Posts

Shorter Jared: “It Depends upon What the Meaning of the Word ‘Collude’ Is”

Given that he’s already appeared before the Senate Judiciary Committee, it’s a bit late to analyze Jared Kushner’s public statement denying any collusion with the Russians who interfered in last year’s election. But the statement is too nifty to let it pass.

Jared’s lawyers would have you believe he is:

  • A young naif in the ways of the world
  • Who nevertheless has recall problems
  • Who asked to use Russian communications facilities but that’s not a back channel
  • And who was undone by his assistant
  • But what matters is really the collusion shiny object

A young naif in the ways of the world

Kushner starts by emphasizing over and over how inexperienced he is in the way of politics. Media has never been his job.

First in my business and now in public service, I have worked on achieving goals, and have left it to others to work on media and public perception.

Building companies has been his job, said the guy who is actually better at building debt, with all the possible compromise that might entail.

Before joining the administration, I worked in the private sector, building and managing companies. My experience was in business, not politics, and it was not my initial intent to play a large role in my father-in-law’s campaign when he decided to run for President.

Even in spite of this claimed total inexperience, Kushner came to run key parts of the campaign.

Over the course of the primaries and general election campaign, my role continued to evolve. I ultimately worked with the finance, scheduling, communications, speechwriting, polling, data and digital teams, as well as becoming a point of contact for foreign government officials.

Note how he mentions — but does not emphasize — the data analytics now suspected of helping Russians target voters in MI and WI “as well as” meeting a bunch of foreigners trying to influence pop-in-law’s campaign.

Kushner repeats, again, how inexperienced he is, implicitly blaming those “incredibly talented people” this utterly inexperienced naif reached out to for help.

All of these were tasks that I had never performed on a campaign previously. When I was faced with a new challenge, I would reach out to contacts, ask advice, find the right person to manage the specific challenge, and work with that person to develop and execute a plan of action. I was lucky to work with some incredibly talented people along the way, all of whom made significant contributions toward the campaign’s ultimate success.

In the last paragraph of this section, Kushner turns. This utterly inexperienced campaign kicked the collective ass of 16 other experienced politicians. It did so, Kushner adds just before pivoting to the (Russian) foreigners trying to help the campaign, because Trump’s utterly inexperienced son-in-law nevertheless managed to run one of the best campaigns in history!

Not only did President Trump defeat sixteen skilled and experienced primary opponents and win the presidency; he did so spending a fraction of what his opponent spent in the general election. He outworked his opponent and ran one of the best campaigns in history using both modern technology and traditional methods to bring his message to the American people.

Who nevertheless has recall problems

As Kushner turns to conversations with foreigners, he starts having recall problems — a word used nine different times.

The first, for his brief meeting with Sergey Kislyak and 3 other unnamed Ambassadors at the Mayflower. [all recall emphasis my own]

The first that I can recall was at the Mayflower Hotel in Washington, D.C. in April 2016.

The second, for two calls Reuters has reported that Kushner insists never took place (which I’ll return to).

Reuters news service has reported that I had two calls with Ambassador Kislyak at some time between April and November of 2016. While I participated in thousands of calls during this period, I do not recall any such calls with the Russian Ambassador.

I hope to return to Kushner’s hunt through his own metadata to find these calls.

The third is Kislyak again, whom Kushner remembered but whose name he couldn’t recall five months later.

When the campaign received an email purporting to be an official note of congratulations from President Putin, I was asked how we could verify it was real. To do so I thought the best way would be to ask the only contact I recalled meeting from the Russian government, which was the Ambassador I had met months earlier,

Four, five, and six: the now infamous June meeting that Kushner only recalled when he reviewed the emails with his lawyers.

The only other Russian contact during the campaign is one I did not recall at all until I was reviewing documents and emails in response to congressional requests for information. In June 2016, my brother-in-law, Donald Trump Jr. asked if I was free to stop by a meeting on June 9 at 3:00 p.m.

[snip]

I did not read or recall this email exchange before it was shown to me by my lawyers when reviewing documents for submission to the committees. No part of the meeting I attended included anything about the campaign, there was no follow up to the meeting that I am aware of, I do not recall how many people were there (or their names), and I have no knowledge of any documents being offered or accepted.

The [read and] recall problems here are legally necessary, of course, given that Kushner had not disclosed this meeting on earlier sworn disclosures. So Kushner needs his past lack of recall to be even more credible than his claims not to recall any more meetings.

