Posts

“Problem:” SDNY Charges Elena Branson as Unregistered Agent of Russia

Back in 2013, the Senior Vice President of the Russian American Chamber of Commerce (Sergei Millian’s organization) sent Elena Branson language from FARA with the subject line, “Problem.”

a. On or about January 30, 2013, BRANSON received an email from an individual using an email address ending in “mail.ru.” Based on my review of publicly available information, I have learned that this individual was a Senior Vice President of the Russian American Chamber of Commerce in the USA. This email had the subject line “Problem.” and the text of the email included, among other things, a portion of the FARA Unit’s website with background on FARA. In response, BRANSON wrote, in part, “I am interested in the number of the law, its text in English[.]” The sender then responded with “Lena, read …” and copied into the email background on FARA and portions of the statute.

Branson, who the prior year had founded the Russian Center of New York and subsequently became the Chair of Russian Community Council of the USA (KSORS), apparently didn’t think it was an urgent problem. It wasn’t until 2019 that she appears to have considered — but then, after asking Russian Ambassador Anatoly Antonov for guidance, decided not to — register under FARA.

b. On or about December 10, 2019, BRANSON received an email indicating that BRANSON had requested a new FARA “eFile” account.21 That day, a member of the FARA Unit emailed the Branson RCNY Account with an eFile account number and temporary password to log in to the FARA eFile system. Later that day, a user logged in to the FARA eFile system using that account number and temporary password, and entered the registration name “Russian Center, Inc.” and the RCNY Office as the address. The user did not submit a FARA registration for the account. A user then accessed the account again on or about December 11, 2019, but, again, the individual did not submit a FARA registration. The internet protocol addresses connected to both log-ins of this account resolve to the same zip code as the RCNY Office.

c. On or about December 26, 2019, BRANSON emailed the Embassy Email Account. In the cover email, BRANSON wrote, in part, “[A] letter is in the attachment. Respectfully, Elena.” In the attached letter, BRANSON wrote, in part, that she had been asked questions from “compatriots” about “whether it is necessary to register their public organizations as a foreign agent.” BRANSON further wrote “[t]hese questions began to arise after the arrest of Maria Butina in Washington in July 2018 on charges of working as a foreign agent in the United States without registration.” BRANSON concluded the letter by asking the Embassy to advise such Russian compatriot groups, writing, “I am asking you to provide legal advice regarding registration as a foreign agent . . . for public organizations of Russian compatriots in the United States.” The letter was addressed to Ambassador-1.

Branson’s failure to register lies at the core of a 6-count complaint unveiled by SDNY yesterday, charging Branson in several conspiracies, under both FARA and 18 USC 951, as well as for visa fraud.

Branson won’t be arrested off this complaint. She’s long gone.

A month after the FBI interviewed her and searched her office in September 2020, she fled the country. Not long after Biden was inaugurated, Branson sold her NYC apartment.

During this investigation, the FBI has, among other things, executed judicially authorized search warrants for (i) approximately eight of BRANSON’s electronic accounts (the “Branson Accounts”3); (ii) the RCNY office (which was also BRANSON’s residence) in Manhattan, New York (the “RCNY Office”); and (iii) BRANSON’s person, for all electronics and other materials in her possession at the time of the search. From the RCNY Office and the search of BRANSON’s person, the FBI recovered a total of approximately 34 electronic devices (the “Branson Electronics”), including approximately 11 cellular phones. The FBI also conducted a voluntary interview of BRANSON on the same day as the search of the RCNY Office (the “Branson Interview”) and has interviewed other individuals living in the United States in connection with the investigation.

The searches of the RCNY Office (the “RCNY Search”) and BRANSON’s person, as well as the Branson Interview, took place on or about September 29, 2020. BRANSON flew to Moscow, Russia, on or about October 20, 2020, and BRANSON does not appear to have returned to the United States since that date. In or about March 2021, BRANSON sold the RCNY Office, which had been her residence in New York City. During in or about October and November 2020, BRANSON’s then boyfriend 9 (“Boyfriend-1”) wired approximately $197,000 to two of BRANSON’s bank accounts at Russian banks.4 On or about October 15, 2021, RT, formerly known as Russia Today, a Russian state-controlled television station, published an interview conducted by Maria Butina5 of BRANSON. During this interview, BRANSON told Butina, in substance and in part, that BRANSON left the United States for Moscow approximately one month after the Branson Interview because BRANSON was “scared” and thought the “probability was very high” that she would be arrested if she stayed in the United States.6

3 The Branson Accounts include four email accounts and four social media accounts, including BRANSON’s Facebook account (the “Branson Facebook Account”).

So Branson will only be arrested if she decides to flee Putin’s increasingly totalitarian regime.

Unlike the prosecution of Jack Hanick, then, whose indictment may have been timed to tolling statutes of limitation last November and in which the US is working on getting him extradited from the UK, this complaint seems to be more about messaging in the wake of the Russian invasion of Ukraine.

As a messaging vehicle, it shows how Russia has committed to the “consolidation” of Russian diaspora, cultivating a Russian identity that can be used to mobilize political pressure (and, in Ukraine and the Baltics, justifications for imperialism).

In or about November 2015, Lavrov published an article titled “Russian World: Steering Towards Consolidation.” In this article, Lavrov wrote, in part, “The provision of support to the Russian world is an unconditional foreign-policy priority for Russia, as formalized by Russia’s Foreign Policy Concept. . . . Over the years, we have managed to elevate our work in this area to an entirely new level and to create effective cooperation mechanisms in close contact with representatives of foreign communities.”

Some of Branson’s activities are mundane cultural exchanges paid for by Russian government entities. Some sprinkle the names of likely spies or handlers in the description.

Perhaps most interesting, the complaint provides an interesting addition to this passage from the Mueller Report.

Later [on November 9, 2016, the day after Trump’s victory, Kirill] Dmitriev flew to New York, where Peskov was separately traveling to attend the chess tournament. 1020 Dmitriev invited Nader to the opening of the tournament and noted that, if there was “a chance to see anyone key from Trump camp,” he “would love to start building for the future.” 1021 Dmitriev also asked Nader to invite Kushner to the event so that he (Dmitriev) could meet him. 1022 Nader did not pass along Dmitriev’s invitation to anyone connected with the incoming Administration. 1023 Although one World Chess Federation official recalled hearing from an attendee that President-Elect Trump had stopped by the tournament, the investigation did not establish that Trump or any Campaign or Transition Team official attended the event. 1024 And the President’s written answers denied that he had. 1025

The complaint describes how Branson had been instructed to arrange a meeting with Trump or Ivanka in March 2016, around the same time Russia was hacking John Podesta, though the complaint is remarkably coy about whether Branson ever sent her draft letter to Trump Organization (and if so, whether it was among the documents showing direct ties to Russia that Trump Organization withheld from Mueller’s inquiry and SSCI).

In or about March 2016, BRANSON exchanged a series of emails with Minister-2. During these messages, in part, Minister-2 asked BRANSON to organize a meeting with CC-2 and the now-former President of the United States, who was then a candidate for the Republican presidential nomination, or his daughter, in New York. On or about March 23, 2016, BRANSON received an email from Minister-2 with the subject line “additional meetings of [CC-2].” The email stated, in part, that the author was requesting BRANSON’s assistance in organizing meetings for CC-2 with “the management” of certain specified U.S. companies. On or about March 16, 2016, BRANSON sent an individual, who was then-chair of KSORS, a draft letter addressed to the now-former President, inviting him to the Russia Forum New York in April 2016 and suggesting that if his “busy schedule will not permit your attending our forum, perhaps you can suggest one of your children . . . who have followed in your footsteps.” The draft invitation included BRANSON’s name and contact information in the signature block. There is no indication that the now-former President or his children attended the referenced meeting.

Branson’s complaint describes what would be a second attempt to get Trump to attend the Chess Championship, in addition to Kirill’s attempt to extend an invite through George Nader. Branson sent her invite to an unnamed Trump Advisor.

