review is undated. Obviously, it’s crazy enough that an undated unpaginated report would show up in a report like this (I suspect it is intended to make the document hard to find).

But because it is undated and — it appears — Sussmann never got it, Durham doesn’t have to admit that he has included it in his report even after Sussmann pointed out that Durham’s inflammatory claims relied on getting the dates wrong himself.

For example, although the Special Counsel implies that in Mr. Sussmann’s February 9, 2017 meeting, he provided Agency-2 with EOP data from after Mr. Trump took office, the Special Counsel is well aware that the data provided to Agency-2 pertained only to the period of time before Mr. Trump took office, when Barack Obama was President.

After Sussmann and Joffe proved he was wrong, Durham dropped these claims. But then he resuscitated them for his report.

Durham blinds his expert so he can’t see any visibility

The second expert review Durham relied on, “FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report,” does have a date — April 20, 2022 — along with a Bates stamp showing that it was shared with Sussmann. The Cyber Technical Analysis Unit that wrote it is headed by David Martin, the guy who ultimately served as Durham’s expert witness at trial. After months of stalling, Durham first informed Sussmann that he would have an expert and Martin would be that expert on March 30, 2022, just weeks before trial.

Given that the Technical Analysis is dated three weeks after that, it seems exceedingly likely the Technical Analysis was a report done in preparation for Martin’s testimony.

As I noted in this post, this Technical Analysis focuses exclusively on the white paper Sussmann shared on September 19, 2016.

The citations to the Technical Analysis document in footnotes references just 13 pages of material, two pages of which is likely front matter, and one page describing the tasking Durham gave them.

Aside from the four pages of material that Durham doesn’t mention, there are really just two topics: addressing whether or not the Spectrum Health IP address was a Tor node, and using the answers obtained from Listrak (and possibly a broader set of logs than Alison Sands had available in 2016) to make an argument about the kind of visibility one needs to learn anything from DNS records.

These topics generally track Martin’s testimony as well (though Sussmann had opposed Martin’s comments on visibility, and given that it doesn’t appear in Martin’s Powerpoint from the trial, I’m not sure he was supposed to discuss it).

Now, Durham loves this technical analysis on Tor. He cited it first when he described how April Lorenzen was trying to figure out what the Spectrum IP address was in August 2016, and then quotes it again 30 pages later in his general technical discussion. The second time, he added an apostrophe-s which might be misread by the dim-witted people who are the audience of this propaganda to suggest that disproving that the Spectrum IP was a Tor node disproves the rest of the white paper, which it does not.

The FBI experts advised that historical TOR exit node data conclusively disproves this white paper allegation in its entirety and furthermore the construction of the TOR network makes the described arrangement impossible.

[snip]

The FBI experts who examined this issue for us stated that historical TOR exit node data conclusively disproves this white paper’s allegation in its entirety.

It’s really weird that Durham loves this analysis, because it would suggest that he didn’t learn that the Spectrum Health IP was not a Tor node until just weeks before trial — though that same judgement, that it was not a Tor node, is one of the main things the FBI got right when they first investigated this in 2016. There is almost nothing cited from this report that newbie counterintelligence agent Alison Sands hadn’t already laid out by October 5, 2016.

Durham’s fondness for this Tor node analysis is all the more hilarious because Durham tasked this expert review after the review of the files Sussmann shared with the CIA in February 2017. And neither of the files about the Alfa Bank anomaly that Sussmann turned over in 2017 (one, two) mention the Tor node. Researchers actually realized this was not a Tor node around the same time Sussmann originally shared the files. It was long gone, Durham knew it, yet that’s still the primary thing he relies on to claim he has debunked the allegations.

So Durham’s primary debunking of the white paper doesn’t address, at all, what was in the later documents. In fact, that was one effect of tasking the Cyber Technical Analysis Unit with reviewing just the stuff on the Red Thumb Drive: it gave some of FBI’s top experts a really easy way to debunk (part of) the white paper, albeit the only part that was entirely debunked in 2016.

It’s like congratulating yourself because the FBI’s top cyber experts managed to play tiddlywinks as well as a newbie counterintelligence agent did six years earlier during a rush investigation.

The second area of this technical review Durham cites that is still more telling. It purports to rely on information learned in Listrak email (not DNS) records to (effectively)  accuse Joffe and the others of cherrypicking the data.

In addition to investigating the actual ownership and control of the IP address, the Office tasked FBI cyber experts with analyzing the technical claims made in the white paper. 1650 This endeavor included their examination of the list of email addresses and send times for all emails sent from the Listrak email server from May through September 2016, which is the time period the white paper purportedly examined. 1651 The FBI experts also conducted a review of the historical TOR exit node data. 1652

The technical analysis done by the FBI experts revealed that the data provided by Sussmann to the FBI and used to support Joffe and the cyber researchers’ claim that a ‘”very unusual distribution of source IP addresses” was making queries for mail l.trump-email.com was incomplete. 1653 Specifically, the FBI experts determined that there had been a substantial amount of email traffic from the IP address that resulted in a significantly larger volume of DNS queries for the mail 1.trump-email.com domain than what Joffe, University-1 Researcher-2 and the cyber researchers reported in the white paper or included on the thumb drives accompanying it. 1654 The FBI experts reviewed all of the outbound email transmissions, including address and send time for all emails sent from the Listrak server from May through September 2016, and determined that there had been a total of 134,142 email messages sent between May and August 2016, with the majority sent on May 24 and June 23. 1655 The recipients included a wide range of commercial email services, including Google and Yahoo, as well as corporate email accounts for multiple corporations. 1656

Similarly, the FBI experts told us that the collection of passive DNS data used to support the claims made in the white paper was also significantly incomplete. 1657 They explained that, given the documented email transmissions from IP address 66.216.133.29 during the covered period, the representative sampling of passive DNS would have necessarily included a much larger volume and distribution of queries from source IP addresses across the internet. In light of this fact, they stated that the passive DNS data that Joffe and his cyber researchers compiled and that Sussmann passed onto the FBI was significantly incomplete, as it included no A-record (hostname to IP address) resolutions corresponding to the outgoing messages from the IP address. 1658 Without further information from those who compiled the white paper data, 1659 the FBI experts stated that it is impossible to determine whether the absence of additional A record resolutions is due to the visibility afforded by the passive DNS operator, the result of the specific queries that the compiling analyst used to query the dataset, or intentional filtering applied by the analyst after retrieval. 1660

1653 Our experts noted that the assertion of the white paper is not only that Alfa Bank and Spectrum Health servers had resolved, or looked up, the domain [mail-1.trump-email.com] during a period from May through September of 2016, but that their resolutions accounted for the vast majority of lookups for this domain. FBI Technical Analysis Report at 6.

1654 The USB drive that Sussman [sic] provided to the FBI on September 19, 2016, which was proffered as data supporting the claims in the white paper, contained 851 records of DNS resolutions for domains ending in trump-email.com. FBI Technical Analysis Report at 7.

I’ll leave it to William Ockham — who apparently is smarter than the entire FBI — to explain that by looking for emails sent out from an IP rather than DNS for a domain, the FBI was basically searching for all packages from one post office rather than stamps from one house that uses that post office (I’m still working on this analogy, but it’s a start). Plus, at least in real time, the newbie counterintelligence agent who figured out the Tor node information Durham claims to have only learned six years later, Alison Sands, kept complaining that Listrak didn’t provide the network logs they needed.

But as I pointed out here, not only does the FBI change its mind mid-sentence whether there was one thumb drive or two — a problem that has plagued FBI’s Cyber division for six years, apparently –but FBI doesn’t even claim to be looking at all the data that was submitted at trial. FBI’s experts only reviewed the exact same file that Scott Hellman emphasized was a portion of the data submitted; they didn’t review the larger set. They complain they only have 851 lines of data because they’re not reviewing the larger file, much less any csv records turned over on the Blue Thumb Drive, not because the logs didn’t exist.

Remember: these are supposed to be the same people who already reviewed the CIA material by February. And the equivalent of the white paper in those materials has a passage that addresses precisely the visibility of which FBI claims to be ignorant. And the Trump/Alfa csvs included on one of those thumb drives — 2016-05-04_2017-01-15_Trump_server — not only includes almost 25,000 lines of data, but it also shows the collection points. The FBI had a way, in hand, to get that visibility, but Durham told them to look away.

The only thing the FBI’s top experts offer to debunk, other than the Tor node claim that the FBI knew the researchers had dropped, was a complaint about visibility. But their complaints about visibility were entirely manufactured by the scope of the review Durham requested and possibly by the curious status of the Blue Thumb Drive, as well as (if Durham is telling the truth about these being the same experts) willful forgetting of a review they had done on related issues less than a year earlier.

Durham created this blindness. By ensuring all the experts remain blind to visibility, Durham ensured the review would conclude that the researchers didn’t have the visibility that, the FBI knew well, they had.

As I have described, way back in October 2016 — just days after Batty and Hellman did — I too thought that this was a set-up.

But I said that because (as I also noted) no one had seen the evidence. The FBI had the opportunity to look, but instead has spent the last six years deliberately blinding themselves so they can continue to claim it was a set-up.

Update: From pre-trial motions, here are two of the CIA summaries in which Sussmann’s claims about the YotaPhone allegations remain unredacted (one, two). They do tie the presence of the YotaPhone in EOP to Trump. But they also make it clear that the phone couldn’t have been Trump, because it didn’t always move with him, meaning these could easily have been (and still could be) someone attempting to compromise Trump.

Alfa Bank and Yotaphone Allegations

1.Factual background

a. Introduction

b. Sussmann’s attorney-client relationship with the Clinton campaign and Joffe

c. The Alfa Bank allegations

i. Actions by Sussmann, Perkins Coie, and Joffe to promote the allegation

ii. Actions by April Lorenzen and others and additional actions by Joffe

iii. Sussmann’s meeting with the FBI

d. The FBI’s Alfa Bank investigation

i. The Cyber Division’s review of the Alfa Bank allegations

ii. The opening of the FBI’s investigation

e. Actions by Fusion GPS to promote the Alfa Bank allegations

f. Actions by the Clinton campaign to promote the Alfa Bank allegations

g. Sussmann’s meeting with the CIA

h. Sussmann’s Congressional testimony

i. Perkins Coie’s statements to the media

j. Providing the Alfa Bank and Yotaphone allegations to Congress

k. Joffe’s company’s connections to the DNC and the Clinton campaign

l. Other post-election efforts to continue researching and disseminating the Alfa Bank and Yotaphone allegations

i. Continued efforts through Joffe-affiliated companies

ii. Efforts by Dan Jones and others

iii. Meetings by DARPA and Georgia Tech

iv. The relevant Trump Organization email domains and Yotaphone data

2. Prosecution decisions

Share this entry

FBI Cyber Division’s Enduring Blue Pill Mystery

/23 Comments/in , , /by

I’m writing a post on the technical analysis John Durham included in his report purporting to debunk the white papers submitted via Michael Sussmann to, first, the FBI and, then, the CIA. But first I’m going to do something even more tedious: Try to track down FBI’s persistent blue pill problem — or rather, the FBI’s apparent failure to ever analyze one of two thumb drives Sussmann shared with Jim Baker in September 2016, the Blue one.

Last year, before Sussmann’s trial, Durham had FBI’s top technical people review what he claimed were the data Sussmann had shared. He cited those reports in his own report, claiming they debunk the white papers.

Here’s how they are described in footnotes.

  • 1635 FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report (April 20, 2022) (hereinafter “FBI Technical Analysis Report”) (SCO _ 094755)
  • 1671 FBI Cyber Technical Operations Unit, Trump/Alfa/Spectrum/Yota Observations and Assessment (undated; unpaginated).