Number seven is odd. Kushner claims to “recall” meetings with fifty foreigners.

During this period, I recall having over fifty contacts with people from over fifteen countries. Two of those meetings were with Russians, neither of which I solicited.

These fifty contacts, of course, are the ones he failed to disclose on at least the first round of his security clearance form.

In the very next paragraph, Kushner reminds us: the same guy who can recall contacts with fifty foreigners couldn’t recall Kislyak’s name. Number eight.

As I mentioned before, previous to receiving this request, I could not even recall the Russian Ambassador’s name, and had to ask for the name of the individual I had seen at the Mayflower Hotel almost seven months earlier.

All these recalls and failed to recalls lead up to the ninth: the four contacts with Russians revealed in this statement are all that he recalls.

I have disclosed these contacts and described them as fully as I can recall.

Who asked to use Russian communications facilities but that’s not a back channel

Again: Kushner admits to four meetings. In the first he met with a guy whose name he didn’t recall. The second was a meeting that he entirely didn’t recall. Kushner’s failure to recall allows him to make this claim, which (CNN helpfully tells us) was emphasized in the original.

During the meeting, after pleasantries were exchanged, as I had done in many of the meetings I had and would have with foreign officials, I stated our desire for a fresh start in relations. Also, as I had done in other meetings with foreign officials, I asked Ambassador Kislyak if he would identify the best person (whether the Ambassador or someone else) with whom to have direct discussions and who had contact with his President. The fact that I was asking about ways to start a dialogue after Election Day should of course be viewed as strong evidence that I was not aware of one that existed before Election Day. [emphasis original]

Kushner’s failure of recall, then (as well as his claimed ignorance about the recall of any other people, including Mike Flynn and Don Jr), is a key break in the nonsensical chain that divorces any election discussions (which might be proof of a quid pro quo tying Russia’s election season activities to discussions afterwards) from transition discussions.

Consider how implausible it is that Kushner had no — zero!!! — forward-looking policy discussions with foreign officials during the campaign. He’s making this claim not just about Russia, but about all countries: Taiwan, the Emirates, Israel! He’s claiming all of these conversations were about fresh starts, all of them, but none of those fresh starts started before November 8.

Bollocks.

Nevertheless, that bollocks statement allows Kushner to give virgin birth to the conversation — started days after the election — that has now borne fruit, Russia convincing the Trump administration to stop funding the CIA backed rebels and (tacitly, so far) leaving Russia’s client Bashar al-Assad in place.

This is the conversation that Kushner wanted to conduct using Russian, not American, facilities.

Oh, sure. Kushner claims they considered using Russian facilities because there was no “secure line” in the transition office.

The Ambassador expressed similar sentiments about relations, and then said he especially wanted to address U.S. policy in Syria, and that he wanted to convey information from what he called his “generals.” He said he wanted to provide information that would help inform the new administration. He said the generals could not easily come to the U.S. to convey this information and he asked if there was a secure line in the transition office to conduct a conversation. General Flynn or I explained that there were no such lines. I believed developing a thoughtful approach on Syria was a very high priority given the ongoing humanitarian crisis, and I asked if they had an existing communications channel at his embassy we could use where they would be comfortable transmitting the information they wanted to relay to General Flynn. The Ambassador said that would not be possible and so we all agreed that we would receive this information after the Inauguration.

I assume someone has already disproved this statement, the claim there was a SCIF but no secure line in the transition office. It’s absurd in any case: Kushner and Flynn could just get Signal to conduct secret conversations with Russian generals!

Which suggests by “secure” Kushner means a line secure from our own intelligence officials.

You know? A back channel?

I did not suggest a “secret back channel.” I did not suggest an on-going secret form of communication for then or for when the administration took office. I did not raise the possibility of using the embassy or any other Russian facility for any purpose other than this one possible conversation in the transition period.

Uh huh. In any case, Kislyak got the message: while they might have to delay, Kushner and Flynn were willing to carry on that kind of communications with Russian generals. Which Kushner doesn’t seem to connect to the meeting with Sergey Gorkov.

Kushner’s claims about that meeting are even more nonsensical — so much so I’ll have to leave them for their very own post. Suffice it to say Kushner claims a discussion about a bank involved no conversation about banking.

And who was undone by his assistant

Having provided descriptions of the two conversations he had with Russians during the campaign and then provided allegedly dissociated conversations he had with Russians during the transition, Kushner turned to blaming his assistant for all of his disclosure failures on his SF-86.