BRANSON also attempted to arrange meetings for Russian officials at the 2016 World Chess Championship, which was held in Manhattan, New York:

1. On or about November 9, 2016, CC-6 emailed BRANSON with the subject line “Chess business.” CC-6 wrote to BRANSON, in part, “as discussed we will try to get Kirsan online after tomorrow’s official press-conference is over around noon at Fulton Street Market Building, South Street Seaport NY[.]”20 On or about that same day, BRANSON responded to CC-6 and wrote “[CC-6], good evening! I can bring the ipad for a Skype session. I will contact the media. Need them at noon?”

2. On or about November 10, 2016, BRANSON emailed an advisor to the now-former President of the United States (“Advisor-1”), expressing congratulations for their victory in the presidential election and attaching an invitation to the World Chess Championship addressed to the then-President- elect. The invitation was signed by “President of the International Chess Federation (FIDE-FIDE).” There is no indication that the now-former President attended the referenced event.

3. On or about November 11, 2016, BRANSON was photographed at the World Chess Championship with CC-6 and a second individual who I recognize, based on my review of publicly available photographs, to be the current Press Secretary for Russian President Vladimir Putin.

20 Based on my training and experience, including my review of publicly available material, I have learned that Kirsan Ilyumzhinov is the former President of the Republic of Kalmykia in the Russian Federation and the former president of FIDE, the International Chess Federation. I have further learned that, on or about November 25, 2015, the United States Department of the Treasury designated Ilyumzhinov as a Specially Designated National for his involvement with the Government of Syria and related entities.

Here, the complaint reiterates the Mueller conclusion: there’s no evidence Trump attended the event. But it does raise questions about the completeness of the response Trump offered to Mueller’s questions, pertaining to whether Trump was asked to attend.

Were you asked to attend the World Chess Championship gala on November 10, 2016? If yes, who asked you to attend, when were you asked, and what were you told about about [sic] why your presence was requested? 1. Did you attend any part of the event? If yes, describe any interactions you had with any Russians or representatives of the Russian government at the event.

Were you asked to attend the World Chess Championship gala on November 10, 2016? If yes, who asked you to attend, when were you asked, and what were you told about about [sic] why your presence was requested? 1. Did you attend any part of the event? If yes, describe any interactions you had with any Russians or representatives of the Russian government at the event.

Response to Question V, Part (a)

I do not remember having been asked to attend the World Chess Championship gala, and I did not attend the event. During the course of preparing to respond to these questions, I have become aware of documents indicating that in March of 2016, the president of the World Chess Federation invited the Trump Organization to host, at Trump Tower, the 2016 World Chess Championship Match to be held in New York in November 2016. I have also become aware that in November 2016, there were press inquiries to my staff regarding whether I had plans to attend the tournament, which was not being held at Trump Tower. I understand these documents have already been provided to you.

Trump describes a March 2016 discussion about hosting the event and November press inquiries about whether he would attend it. But there’s no mention of a November 2016 invitation asking him to attend.

Yet the Branson complaint suggests there would have been an invitation to Trump, signed by the sanctioned Kirsan Ilyumzhinov, sent through an unnamed advisor. His response reflects only earlier (in March) communications about the chess championship, not anything sent on November 10 bearing Ilyumzhinov’s signature.

This is a signaling complaint, one that likely won’t lead to anyone’s arrest. But it should raise more questions about Donald Trump’s candor with Mueller back in 2018.

And we should expect more of the same. On Twitter, Brandon Van Grack, who would have been involved in Branson’s investigation when he ran the National Security Division’s FARA office and likely knows what else might be in the pipeline, suggested there’s probably more of the same to come.

Hidden until Now: Trump Admitted 2016 Russian Interference in Lavrov-Kislyak Meeting

[NB: Note the byline, thanks!]

If you though the dam was beginning to crack after House Speaker Pelosi announced an impeachment inquiry would begin on Tuesday, or after the release of the July 25 memo on Wednesday, or the release of the whistleblower complaint followed by acting Director of National Intelligence Joseph Maguire’s testimony yesterday, you ain’t seen nothing yet.

The Washington Post published this article at 8:26 p.m.:

Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election

Here’s the first two grafs:

President Trump told two senior Russian officials in a 2017 Oval Office meeting that he was unconcerned about Moscow’s interference in the 2016 U.S. presidential election because the United States did the same in other countries, an assertion that prompted alarmed White House officials to limit access to the remarks to an unusually small number of people, according to three former officials with knowledge of the matter.

The comments, which have not been previously reported, were part of a now-infamous meeting with Russian Foreign Minister Sergei Lavrov and Russian Ambassador Sergey Kislyak, in which Trump revealed highly classified information that exposed a source of intelligence on the Islamic State. He also said during the meeting that firing FBI Director James B. Comey the previous day had relieved “great pressure” on him.

Emphasis mine.

We’ve known about this particular conversation Trump had with Lavrov and Kislyak. We’ve known he damaged a source in the process while admitting to obstruction of justice.

But we didn’t know there was more to this conversation — like admitting he knew the Russians ‘aided’ his election, or airing out our dirty foreign policy to a country with which we have not had good relations. “Unconcerned,” WaPo’s team said; sure, why would Trump be worried at all about the contributions that ensured his occupation of the White House? It’s simply a matter of fact, right?

And we didn’t know Trump’s lack of concern about election interference in front of Lavrov and Kislyak, which offered an implicit permission slip to continue interference here and elsewhere.

Nor did we know that White House officials hid the rest of this Oval Office conversation, limiting its access to a very small need-to-know circle. It’s not clear whether this meant the contents of this highly-sensitive conversation were retroactively classified and squirreled away in the code-word classified system set aside for sensitive intelligence information where the July 25 Trump-Zelensky conversation transcript had been stored.

We don’t know now whether Special Counsel’s Office had any inkling the content of this particular conversation may have been hidden, or that other transcripts responsive to its investigation may have been locked away in that code-word classified system.

If Trump knew about this at all, and any of this hidden content was responsive to Mueller’s investigation, it’s yet another obstructive act.

Any of the White House officials who enabled this content sequestration process may also have obstructed justice if the hidden material was responsive to requests or subpoenas. Who knew about these material, when they learned about it, and why they didn’t come forward sooner will be a subject of the impeachment inquiry.

We also need to know what other exposures are contained within and without the code-word classified system and whatever other ad hoc retention system was employed by a small cadre of White House staff.

What else has been used as leverage against the U.S. that we the people and our representatives know nothing about?

What’s additionally worrisome: we’re learning in a rather slapdash fashion as the proverbial rats flee the sinking S.S. Trump — like the ‘three former officials with knowledge of the matter’ cited as sources for this story. How many of them have already been monitored by foreign intelligence, marked as potential assets, witting or unwitting, because they are known to have participated in this secret content sequestration process?

How many of these ‘former officials with knowledge of the matter’ have been silent because of Trump’s obsessive use of nondisclosure agreements?

How many of them have talked among themselves — neaning others under Trump’s NDAs — about this secret content sequestration process and its contents?

How many of this circle of need-to-know or in-the-know are also GOP leadership like Senator Mitch McConnell or Senator Lindsey Graham? How many of them have already been compromised because of this knowledge?

It’d certainly explain a few things like McConnell’s refusal to do anything substantive about election security. Or Graham’s about-face after a round of golf with Trump.

If you’re reading this, Speaker Pelosi, ramp up the impeachment team. Get that full House vote organized to authorize the inquiry and the necessary personnel. It’s past time.

The Scope and Results of the Mueller Report

There’s a Twitter account, TrumpHop, that tweets out Donald Trump’s tweets from years earlier, which is a really disorienting way to remind yourself how crazy he’s been since he’s been on Twitter. This morning, it recalled that two years ago today, Trump was inventing excuses for having shared highly classified Israeli intelligence at the same meeting where he boasted to Sergei Lavrov that he fired Jim Comey a week earlier because of the Russian investigation.

Two years ago, Rod Rosenstein — the same guy who stood, mostly stoically, as a prop for Bill Barr’s deceitful press conference spinning the Mueller Report one last time before releasing it — was in a panic, trying to decide what to do about a President who had fired the FBI Director to end an investigation into what might be real counterintelligence compromise on his part by a hostile foreign country and then went on to share intelligence with that same hostile foreign country. Tomorrow is the two year anniversary of Mueller’s appointment.