Not only doesn’t the YotaPhone report have a date, but it doesn’t have a Bates stamp reflecting that it was shared with Sussmann. I’ll get into why that is interesting in my follow-up post.

Below is a summary of the materials Sussmann provided to both agencies. By description, the Technical Analysis Report only reviews the white paper and the smaller of two sets of text DNS logs included on the Red Thumb Drive. By description the Trump/Alfa/Spectrum/Yota Observations only review the Yota White Paper.

The data FBI’s technical people reviewed appear to be restricted to what is marked in blue.

They did review the actual thumb drives turned over to the CIA, because they found hidden data on one; there’s no indication they reviewed the thumb drives provided to the FBI.

In fact, it’s impossible that they reviewed the data included on the second thumb drive Sussmann shared, the Blue one.

That’s because the FBI analysis claims Sussmann only provided 851 resolutions, which is the 19-page collection of text files included on the Red Thumb Drive, not even the larger set.

Similarly, the FBI experts told us that the collection of passive DNS data used to support the claims made in the white paper was also significantly incomplete. 1657 They explained that, given the documented email transmissions from IP address 66.216.133.29 during the covered period, the representative sampling of passive DNS would have necessarily included a much larger volume and distribution of queries from source IP addresses across the internet. In light of this fact, they stated that the passive DNS data that Joffe and his cyber researchers compiled and that Sussmann passed onto the FBI was significantly incomplete, as it included no A-record (hostname to IP address) resolutions corresponding to the outgoing messages from the IP address. 1658 Without further information from those who compiled the white paper data, 1659 the FBI experts stated that it is impossible to determine whether the absence of additional A record resolutions is due to the visibility afforded by the passive DNS operator, the result of the specific queries that the compiling analyst used to query the dataset, or intentional filtering applied by the analyst after retrieval. 1660

1659 The data used for the white paper came from Joffe’s companies Packet Forensics and Tech Company-I. As noted above, Joffe declined to be interviewed by the Office, as did Tech Company-2 Executive-I. The 851 records of resolutions on the USB drive were an exact match for a file of resolutions sent from University-I Researcher-2 to University-I Researcher- I on July 29, 2016, which was referred to as “[first name of Tech Company-2 Executive-l]’s data.” Id. at 7.

1660 Id. [bold]

There’s no way they would have come to this conclusion if they had seen the Blue Thumb Drive, which had millions of logs on it.

In fact, it appears that the FBI never did review that Blue Thumb Drive when they were investigating the Alfa Bank anomaly.

They didn’t do so, it appears, because the Cyber Division Agents who first reviewed the allegations, Nate Batty and Scott Hellman, misplaced the Blue Thumb Drive for weeks.

That may not have been an accident.

Batty and Hellman’s initial review, which they completed in just over a day, was riddled with errors (as I laid out during the trial). Importantly, they could not have reviewed most of the DNS logs before writing their report, because they claimed, “the presumed suspicious activity began approximately three weeks prior to the stated start [July 28] of the investigation conducted by the researcher.”

Even the smaller set of log files included on the Red Thumb Drive showed the anomaly went back to May. A histograph included in the white paper shows the anomaly accelerating in June.

Had anyone ever reviewed the full dataset, the shoddiness of their initial analysis would have been even more clear.

Here’s how the FBI managed to conduct an investigation on two thumb drives without, it appears, ever looking at the second one.

As the chain of custody submitted at trial shows, Jim Baker accepted the thumb drives, then handed them off to Peter Strzok, who then handed them off to Acting Assistant Director of Cyber Eric Sporre, who at first put the thumb drives in his safe, then handed them over to Nate Batty.

Within hours (these logs are UTC), Batty and Hellman started mocking the white paper but also complaining about the “absurd quantity of data.”

Hellman, at least, admitted at trial that he only knows the basics about DNS.

The next day, Batty told Hellman that their supervisor wanted them to write a “brief summary” of what he calls “the DNC report.” Batty appears to have known of Sussmann from other cases and he was informed that Sussmann was in the chain of custody.

In spite of the clear record showing Batty was informed who provided the thumb drives, in 2019, he told Durham that he and Hellman — whose analysis was so shitty — had considered filing a whistleblower complaint because they weren’t told what the documentary record shows he was clearly informed. And Durham thought that was sufficiently credible to stick in his report.

Before writing an analysis of this report, Batty admitted, they should first “plug the thumb drives” in and look at the files before they wrote a summary.

The documentary evidence shows that these guys formed their initial conclusion about the white paper without ever reviewing the data first.

A day later, Curtis Heide texted from Chicago and asked them to upload the thumb drives, plural, so they could start looking at them.

They only uploaded one, the Red Thumb Drive.

That’s clear because when Kyle Steere documented what they had received on October 4, he described that his report is, “a brief summary of the contents of the USB drive,” singular. The contents match what were on the Red Thumb Drive.

Two hours and 16 minutes later, after uploading the Red Drive, Batty asked if he should send the actual thumb drives to Chicago.

48 minutes later, Batty asked Hellman if he had the Blue Thumb Drive.

The chain of custody shows that Batty didn’t send anything on September 22, when he and Hellman were panicking about the missing Blue Thumb Drive. Instead, he put something in storage on October 6, two weeks later. That he put them in storage makes no sense, because when he wrote an Electronic Communication explaining why he was sending the thumb drives to Chicago on October 11 (by that point, 19 days after saying they would send the thumb drives to Chicago that day), he claimed,

Due to case operational tempo, and the need to assess the data at ECOU-1 prior to referring the matter to the [Chicago] division the evidence was not charged into evidence (at the NVRA) until October 6, 2016.

Not a shred of evidence in the available record supports that claim and a great deal shows it to be false.

But he didn’t send the physical thumb drives until October 12, FedEx instead of internal BuMail.

By October 12, the FBI had decided there was nothing to these allegations.

Somewhere along the way, there was some confusion as to whether there was one or two thumb drives. At the time the case ID was added — the case was opened on September 23 — it seems to have been understood there was just one thumb drive.

Batty does seem to have sent two thumb drives, one Red and one Blue, to Chicago after that 20-day delay, though.

At trial on May 23, Alison Sands dramatically pulled two thumb drives — a Red Thumb Drive and a Blue Thumb Drive — out of the evidence envelope where she put them years earlier.

Q. Ms. Sands, I’m showing you what’s been marked for identification as Government’s Exhibit 1. Do you recognize that?

A. Yes.

Q. What is that?

A. This is the la envelope.

Q. Do you know what this envelope contains?

A. Yes, it contains the thumb drives. So I basically took them out of evidence and put it into this envelope.

[snip]

Q. Now, Ms. Sands, do you recall how many thumb drives there were?

A. Yes, there’s two.

Q. Do you recall if they had any particular colors?

A. One is blue and one is red.

On the stand, Sands also introduced Steere’s memo, the one that documented the contents of the Red Thumb Drive. In doing so, though, she falsely claimed (at least per the transcript) that the memo described both thumb drives.

Q. Do you recognize what Government’s 206 is?

A. Yes.

Q. What is that?

A. It is the EC documenting what information was on the thumb drives that were provided.

She also introduced the items included on the Red Thumb Drive, one after another, into evidence.

Except for the 19-page set of text files used for technical analysis.

When prosecutor Brittain Shaw got to that file in Steere’s memo, she tried to move it into evidence, but both Judge Cooper and Sussmann attorney Michael Bosworth noted it was already in evidence.

MS. SHAW: Could we go back to Government’s Exhibit 206, please? Moving down the list —

BY MS. SHAW:

Q. The second item, what is that?

A. It is data that was provided as alleged evidence of these DNS lookup tables.

Q. After number 2, is that the title that was given to the file or is that something you assigned?

A. I believe that’s something we assigned.

Q. Okay.

MS. SHAW: And if I could have Government’s Exhibit 208, please. If you’d just blow that up a little bit. Thank you.

BY MS. SHAW:

Q. And, Ms. Sands, do you recognize what that is?

A. Yes, these are the DNS lookups that I just described.

MS. SHAW: All right. I would move Government’s Exhibit 208 into evidence.

MR. BOSWORTH: It may be —-

THE COURT: I think it’s probably in.

MS. SHAW: All right.

It was already in.

Almost a week earlier, Scott Hellman introduced what he called “a portion” of the data included with the exhibit. It was the 19-page text file of DNS logs that reviewed in the Technical Analysis included on the Red Thumb Drive. He didn’t describe it as one stand-alone document included on the thumb drive. He seemed to imply this was a selection the FBI had made.

Q. And if I could show just to you on your screen what’s been marked Government Exhibit 208. And Agent Hellman, this is about an 18- or 19-page document. But you just see the first page here. Do you recognize this?

A. It appears to be a portion of the technical data that came along with the narrative.

MR. DeFILIPPIS: All right. Your Honor, the government offers Government Exhibit 208.

MR. BERKOWITZ: No objection.

THE COURT: So moved.

Q. And if we look at that first page there, Agent Hellman, what kind of data is this?

A. It appears to be — as far as I can tell, it looks to be — it’s log data. So it’s a log that shows a date and a time, a domain, and an IP address. And, I mean, that’s — just looking at this log, there’s not too much more from that.

Q. And do you understand this to be at least a part of the DNS data that was contained on the thumb drives that I think you testified about earlier?

All the while, he and DeFilippis referred to this as “a part” of the DNS data and referred to the thumb drives, plural.

And that, it appears, may be all the data anyone at the FBI ever analyzed.

Update: I erroneously said there were texts between Batty and Hellman that may have gotten deleted. I’ve corrected that error.

Update: I added details from the Lync files showing Batty provided a claim that conflicts with all public evidence about why he didn’t check the thumb drives into evidence until after the investigation was substantively done.

Update: I’ve updated the table to show what Sussmann shared. Particularly given FBI’s shoddy record-keeping and Durham’s obfuscation, it’s not clear on which drive GX209 was, nor is it clear whether there was a separate set of CSV DNS logs on the Blue Drive and if so how many logs they included.

Share this entry

Doo-Doo Process: John Durham Claims to Know Better than Anthony Trenga and Two Juries

/40 Comments/in , , /by

There’s something grotesque and unethical about John Durham’s conduct that has gotten little attention.

After getting his ass handed to him by two juries and one judge, in his report, Durham nevertheless repeated the allegations against Michael Sussmann and Igor Danchenko on which they have been acquitted. While in one discussion of his prosecutorial decisions, Durham described these as “allegations,” in his executive summary and elsewhere, he stated, as fact, that both men had made false or fabricated statements. Worse still, in his efforts to sustain his false statements allegations, Durham himself makes claims that were rebutted or undermined by the trial records.

John Durham lies about press contacts to cover up his failure to investigate exculpatory information

As a reminder, the researchers who found the Alfa Bank anomaly found it organically, and out of a suspicion — later validated by at least three Mueller prosecutions (Paul Manafort, Michael Cohen, and Alex Van der Zwaan) — that Trump and his associates were lying about their ties to Russia, Rodney Joffe shared the Alfa Bank anomaly with Michael Sussmann.

Sussmann definitely packaged up the allegations and asked Fusion GPS what they knew about Alfa Bank. He definitely billed that packaging-up process to Hillary. The campaign definitely approved sharing that information with the NYT.

But then, without the consent of the campaign, Sussmann blew their big story, by sharing the allegations with the FBI.