Except, this explanation only covers his first two SF-86 forms, not the incomplete third form, the one that didn’t include the June 9 meeting.

In the week before the Inauguration, amid the scramble of finalizing the unwinding of my involvement from my company, moving my family to Washington, completing the paper work to divest assets and resign from my outside positions and complete my security and financial disclosure forms, people at my New York office were helping me find the information, organize it, review it and put it into the electronic form. They sent an email to my assistant in Washington, communicating that the changes to one particular section were complete; my assistant interpreted that message as meaning that the entire form was completed. At that point, the form was a rough draft and still had many omissions including not listing any foreign government contacts and even omitted the address of my father-in-law (which was obviously well known). Because of this miscommunication, my assistant submitted the draft on January 18, 2017.

That evening, when we realized the form had been submitted prematurely, we informed the transition team that we needed to make changes and additions to the form. The very next day, January 19, 2017, we submitted supplemental information to the transition, which confirmed receipt and said they would immediately transmit it to the FBI. The supplement disclosed that I had “numerous contacts with foreign officials” and that we were going through my records to provide an accurate and complete list. I provided a list of those contacts in the normal course, before my background investigation interview and prior to any inquiries or media reports about my form.

Between the time difference and more travel within Oz, I’m not sure whether NYT has fact-checked this claim yet, which I believe to be false given their reporting.

What’s certainly true is this statement makes it clear that Kushner didn’t get the June 9 meeting on his form before his first security clearance interview.

A good example is the June 9 meeting. For reasons that should be clear from the explanation of that meeting I have provided, I did not remember the meeting and certainly did not remember it as one with anyone who had to be included on an SF-86. When documents reviewed for production in connection with committee requests reminded me that meeting had occurred, and because of the language in the email chain that I then read for the first time, I included that meeting on a supplement.

What’s also true is Kushner pretends it is normal to have someone playing a key foreign policy role for six months with nothing but an interim clearance.

That is, what Kushner doesn’t address here is that his inability to disclose who he spoke with and why has left the US exposed to potentially unaccounted influence operations.

But what matters is really the collusion shiny object

In short, Kushner’s narrative is not only unconvincing, but it is internally inconsistent.

Which may be why Kushner ends his statement with another big bolded passage, this one disclaiming any knowledge of “collusion.”

It has been my practice not to appear in the media or leak information in my own defense. I have tried to focus on the important work at hand and serve this President and this country to the best of my abilities. I hope that through my answers to questions, written statements and documents I have now been able to demonstrate the entirety of my limited contacts with Russian representatives during the campaign and transition. I did not collude, nor know of anyone else in the campaign who colluded, with any foreign government. I had no improper contacts. I have not relied on Russian funds to finance my business activities in the private sector. I have tried to be fully transparent with regard to the filing of my SF-86 form, above and beyond what is required. Hopefully, this puts these matters to rest.

It’s very earnest, this paragraph from a guy whose statement makes himself look totally unqualified for his role in the White House, hoping to put this matter behind him so he can get on with providing those inadequate skills to the country.

Three times in the paragraph to supplement the nine invocations of his limited recall, Kushner expresses hope, but no confidence, he has covered everything.

I hope … I have now been able to demonstrate the entirety of my limited contacts

I have tried to be fully transparent

Hopefully, this puts these matters to rest.

Amid this message of service and hope, however, Kushner is offering a great big shiny object.

As Jim Comey (a far more qualified civil servant than Kushner, whom Kushner personally pushed to be fired for that service) said months ago, FBI is not assessing whether there was “collusion” here. The term is legally meaningless. What they’re looking for is “coordination,” the kind of coordination you might find in a discussion about capitulating to Russian policy in Syria — even setting up a back channel to do so — in the immediate wake of an election decided with the help of those same Russians.

There’s plenty of evidence to support that kind of coordination in this statement.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Long-Delayed Jeff Sessions Reveal

Today (or yesterday — I’ve lost track of time) the WaPo reported what has long been implied: there’s evidence that Jeff Sessions spoke to Russian Ambassador Sergey Kislyak about campaign-related stuff, contrary to his repeated sworn comments.

At first, I thought this revelation might relate to Richard Burr’s assertion that Devin Nunes made up the scandal about which Obama officials had unmasked the identity of Trump officials who got sucked up in intercepts of Russians.