As I noted days after the Mueller Report was released, it is utterly silent on that sharing of information and two of the other most alarming incidents between Trump and Russia (though that may be for sound constitutional, rather than scope reasons) — Trump’s conversation with Putin about the subject of his own June 9 false statement even as he was drafting that statement, and the Helsinki meeting. That said, it cannot be true that Mueller didn’t consider those counterintelligence issues, because his treatment of Mike Flynn would have been far different if he didn’t have good reason to be sure — even if he deliberately obscures the reasons why he’s sure in the report — that Flynn, at the time under active counterintelligence investigation for his suspect ties to Russia, wasn’t entirely freelancing when he undermined US policy to offer sanctions considerations to Russia on December 29, 2016.

Nevertheless, a rising cry of people are suggesting that because we weren’t told the results of the counterintelligence investigation (whether it included the President or, because of constitutional reasons, did not), Mueller did not conduct a counterintelligence investigation. He (and, especially, FBI Agents working alongside him) did. Here’s what the report says, specifically, about the FBI writing up CI and Foreign Intelligence reports to share with the rest of FBI.

From its inception, the Office recognized that its investigation could identify foreign intelligence and counterintelligence information relevant to the FBI’s broader national security mission. FBI personnel who assisted the Office established procedures to identify and convey such information to the FBI. The FBI’s Counterintelligence Division met with the Office regularly for that purpose for most of the Office’s tenure. For more than the past year, the FBI also embedded personnel at the Office who did not work on the Special Counsel’s investigation, but whose purpose was to review the results of the investigation and to send-in writing-summaries of foreign intelligence and counterintelligence information to FBIHQ and FBI Field Offices. Those communications and other correspondence between the Office and the FBI contain information derived from the investigation, not all of which is contained in this Volume. This Volume is a summary. It contains, in the Office’s judgment, that information necessary to account for the Special Counsel’s prosecution and declination decisions and to describe the investigation’s main factual results.

Mueller didn’t report on it, as he states explicitly, because that’s outside the scope of what he was required and permitted to report under the regulations governing his appointment, which call for a prosecutions and declinations report.

That’s just one of the misconceptions of the scope, intent, and results of the Mueller Report that persists (and not just among the denialist crowd), almost a month after its release.

The Mueller Report does not purport to tell us what happened — that would be a violation of the regulations establishing the Special Counsel. It only describes the prosecutorial and declination decisions. The scope of those decisions includes:

  • Who criminally conspired in two Russian election interference efforts (just one American was charged, but he did not know he was helping Russians troll the US)
  • Whether Trump’s associates were agents of a foreign power in violation of FARA or 18 USC 951, including whether they were agents of Ukraine (as Paul Manafort and Rick Gates were before the election), Israel (as lots of evidence suggested George Papadopoulos might have been), Turkey (as Mike Flynn admitted he had been during and for a short while after the election), as well as Russia
  • Whether Trump’s associates conspired with Russia in some way; Mueller’s review included a quid pro quo, but his prosecutorial decisions did not include things unrelated to Russia’s election interference (which might, for example, include pure graft, including during the Transition period or related to the inauguration)
  • Which of Trump’s associates got charged with lying (Flynn, Papadopoulos, Michael Cohen, Roger Stone), were ruled by a judge to have lied (Paul Manafort), and which lied but were not charged (at least three others, including KT McFarland) in an effort to obstruct the investigation
  • Whether accepting a meeting offering dirt as part of the Russian government’s assistance to Trump or optimizing WikiLeaks’ release of emails stolen by Russia to help Trump’s campaign amount to accepting illegal donations from foreigners
  • Whether Trump’s numerous efforts to undermine the investigation amount to obstruction

Two facts necessarily follow from Mueller’s limit in his report to prosecutorial decisions rather than describing what happened, both of which are explained on page 2 of the report (though even the Attorney General, to say nothing of the denialist crowd, appears not to have read that far). First, Mueller did not weigh whether Trump “colluded” with Russia, because that’s not a crime that could be prosecuted or declined.

In evaluating whether evidence about collective action of multiple individuals constituted a crime, we applied the framework of conspiracy law, not the concept of “collusion.” In so doing, the Office recognized that the word “collud[e]” was used in communications with the Acting Attorney General confirming certain aspects of the investigation’s scope and that the term has frequently been invoked in public reporting about the investigation. But collusion is not a specific offense or theory of liability found in the United States Code, nor is it a term of art in federal criminal law.

Because “collusion” is not a crime, Mueller could not weigh in one way or another without being in violation of the regulations underlying his appointment. Mind you, Bill Barr could have changed these reporting requirements if he wanted and asked Mueller to comment on “collusion.” He did not.

In addition, Mueller’s measure was always whether his investigation “established” one or another crime. But stating that he did not establish a crime is not the same as saying there was no evidence of that crime.

A statement that the investigation did not establish particular facts does not mean there was no evidence of those facts.

Mueller describes in very general way that he didn’t get all the information he’d have liked to weigh whether or not conspiracy was committed.

The investigation did not always yield admissible information or testimony, or a complete picture of the activities undertaken by subjects of the investigation. Some individuals invoked their Fifth Amendment right against compelled self-incrimination and were not, in the Office’s judgment, appropriate candidates for grants of immunity. The Office limited its pursuit of other witnesses and information–such as information known to attorneys or individuals claiming to be members of the media–in light of internal Department of Justice policies. See, e.g. , Justice Manual §§ 9-13.400, 13.410. Some of the information obtained via court process, moreover, was presumptively covered by legal privilege and was screened from investigators by a filter (or “taint”) team. Even when individuals testified or agreed to be interviewed, they sometimes provided information that was false or incomplete, leading to some of the false-statements charges described above. And the Office faced practical limits on its ability to access relevant evidence as well-numerous witnesses and subjects lived abroad, and documents were held outside the United States.

Further, the Office learned that some of the individuals we interviewed or whose conduct we investigated–including some associated with the Trump Campaign—deleted relevant communications or communicated during the relevant period using applications that feature encryption or that do not provide for long-term retention of data or communications records. In such cases, the Office was not able to corroborate witness statements through comparison to contemporaneous communications or fully question witnesses about statements that appeared inconsistent with other known facts.

More specifically, we know this language covers at least the following limits on the investigation:

  • Encryption or evidence destruction prevented Mueller from clarifying details of the handoff to WikiLeaks, Gates’ sharing (on Manafort’s orders) of polling data with Russia, Manafort’s communications with various people, and Erik Prince and Steve Bannon’s communications about the Seychelles meeting with Kirill Dmitriev
  • Mueller did not pursue the role of Trump and other associates’ lawyers’ substantial, known role in obstruction
  • Mueller likely did not pursue an interview with Julian Assange (and other media figures), because that would violate US Attorney Handbook warnings against compelling the sharing of journalism work product to investigate a crime related to that work product
  • Some foreigners avoided cooperating with the investigation by staying out of the country; Emin Agalarov canceled an entire US tour to avoid testifying about what kind of dirt he offered Don Jr
  • Both Donald Trumps refused to be interviewed
  • President Trump refused to answer all questions pertaining to his actions after inauguration, all but one question about the Transition, and all questions about sanctions; his other answers were largely contemptuous and in a number of cases conflict with his own public statements or the testimony of his associates

Finally a more subtle point about the results, which will set up my next post. Mueller clearly states that he did not establish a conspiracy between Trump’s people and the Russian government on election interference. By definition, that excludes whatever coordination Roger Stone had with WikiLeaks (and even with the extensive redactions, it’s clear Mueller had real First Amendment concerns with charging that coordination). But whereas Mueller said that the contacts between Trump’s associates and Russians did not amount to a crime, he suggested that the two campaign finance issues he explored — the June 9 meeting and the release of stolen emails — were crimes but not ones he could sustain a conviction for.

The Office similarly determined that the contacts between Campaign officials and Russia-linked individuals either did not involve the commission of a federal crime or, in the case of campaign-finance offenses, that our evidence was not sufficient to obtain and sustain a criminal conviction.