Sussmann claimed that he did so because, as a former cybersecurity prosecutor, he knew that if DOJ were going to have a chance to investigate these allegations, they would need to do so, covertly, before the allegations went public. He claimed to have done so because he had been in the position where a big allegation broke before law enforcement had an opportunity to investigate. As proof to support this claim, Sussmann noted — and over the course of months, forced Durham to collect the heretofore ignored evidence proving — that he helped the FBI kill the NYT story the campaign had approved, in the process making it clear that he had to ask someone (Joffe’s) consent to do so.

Because the FBI used overt means to investigate these allegations — a violation of DOJ pre-election guidelines that Durham doesn’t mention in his screed about the FBI — a seeming response to NYT’s efforts which was actually a response to the FBI bigfooting helped to fuel the story. The record shows, and Durham’s most aggressive prosecutor conceded at closing arguments, that the FBI fucked up this investigation in other ways, yet more FBI shortcomings that Durham doesn’t mention in his screed.

After the election, at a time when Sussmann no longer worked for Hillary, Joffe asked him to try to get the CIA to look at these anomalies. Before that meeting, Sussmann told one of his CIA interlocutors that he did have a client (something Sussmann also told to Congress), but described that his client wanted anonymity because of concerns about Russian retaliation. In the meeting where he passed off his thumb drives, he said he was not representing a client.

Those are the competing signals on which Durham obtained a criminal indictment and did so before having consulted significant swaths of directly relevant evidence: a question about how Sussmann intended those words, “represent” and “on behalf of,” a problem with the indictment that Sussmann identified immediately.

Here’s how Durham presented the Sussmann charges in the Executive Summary (all bold in this post my own).

The Office also investigated the actions of Perkins Coie attorney Michael Sussmann and others in connection with Sussmann’s provision of data and “white papers” to FBI General Counsel James Baker purporting to show that there existed a covert communications channel between the Trump Organization and a Russia-based bank called Alfa Bank. As set forth in Section IV.E.1.c.iii, in doing so he represented to Baker by text message and in person that he was acting on his own and was not representing any client or company in providing the information to the FBI. Our investigation showed that, in point of fact, these representations to Baker were false in that Sussmann was representing the Clinton campaign (as evidenced by, among other things, his law firm’s billing records and internal communications). 42 In addition, Sussmann was representing a second client, a technology executive named Rodney Joffe (as evidenced by various written communications, Sussmann’s subsequent congressional testimony, and other records).

Cyber experts from the FBI examined the materials given to Baker and concluded that they did not establish what Sussmann claimed they showed. At a later time, Sussmann made a separate presentation regarding the Alfa Bank allegations to another U.S. government agency and it too concluded that the materials did not show what Sussmann claimed. In connection with that second presentation, Sussmann made a similar false statement to that agency, claiming that he was not providing the information on behalf of any client.

[snip]

As explained in Section IV.E. l .c.i, the evidence collected by the Office also demonstrated that, prior to providing the unfounded Alfa bank claims to the FBI, Sussmann and Fusion GPS (the Clinton campaign’s opposition research firm) had provided the same information to various news organizations and were pressing reporters to write articles about the alleged secret communications channel. Moreover, during his September 2016 meeting at the FBI, Sussmann told Baker that an unnamed news outlet was in possession of the information and would soon publish a story about it. The disclosure of the media’s involvement caused the FBI to contact the news outlet whose name was eventually provided by Sussmann in the hope of delaying any public reporting on the subject. In doing so it confirmed for the New York Times that the FBI was looking into the matter. On October 31, 2016, less than two weeks before the election, the New York Times and others published articles on the Alfa Bank matter and the Clinton campaign issued tweets and public statements on the allegations of a secret channel of communications being used by the Trump Organization and a Russian bank – allegations that had been provided to the media and the FBI by Fusion GPS and Sussmann, both of whom were working for the Clinton campaign. [my emphasis; link]

And here’s how Durham presented his prosecutorial decision.

Accordingly, Sussmann’s conduct supports the inference that his representations to both the FBI and the CIA that he was not there on behalf of a client reflect attempts to conceal the role of certain clients, namely the Clinton campaign and Joffe, in Sussmann’s work. Such evidence also further supports the inference that Sussmann’s false statements to two different agencies were not a mistake or misunderstanding but, rather, a deliberate effort to conceal the involvement of specific clients in his delivery of data and documents to the FBI and CIA. [link]

[snip]

First, and as noted above, we identified certain statements that Sussmann made to the FBI and the CIA that the investigation revealed were false. Given the seriousness of the false statement and its effect on the FBI’s investigation, a federal Grand Jury found probable cause to believe that Sussmann had lied to the FBI and charged him with making a false statement to the Bureau, in violation of 18 U.S.C. § 1001. 1675 Ultimately, after a two-week trial, a jury acquitted Sussmann of the false statement charge.

We also considered whether any criminal actions were taken by other persons or entities in furtherance of Sussmann’s false statement to the FBI. The evidence gathered in the investigation did not establish that any such actions were taken. [link]

As noted above, just in these two passages Durham repeats, five times, that Sussmann made false statements, even though he never charged Sussmann with making false statements to the CIA and even though a jury found Sussmann not guilty of making false statements to the FBI (Durham also misrepresents that the billing evidence presented at trial, which didn’t show Sussmann billing Hillary for the meeting with Baker). This is a gross assault on due process, to accuse a man anew of the charges for which he has already been acquitted.

Durham claims, in explaining why he charged this flimsy case, that the [alleged] “false statement” was serious and had what he insinuates was a major effect on the FBI investigation. Remember: When Durham made this prosecutorial decision, he still had never bothered to check two Jim Baker phones in DOJ IG possession (one of which he had learned about years earlier), texts in Baker’s iCloud account that complicated his case, and documents in DOJ IG’s possession showing that the FBI understood — whether true or not — that the Alfa Bank allegation came from the DNC. Indeed, Durham obscures that while those Baker texts did show that Sussmann had conveyed such a claim by text, those belatedly discovered texts undermined Durham’s case at trial that Sussmann had repeated the claim in person (without providing any clarity about how Sussmann meant “on behalf of”). And one possible explanation for the acquittal is that the jury found that Sussmann didn’t repeat his claim that he was representing no client at the face-to-face meeting with Baker. Certainly, the record showed that whatever memory Baker had of that meeting had been selectively reconstructed with Durham’s help to match the story he needed to sustain a certain narrative, one that didn’t line up with the documentary evidence.

And evidence presented at trial completely undermined the claim that this was a material false claim, the reason Durham made the claim about seriousness in the first place. Sussmann’s attorneys showed that only the threat of prosecution altered FBI Agent Ryan Gaynor’s memory — backed by his contemporaneous notes — that, in fact, he always understood that the allegation came from a DNC attorney. Durham’s star FBI witness admitted on cross-examination that he developed his belief that a reference to the DNC in his colleague’s Lync texts was just a typo after prosecutor Andrew DeFilippis coached him on that point. There were other Lync texts recording a belief that the tip had come from the DNC. Several people at the FBI conducted this investigation as if they understood it to be an investigation of a DNC tip, which likely contributed to the errors the FBI made in their investigation. Durham claims the opposite.

Durham seems to hang his claim about seriousness on his own two inferences — one on top of another — that Sussmann had to have been deliberately hiding something, even though evidence presented at trial, most notably that Sussmann offered up information about having a client with both the FBI and CIA, undermined those inferences. As noted, Durham found April Lorenzen’s inferences as a private citizen to be potentially criminal, but he puts the weight of DOJ behind inferences that proved less robust than Lorenzen’s own.

Particularly given the fact that Durham only belatedly, months after indicting Sussmann, discovered evidence corroborating Sussmann’s explanation for reaching out to Baker — that he helped the FBI kill the NYT story the campaign very much wanted published — the Special Counsel’s misrepresentation of the timeline of press contacts is particularly dishonest. In response to an Eric Lichtblau email asking for more details about Russian hacking, Sussmann provided the tip. Durham’s claim that Sussmann “eventually provided” Lichtblau’s name falsely suggests it took more than a few days to make this happen. After that, Sussmann didn’t push the Alfa Bank story until it got published via other channels. For its part, Fusion was pushing this story weeks later, after April Lorenzen’s separately posted data had renewed questions about it. This muddled timeline repeats the outlandish claim Durham prosecutor Brittain Shaw made in opening arguments that an article most Democrats view as profoundly damaging was precisely the October Surprise Hillary wanted. But in this final report, it’s wildly dishonest spin to cover up the fact that Durham didn’t learn a key detail — that Sussmann helped kill the NYT story — until after charging him.

All the more so because telling the truth about Sussmann’s willingness to help the FBI kill the story suggests Sussmann’s version of the story is far more credible than Durham’s.

How Durham avoids admitting he charged a “literally true” statement as false

If you read nothing more than John Durham’s Executive Summary, you would never learn that John Durham falsely led the press to believe that Danchenko attributed the pee tape allegation to someone with distant ties to Hillary rather than the two Russians who admitted they went out drinking with Danchenko during the period in question. More importantly, you would never learn that Durham created that false pee tape panic out of what Judge Anthony Trenga ruled was a literally true statement.

This section of the Executive Summary, which doesn’t mention any prosecutorial decision regarding Dolan, is completely divorced from the prosecutorial decision it pertains to.

During the relevant time period, Danchenko maintained a relationship with Charles Dolan, a Virginia-based public relations professional who had previously held multiple positions and roles in the Democratic National Committee (“DNC”) and the Democratic Party. In his role as a public relations professional, Dolan focused much of his career interacting with Eurasian clients, with a particular focus on Russia. As described in Section IV.D. l.d.ii, Dolan previously conducted business with the Russian Federation and maintained relationships with several key Russian government officials, including Dimitry Peskov, the powerful Press Secretary of the Russian Presidential Administration. A number of these Russian government officials with whom Dolan maintained a relationship – and was in contact with at the time Danchenko was collecting information for Steele – would later appear in the Dossier.

In the summer and fall of 2016, at the time Danchenko was collecting information for Steele, Dolan traveled to Moscow, as did Danchenko, in connection with a business conference. As discussed in Section IV.D. l .d.iii, the business conference was held at the Ritz Carlton Moscow, which, according to the Steele Reports, was allegedly the site of salacious sexual conduct on the part of Trump. Danchenko would later inform the FBI that he learned of these allegations through Ritz Carlton staff members. Our investigation, however, revealed that it was Dolan, not Danchenko, who actually interacted with the hotel staff identified in the Steele Reports, so between the two, Dolan appears the more likely source of the allegations.

As discussed in Section IV.D. l .d.vi, our investigation also uncovered that Dolan was the definitive source for at least one allegation in the Steele Reports. This allegation, contained in Steele Report 2016/105, concerned the circumstances surrounding the resignation of Paul Manafort from the Trump campaign. When interviewed by the Office, Dolan admitted that he fabricated the allegation about Manafort that appeared in the Steele Report. Our investigation also revealed that, in some instances, Dolan independently received other information strikingly similar to allegations that would later appear in the Steele Reports. Nevertheless, when interviewed by the FBI, Danchenko denied that Dolan was a source for any information in the Steele Reports. [link]

When Durham gets around to describing his decision to charge Igor Danchenko in the Executive Summary, he makes no mention that one of those charges pertained to Dolan. Likewise, he makes no mention that Trenga threw out that charge before sending it to a jury.

Perhaps the most damning allegation in the Steele Dossier reports was Company Report 2016/95, which Steele attributed to “Source E,” one of Danchenko’s supposed sub-sources. This report, portions of which were included in each of the four Page FISA applications, contributed to the public narrative of Trump’s conspiring and colluding with Russian officials. As discussed in Section IV.D. l.f, Danchenko’s alleged source for the information (Source E) was an individual by the name of Sergei Millian who was the president of the Russian-American Chamber of Commerce in New York City and a public Trump supporter. The evidence uncovered by the Office showed that Danchenko never spoke with Sergei Millian and simply fabricated the allegations that he attributed to Millian.