“The unmasking thing was all created by Devin Nunes, and I’ll wait to go through our full evaluation to see if there was anything improper that happened,” Burr said. “But clearly there were individuals unmasked. Some of that became public which it’s not supposed to, and our business is to understand that, and explain it.”

After all, one of the things the Senate Intelligence Committee would do to clear Rice is figure out who unmasked the identities of Trump people. And there’s at least circumstantial evidence to suggest that James Clapper unmasked Jeff Sessions’ identity, potentially on the last day of his tenure.

But Adam Entous, one of the three journalists on the story (and all the stories based on leaks of intercepts) reportedly said on the telly they’ve had the story since June.

Which instead suggests the WaPo published a story they’ve been sitting on since Sessions’ testimony.

The WaPo story cites the NYT interview in which Trump attacked Sessions for his poor answers about his interactions with Kislyak.

Trump, in an interview this week, expressed frustration with Sessions’s recusing himself from the Russia probe and indicated that he regretted his decision to make the lawmaker from Alabama the nation’s top law enforcement officer. Trump also faulted Sessions as giving “bad answers” during his confirmation hearing about his Russian contacts during the campaign.

Officials emphasized that the information contradicting Sessions comes from U.S. intelligence on Kislyak’s communications with the Kremlin, and acknowledged that the Russian ambassador could have mischaracterized or exaggerated the nature of his interactions.

Many people took this interview as an effort on Trump’s part to get Sessions to resign.

And the WaPo goes on to note that the disclosure — by these same journalists — of Mike Flynn’s conversations with Kislyak led to his resignation.

Kislyak was also a key figure in the departure of former national security adviser Michael Flynn, who was forced to leave that job after The Post revealed that he had discussed U.S. sanctions against Russia with Kislyak even while telling others in the Trump administration that he had not done so.

And all of a sudden, we get this confirmation that Sessions has been lying all along.

Don’t get me wrong: I’d be happy to see Jeff Sessions forced to resign. But if he does, Trump will appoint someone more willing to help the cover up, someone who (because he wouldn’t have these prevarications about conversations with the Russian Ambassador and therefore won’t have to recuse) will assume supervision of Robert Mueller.

So while I’m happy for the confirmation that Sessions lied, I have real questions about why this is being published now.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

What Would Jared Kushner’s Middle East Peace Look Like?

NYT has gotten a lot of heat for letting associates speaking for Jared Kushner who nevertheless refused to be IDed as such provide this explanation for why he asked Sergey Kislyak for a channel of communications that bypassed any US intelligence scrutiny.

Jared Kushner, President Trump’s son-in-law and senior adviser, spoke in December with Russia’s ambassador to the United States about establishing a secret communications channel between the Trump transition team and Moscow to discuss strategy in Syria and other policy issues, according to three people with knowledge of the discussion.

I would defend NYT on two grounds. First, while I’m totally supportive of WaPo (and others) providing anonymity for their sources who are providing highly sensitive details about what went on, they, too, could provide a bit more detail so readers could understand the motives, not least by indicating whether these were Congressional (and therefore partisan) or intelligence sources.

But I also think it highly likely the relationship between the Syria claim and what is really going on is similar to the original NYT explanation of this meeting — that it served to “establish a line of communication” between the Trump Administration and Russia and what has now been disclosed as an effort to establish a line of communication that bypassed all IC scrutiny. That is, I suspect those who shared this excuse believe it and believe it is rational within a larger context, and I believe it describes part of what they know to be going on. (Don’t go nuts just yet — I’m not defending that belief.)

Before I explain what I mean, consider a few more data points.

First, in this appearance, Juliette Kayyem and Steven Hall distinguish what this appears to be — a channel that bypasses the IC — from one that uses a third country (the Pope, in Kayyem’s example of President Obama’s back channel to Cuba) to establish a dialogue with an estranged country, a traditional back channel.

But remember, this is not the only country Kushner was establishing weird communications with. The WaPo story on this reminds of Trump’s secrecy surrounding a meeting between the Sheikh Mohamed bin Zayed al-Nahyan and Kushner, Flynn, and Bannon.

Trump’s advisers were similarly secretive about meetings with leaders from the United Arab Emirates. The Obama White House only learned that the crown prince of Abu Dhabi was flying to New York in December to see Kushner, Flynn and Stephen K. Bannon, another top Trump adviser, because U.S. border agents in the UAE spotted the Emirate leader’s name on a flight manifest.