The gaps in evidence that Mueller was able to collect strongly impact this last judgment: as he laid out, he needed to know what Don Jr understood when he accepted the June 9 meeting, and without interviewing either Emin Agalarov and/or Jr, he couldn’t get at Jr’s understanding of the dirt offered.

As I’ve noted repeatedly, it is absolutely false to claim –as Attorney General Barr did — that Mueller’s report says there was no underlying crime to cover up with Trump’s obstruction. Mueller specifically mentions SDNY’s prosecution of Trump’s hush payments to Stormy Daniels and Karen McDougal, a crime which was charged, and which was one of the explicit purposes behind the raid on Cohen’s home and office. And as such, that crime is pertinent to the pardon dangle for Cohen.

In January 2018, the media reported that Cohen had arranged a $130,000 payment during the campaign to prevent a woman from publicly discussing an alleged sexual encounter she had with the President before he ran for office.1007 This Office did not investigate Cohen’s campaign period payments to women. 1008 However, those events, as described here, are potentially relevant to the President’s and his personal counsel’s interactions with Cohen as a witness who later began to cooperate with the government.

But with regards to the Russian-related campaign finance investigation, Mueller describes that Trump may have believed those would be criminal.

[T]he evidence does indicate that a thorough FBI investigation would uncover facts about the campaign and the President personally that the President could have understood to be crimes or that would give rise to personal and political concerns.

The distinction about whether a crime was committed versus whether it was charged may be subtle. But it is an important one for the obstruction investigation. And as I’ll show, that may have interesting repercussions going forward.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

About the Two Investigations into Donald Trump

I’m still pretty cranky about the timing and form of Andrew McCabe’s publicity tour.

But since it’s out there, I’d like to comment on three details, two of which have gotten significant comment elsewhere.

Trump wanted Rod Rosenstein to include Russia in the reasons he should fire Comey

The first is that Trump specifically asked Rosenstein to include Russia — McCabe doesn’t further specify what he meant — in the letter recommending he fire Jim Comey.

McCabe says that the basis for both investigations was in Mr. Trump’s own statements. First, Mr. Trump had asked FBI Director Comey to drop the investigation of National Security Adviser Michael Flynn, who has since pleaded guilty to lying to the FBI about his Russian contacts.  Then, to justify firing Comey, Mr. Trump asked his deputy attorney general, Rod Rosenstein, to write a memo listing the reasons Comey had to go. And according to McCabe, Mr. Trump made a request for that memo that came as a surprise.

Andrew McCabe: Rod was concerned by his interactions with the president, who seemed to be very focused on firing the director and saying things like, “Make sure you put Russia in your memo.” That concerned Rod in the same way that it concerned me and the FBI investigators on the Russia case.

If Deputy Attorney General Rosenstein listed the Russia investigation in his memo to the White House, it could look like he was obstructing the Russia probe by suggesting Comey’s firing. And by implication, it would give the president cover.

Scott Pelley: He didn’t wanna put Russia in his memo.

Andrew McCabe: He did not. He explained to the president that he did not need Russia in his memo. And the president responded, “I understand that, I am asking you to put Russia in the memo anyway.”

When the memo justifying Comey’s firing was made public, Russia was not in it. But, Mr. Trump made the connection anyway, telling NBC, then, Russian diplomats that the Russian investigation was among the reasons he fired Comey.

The most obvious explanation for this is that Trump wanted to box DOJ in, to prevent them from expanding their investigative focus from one campaign foreign policy advisor, a second campaign foreign policy advisor, his former campaign manager, his National Security Advisor, and his lifelong political advisor to the one thing those five men had in common, Trump.

But it’s also possible that Trump wanted Rosenstein to do what Don McGahn had narrowly prevented Trump from doing, effectively shifting the obstruction to Rosenstein. That seems like what Rosenstein was worried about, an impression he may have gotten from his instructions from McGahn, laying out the case that investigating Russia would get you fired.

It’s possible, too, that Trump was particularly interested in the public statement for the benefit of the Russians, a view supported by the fact that Trump made sure he fired Comey before his meeting with Sergey Lavrov and Sergey Kislyak, and then stated that he had more freedom with Comey gone. That is, it’s possible he needed to prove to the Russians that he could control his own DOJ.

The order to Rosenstein was one of the predications for the investigation into Trump

McCabe elaborates on a story told at least partly by the Peter Strzok-Lisa Page texts: that the day after Trump fired Comey, FBI moved to open two investigations into Trump. A number of people have suggested McCabe just vaguely pointed to Trump’s statements, but he’s more specific than that. One of the statements was that order to Rosenstein to include Russia in the firing memo.

Scott Pelley: How long was it after that that you decided to start the obstruction of justice and counterintelligence investigations involving the president?

Andrew McCabe: I think the next day, I met with the team investigating the Russia cases. And I asked the team to go back and conduct an assessment to determine where are we with these efforts and what steps do we need to take going forward. I was very concerned that I was able to put the Russia case on absolutely solid ground in an indelible fashion that were I removed quickly or reassigned or fired that the case could not be closed or vanish in the night without a trace.

[snip]

Andrew McCabe: There were a number of things that caused us to believe that we had adequate predication or adequate reason and facts, to open the investigation. The president had been speaking in a derogatory way about our investigative efforts for weeks, describing it as a witch hunt…

President Trump on Feb. 16, 2017: Russia is a ruse. I have nothing to do with Russia. Haven’t made a phone call to Russia in years.

Andrew McCabe: …publicly undermining the effort of the investigation. The president had gone to Jim Comey and specifically asked him to discontinue the investigation of Mike Flynn which was a part of our Russia case. The president, then, fired the director. In the firing of the director, the president specifically asked Rod Rosenstein to write the memo justifying the firing and told Rod to include Russia in the memo. Rod, of course, did not do that. That was on the president’s mind. Then, the president made those public comments that you’ve referenced both on NBC and to the Russians which was captured in the Oval Office. Put together, these circumstances were articulable facts that indicated that a crime may have been committed. The president may have been engaged in obstruction of justice in the firing of Jim Comey.

As McCabe describes it, the other things are obstruction-related: Trump’s attacks on the Russian investigation.

But remember, McCabe had heard the substance of Mike Flynn’s comments to Sergei Kislyak. The rest of us have seen just outlines of it. In some way, Mike Flynn convinced Sergei Kislyak on December 29, 2016, that Russia had Trump’s assurances on sanctions relief. Trump may well have come up specifically. In any case, the FBI would have had good reason — from Flynn’s lies, and his call records showing his consultations before he lied — to suspect Trump had ordered Flynn’s statements to Kislyak.

McCabe describes the genesis of the obstruction and the counterintelligence investigation

Finally, McCabe provides additional details to the dual investigation into Trump: the obstruction one arising out of Trump’s efforts to kill the Russian investigation, and the counterintelligence one into whether Trump was doing that at Russia’s behest (which goes back to my initial point, that Trump may have wanted Russia included in the firing memos as a signal to Russia he could kill the investigation).

Andrew McCabe: …publicly undermining the effort of the investigation. The president had gone to Jim Comey and specifically asked him to discontinue the investigation of Mike Flynn which was a part of our Russia case. The president, then, fired the director. In the firing of the director, the president specifically asked Rod Rosenstein to write the memo justifying the firing and told Rod to include Russia in the memo. Rod, of course, did not do that. That was on the president’s mind. Then, the president made those public comments that you’ve referenced both on NBC and to the Russians which was captured in the Oval Office. Put together, these circumstances were articulable facts that indicated that a crime may have been committed. The president may have been engaged in obstruction of justice in the firing of Jim Comey.

Scott Pelley: What was it specifically that caused you to launch the counterintelligence investigation?

Andrew McCabe: It’s many of those same concerns that cause us to be concerned about a national security threat. And the idea is, if the president committed obstruction of justice, fired the director of the of the FBI to negatively impact or to shut down our investigation of Russia’s malign activity and possibly in support of his campaign, as a counterintelligence investigator you have to ask yourself, “Why would a president of the United States do that?” So all those same sorts of facts cause us to wonder is there an inappropriate relationship, a connection between this president and our most fearsome enemy, the government of Russia?