When interviewed by Crossfire Hurricane investigators in late January 2017, Danchenko said that Source E in Report 2016/95 sounded as though it was Sergei Millian. As discussed in Section IV.D.1.f.i, Danchenko stated that he never actually met Millian. Instead, he said that in late-July 2016 he received an anonymous call from a person who did not identify himself, but who spoke with a Russian accent. Danchenko further explained that he thought it might have been Millian – someone Danchenko previously had emailed twice and received no response – after watching a YouTube video of Millian speaking. Thus, as detailed in Section IV.D. l .f.i, the total support for the Source E information contained in Steele Report 2016/95 is a purported anonymous call from someone Danchenko had never met or spoken to but who he believed might be Sergei Millian – a Trump supporter – based on his listening to a YouTube video of Millian. Unfortunately, the investigation revealed that, instead of taking even basic steps, such as securing telephone call records for either Danchenko or Millian to investigate Danchenko’ s hard-to-believe story about Millian, the Crossfire Hurricane investigators appear to have chosen to ignore this and other red flags concerning Danchenko’s credibility, as well as Steele’s.41

41 As noted in Section IV.D.2.f, a federal grand jury in the Eastern District of Virginia returned a five-count indictment against Danchenko charging him with making false statements. A trial jury, however, found that the evidence was not sufficient to prove his guilt beyond a reasonable doubt. See United States v. Igor Danchenko, 21-CR-245 (E.D. Va.). [link]

That’s what you’d learn from the Executive Summary.

It’s only in the body of his report where Durham reveals the Dolan-related charge and Judge Trenga’s finding that the statement he charged as a false statement was literally true. I’d like to congratulate Durham for here describing the false statements claims as “allegations” made by a grand jury, as distinct from the re-accusation of false statements made against Sussmann or his claim that Danchenko “fabricated the allegations” attributed to Millian. But even there he misrepresents the charges.

In November 2021, a grand jury sitting in the Eastern District of Virginia returned an indictment (“Indictment”) charging Igor Danchenko with five counts of making false statements to the FBI. The false statements, which were made during Danchenko’s time as an FBI CHS, related to his role as Steele’s primary sub-source for the Reports.

First, the Indictment alleged that Danchenko stated falsely that he had never communicated with Charles Dolan about any allegations contained in the Steele Reports. As discussed above, the documentary evidence clearly showed that Dolan was the source for at least one allegation in the Steele Reports. Specifically, that information concerned Manafort’s resignation as Trump’s campaign manager, an allegation Dolan told Danchenko that he sourced from a “GOP friend” but that he told our investigators was something he made up. 1384 The allegations regarding Dolan formed the basis of Count One of the Indictment.

Second, the Indictment alleged that Danchenko falsely stated that, in or about late July 2016, he received an anonymous phone call from an individual whom Danchenko believed to be Sergei Millian. Danchenko also falsely stated that, during this phone call, (i) the person he believed to be Millian informed him, in part, about information that the Steele Reports later described as demonstrating a well-developed “conspiracy of cooperation” between the Trump campaign and Russian officials, and (ii) Danchenko and Millian agreed to meet in New York. The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian. The allegations regarding Millian formed the bases for Counts Two through Five of the Indictment.

Following a one-week trial, and before the case went to the jury, the Court dismissed Count One of the Indictment pursuant to Federal Rule of Criminal Procedure 29. The Court held that Danchenko’s statement to the FBI regarding Dolan, i.e., that he [Danchenko] never “talked to [Dolan] about anything that showed up in the dossier” was “literally true” because, in fact, the information about Manafort was exchanged over email rather than in an actual verbal conversation. The Court denied Danchenko’s Rule 29 motion to dismiss related to the remaining counts of the Indictment. Following two days of deliberations, the jury concluded that the case had not been proven beyond a reasonable doubt.

In determining whether to bring criminal charges against Danchenko, the Office expected to be able to introduce additional evidence against Danchenko that supported the charged crimes. Thus, prior to trial, the Office moved in limine to introduce certain evidence as direct evidence of the charged crimes. Alternatively, the Office moved to admit the evidence as “other act” evidence pursuant to Federal Rule of Evidence 404(b) to prove Danchenko’ s motive, intent, plan and absence of mistake or accident. In particular, the Office sought permission to introduce evidence of:

(1) Danchenko’ s uncharged false statements to the FBI regarding his purported receipt of information reflecting Trump’s alleged salacious sexual activity at the Ritz Carlton Hotel in Moscow. In particular, the Office planned to call as a witness the German-national general manager of the Ritz Carlton, identified in the Steele Report 2016/080 as “Source E.” The Office expected the general manager would testify that he (i) had no recollection of speaking with Danchenko in June 2016 or at any time, (ii) had no knowledge of the allegations set forth in the Steele Report before their appearance in the media, and (iii) never discussed such allegations with Danchenko or any staff member at the hotel;

(2) Danchenko’s uncharged false statements to the FBI reflecting the fact that he never informed friends, associates, and/or sources that he worked for Orbis or Steele and that “you [the FBI] are the first people he’s told.” In fact, the evidence revealed that Danchenko on multiple occasions communicated and emailed with, among others, Dolan regarding his work for Steele and Orbis, thus potentially opening the door to the receipt and dissemination of Russian disinformation; and

(3) Danchenko’s email to a former employer in which Danchenko advised the employer, when necessary, to fabricate sources of information. Specifically, on February 24, 2016, just months before Danchenko began collecting information for the Steele Reports, the employer asked Danchenko to review a report that the employer’s company had prepared. Danchenko emailed the employer with certain recommendations to improve the report. One of those recommendations was the following:

Emphasize sources. Make them bold of CAPITALISED [sic]. The more sources the better. If you lack them, use oneself as a source ([Location redacted]-Washington-based businessman” or whatever) to save the situation and make it look a bit better. 1385

Danchenko’s advice that he attach multiple sources to information and obscure one’s own role as a source for information was consistent with Danchenko’s alleged false statements in which he denied or fabricated the roles of sources in the Steele Reports.

The Court ruled, however, that the evidence described above was inadmissible at trial. The prosecution was forced to then proceed without the benefit of what it believed in good faith was powerful, admissible evidence under Rule 404(6) of the Federal Rules of Evidence.

In reality, the question Danchenko answered about Dolan was an attempt to learn whether Dolan could have been a direct source to Steele, not to Danchenko. And Danchenko didn’t entirely deny talking to Dolan about such issues. He said they talked about “related issues perhaps but no, no, no, nothing specific.” One of the FBI Agents who tried to open an investigation into Dolan relied on the statements Danchenko did make, so it’s not like anything Danchenko said impeded that investigation.

Meanwhile, Durham’s description of the acquitted false statements against Millian conflates, as he repeatedly did during the prosecution, what Danchenko told the FBI he told Christopher Steele, and what showed up in the dossier, which Danchenko had no hand in writing. Danchenko said that some of the allegations in the dossier didn’t come from him — including the claim of conspiracy (and lots of FBI Agents have been disciplined because they didn’t pass on this detail to the FISA Court). What Danchenko told the FBI was that the caller had said there was an exchange of information with the Kremlin (which, in fact, Mueller’s investigation proved, there already had been!), but that there was, “nothing bad about it,” all of which (as Danchenko’s team made clear at trial) is utterly consistent with other things Millian was saying at the time. The alleged lie Danchenko told is that he believed at the time (in July 2016) that the caller was Millian. Also, Durham claims that Danchenko said he made plans to meet in New York; he doesn’t note that Danchenko said those were tentative plans. In other words, Durham here misrepresents what Danchenko actually said! Durham is the fabricator here, not Danchenko.

Having grossly overstated what the charge against Danchenko was, Durham claims that, “The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian.”

That’s why we have juries, buddy! No, there was not. Nuh uh.

For some reason, Durham feels the need to explain why he got his ass handed to him even though, he’s sure, he had enough evidence in hand to charge Danchenko.  He blames Judge Trenga’s exclusion of three pieces of evidence about uncharged conduct (here’s my post on that ruling and here’s Trenga’s order). Among the three pieces of evidence he claims he relied on when making a prosecutorial decision in November 2021 is an interview with the former General Manager of the Ritz that only happened in August 2022 (the indictment relies on Dolan and one of Dolan’s colleagues for that claim, not the Manager himself). At least as described, Durham would have needed a time machine for the GM’s testimony to have factored in his prosecutorial decision.

Plus, the claim that those three pieces of evidence — none of which directly pertain to Millian! — were what Durham relied on to make a prosecutorial decision in November 2021 conflicts with what his team said in a filing last September. Back then, they said certain emails from Millian were the most probative proof against Danchenko.

The July 2020 emails between Millian and Zlodorev also bear circumstantial guarantees of trustworthiness. Again, in July 2020, Millian had no motive to lie to Zlodorev.

Third, whether the statements relate to a material fact. The Government submits that this factor is not in dispute.

Fourth, whether the statements are the most probative evidence on the point. Millian’s emails written contemporaneous to the events at issue are undoubtedly the most probative evidence to support the fact that Millian had never met or spoken with the defendant.

Trenga decided those emails were inadmissible hearsay.

Durham probably points to three other pieces of evidence — one obtained nine months after the indictment and all unrelated to Millian — because to admit that his case relied on inadmissible hearsay would require Durham to admit something still more embarrassing. Those hearsay emails from Millian were only the most probative evidence because Durham insanely charged Danchenko relying on what Millian had said on his Twitter account.

Only three months after indicting Danchenko on November 3, 2021 did Durham get around to interviewing Millian.

1085 OSC Report of Interview of Sergei Millian on Feb. 5, 2022 at 1.

His team did that interview remotely; Durham didn’t even have direct proof that Millian was in Dubai when he did that interview.

The Government has conducted a virtual interview of Millian. Based on representations from counsel, the Government believes that Millian was located in Dubai at the time of the interview.

[snip]

The Government has also been in contact with Millian’s counsel about the possibility of his testimony at trial. Nonetheless, despite its best efforts, the Government’s attempts to secure Millian’s voluntary testimony have been unsuccessful. Moreover, counsel for Millian would not accept service of a trial subpoena and advised that he does not know Millian’s address in order to effect service abroad.

[snip]

In the case of a U.S. national residing in a foreign country, 28 U.S.C. § 1783 allows for the service of a subpoena on a U.S. national residing abroad. Here, the Government has made substantial and repeated efforts to secure Millian’s voluntary testimony. When those efforts failed, the Government attempted to serve a subpoena on Millian’s counsel who advised that he was not authorized to accept service on behalf of Mr. Millian. The Government, not being aware of Millian’s exact location or address, asked counsel to provide Millian’s address so that service of a subpoena could be effectuated pursuant to 28 U.S.C. § 1783. Counsel stated that he does not know Millian’s address. In any event, even if the Government had been able to locate Millian, it appears unlikely that Millian would comply with the subpoena and travel to the United States to testify.

And a week after that interview, Durham accused Millian (though he didn’t name him) of “misrepresent[ing] facts” when he claimed “they” were spying on the White House on the very same Twitter account on which Durham relied to obtain the indictment.

One day later, Millian’s Twitter account revealed that Millian told the Trump White House who was “working against them” long before it was publicly known (Durham made no mention of these Tweets when he tried to claim that emails Millian sent in 2020 could be considered reliable).