And WaPo ties that meeting to a meeting, brokered by UAE, between Erik Prince and a Putin confidante on January 11.

Now consider National Security Adviser H.R. McMaster’s take on all this. First, he’s not all that concerned that his boss’ son-in-law tried to set up a channel of communication using an adversary’s facilities. According to him, they do this all the time!

“We have back-channel communications with any number of individual (countries). So generally speaking, about back-channel communications, what that allows you to do is communicate in a discreet manner,” McMaster said.

“So it doesn’t pre-expose you to any sort of content or any kind of conversation or anything. So we’re not concerned about it.”

Actually, he does have a point there. There’s the Emirates meeting, but there’s also Mike Flynn’s discussions of kidnapping Fethullah Gulen at the behest of Recep Erdogan. You might even include Rudy Giuliani’s intervention in the Reza Zarrab case.

As if McMaster’s lackadaisical attitude about Kushner’s attempt to use Russia’s facilities isn’t weird enough, though, there’s something else. Even before he made this weird defense of Kushner’s back channels, McMaster was excluded from at least one meeting on Trump’s overseas trip: that between Trump and Bibi Netanyahu.

National security advisor H.R. McMaster was left out of a meeting between President Donald Trump and Israeli Prime Minister BenjaminNetanyahu on Monday, a move that raised eyebrows among officials.

According to Kafe Knesset, Trump met with Netanyahu Monday evening, starting with a one-on-one meeting. The forum was soon expanded by several advisors on each side, including Jared Kushner, Jason Greenblatt and Ambassador David Friedman on the U.S. side, according to Israeli officials.

Secretary of State Rex Tillerson was also later invited to the expanded meeting, per an official, but “McMaster sat outside the King David room during the course of the entire meeting.”

So perhaps we can add Israel to the list of countries that Kushner has been establishing back channel communications with.

For better or worse, a back channel with Israel by itself would never get you accused of treason in the US. But I do find it interesting given the underlying precedent to Devin Nunes’ complaints about “unmasking:” the earlier collection of conversations in which Bibi told Members of Congress what the Obama Administration’s plans were with respect to Iran. The conversations of Trump associates that Nunes was outraged were unmasked didn’t involve Russia, he said, but did they involve Israel? Or Turkey or the Emirates?

With all that in mind, consider what the purported Middle East peace that Kushner has reportedly been crafting would actually look like. It’d include unlimited support for Israeli occupation of Palestine. Bashar al-Assad would be ousted, but in a way that would permit Russia a strategic footprint, perhaps with sanction of its occupation of Crimea and Donetsk as well. It’d sanction the increasing authoritarianism in Turkey. It’s sanction Saudi Arabia’s ruthless starvation of Yemen. It’d fuck over the Kurds.

And it’d mean war with Iran.

Trump took steps towards doing most of those things on his trip, not least with his insane weapons deal with Saudi Arabia, itself premised on a formal detachment of weapons sales from any demands for respect for human rights. Of particular note, Trump claimed to be establishing a great peace initiative with Islamic countries, even when discussing meetings that treated Iran (and by association most Shia Muslims) as an enemy.

Several days ago in Saudi Arabia, I met with the leaders of the Muslim world and Arab nations from all across the region. It was an epic gathering. It was an historic event. Kind Salman of Saudi Arabia could not have been kinder, and I will tell you, he’s a very wise, wise man. I called on these leaders and asked them to join in a partnership to drive terrorism from their midst, once and for all. It was a deeply productive meeting. People have said there had really never been anything even close in history. I believe that. Being there and seeing who was there and hearing the spirit and a lot of love, there has never been anything like that in history. And it was an honor to be involved.

Kushner’s “peace plan” is not so much a plan for peace. It’s a plan for a complete remapping of the Middle East according to a vision the Israelis and Saudis have long been espousing (and note the multiple nods on Trump’s trip to the growing alliance between the two, including Trump’s flight directly from Riyadh to Tel Aviv and Bibi’s comment on “common dangers are turning former enemies into partners”). It’s a vision for still more oppression (a view that Trump supports globally, in any case).

Yes, it’d probably all be accomplished with corrupt self-enrichment on the part of all players.

And it’d likely be a complete clusterfuck.

Which is why you’d want to keep all of that — not just the conversations in which you persuade Russia to ditch Iran as an ally, but also the conversations where you reverse long-standing policy with Israel and America’s embrace of human rights — from the intelligence community.