Scott Pelley: Are you saying that the president is in league with the Russians?

Andrew McCabe: I’m saying that the FBI had reason to investigate that. Right, to investigate the existence of an investigation doesn’t mean someone is guilty. I would say, Scott, if we failed to open an investigation under those circumstances, we wouldn’t be doing our jobs.

With that laid out, I’d like to look at Rod Rosenstein’s August 2 memo laying out precisely what Mueller was — and had, from the start — been authorized to investigate, which both Paul Manafort and the President’s flunkies in Congress spent a great deal of effort trying to unseal. Knowing as we now do that the redacted passages include at least one and probably two bullet points relating to Trump himself, it seems more clear than every that once you lay out the investigations into Trump’s flunkies known to have been predicated at the time, that’s all that would have been included in the memo:

  • Obstruction investigation into Trump
  • Counterintelligence investigation into Trump
  • Election conspiracy investigation into Manafort
  • Ukrainian influence peddling investigation into Manafort
  • Transition conspiracy investigation into Flynn
  • Turkish influence peddling investigation into Flynn
  • Counterintelligence investigation into Carter Page
  • Election conspiracy investigation into George Papadopoulos
  • Election conspiracy investigation into Roger Stone

At that point, there wouldn’t have been space for at least two of the three bullets that now exist on a scope memo, as laid out by Jerome Corsi’s draft plea (though “c” may have been there in conjunction with Stone).

At the time of the interview, the Special Counsel’s Office was investigating the Russian government’s efforts to interfere in the 2016 presidential election, including:

a. the theft of campaign-related emails and other documents by the Russian government’s Main Intelligence Directorate of the General Staff (“GRU”);

b. the GRU’s provision of certain of those documents to an organization (“Organization 1”) for public release in order to expand the GRU’s interference in the 2016 U.S. presidential election campaign; and

c. the nature of any connections between individuals associated with the U.S. presidential campaign of Donald J. Trump (“Trump Campaign”) and the Russian government or Organization 1.

That’s another to believe — as I have long argued — that bullets a and b got moved under Mueller at a later time, probably around November 2017. After Flynn flipped, the Middle Eastern pass-through corruption would likely have been added, and inauguration graft probably got added after Rick Gates flipped (before the non-Russian parts of both got spun off).

One thing that means, if I’m correct, is that at the time Mueller was hired, the investigation consisted of predicated investigations into probably six individuals. While there would have been a counterintelligence and criminal aspect to both, there was a criminal aspect to each of the investigations, with specific possible crimes envisioned. If that’s right, it means a lot of hot air about Mueller’s appointment simply misunderstood what part of Comey’s confirmed investigation got put under Mueller at first.

I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government’s efforts to interfere in the 2016 presidential election and that includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia’s efforts. As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed.

In any case, the certainty that there are at least one and probably two bullets pertaining to Trump in that August 2 memo is interesting for a few more reasons.

It makes it far more likely that the Strzok 302 — based on a July 19, 2017 interview, drafted the following day, and finalized August 22 — was an effort to formalize Mueller’s authorization to investigate the President. The part of the 302 that pertains to Mike Flynn’s interview takes up the middle third of the report. The rest must lay out the larger investigations, how the FBI found the intercepts between Flynn and Kislyak, and what the response to the interview was at DOJ.

The 302 is sandwiched between two events. First, it follows by just a few weeks the release of the June 9 meeting emails. Indeed, the interview itself took place on the day the NYT published the interview where Trump admits he and Putin spoke about adoptions — effectively making it clear that Putin, not Trump, drafted a statement downplaying that the meeting had established a dirt-for-sanctions relief quid pro quo.

The 302 was also drafted the day before Mueller started pursuing the transition emails and other comms from GSA that would have made it clear that Trump ordered Flynn’s statements and key members of the transition team knew that.

Specifically, on August 23, 2017, the FBI sent a letter (i.e., not a subpoena) to career GSA staff requesting copies of the emails, laptops, cell phones, and other materials associated with nine PTT members responsible for national security and policy matters. On August 30, 2017, the FBI sent a letter (again, not a subpoena) to career GSA staff requesting such materials for four additional senior PTT members.

It also happens to precede, by days, when Michael Horowitz would inform Christopher Wray and then Mueller about the Page-Strzok texts, though that is almost certainly an almost unbelievable coincidence.

In any case, as I’ve noted, unsealing that August 2 memo has been like a crown jewel for the obstructionists, as if they knew that it laid out the investigation into Donald Trump. That effort has been part of a strategy to suggest any investigation into Trump had to be improper, even one investigating whether he engaged in a quid pro quo even before the General Election started, trading US policy considerations — starting with, but not limited to, sanctions relief — in exchange for help getting elected.

The obstructionists want to claim that an investigation that started with George Papadopoulos and then Carter Page and then Mike Flynn (the obstructionists always seem to be silent about Paul Manafort and Roger Stone, as if they knew who engaged in substantive conspiracy with the Russians) should not end up with Donald Trump. And they do so, I think, to suggest that at the moment it discovered that quid pro quo in July 2017, it was already illegitimate.

But as McCabe said, “the FBI had reason to investigate that. Right, to investigate the existence of an investigation doesn’t mean someone is guilty. I would say, Scott, if we failed to open an investigation under those circumstances, we wouldn’t be doing our jobs.”

It just turned out that Trump was guilty.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Open Thread: Russia, Russia, Russia! and Everything Else

This is an open thread launched while current events still unfold. It may offer an overview for folks still acquainting themselves with the news about Rex Tillerson, Russia, and the UK.

By now you likely know Trump fired Secretary of State Rex Tillerson by tweet. Like Sally Yates on the travel ban and James Comey about his firing, Tillerson was blindsided; he found out he was terminated from a Trump tweet. Take note of Marcy’s post on Tillerson’s replacement, Mike Pompeo, and his sketchy replacement, deputy CIA director Gina Haspel.

Trump may have fired Tillerson because of this response to the poisoning in the UK of former Russian spy Sergei Skripal and his daughter this past week.

Notice the response attributes the poisoning to Russia but makes no mention of the U.S. role as a NATO member and any response required by that membership. The response doesn’t even name Skripal.

Tillerson’s statement followed UK Prime Minister Theresa May’s demand before Parliament yesterday that Russia explain the poisoning of Skripal, setting a two-day deadline.

The poison used is believed to be an extremely powerful nerve agent Novichok developed by the former USSR.

Russia’s point persons, Sergei Lavrov as Russia’s foreign minister, and Maria Zakharova, his spokesperson, as well as Russian parliament member Andrei Lugovoi have pushed back on May’s attribution and demands while demanding samples of the nerve agent found in Skripal’s poisoning.

NATO’s Article 5 obligates member nations to defend other NATO members in the attack on any NATO member:

Article 5

The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all and consequently they agree that, if such an armed attack occurs, each of them, in exercise of the right of individual or collective self-defence recognised by Article 51 of the Charter of the United Nations, will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area.

Any such armed attack and all measures taken as a result thereof shall immediately be reported to the Security Council. Such measures shall be terminated when the Security Council has taken the measures necessary to restore and maintain international peace and security.

On May 25 last year at a visit NATO’s new headquarters during Trump’s first trip to Europe, Trump avoided continuing U.S. commitment to Article 5. It wasn’t until five weeks later during a speech in Poland that Trump reaffirmed Article 5, saying,

… To those who would criticize our tough stance, I would point out that the United States has demonstrated — not merely with its words but with its actions — that we stand firmly behind Article 5, the mutual defense commitment …

Many articles speculate Tillerson’s firing is the culmination of more than a year of tensions between Tillerson and Trump, including at least one episode during which Tillerson is said to have called Trump a moron (a “fucking moron” according to some). However the immediacy of the termination suggests Trump wanted to remove Tillerson before he could support Theresa May once the two-day deadline has passed.

It’s worth noting that Trump has yet to enforce sanctions on Russia established by bipartisan legislation on a nearly unanimous basis.