In other words, abundant evidence suggests that Durham indicted Danchenko without doing the most basic step first, testing Millian’s reliability. By the time he got to trial, Millian — who like Danchenko, had been the subject of a counterintelligence investigation, and who unlike Danchenko had been frolicking in St. Petersburg during 2016 with Oleg Deripaska, someone who had a key role in Russia’s interference in 2016 — proved more than unreliable.

Durham makes no mention of that truly humiliating prosecutorial misstep, an embarrassment set in motion when he decided to indict a man based on claims made on Twitter, in his entire Report.

And yet not only does Durham refuse to state clearly, in his description of the prosecutorial decision, that Danchenko was acquitted of the charges against him, in his Executive Summary he falsely claims that he has proven Danchenko fabricated the claim. Worse still, Durham complains about investigative steps the Crossfire Hurricane investigators appear to have taken (which are different from the Mueller ones, who obtained abundant records about Millian’s communications), but he himself focused exclusively on disproving a telephony call between the two men, in spite of evidence (including of the contacts setting up a meeting between Millian and George Papadopoulos in precisely the same period) that any such call would have happened over the Internet.

Durham does this while making it clear that one reason he charged the Millian counts is because the allegation attributed to Millian, “contributed to the public narrative of Trump’s conspiring and colluding with Russian officials.” That’s only a crime if someone lied to the FBI about it, and Durham didn’t prove his case that Danchenko did.

It should not be left to me, almost a week after this report got released, to point out something grotesque. Durham is still claiming that these men lied, even though two juries told him he didn’t have the evidence to prove that case. That’s not just a grave abuse of Michael Sussmann and Igor Dancheko’s due process, but it exhibits profound disrespect to the service of the jurors.

After both his acquittals, Durham issued a statement claiming, “we respect the jury’s decision and thank them for their service.” And then he wrote a 300-page report telling them he knew better.

Share this entry

John Durham Committed the “Crime” of “Inferring” of Which He Accused Rodney Joffe

/17 Comments/in , /by

I’d like to look at 13 instances in which the word, “inference” appears in the Durham Report.

Almost half come in Durham’s discussion of Rodney Joffe’s work on the Alfa Bank anomalies. Durham states as fact that Joffe “tasked” a number of people to “mine … data to establish ‘an inference’ … tying then-candidate Trump to Russia.”

With respect to the Alfa Bank materials, our investigation established that Joffe had tasked a number of computer technology researchers who worked for companies he was affiliated with, and who had access to certain internet records, to mine the internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia.

[snip]

In particular, in late July and early August, Joffe commenced a project in coordination with Sussmann and Perkins Coie to support an “inference” and “narrative” tying Trump to Russia. For example, records show that on three days in August 2016, Joffe had meetings or conference calls with Sussmann and Elias. 1401 At about the same time, Joffe began tasking his own employees and associates to mine and assemble internet data that would support such an inference or narrative. 1402

[snip]

Regarding this whole project, my opinion is that from DNS all we could gain even in the best case is an *inference*. I have not the slightest doubt that illegal money and relationships exist between pro-Russian and pro-Trump, meaning actual people very close to Trump if not himself, [meaning actual people very close to Trump if not himself. And by Putin’s traditional style, people Putin controls, but not himself. He controls the oligarchs and they control massive fortunes and cross nearly all major industries in a vast number of countries.]

But even if we found what Rodney asks us to find in DNS we don’t see the money flow, and we don’t see the content of some message saying “send me the money here” etc.

I could fill out a sales form on two websites, faking the other company’s email address in each form, and cause them to appear to communicate with each other in DNS (And other ways I can think of and I feel sure [University-1 Researcher-2] can think of[.])

IF Rodney can take the *inference* we gain through this team exercise … and cause someone to apply more use.fit! tools of more useful observation or study or questioning … then work to develop even an inference may be worthwhile.

That is how I understood the task. Because Rodney didn’t tell me more context or specific things. What [Cyber Researcher- 1] has been digging up is going to wind up being significant. It’s just not the case that you can rest assured that Hil[l]ary’s opposition research and whatever professional govts and investigative journalists are also digging … they just don’t all come up with the same things or interpret them the same way. But if you find any benefit in what [he] has done or is doing, you need to say so, to encourage [him]. Because we are both killing ourselves here, every day for weeks.

[I’m on the verge of something interesting with hosts that talk to the list of Trump dirty advisor domain resources, and hosts that talk to [Russian Bank1]-* domains. Take even my start on this and you have Tehran and a set of Russian banks they talk to. I absolutely do not assume that money is passing thru Tehran to Trump. It’s just one of many *inferences* I’m looking at.

SAME IRANIAN IP THAT TALKS TO SOME TRUMP ADVISORS, also talks to:

[list of domains redacted]

(Capitals don’t mean SUPER SIGNIFICANT it was just a heading.)

Many of the IPs we have to work with are quite MIXED in purpose, meaning that a lot of work is needed to WINNOW down and then you will still only be left in most cases with an *inference* not a certainty.]

Trump/ advisor domains I’ve been using. These include ALL from Rodney’s PDF [the Trump Associates List] plus more from [Cyber Researcher-1]‘s work[:

Trump/ advisor domains I’ve been using. These include ALL from [Tech Executive-1’s] PDF [the Trump Associate’s List] plus more from [name redacted, probably also Cyber Researcher-1]’s work: [list of domains redacted] [RUSSIAN BANK-1] DOMAINS [list of domains redacted] More needs to be added to both lists.]1438 

The word “inference” here comes not from Joffe, but from April Lorenzen, who wrote the large block quote here, to which I’ve added — in the italicized brackets — language from the Durham motion to get it admitted at trial. Even without the Lorenzen language Durham excludes, his deceit is clear, because someone that Durham has never included in his feverish conspiracy theories — Cyber Researcher-1 — is described as doing his or her own work. With Lorenzen’s language included, Durham’s deceit is still more obvious, given how Lorenzen talks about forming her own inference. Not to mention the fact that (as I noted here), many of Lorenzen’s inferences — starting with the fact that Trump’s campaign manager was laundering money from Russia through Cyprus and that he had a tie with Alfa Bank founder’s son-in-law or that Trump was hiding business ties with Russia — turned out to be 100% correct.

But Durham’s deceit goes even further, because the effort to review DNS data for signs of Russian hacking started, organically, in June, not in July in response to Joffe.

Durham’s misrepresentation of the relationship between the various researchers is particularly rich given that a technical review he had done months after indicting Sussmann revealed that the data Sussmann shared with the FBI was referred to as Lorenzen’s data, not Joffe’s.

The 851 records of resolutions on the USB drive were an exact match for a file of resolutions sent from University-1 Researcher-2 to University-I Researcher- 1 on July 29, 2016, which was referred to as “[first name of Tech Company-2 Executive-l]’s data.”

As it happens, three more of the appearances of the word “inference” in the Durham Report come from the technical review.

The FBI DNS experts with whom we worked also identified certain data and information that cast doubt upon several assertions, inferences, and allegations contained in (i) the above-quoted white papers about the Yotaphone allegations, and (ii) the presentation and Yotaphone-related materials that Sussmann provided to the CIA in 2017.

[snip]

Data files obtained from Tech Company-I, Tech Company-2, and University-I reflect that Yotaphone-related lookups involving IP addresses assigned to the EOP began long before November or December 2016 and therefore seriously undermine the inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP.

[snip]

In sum, as a result of our investigation, the FBI experts advised us that actual data and information on YotaPhone resolution requests directly undermined or refuted several conclusions and inferences included in the Yotaphone white paper. 1674

But that technical review only treats claims made about Yotaphone, not the Alfa Bank allegations, as “inferences.”

I’ll return to the way that Durham presents this technical review at some later time. It doesn’t help Durham in the way he thinks it does.

The point being, though, is that Durham claimed that Joffe was directing people to make inferences about Alfa Bank. He investigated private citizens who made such inferences as a crime.

Which is why I find it telling that the remaining three uses of the word “inference” in the Durham report are his own.

For example, Durham infers, first, that Sussmann’s statements that he was not at the FBI or CIA on behalf of any client is proof he was hiding who his client(s) were, and from that inference, he in turn infers that Sussmann was deliberately trying to hide Clinton and Joffe.

Accordingly, Sussmann’s conduct supports the inference that his representations to both the FBI and the CIA that he was not there on behalf of a client reflect attempts to conceal the role of certain clients, namely the Clinton campaign and Joffe, in Sussmann’s work. Such evidence also further supports the inference that Sussmann’s false statements to two different agencies were not a mistake or misunderstanding but, rather, a deliberate effort to conceal the involvement of specific clients in his delivery of data and documents to the FBI and CIA.

Both these inferences are nonsense — not least because Clinton no longer was a client of Sussmann’s when he went to the CIA in 2017 and both in the process of setting up the CIA meeting and helping the FBI to kill the NYT Alfa Bank story, Sussmann revealed that he did have a client he was working with.

Durham simply refuses to consider the possibility that DNS experts can see anomalous traffic and view it with alarm. And he grossly misrepresents the evidence regarding whether Sussmann pushed the Alfa Bank story after helping the FBI to kill it, probably because that evidence strongly supports Sussmann’s claimed motive: to give the FBI a chance to investigate before the public story alerted those behind the anomaly.

The final use of the word inference in the report is even more egregious.

As discussed above, Fusion GPS approached Steele in May 2016. Prior to his retention, Glenn Simpson met with Steele at Heathrow Airport in London and pitched Steele on the opposition research project. 1100 Approximately one week later, Danchenko contacted RIA Novosti journalists seeking Millian’s contact information. 1101 The timing of Danchenko’s request to RIA Novosti on the heels of Steele’s meeting with Simpson in London strongly supports the inference that Fusion GPS directed Steele to pursue Millian. 1102 Indeed, by the time of Steele’s meeting with Simpson, Nellie Ohr had already identified Millian’s alleged connections to Trump.

As with Carter Page (and Felix Sater, the focus on whom Durham continually downplayed over the course of this investigation), it didn’t take a research firm to identify Millian’s ties to Trump. Especially not with Millian bragging of those ties. Indeed, elsewhere Durham suggests Ohr learned of Millian from the RIA Novosti interviews he did in April. RIA Novosti was just as accessible to Danchenko as it was to Ohr.

But once you’ve traced the interest in Millian back to a Nellie Ohr report completed on April 22, 2016, then you’re tracking the research started no later than November 2015 under Paul Singer. You’re blaming Hillary for a project she took over from a right wing billionaire. You’re also tracking research that turned out to be reliable and accurate.

Again, these kinds of inferences are the stuff that Durham tried to criminalize when Lorenzen, a private citizen, made them.

But he nevertheless included them in a declination report provided to the Attorney General.

Share this entry

Igor Danchenko Would Have Been a Crucial Witness to Understanding the Disinformation in the Dossier

/38 Comments/in , , /by

Igor Danchenko claims that a Supervisory Special Agent involved in the Russian investigation described his cooperation with the FBI as a confidential source as one of the upsides of that investigation.

As one supervisory special agent has agreed, “one of the upshots [of the Crossfire Hurricane Investigation] has been a relationship with [Mr. Danchenko] which has provided the FBI insights into individuals and to areas that it otherwise was lacking [ ] because of the difficulty with which the FBI has in recruiting people from that part of the world.” The agent further agreed that the FBI’s relationship with Mr. Danchenko was “one thing that in terms of usefulness really did result from this [investigation].”

Danchenko cited it as part of his successful effort to limit how much detail about the 2010 counterintelligence into him John Durham could present at trial, which starts today.

It’s an odd statement, insofar as he doesn’t cite the source (I was wondering if it comes from a pre-trial interview of a witness he plans to call, the precise details of which he’s withholding until the trial). Plus, there are FBI agents who seemed happy to have participated in the investigation, notwithstanding the way Trump found a way to ruin the career of virtually every FBI person involved in it (besides the two guys who botched the Alfa Bank investigation). This person, with the reference to “usefulness,” sounds like one of the skeptics.