Because the actual experts, the people who’ve long played a game with our frenemies Israel, Saudi Arabia, and Turkey (and a battle with our adversaries like Russia), would explain all the problems with the plan.

I get why the focus on Russia is important, here.

But what if that focus is preventing us from seeing the vast forest of a horribly realigned American foreign policy for one Russian birch tree?

This post has been updated.

Update: A longtime (but anonymous) friend of the blog sent this humorous interpretation.

***************************<eyes only>****************************
To: DJT
Fr: JK
Dt: 5/28/17
Re: NWO
Sir,
This is to summarize the state of play in our negotiations for the NWO Project.
Everything’s a Go.
Oligarch        Turf                          Stipulations
Putin            Russia/Europe            No Muslims/No Refugees/Segregated Minorities
Trump          Americas/Britain        No Muslims/No Refugees/Segregated Minorities
Xi                 Asia/Pacific               No Muslims/No Refugees/Segregated Minorities
?                  Africa
Strongmen
Erdogan
Duterte
Un
Servicers
Israel           Global Finance
Saud            Middle East Portal/Muslim Vetting
Britain          Eurussian Portal
Japan           Pacific Portal
Prince           NWO Police
Winners                    and                    Losers
Authoritarians                                     Democracy
Exceptionalists                                    Rule of Law
Oligarchs                                            Everyone Else
Men                                                   Women
Caucasian/Han                                    All other Ethnicities
Sunni                                                 Shia
Jews                                                  Palestinians
Christians                                           Non-Christians
Russians                                             Europe, Ukraine, Crimea, Al Assad
China                                                 Taiwan, Hawaii (u gave them?)
Israel                                                 Iran, Palestinians
Saud                                                  All of the Middle East ex. Israel
Gen. Bannon says the next step in the plan is Operation Revenge479…
Doing my best to put you in good positions.
Love you, Pop!
J
**********crypto room fsb dc emb uid: skislyak //sci.nwo.kompromat***********
Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Anonymous Letter to WaPo

Just when I thought we’d have a long weekend without a big news dump, the WaPo published its story revealing Jared Kushner asked Sergey Kislyak to set up a channel of communication with Russia at Russian facilities at a meeting in early December.

Jared Kushner and Russia’s ambassador to Washington discussed the possibility of setting up a secret and secure communications channel between Trump’s transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports.

Ambassador Sergei Kislyak reported to his superiors in Moscow that Kushner, then President-elect Trump’s son-in-law and confidant, made the proposal during a meeting on Dec. 1 or 2 at Trump Tower, according to intercepts of Russian communications that were reviewed by U.S. officials. Kislyak said Kushner suggested using Russian diplomatic facilities in the United States for the communications.

The meeting also was attended by Michael Flynn, Trump’s first national security adviser.

That story — and additional details on Kushner’s discussions with UAE — is the big headliner.

But the fascinating detail is that WaPo received an anonymous letter with details of this meeting — and other things that the WaPo suggests it may not yet have confirmed — in mid-December.

The Post was first alerted in mid-December to the meeting by an anonymous letter, which said, among other things, that Kushner had talked to Kislyak about setting up the communications channel. This week, officials, who reviewed the letter and spoke on condition of anonymity to discuss sensitive intelligence, said the portion about the secret channel was consistent with their understanding of events.

For instance, according to those officials and the letter, Kushner conveyed to the Russians that he was aware it would be politically sensitive to meet publicly, but it was necessary for the Trump team to be able to continue their communication with Russian government officials.

In addition to their discussion about setting up the communications channel, Kushner, Flynn and Kislyak also talked about arranging a meeting between a representative of Trump and a “Russian contact” in a third country whose name was not identified, according to the anonymous letter.

So who could have sent the letter?

First, consider the timing. The letter was sent within a few weeks of the meeting itself. In between the meeting and sending of the letter, these very same reporters got the scoop that the CIA believed Russia affirmatively wanted Trump elected, a scoop that pre-empted the President’s call for a report on Russian tampering in the election. A week later, two of these reporters got another confirmation that John Brennan said the other agencies agreed with him on the view that Putin wanted Trump elected.

The letter also got received a few days after John McCain got a copy of Christopher Steele’s dossier (reportedly on December 9), followed just four days later by the last known and by far most incendiary installment of the dossier, which for the first time accused Trump’s campaign of paying the DNC hackers.

In other words, WaPo received the letter at a time when the IC was dumping a ton of information implicating Trump. So perhaps it was a spook who heard Kislyak’s description of the meeting on an intercept.