It’s also worth noting the GOP majority of the House Permanent Subcommittee on Intelligence abruptly terminated its investigation of Trump-Russia only yesterday afternoon, without providing any notice to the Democratic minority members.

Do read Marcy’s post about Pompeo; bring anything non-Russia comments here to this thread.

Welcome to the Senate Foreign Relations Committee, Mr. Pompeo — the Latest Committee to Have Reason to Investigate Russia!

Yesterday, Rex Tillerson committed the one unforgivable sin on the Trump Administration: holding Russia accountable for its actions. While Trump and Sarah Huckabee Sanders equivocated, Tillerston strongly stated that the poison used in the attack on Sergei Skripal and his daughter obviously came from Russia.

U.S. Secretary of State Rex Tillerson says the poisoning of ex-spy Sergei Skripal in Britain “clearly came from Russia” and “certainly will trigger a response.”

Tillerson says he doesn’t know whether Russia’s government had knowledge of the poisoning. But he is arguing the poison couldn’t have originated anywhere else. He says the substance is known to the U.S. and doesn’t exist widely. He says it’s “only in the hands of a very, very limited number of parties.”

Tillerson calls the poisoning “a really egregious act” and says it’s “almost beyond comprehension” that a state actor would use such a dangerous substance in a public place.

Today, Tillerson’s counterpart, Sergei Lavrov, drew the unenviable task of denying Russia’s involvement, even while the Russian Embassy and Putin himself barely hid their glee about the attack.

“Russia is not responsible,” Sergei Lavrov said during a televised press conference that marked an escalation of the standoff with the UK over the poisoning of the former Russian agent Sergei Skripal and his daughter, Yulia.

Lavrov also suggested Moscow would not comply with a Tuesday midnight deadline set by Theresa May to deliver an explanation or face retaliation. He said Moscow’s requests to see samples of the nerve agent had been turned down, which he called a violation of the chemical weapons convention outlawing the production of chemical weapons.

“We have already made our statement on this case,” he said. “Russia is ready to cooperate in accordance with the convention to ban chemical weapons if the United Kingdom will deign to fulfil its obligations according to the same convention.”

Trump did the predictable thing: Fired Tillerson by tweet, naming Mike Pompeo his successor and torturer Gina Haspel America’s first female CIA Director.

Of course, both those nominations require confirmation. And while it would probably be easy for Haspel to work as Acting Director for the foreseeable future, it may be far, far harder for Pompeo to make the move.

Admittedly, Pompeo was confirmed CIA Director with a 66-32 vote (this was before Democrats got bolder about opposing Trump’s more horrible nominees, and Pompeo was, after all, a member of Congress). But Pompeo likely faces a harder time even getting through committee. While Senate Foreign Relations Committee Dems Jeanne Shaheen and Tim Kaine are among the idiotic Dems who voted for Pompeo for CIA Director, SFRC Republican Rand Paul was the sole Republican voting against Pompeo. So even if just Shaheen and Kaine flip their votes, Pompeo will be bottled up in SFRC. But SFRC also includes several of the other Republicans who’ve been most skeptical of Trump and/or his dalliances with Russia: Bob Corker (who is retiring and has been chilly about Pompeo’s confirmation in the past), Jeff Flake (who is retiring), and Marco Rubio (who was hacked by Russia himself; though he has already said he would support Pompeo).

Since Pompeo’s last confirmation, he has done several things to coddle Trump’s Russia dalliance, as I laid out here.

Already, Pompeo’s cheerleading of Wikileaks during the election should have been disqualifying for the position of CIA Director. That’s even more true now that Pompeo himself has deemed them a non-state hostile intelligence service.

Add in the fact that Pompeo met with Bill Binney to hear the skeptics’ version of the DNC hack, and the fact that Pompeo falsely suggested that the Intelligence Community had determined Russia hadn’t affected the election. Finally, add in the evidence that Pompeo has helped Trump obstruct the investigation and his role spying on CIA’s own investigation into it, and there’s just far too much smoke tying Pompeo to the Russian operation.

Remember, too, that in his last confirmation process, Pompeo refused to rule out using hacked intelligence from Russia, something Rubio should be particularly concerned about.

Pompeo can also expect to be grilled about why he ignored the sanctions against Russia’s top intelligence officers so they could all come for a meet and greet earlier this year.

I’m not saying it won’t happen. But it will be tough for Pompeo to get through the narrowly divided SFRC, much less confirmation in the full senate.

House Intelligence Republicans yesterday made asses of themselves in an attempt to get Russian investigations off the front page. But by nominating Pompeo to be Secretary of State, Trump just gave an entirely different committee, one far more hawkish on Russia issues, reason to start a new investigation into Trump — and Pompeo’s — Russia dalliances.

Minority Report: A Look at Timing of WannaCry and Trump’s Spillage

CAVEAT: Note well these two points before continuing —

1) Check the byline; this is Rayne, NOT Marcy; we may have very different opinions on matters in this post.

2) This post is SPECULATIVE. If you want an open-and-shut case backed by unimpeachable evidence this is not it. Because it addresses issues which may be classified, there may never be publicly-available evidence.

Moving on…

Like this past week’s post on ‘The Curious Timing of Flynn Events and Travel Ban EO‘, I noticed some odd timing and circumstances. Event timing often triggers my suspicions and the unfolding of the WannaCry ransomware attack did just that. WannaCry didn’t unfold in a vacuum, either.

Timeline (Italics: Trump spillage)

13-AUG-2016 — Shadow Brokers dumped first Equation Group/NSA tools online

XX-XXX-201X — Date TBD — NSA warned Microsoft about ETERNALBLUE, the exploit which Microsoft identified as MS17-010. It is not clear from report if this warning occurred before/after Trump’s inauguration.

XX-FEB-2017 — Computer security firm Avast Software Inc. said the first variant of WannaCry was initially seen in February.

14-MAR-2017 — Microsoft released a patch for vulnerability MS17-010.

14-APR-2017 — Easter weekend — Shadow Brokers dumps Equation Group/NSA tools on the internet for the fifth time, including ETERNALBLUE.

(Oddly, no one noted the convenience to Christian countries celebrating a long holiday weekend; convenient, too, that both western and eastern Orthodox Christian sects observed Easter on the same date this year.)

10-MAY-2017White House meeting between Trump, Foreign Minister Sergei Lavrov, and Ambassador Sergey Kislyak. No US media present; Russian media outlet TASS’ Washington bureau chief and a photographer were, however.

12-MAY-2017 — ~8:00 a.m. CET — Avast noticed increased activity in WannaCry detections.

[graphic: Countries with greatest WannaCry infection by 15-MAY-2017; image via Avast Software, Inc.]

12-MAY-2017 — 3:24 a.m. EDT/8:24 a.m. BST London/9:24 a.m. CET Madrid/10:24 a.m. MSK Moscow — early reports indicated telecommunications company Telefonica had been attacked by malware. Later reports by Spanish government said, “the attacks did not disrupt the provision of services or network operations…” Telefonica said the attack was “limited to some computers on an internal network and had not affected clients or services.”

12-MAY-2017 — 10:00 a.m. CET — WannaCry “escalated into a massive spreading,” according to Avast.

12-MAY-2017 — timing TBD — Portugal Telecom affected as was UK’s National Health Service (NHS). “(N)o services were impacted,” according to Portugal Telecom’s spokesperson. A Russian telecom firm was affected as well, along with the Russian interior ministry.

12-MAY-2017 — ~6:23 p.m. BST — Infosec technologist MalwareTechBlog ‘sinkholes’ a URL to which WannaCry points during execution. The infection stops spreading after the underlying domain is registered.

13-MAY-2017 — Infosec specialist MalwareTechBlog posts a tick-tock and explainer outlining his approach to shutting down WannaCry the previous evening

15-MAY-2017 — ~5:00 p.m. EDT — Washington Post reported Trump disclosed classified “code worded” intelligence to Lavrov and Kislyak during his meeting the previous Wednesday.

16-MAY-2017 — National Security Adviser H. R. McMaster said “I wanted to make clear to everybody that the president in no way compromised any sources or methods in the course of this conversation” with Lavrov and Kislyak. But McMaster did not say information apart from sources or methods had been passed on; he did share that “‘the president wasn’t even aware of where this information came from’ and had not been briefed on the source.”