Imagine if one of the FBI agents the frothers have been celebrating as a Mueller skeptic for years had good things to say about the (hopefully last) target in Durham’s witch hunt?

Whoever it is, the frothers’ continued obsession with Danchenko’s role as an FBI source — now joined by Chuck Grassley and Ron Johnson — and their certainty there was impropriety about it is a testament to how deep within a bubble they all are, in which Trump matters but US security does not.

Start with what we know or can infer about his vetting. First, he was brought on as a source in March 2017, before the FBI stopped including FISA material among the databases it used to vet potential informants. So they likely checked collections of communications from known Russian spies before they formalized the relationship, including those they knew he had contact with years earlier. If that’s right, they knew a lot about what ties he had with Russians.

Then, at least if we can believe Danchenko, every time there was a discrepancy between what he said and others said, they were resolved in his favor.

To the contrary, not only did investigators and government officials repeatedly represent that Mr. Danchenko had been honest and forthcoming in his interviews, but also resolved discrepancies between his recollection of events and that of others in Mr. Danchenko’s favor.

Frothers blew over the implications of this just like they blew over Danchenko’s reference, in this same filing that, “The government had unfettered access to Mr. Danchenko for approximately four years following his first interview in January 2017” (a presumed allusion to his relationship with the FBI).

This statement about “discrepancies” between Danchenko’s versions and those of others would have to include the interview with Christopher Steele that Durham attempted (unsuccessfully) to introduce as evidence.

On September 18 and 19, 2017, FBI personnel from the Robert Mueller Special Counsel team interviewed Christopher Steele. Steele informed the FBI personnel, in part, that the defendant had collected election-related material in the United States for Orbis. As part of that undertaking, the defendant informed Steele that he met in person with Sergei Millian on two or three occasions – in New York and once in Charleston, South Carolina. The defendant subsequently informed the FBI that he had not in fact met with Millian on any occasion. On November 2, 2017, the defendant further stated to the FBI that Steele incorrectly believed the defendant had met in-person with Millian, and that he (the defendant) did not correct Steele in that misimpression.

Danchenko makes this even more explicitly clear later.

[W]hile the facts alleged in the indictment may show that [Steele] provided the FBI with an inaccurate statement about a meeting between Mr. Danchenko and [Millian] in New York, the facts also clearly show that Mr. Danchenko corrected the record for the FBI by unequivocally stating, on multiple occasions, that he had never met with [Millian] in New York and did not know whether he ever spoke on the phone with [Millian].

Most Republicans claim that Steele’s dossier was garbage. Danchenko maintains he had no role in writing it and Durham doesn’t seem to have any evidence to the contrary. Everything in Danchenko’s prosecution (and the entire DOJ IG Report on Carter Page) is consistent with the FBI believing Danchenko over Steele. And yet the frothers are sure that one of the first guys to raise questions about Steele (Bruce Ohr was actually the first, though he never gets credit for that) is suspect.

If Danchenko’s claim (made after reviewing discovery) is true — something I expect we’ll learn more about during the trial — Mueller, at least, came away from a series of interviews in fall 2017 crediting Danchenko’s claims about the construction of the Steele dossier over Steele’s own. I think the record is somewhat more equivocal than that. For example, Danchenko’s claim that he, “did not view his/her contacts as a network of sources, but rather as friends with whom he/she has conversations about current events and government relations,” is not credible; he knew he was getting paid for this information. But Danchenko showed proof of some of his other claims (for example, in texts with his friend Olga Galkina), and I assume whatever vetting FBI did — including the FISA 702 collection targeting Galkina — held up as well.

If you think Steele fucked over Trump, that should matter to you.

But Danchenko (and that anonymous FBI agent) make it clear Steele was not the only person who Danchenko helped the FBI to understand. Danchenko describes that the investigation into the dossier ended in November 2017.

The investigation into the Reports was ultimately completed by Special Counsel Robert S. Mueller, III, in or about November 2017

But he remained an approved source until October 2020. A Danchenko filing describes being interviewed “dozens of times,” of which roughly eight are included in the scope of the indictment against him (three in January, and one each in March, May, June, October, and November 2017), which therefore must be the only ones that pertain to the dossier. Durham’s project, with his conspiracy theory driven prosecution, is to claim that Danchenko lied at least once in every interview about the dossier.

That Danchenko was interviewed some 16 more times is news: it would suggest Danchenko’s was asked to explain more than just Steele’s reporting methods. It’s not even clear Durham would have reviewed all that reporting before he charged Danchenko; he’s not known to have investigated past the beginnings of the Mueller investigation, and Durham only produced a December 2017 draft opening memo for an investigation into Charles Dolan in the last month.

[W]hen agents drafted a December 2017 communication in support of opening an investigation into Dolan, they included the information Mr. Danchenko provided them as support for opening the investigation. 3

3 The December communication is highly exculpatory with regard to the essential element of materiality and it is not clear why it was only produced 30 days from the start of trial. It was produced as Jencks material (also late by the terms of the Court’s Order requiring all Jencks to be produced by September 1) but is obviously Brady evidence. 

Durham certainly didn’t bother learning all of Rodney Joffe’s contributions to the FBI before he made wild insinuations about him and got him discontinued as an FBI source, so it’s possible he did not for Danchenko either.

And that’s interesting given what is in the public record about related events.

Try to look at the Russian investigation not as an attempt to sink Trump (much of what we know about matters Danchenko may have cooperated on comes from before the investigation was predicated on Trump), and not as the precursor to the prosecutions we know happened. Try to consider the Russian investigation as an investigation in the wake of a hostile attack from a foreign power. And consider what the DOJ IG Report on Carter Page — a document most frothers treat with near biblical reverence and ignorance, the declassified footnotes to the report, the Bruce Ohr 302s, and details revealed in the Danchenko filings disclose about where the investigation into the dossier and related topics developed between December 2016 and September 2000.

In the period when Danchenko was brought on as an informant (and before the time Steele was interviewed) the FBI learned that Steele had problematic ties with Oleg Deripaska and his (and Danchenko’s) source network had been compromised by Russian spooks.

  • December 2016: As much as Steele was trying to push the dossier to the FBI, he was also trying to push Oleg Deripaska’s complaints that Manafort had stolen money from him
  • January 12, 2017: Another intelligence service relayed an inaccuracy about the Michael Cohen claims in the Steele Report, claims Danchenko sourced to his friend Galkina, who had gotten close to Dmitry Peskov via Dolan
  • January 24, 2017: Danchenko didn’t know that Deripaska was the one who paid Steele to investigate Manafort in spring 2016
  • February 14, 2017: Steele was working for certain attorneys, including the attorney for Oleg Deripaska
  • February 27, 2017: An individual with ties to Trump and Russia said the pee tape was the product of Russia infiltrating a source into the Steele network
  • March 2017: The Crossfire Hurricane considers the full import of the open counterintelligence investigation on Millian
  • June 2017: Someone affiliated with Oleg Deripaska learned of Steele’s project by early July 2016 — so before all but the first report
  • Early June 2017: Russian spooks became aware of Steele’s election investigation in early 2016 [this date is probably wrong but still an indication that Russia learned about the project from the start]
  • Early June 2017: FBI targeted Olga Galkina under Section 702 (and discovered her ties to Chuck Dolan and both their ties to Dmitry Peskov)
  • December 2017: FBI at least considered opening an investigation into Dolan
  • February 2018: The reason Manafort shared campaign information in August 2016 was in an effort to get “whole” with Deripaska; Kilimnik shared a clever plot to defeat Hillary
  • April 2018: Treasury sanctions Deripaska, among others
  • May 2018: More on how Kilimnik’s August meeting pertained to a plan to beat Hillary
  • September 2000: Deripaska’s US associate, Olga Shriki, appears before grand jury

By 2019, the IG Report makes clear, there were abundant reasons to suspect that Deripaska had played a key role in injecting disinformation into the dossier. In the earlier days of the investigation, key people on the Crossfire Hurricane team didn’t know of Steele’s ties to Deripaska, something that, “could have indicated that Steele was being used in a Russian ‘controlled operation’ to influence perceptions (i.e., a disinformation campaign).” Until the way Deripaska was working both sides — increasing Manafort’s legal jeopardy while using his desperation to get his cooperation with the election operation — became clear, Deripaska’s ties to the dossier didn’t make sense, as Bill Priestap explained.

[I]f that’s the theory [that Russian Oligarch 1 ran a disinformation campaign through [Steele] to the FBI], then I’m struggling with what the goal was. So, because, obviously, what [Steele] reported was not helpful, you could argue, to then [candidate] Trump. And if you guys recall, nobody thought then candidate Trump was going to win the election. Why the Russians, and [Russian Oligarch 1] is supposed to be close, very close to the Kremlin, why the Russians would try to denigrate an opponent that the intel community later said they were in favor of who didn’t really have a chance at winning, I’m struggling, with, when you know the Russians, and this I know from my Intelligence Community work: they favored Trump, they’re trying to denigrate Clinton, and they wanted to sow chaos. I don’t know why you’d run a disinformation campaign to denigrate Trump on the side.

But as the Manafort side of the equation became clear, it all made more sense. And the implication is that by 2019, that’s what the FBI understood to have happened.

Chuck Grassley was the first person to start raising public questions about Deripaska’s role in the dossier. Similarly, he was among the first to raise concerns about disinformation and the dossier.

The more likely explanation for Danchenko’s CHS status is one he and other Republicans should welcome: that the FBI investigated how the dossier was used as disinformation. Danchenko was fed a lot of shit, from people (like Galkina) he trusted implicitly; that shit happened to be tailored to sow maximal dissension in US politics. And then Steele, unbeknownst to Danchenko, packaged it up inside exaggerations.

If it bothers you that the dossier was larded with disinformation — and it should bother people on both sides of the aisle — then you should welcome FBI’s effort to understand how that happened. And one crucial step in that process is to understand how the network behind it tied right back to the Russians who played central roles in the 2016 attack on US democracy. Danchenko would have been a key guide to that information.

Share this entry

On the Belated Education of John Durham

/59 Comments/in , /by

In a filing on September 2 in the Igor Danchenko case, John Durham confirmed that Danchenko had been a paid FBI source from March 2017 through October 2020.

In March 2017, the FBI signed the defendant up as a paid confidential human source of the FBI. The FBI terminated its source relationship with the defendant in October 2020.

I had heard this — though not with the sourcing such that I could publish. Apparently it was news to the frothers, who’ve been wailing about it ever since. Here’s Margot at the Federalist Faceplant, Jonathan Turley, and Chuck Ross at his new digs at the outlet that first hired Christopher Steele. Here’s the former President during an obsequious Hugh Hewitt interview.

Danchenko’s status was implicit in a lot of what is public. Even absent the frothers doing any kind of journalism, or even critical thinking, what did they think this reference in Danchenko’s motion to dismiss meant?

The government had unfettered access to Mr. Danchenko for approximately four years following his first interview in January 2017, and not once did any agent ever raise concerns about the now purportedly contradictory post-call emails.

As I hope to show in a follow-up, it actually makes a lot of sense.

Meanwhile, in Danchenko’s response to that filing, he revealed that information he provided to the FBI was used in a memorandum supporting the opening of an investigation into Charles Dolan, one of Durham’s star witnesses against Danchenko. (Note, this reference stops short of saying that the FBI did open an investigation into Dolan, just that someone proposed doing so.)