The information Trump passed on spontaneously with the Russian officials was related to laptop bomb threats originating from a specific city inside ISIS-held territory. The city was not named by media though it was mentioned by Trump.

16-MAY-2017 — Media outlets reported Israel was the ally whose classified intelligence was shared by Trump.

Attack attribution

You’ll recall I was a skeptic about North Korea as the source of the Sony hack. There could be classified information cinching the link, but I don’t have access to it. I remain skeptical since Sony Group’s entities leaked like sieves for years.

I’m now skeptical about the identity of the hacker(s) behind WannaCry ransomware this past week.

At first it looked like Russia given Cyrillic character content within the malware. But this map didn’t make any sense. Why would a Russian hacker damage their own country most heavily?

[graphic: WannaCry distribution; image via BBC]

The accusations have changed over time. North Korea has been blamed as well as the Lazarus Group. Convenient, given the missile test this past week which appeared focused on rattling Russia while President Putin was attending a conference in China. And some of the details could be attributed to North Korea.

But why did the ransomware first spread in Spain through telecom Telefonica? Why did it spread to the UK so quickly?

This didn’t add up if North Korea is the origin.

Later reports said the first infections happened in western Asia; the affected countries still don’t make sense if North Korea is the perpetrator, and/or China was their main target.

Malware capability

Given the timing of the ransomware’s launch and the other events also unfolding concurrently — events we only learned about last evening — here’s what I want to know:

Can vulnerability MS17-010, on which WannaCry was based, be used as a remote switch?

Think about the kind and size of laptops still running Windows XP and Windows 8, the operating systems Microsoft had not patched for the Server Message Block 1.0 (SMBv1) vulnerability. They’re not the slim devices on which Windows 10 runs; they’re heavier, more often have hard disk drives (HDDs) and bulkier batteries. I won’t go into details, but these older technologies could be replaced by trimmer technologies, leaving ample room inside the laptop case — room that would allow an older laptop to host other resources.

Let’s assume SMBv1 could be used to push software; this isn’t much of an assumption since this is what WannaCry does. Let’s assume the software looks for specific criteria and takes action or shuts down depending on what it finds. And again, it’s not much of an assumption based on WannaCry and the tool set Shadow Brokers have released to date.

Let’s assume that the software pushed via SMBv1 finds the right criteria in place and triggers a detonation.

Yes. A trigger. Not unlike Stuxnet in a way, though Stuxnet only injected randomness into a system. Nowhere near as complicated as WannaCry, either.

Imagine an old bulky laptop running Windows XP, kitted out internally as an IED, triggered by a malware worm. Imagine several in a cluster on the same local network.

Is this a realistic possibility? I suspect it is based on U.S. insistence that a thinly-justified laptop ban on airplanes is necessary.

Revisit timing

Now you may grasp why the timing of events this past week gave me pause, combined with the details of location and technology.

The intelligence Trump spilled to Lavrov and Kislyak had been linked to the nebulous laptop threat we’ve heard so much about for months — predating the inauguration. Some outlets have said the threat was “tablets and laptops” or “electronic devices” carried by passengers onto planes, but this may have been cover for a more specific threat. (It’s possible the MS17-010 has other counterparts not yet known to public so non-laptop threats can’t be ruled out entirely.)

The nature of the threat may also offer hints at why an ally’s assets were embedded in a particular location. I’ll leave it to you to figure this out on your own; this post has already spelled out enough possibilities.

Trump spilled, the operation must be rolled up, but the roll up also must include closing backdoors along the way to prevent damage if the threat has been set in motion by Trump’s ham-handed spillage.

Which for me raises these questions:

1) Was Shadow Brokers the force behind WannaCry — not just some hacker(s) — and not just the leaking of the underlying vulnerability?

2) Was WannaCry launched in order to force telecoms and enterprise networks, device owners, and Microsoft to patch this particular vulnerability immediately due to a classified ‘clear and present danger’?

3) Was WannaCry launched to prevent unpatched MS17-010 from being used to distribute either a malware-as-trigger, or to retaliate against Russia — or both? The map above shows a disproportionate level of impact suggesting Russia was a potential target if secondary to the operation’s aim. Or perhaps Russia screwed itself with the intelligence entities behind Shadow Brokers, resulting in a lack of advance notice before WannaCry was unleashed?

4) Was WannaCry launched a month after the Shadow Brokers’ dump because there were other increasing threats to the covert operation to stop the threat?

5) Are Shadow Brokers really SHADOW BROKERS – a program of discrete roll-up operations? Is Equation Group really EQUATION GROUP – a program of discrete cyber defense operations united by a pile of cyber tools? Are their interactions more like red and blue teams?

6) Is China’s response to WannaCry — implying it was North Korea but avoiding directly blaming them — really cover for the operation which serves their own (and Microsoft’s) interests?

The pittance WannaCry’s progenitor raised in ransom so far and the difficulty in liquidating the proceeds suggests the ransomware wasn’t done for the money. Who or what could produce a snappy looking ransomware project and not really give a rat’s butt about the ransom?

While Microsoft complains about the NSA’s vulnerability hording, they don’t have much to complain about. WannaCry will force many users off older unsupported operating systems like XP, Win 7 and 8, and Windows Server 2003 in a way nothing else has done to date.

[graphic: 5-year chart, MSFT performance via Google Finance]

Mother’s Day ‘gift’?

I confess I wrestled with writing this; I don’t want to set in motion even more ridiculous security measures that don’t work simply because a software company couldn’t see their software product had an inherent risk, and at least one government felt the value of that risk as a tool was worth hiding for years. It’s against what I believe in — less security apparatus and surveillance, more common sense. But if a middle-aged suburban mom in flyover country can line up all these ducks and figure out how it works, I could’t just let it go, either.

Especially when I figured out the technical methodology behind a credible threat on Mother’s Day. Don’t disrespect the moms.

One Day After Senior Intelligence Official Leaks Details of “Red Phone” Call, Russia Cuts Back Communications with the US

Yesterday, I expressed alarm that someone identified as a “senior intelligence official” not only leaked to NBC that President Obama had used the crisis “Red Phone” with Russia for the first time in his presidency (at least in a cyber context), but characterized the communication as muddled.

A month later, the U.S. used the vestige of an old Cold War communications system — the so-called “Red Phone” that connects Moscow to Washington — to reinforce Obama’s September warning that the U.S. would consider any interference on Election Day a grave matter.

This time Obama used the phrase “armed conflict.”

[snip]

A senior intelligence official told NBC News the message ultimately sent to the Russians was “muddled” — with no bright line laid down and no clear warning given about the consequences. The Russian response, said the official, was non-committal.

But it alarms me that someone decided it was a good idea to go leak criticisms of a Red Phone exchange. It would seem that such an instrument depends on some foundation of trust that, no matter how bad things have gotten, two leaders of nuclear armed states can speak frankly and directly.

Without that conversation being broadcast to the entire world via leaks.

Today, Reuters released a bizarre report — really signals within signals — claiming that most channels of dialogue are frozen.

The Kremlin said on Wednesday it did not expect the incoming U.S. administration to reject NATO enlargement overnight and that almost all communications channels between Russia and the United States were frozen, the RIA news agency reported.

“Almost every level of dialogue with the United States is frozen. We don’t communicate with one another, or (if we do) we do so minimally,” Peskov said

I say it’s bizarre because it’s not a firsthand report. It reports that RIA reported that Peskov said this in an interview with the Mir TV station. So it lacks context.

Moreover, it appears to be false, given that John Kerry spoke with Sergei Lavrov yesterday (with whom he seems to have a pretty good relationship).

MR KIRBY: Well, as you know, we weren’t a party to the talks, but Secretary Kerry did speak today to both Foreign Minister Lavrov and Foreign Minister Cavusoglu, who were there. And they provided the Secretary a sense of how the discussions went.

Nevertheless, this may be a kind of signaling.

It’s precisely the kind of possibility that I worried about when I noted the leak.