[T]he Special Counsel ignores, and conceals from this Court, that Mr. Danchenko was interviewed dozens of times and during the course of those interviews, particularly when asked specific questions about Dolan (which was not often), Mr. Danchenko (1) told the FBI about the Moscow trips with Dolan, (2) told the FBI that Steele knew of Dolan, (3) told the FBI that not only was Dolan doing work with Olga Galkina but that Mr. Danchenko himself had introduced them, and (4) told the FBI that Dolan had connections and relationships with high-level Kremlin officials, including President Putin’s personal spokesperson, Dmitry Peskov. Indeed, when agents drafted a December 2017 communication in support of opening an investigation into Dolan, they included the information Mr. Danchenko provided them as support for opening the investigation. 3 [emphasis original]

This may not be the last surprise investigation we hear about. Back in the original filing on September 2, Durham argued he should be able to talk about the 2008 allegation that led to a counterintelligence investigation into Danchenko, in part, because (Durham predicted bitterly) Danchenko will likely raise investigations into others, plural, who will “feature prominently at trial.”

[T]he Government expects the defense to introduce evidence of FBI investigations into other individuals who the Government anticipates will feature prominently at trial. Thus, the introduction of the defendant’s prior counterintelligence investigation – should the defense open the door – does not give rise to unfair prejudice that substantially outweighs its probative value.

Effectively, Durham is arguing that if Danchenko points out that Durham’s witnesses should not be considered reliable based on suspicions they were working for Russia’s interests, then he should be able to point out that Danchenko was once similarly suspected as well. Durham also wants to point out that Dolan twice asserted that Danchenko might be a Russian spook, but also allegedly always knew of his role at Orbis — assertions that, in tandem, could actually hurt Durham’s case, given the subsequent disclosure that Dolan was investigated himself. Durham may not understand that, yet.

One of these people whose investigation Danchenko will raise at trial is undoubtedly Sergei Millian, whose cultivation of George Papadopoulos in exactly the same time period Danchenko claims to have believed he spoke to Millian was one of a number of things the FBI investigated starting in 2016.

Danchenko’s response to Durham’s demand that he be allowed to raise the 11-year old counterintelligence investigation into Danchenko (besides providing a somewhat different timeline) was basically to say, “Bring it!” He intends to raise that counterintelligence investigation himself, he claims. Note: Durham doesn’t note, but it is clear from the January interviews of Danchenko, that FBI interviewers probed Danchenko about that prior investigation in their very first interviews in 2017.

As noted, I hope to return to all this dizzying spy-versus-spy shit in a follow-up. By then we’re likely to have several more disclosures, plus some details about the known investigation into Millian.

This all shows there was not a shred of prosecutorial discretion exercised before charging Danchenko. Even if Danchenko had done grievous harm to the US, no sane prosecutor would have charged this case with such easily impeached witnesses. Even Durham now seems to understand his materiality claims are flimsy. And yet, to prove a five year old false statements allegation, he has forced the government to declassify a whole range of sensitive material, including this detail about Dolan.

And that process apparently continues to be a struggle for Durham (as I predicted it would be).

Consider the timeline implied by Danchenko’s footnote about the Dolan revelation. Danchenko claims that he only just learned about the Dolan investigation opening memo.

3 The December communication is highly exculpatory with regard to the essential element of materiality and it is not clear why it was only produced 30 days from the start of trial. It was produced as Jencks material (also late by the terms of the Court’s Order requiring all Jencks to be produced by September 1) but is obviously Brady evidence. The defendant understands that the CIPA procedures may have slowed the production of certain categories of discovery but given the Indictment’s allegations about the materiality of Mr. Danchenko’s failure to attribute public information to Dolan, the production of this specific document should have been a priority for declassification.

When Danchenko says that Counterintelligence Information Procedures Act may have slowed the production of this, he’s suggesting (charitably) that someone at DOJ took a long time to release this information to Durham and that Durham had no control over that process. That’s another thing I predicted in this post about how CIPA would affect this case: “it can end up postponing the time when the defendant actually gets the evidence he will use at trial. So it generally sucks for defendants.”

The trial starts on October 11. This footnote suggests that Danchenko only received this information 30 days before trial, so around September 11, in the week before he filed this. Whenever it was disclosed, if he received it after the September 1 deadline, that would make it too late for the September 2 deadline for Danchenko’s own motion to dismiss. It would put it after Durham’s September 2 filing — the one bitching about how much of the trial Danchenko will use to focus on the investigations into witnesses, plural, against him — which means the plural reference may not have incorporated Dolan. Danchenko would have learned about this over a month after his own deadline to lay out what classified information he intended to use at trial, and at least a week after the August 30 CIPA conference, at which the two sides debated about what classified information Danchenko should be allowed to use at trial.

It also comes after a series of delays in Durham’s classified discovery. In May, I described what was publicly billed as the last one.

It’s that record that makes me so interested in Durham’s second bid to extend deadlines for classified discovery in the Igor Danchenko case.

After Danchenko argued he couldn’t be ready for an April 18 trial date, Durham proposed a March 29 deadline for prosecutors to meet classified discovery; that means Durham originally imagined he’d be done with classified discovery over six weeks ago. A week before that deadline, Durham asked for a six week delay — to what would have been Friday. Danchenko consented to the change and Judge Anthony Trenga granted it. Then on Monday, Durham asked for another extension, this time for another month.

When Durham asked for the first delay, he boasted they had provided Danchenko 60,000 unclassified documents and promised “a large volume” of classified discovery that week (that is, before the original deadline).

To date, the government has produced over 60,000 documents in unclassified discovery. A portion of these documents were originally marked “classified” and the government has worked with the appropriate declassification authorities to produce the documents in an unclassified format.

[snip]

Nevertheless, the government will produce a large volume of classified discovery this week

This more recent filing boasts of having provided just one thousand more unclassified documents and a mere 5,000 classified documents — for a case implicating two known FISA orders and several past and current counterintelligence investigations.

To date, the Government has produced to the defense over 5,000 documents in classified discovery and nearly 61,000 documents in unclassified discovery. The Government believes that the 5,000 classified documents produced to date represent the bulk of the classified discovery in this matter.

Danchenko waited six weeks and got almost nothing new.

But then on August 16, Durham filed a supplemental CIPA filing, suggesting there were more substitutions of classified information he wanted Judge Anthony Trenga to approve (a supplemental filing is not, by itself, unusual).

The point is, for months, Durham kept saying he’d have all the secrets delivered to Danchenko by his new deadline in June, promise, and then he dropped this bombshell on Danchenko just weeks before trial.

In the August 29 hearing on all this, Judge Trenga deferred most CIPA decisions until after Danchenko files a new CIPA filing on September 22 — so if any of this remains classified, Danchenko still has a chance, with just days notice, to argue he needs it at trial. They’ll fight about these issues again on September 29.

But given Durham’s performance in the Sussmann case, it’s not entirely clear these missed classified deadlines are DOJ’s fault. After all, Durham never even asked DOJ IG for relevant discovery in Sussmann’s (and therefore, we should assume, this) case until after Sussmann was charged. He didn’t investigate Rodney Joffe’s true relationship with the FBI and other agencies until Sussmann asked him to. He didn’t ask Jim Baker for his own iCloud content until early this year, after belatedly rediscovering Baker phones he had been told about years ago.

It’s not just his belated request for information from DOJ IG that we know to have affected this case too. Durham also has never interviewed George Papadopoulos — not before he went on a junket to Italy chasing Papadopoulos’ conspiracy theories, and not since. Thus, Durham never tested whether Millian’s cultivation of Papadopoulos undermines his evidence against Danchenko — and it does, obviously and materially.

Because of Durham’s obvious failures to take the most basic investigative steps before charging wild conspiracy theories, there are several possible explanations why he’s only providing Danchenko news of this Dolan memo a month before trial:

  1. Someone tried to hide this from Danchenko and ultimately was overridden. If that’s the explanation, it makes Andrew DeFilippis’ August departure from the team and, according to the NYT, DOJ, all the more interesting.
  2. DOJ delayed the time until they let Durham disclose this because of some sensitivity about the investigation. Recall that Dolan has ties to Putin spox Dmitri Peskov, who was sanctioned earlier this year, followed by his family.
  3. Durham didn’t know.

The last possibility — that Durham had no fucking clue that one of his star witnesses had been (at least considered) for investigation — is entirely plausible. It’s entirely consistent with what we saw in the Sussmann case, though worse even than that case in terms of timing.

Durham came into this investigation treating the conspiracy theories of Papadopoulos and Trump as credible. He seems to have believed, all along, that Sergei Millian was a genuinely aggrieved victim and not someone playing him, for at least a year, for a fool. He seems to have decided that he knew better than FBI’s experts about who had credibility about Russia and who didn’t. Along the way he forced the FBI to cut its ties with Joffe and — given the October 2020 cut-off of Danchenko’s ties to the FBI, probably Danchenko as well. He did all this with a lead prosecutor who believed it was problematic for DARPA to investigate the Guccifer 2.0 persona used by the GRU.

Durham walked into this investigation believing and parroting, without first testing, Trump’s claims that the Russian investigation was abusive. Based on those beliefs, he chased all manner of conspiracy theory in an attempt to allege pre-meditation and malice on the part of Hillary and everyone else involved with the dossier. His Sussmann prosecution ended in humiliating failure. This prosecution, win or lose, may do worse for Durham’s project: it may reveal unknown details about Russian efforts to tamper in 2016, efforts that harmed both Republicans and Democrats alike.

The Durham prosecutions have been shitshows and undoubtedly a disaster for those targeted. It’s not yet clear what will happen with the Danchenko trial (or even whether it will go to trial; given that CIPA issues still have to be resolved, there’s still a chance Durham will have to dismiss it rather than going to trial). Durham will still write a report that may try to resuscitate his conspiracy theories that were disproven in the Sussmann trial.

But thus far, the actual record of the Durham investigation shows that when actually bound by the rules of evidence, when actually obligated to dig through DOJ’s coffers to discover what DOJ learned as it tried to understand Russia’s intervention in 2016, reality looks nothing like the conspiracy theories Durham has chased for three years.

John Durham’s education process has been a painful process for all personally involved (except maybe Sergei Millian, gleefully dicking around from afar). But along the way he’s debunking many of the conspiracy theories he was hired to sustain.

Update: Chuck Ross is outraged that I suggested his boss had paid for Steele (and lying that I said Paul Singer paid for the dossier, which I pointedly did not say). It is true that the payment for Fusion GPS’ Trump project had shifted to Perkins Coie before Steele first sent Danchenko to Russia.

It’s also true that, based on length of project, Ross’ current boss paid for much of Nellie Ohr’s work on Trump’s ties to Russia, which includes some of Fusion’s early work on Paul Manafort and Felix Sater, and possibly early work on Millian (she continued to work on Millian until she left Fusion).

And since Chuck is so upset, I should point out that his former co-columnist, Oleg Deripaska, also reportedly paid for Steele’s work (in that case, research on Paul Manafort), though also through the cut-out of a law firm.

Share this entry

FBI’s Russian Hack-and-Leak Investigation as Disclosed by the Sussmann Trial

/61 Comments/in , , /by

Now that he has been acquitted, it’s easy to conclude the Michael Sussmann prosecution was a pointless right wing conspiracy theory. It was!

But the exhibits that came out at trial are a worthwhile glimpse of both the FBI’s investigation into the 2016 Russian hack of Democrats and the Bureau’s shoddy investigation of the Alfa Bank anomalies.

I’ve started unpacking what a shitshow the FBI investigation into the latter was here and collecting technical exhibits pertaining the investigation here (though that post is currently out of date).

As to the Russian hack-and-leak, Sussmann’s team facilitated the process with a summary exhibit they included showing a selection of FBI communications pertaining to the investigation that either involve or mention Sussmann. Sussmann introduced these documents to show how obvious his ties to the Democrats would have been to the FBI, including to some people involved in the Alfa Bank investigation. A few of these communications refute specific claims Durham made, showing that meetings or communications Durham argued must relate to the Alfa Bank effort could be explained, in one case far more easily, as part of the hack-and-leak response. That is, some of these documents show that Durham was taking evidence of victimization by Russia and using it instead to argue that Sussmann was unfairly victimizing Trump.

 

 

Below, I’ve grouped the communications by topic (though a number of these communications span several topics). Note that Latham & Watkins’ paralegal only used the last date on these communications, which I will adopt. But a number reflect a communication chain that extends months and includes dates that are far more important to the Durham prosecution.

Some of these files include topics that have attracted a great deal of often misleading coverage, such as the efforts to get server images from the Democrats. Importantly, by the time the FBI asked for server images, according to these communications, the only place to get them was at CrowdStrike.

I don’t believe DNC/DCCC have the images that CS took. Only CS have those. It’s like paying ATM fees to your bank to get your cash. DNC/DCCC will be charged to get the images back.

After some discussion about who would pay CrowdStrike to create a second image, the firm offered to do it for free.

These communications also give a sense of the extent to which Democrats faced new and perceived threats all through the election. Given the communications below and some details I know of the Democrats’ response to the attacks, I suspect these communications do not include real attempted attacks, either because they were not reported or because the report went to FBI via another channel. While CrowdStrike attempted to ensure Sussmann was always in the loop, for example, that discipline was not maintained. And we know CrowdStrike found the compromise of the Democrats analytics hosted on AWS in September, a compromise that may only show up in these communications mentioned in passing. Some in the FBI seemed entirely unsympathetic to the paranoia that suffering a nation-state attack during an election caused, which couldn’t have helped already sour relations between the FBI and Hillary’s people.

Perhaps the most interesting communications — to me at least — pertain to efforts to authenticate the documents that got publicly posted and to identify any alterations to them. At least as laid out in these communications, the Democrats were way behind the public in identifying key alterations to documents posted by Guccifer 2.0, and it’s unclear whether the FBI was any further ahead. But these discussions show what kind of alterations the Democrats were able to identify (such as font changes) as well as which publicly posted documents the FBI was sharing internally.

FBI public statements

160614 DX102 A discussion of Jim Trainor’s preparation for a meeting with Ellen Nakashima in advance of her June 14, 2016 reporting the hack and CrowdStrike’s attribution. Among other things, they note Nakashima’s confidence that GOP PACs were also targeted.

160725 DX112 This email chain between Sussmann and Trainor captured Sussmann’s frustration that FBI made an announcement of an investigation into the DNC hack without first running the statement by Sussmann.

160729 DX117 Before FBI sent out a statement about the DCCC hack, Jim Trainor sent Sussmann their draft statement. In response, Sussmann complained that FBI said they were aware of media reports but not of the hack itself. The timing of this exchange is important because Durham’s team repeatedly described a meeting between Marc Elias and Sussmann that day pertaining to a server as relating to the Alfa Bank anomaly.

Points of contact

160616 DX105 An email thread sent within FBI OGC (including to Trisha Anderson) discussing an initial meeting between Jim Trainor, Amy Dacey, Sussmann, and Shawn Henry.

160621 DX107 Starting on June 16, Amy Dacey thanked Assistant Director Jim Trainor for meeting with the Democrats about the hack. The thread turned into a confused request from the campaign for a briefing about whether they, too, had been compromised.

160725 DX114 This chain reflects Hawkins’ confused response after Sussmann provided the contact information for a Hillary staffer with a role in technical security. Hawkins stated, “Nothing concerning HFA has come up.”

160809 DX127 After Donna Brazile replaced Debbie Wasserman Schultz, Sussmann set up a meeting between her and Jim Trainor.

160811 DX128 An email chain among cyber FBI personnel discusses three Secret threat briefings for the DNC, DCCC, and Hillary campaign. Sussmann was scheduled to attend all three briefings, and Marc Elias was scheduled to attend the DCCC and Hillary briefings (though he testified that he did not attend).

160811 DX130 Sussmann sent the FBI notice of a public report of the DNC’s establishment of a cybersecurity advisory board. The report was passed on to Jim Trainor.

DHS outreach

160802 DX106 A Lync chain starting in the initial aftermath of the Nakashima story, referencing an Intelligence Committee briefing, and discussing how to facilitate DHS assistance to the Democrats through Sussmann.

160802 DX120 With the goal of reaching out to the Democratic victims to offer assistance, DHS asked who the point of contact for both would be.

160816 DX125 This email chain documents DHS’ “SitRep” of their understanding of the DNC/DCCC hacks and their efforts to reach out to help. This includes sharing of DNC/DCCC “artifacts” with NCCIC.

Authentication and venue

160708 DX109 An email chain seeking DNC help authenticating a document released by Guccifer 2.0.

160723 DX110 A discussion starting on July 21 about authenticating and extending after the initial WikiLeaks dump. Hawkins observed, “Looks like there will be multiple releases on that [the WikiLeaks] front.”

160802 DX118 After Adrian Hawkins asked CrowdStrike’s Christopher Scott a question about a public report that the Democrats’ analytics had been hacked, Scott explained that Sussmann had to be involved in any discussions between the FBI and their cybersecurity contractor. Hawkins also asked for specifics about the compromised servers that the FBI could use to establish venue.

160816 DX134 An email chain mentioning but not including Sussmann describes the efforts to establish venue (especially for Field staff who rely on laptops and travel a lot) as well as the efforts to authenticate documents.

160822 DX136 Two Lync messages describing a script that can be used to match WordPress documents with files stolen from the DNC.

160922 DX145 NSD’s Deputy Chief of  Cyber, Sean Newell, asks Sussmann to meet to discuss some information requests from NDCA. They set up a meeting for September 26.

160930 DX147 Hawkins follows up on Newell’s request for information with a much more detailed request from the San Francisco Division. This request includes details of the forensics NDCA was asking for, generally to include the CrowdStrike reports, network diagrams, logs, and images for the compromised hosts.

161004 DX148 In response to WikiLeaks promises about an upcoming file release, Newell follows up on a September 27 request he made of Sussmann for any files that were altered as well as a list of files that had been released but not circulated outside of the victim organizations first, including some indication whether those had been altered. Sussmann says they would have information available later that week.

161012 DX150 In another chain of responses to Newell’s information request, someone at Perkins Coie passes on a description from the DCCC about how an image posted by Guccifer 2.0 differed from the file structure as it appeared on their server, including as it pertained to a file named, “Pelosi Vote Email.”

161026 DX154 This chain is a follow-up to the Newell request, though it actually includes Guccifer 2.0 documents about Trump’s taxes discussed. It includes description of an altered document published by Guccifer 2.0, in which the font was changed. It also includes a DOJ NSD person asking FBI to print out the document because they don’t have any unattributable computers.

161024 DX165 This is yet another continuation of the Newell request, this one included the Trump Report altered by Guccifer 2.0. It includes some discussion of alterations to that document (as compared to unaltered ones released by WikiLeaks). It also describes documents that a DNC research staffer believes were taken from his local desktop.

CrowdStrike Reports

160815 DX132 Burnham to Farrar explaining there are two CloudStrike reports, one for the DNC and the other for the DCCC. The former is done, while the latter will be done soon.

160825 DX137 Hawkins asks Sussmann about the DNC CrowdStrike report, Sussmann explains it’s still a few days away, but then the next day says he’s reading “it” (which may be the DCCC report). Sussmann’s response gets forwarded to a few more people.

160830 DX 138 A Lync chain conveying that Sussmann had alerted the FBI that the CrowdStrike report was done and asking if WFO should pick it up.

Server images

161013 DX151 In another chain of responses to Sean Newell’s information request, the discussion turns from Sussmann’s effort to make sure the Democrats respond to all the FBI’s data request to how to obtain images (whether to have CrowdStrike spend 10 hours to do it or let FBI onsite to do it themselves). As part of this chain, Sussmann says that “in theory” the Democrats would be amenable to letting the FBI onsite to image the serves themselves, but then checks to see whether the data is at CrowdStrike or the DNC.

161013 DX152 This chain is follow-up to the request for server images. Sussmann connects the FBI and CrowdStrike, CS offers to image the servers for free, and the FBI provides the address where to send them.

161028 DX153 A Lync that starts with Newell requesting someone attend the October 11 meeting with Sussmann, continues through a discussion about how to get images of the compromised servers (including whether Sussmann may have misinterpreted the ask), and includes a discussion about a re-compromise.

Lizard Squad ransomware threat

160803 DX121 Late night on August 2, Sussmann reported a ransomware threat from the Lizard Squad. This email discusses the various equities behind such a threat and involves a guy named Rodney Hays, whom the Durham team would at one point insist must be Rodney Joffe.

160806 DX124 This chain reflects more of the response to Sussmann reporting a ransomware threat from Lizard Squad. As noted, it involves a guy named Rodney Hays that Durham’s team insisted must be Joffe.

160922 DX144 Over a month after the Democrats reported the Lizard Squad threat, Eric Lu wrote up the intake report, including the bitcoin address involved and Sussmann’s email to Rodney on August 9 thanking him for his assistance.

Other threats

160726 DX115 Sussmann set up a meeting with Hawkins and others so someone could report “some offline activity related to the intrusion.” This was around the time when Ali Chalupa believed she was being followed, though nothing in this chain describes the threat.

160908 DX140 On August 26, EA Hawkins wrote Sussmann directly alerting him to a new phishing campaign targeting Democrats. On September 7, he wrote back with three accounts that may have been targeted.

160916 DX141 Moore emailing Josh Hubiak — a cyber agent in Pittsburgh — asking for contact information for Michael Sussmann so she can obtain the contact information for a DNC bigwig whose Microsoft Outlook account was compromised, apparently by APT 28. Hubiak is one of the agents also involved in the Alfa Bank investigation.

160917 DX142 The day after the request for contact information for the DNC bigwig, there’s further discussion about how to contact him. The FBI also shares new files reflecting the network share for a different DNC person, a former IT staffer, that was uploaded to Virus Total.

160927 DX146 In response to public reports that some Democratic phones may have been targeted and a potential compromise of Powell’s phone (probably Colin, whose communications were posted to dcleaks), there’s some chatter about what information is available from Apple and Google. One of the key agents involved complains that, “it would be awesome if Google helped out, as I know they are at least 2 steps ahead of me and I’m in a sad, losing game of catchup.”

161011 DX149 This seems to be a collection of Lync notes from October 11, showing three different issues pertaining to Sussmann happening at once: the transfer of custody of the thumb drives to the Chicago office, a reference to a meeting with Sussmann, and a report of a new Democratic concern about exposed Social Security numbers.

161230 DX155 A Lync chain that goes from October 28 through December 30 covering the concern about a bug at DNC HQ, the response to the NYT article naming Hawkins, and another compromise alert.

161017 DX164 This may be a summary prepared for Mother Jones. Whatever the purpose (there is no date), it describes the timeline of FBI’s response to a request for a sweep of DNC headquarters in response to some anomaly. Sussmann permitted the sweep but asked that it be done covertly, so as not to alert DNC staffers.

Crossfire Hurricane

160804 DX123 On August 4, Joe Pientka forwarded the original June 14 Nakashima story to the agents who had just been assigned to the Crossfire Hurricane team with the explanation, “Just going through old — possibly pertinent emails.”

Share this entry