With One Bombing Run Russia Gets the US to Acknowledge CIA’s “Covert” Regime Change Forces

For some time, a number of us have been tracking the collective forgetfulness about CIA’s acknowledged covert forces on the ground in Syria. I often point back to the day two years ago when Chuck Hagel confirmed our covert efforts in Syria in a congressional hearing, as well as Senate Foreign Relations Committee member frustration with their inability to get details on the acknowledged covert ops (that already numbered in the thousands, according to Tom Udall) there. Jim and I have written a slew of other posts about CIA’s covert forces there (one two three four five six seven are just a small sampling).

More recently, Adam Johnson caught NYT and Vox pretending CIA’s efforts don’t exist at all.

This past week, two pieces—one in the New York Timesdetailing the “finger pointing” over Obama’s “failed” Syria policy, and a Vox“explainer” of the Syrian civil war—did one better: They didn’t just omit the fact that the CIA has been arming, training and funding rebels since 2012, they heavily implied they had never done so.

To be fair, some intelligence reporters have done consistently good reporting on CIA’s covert war in Syria. But the policy people — especially the ones reporting how if Obama had supported “moderate” rebels sooner — usually pretend no one knows that Obama did support Qatar and Saudi-vetted liver-eating rebels sooner and they often turned out to be Islamists.

The selective ignorance about CIA’s covert operations in Syria seems to have been eliminated, however, with one Russian bombing run that targeted them.

Russia launched airstrikes in Syria on Wednesday, catching U.S. and Western officials off guard and drawing new condemnation as evidence suggested Moscow wasn’t targeting extremist group Islamic State, but rather other opponents of Bashar al-Assad’s regime.

One of the airstrikes hit an area primarily held by rebels backed by the Central Intelligence Agency and allied spy services, U.S. officials said, catapulting the Syrian crisis to a new level of danger and uncertainty. Moscow’s entry means the world’s most powerful militaries—including the U.S., Britain and France—now are flying uncoordinated combat missions, heightening the risk of conflict in the skies over Syria.

Thus far, of course, US officials are insisting that the anti-Assad troops Russia targeted are wholly distinct from ISIS (even while they remain silent about whether they’re Islamic extremists).

Secretary of State John Kerry met with Russian Foreign Minister Sergei Lavrov and said he raised U.S. concerns about attacks that target regime opponents other than Islamic State, also known as ISIS or ISIL. In Syria’s multi-sided war, Mr. Assad’s military—aided by Iran and the Lebanese Shiite group Hezbollah—is fighting both Islamic State and opposition rebel groups, some of which are supported by the U.S. and its allies.

[snip]

The U.S. and its allies were angry at the Russians on many scores: that they are supporting Mr. Assad; that they aren’t coordinating their actions with the existing, U.S.-led anti-Islamic State coalition; that they provided terse notice only an hour before their operations; that they demanded the U.S. coalition stay out of Syrian airspace; and that they struck in areas where anti-Assad rebels—not Islamic State—operate.

“It does appear that they were in areas where there probably were not ISIL forces, and that is precisely one of the problems with this whole approach,” said Mr. Carter, the U.S. defense chief.

This attempt to distinguish ISIS from the CIA-backed rebels will quickly lead to an awkward place for the Administration and its allies, not least because making any distinction will require providing details on the vetting process used to select these forces, as well as addressing the evidence of cooperation with ISIS or traditional al Qaeda in the past. Plus, the more the US argues these groups that aren’t entirely distinct from al Qaeda are entirely distinct from ISIS, it will make the Administration’s claim that the 2001 AUMF against Al Qaeda authorizes it to fight ISIS (in related news, DOJ just denied USAT’s FOIA request for 3 OLC documents making that case) really wobbly. Any claim Russia makes that these anti-Assad forces are also Islamic extremists (and therefore entirely legitimate targets in the fight against ISIS) will be based on intelligence that is no more shitty than US intelligence that they’re not, especially given that CentCom admits on the record it can’t even trust (much less vet) the communications it is getting from rebels on the ground about their coordination with al Qaeda. It will devolve into a he-said-she-said about whose claims are more suspect, Assad’s or the Saudis’ who’ve been pushing for regime change long before the Arab Spring gave then an opportunity to push it along.

And all the while, any pretense that CIA’s involvement is covert will grow more and more laughable. Reporting like this — which claims Putin has “hijacked” Obama’s war on ISIS when the content only makes sense if Putin has more urgently hijacked Obama’s regime change efforts against Assad — will become more and more laughable.

Whatever Russia’s entry does for the tactical confrontation (I have no hopes it will do anything but make this conflict even bloodier, and possibly expand it into other countries), it has clarified a discussion the US has always tried to obscure. There are plenty of US backed forces on the ground — which may or may not be Islamic extremists (see Pat Lang on this point) — whose priority is toppling Bashar al-Assad, not defeating ISIS. While there will be some interesting fights about who they really are in coming days (and whether CIA has already acknowledged that it inflamed Islamists with its regime change efforts), American priorities will become increasingly clear.

Make no mistake: I am not defending Russia, Syria, our vetted “moderate” rebels, Saudi Arabia, or anyone else. It’s a volatile situation and none of the outside intervention seems to be helping. But one big reason we’ve been failing is because we’ve been lying publicly about the forces on the ground. Those lies just got a lot harder to sustain.

(As always on the Syrian quagmire, see Moon of Alabama’s latest.)

Speaking at UN, Obama Tries to Claim He Was Always For Diplomacy in Syria

I had seen several indications this morning that Obama planned to call for a diplomatic approach to the ongoing conflict in Syria despite the earlier indications that he intended to pursue a military strike even if the UK did not join and the UN did not provide a resolution authorizing force. I was hopeful that this new-found reliance on diplomacy would go all the way to calling for a ceasefire to provide safe conditions for the gathering and destruction of Syria’s stockpile of chemical weapons.

Alas, my hopes were once again dashed as Obama fell far short of proposing a ceasefire and he wound up delivering very convoluted remarks as he tried to maintain the fiction that Bashar al-Assad’s forces have been proven to have carried out the August 21 chemical weapons attack and that he favors diplomacy over military action. The quotations I will use here are from the Washington Post’s transcript of his speech.

In a move that approaches Colin Powell’s historic spinning of lies before the invasion of Iraq, Obama stated that there is no dispute that Syrian forces are responsible for the August 21 attack:

The evidence is overwhelming that the Assad regime used such weapons on August 21st. U.N. inspectors gave a clear accounting that advanced rockets fired large quantities of sarin gas at civilians. These rockets were fired from a regime-controlled neighborhood and landed in opposition neighborhoods.

It’s an insult to human reason and to the legitimacy of this institution to suggest that anyone other than the regime carried out this attack.

As I stated shortly after the UN report came out, the report did not show that the rockets for which they determined trajectories carried sarin. That argument is strengthened further by the subsequent realization by others that not one of the environmental samples from the Moadamiyah site came back as positive for sarin. So now one of the famous lines that cross at a Syrian military installation has to be disregarded entirely because there is no evidence of sarin at the point of rocket impact. [Look for the website and reporters for the linked post to be attacked mercilessly. Both the Global Research site I linked to in one questioning post and the Mint Press site which suggested a Saudi false flag operation have been attacked savagely as to their credibility. Remarkably, I have yet to see any of those attacks actually contradict the questions that have been raised.*]

Let’s take a look at Obama’s logical gymnastics as he tried to justify both his initial intent to attack Syria and then his rediscovery that he prefers a diplomatic approach. Early in his Syria comments, he claimed ” A peace process is stillborn.” He gave no evidence of what, if any, role the US played in the peace process. In fact, his next sentence provides a partial clue to just how the peace process died: “America and others have worked to bolster the moderate opposition, but extremist groups have still taken root to exploit the crisis.”

You see, those moderate groups that we are arming are not able to defeat the extremists that others are arming. Sounds like a child caught fighting who says “he hit me back first”.

So that background of a stillborn peace process is why, even before the weak evidence from the UN that the US is misrepresenting came out, Obama insisted that he had to attack Assad. Obama’s ploy to support his actions approached a George W. Bush administration level of disdain for the UN itself as he supplied his rationalization: Read more