The dominant narrative on those intercepts, however, has said that the IC wasn’t listening closely to Kislyak intercepts until after Russia did not retaliate in response to the hacking sanctions imposed on December 28, and didn’t find the incriminating Mike Flynn conversations until around January 3. If that’s right, then the IC wouldn’t have heard about this meeting until weeks after the letter was sent. [Update: the NYT version of this–which appears to be damage control from the White House–cites a senior American official stating that they learned about this conversation “several months ago,” which would put it after the letter was sent.]

Of course, with the FBI and CIA getting their own raw feeds of data, it’s possible one agency listened to the intercepts (and had the language skills to understand them) before another did. It’s possible, for example, CIA learned about the meeting before FBI did so in the aftermath of the sanctions concerns.

It’s also possible that the Russians sent the letter — or even that Kislyak made up the Kushner claim as disinformation (remember, by this point there were leaks about FISA orders, with reports that Russian interlocutors were changing their communication habits). But it’s unclear what Russia would have to gain by sending a letter in December, rather than waiting until Kushner had compromised himself. Doing so would eliminate all the control they had gained with the information.

Which (barring a spook sending the letter) would seem to leave a Trump associate. Reportedly, WaPo’s Miller said that the letter appears to come from someone inside the Trump transition. Anyone else at the meeting would seem to be an immediate target for Trump retaliation. Though it is possible that Mike Flynn sent the letter, realizing he was getting set up by Trump, which would make the delay in reporting this detail rather interesting. That said, he would have little reason to do so in December, as opposed to now, given that he faces criminal investigation.

Outside of Flynn, though, it’s not clear many people knew this meeting ever happened, much less what happened in it. The meeting was first disclosed by the New Yorker, following which the White House quickly added (in a story to the NYT) Flynn to the story — suggesting he, and not the President’s son-in-law suggested the communication channel.

Michael T. Flynn, then Donald J. Trump’s incoming national security adviser, had a previously undisclosed meeting with the Russian ambassador in December to “establish a line of communication” between the new administration and the Russian government, the White House said on Thursday.

Jared Kushner, Mr. Trump’s son-in-law and now a senior adviser, also participated in the meeting at Trump Tower with Mr. Flynn and Sergey I. Kislyak, the Russian ambassador. But among Mr. Trump’s inner circle, it is Mr. Flynn who appears to have been the main interlocutor with the Russian envoy — the two were in contact during the campaign and the transition, Mr. Kislyak and current and former American officials have said.

[snip]

“They generally discussed the relationship and it made sense to establish a line of communication,” Ms. Hicks said. “Jared has had meetings with many other foreign countries and representatives — as many as two dozen other foreign countries’ leaders and representatives.”

The Trump Tower meeting lasted 20 minutes, and Mr. Kushner has not met since with Mr. Kislyak, Ms. Hicks said.

It later became clear that Kushner hadn’t even shared that meeting with White House staffers (presumably including Don McGahn) when responding the Mike Flynn firing, much less included them on his security clearance form.

The extent of Mr. Kushner’s interactions with Mr. Kislyak caught some senior members of Mr. Trump’s White House team off guard, in part because he did not mention them last month during a debate then consuming the White House: how to handle the disclosures about Mr. Flynn’s interactions with the Russian ambassador.

Ms. Hicks said that Mr. Trump had authorized Mr. Kushner to have meetings with foreign officials that he felt made sense, and to report back to him if those meetings produced anything of note. She said that because in Mr. Kushner’s view the meetings were inconsequential, it did not occur to him to mention them to senior staff members earlier.

“There was nothing to get out in front of on this,” she said.

So there wouldn’t be that many transition staffers who would know of the meeting by mid-December.

That said, one person who knew about the meeting ahead of time was Marshall Billingslea, who tried to warn Flynn about Kislyak. And his request for the Kislyak profile would have alerted the CIA to his concerns about the meeting.

In any case, there are now reports of still more Kushner communications with Kislyak coming out, going back to April 2016. So the FBI sure has a lot to review.

Update: As others have pointed out, at 8:30 there’s a more detailed description of the typed letter, received December 12.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

From Long Island and Maryland with Love

Yet another Trump-Russia-related story dropped after regular business hours, this time in a holiday news dump zone. But after weeks of big stories dropping later in the day, we’re all conditioned to hold off our cocktails.

The Washington Post article had two tidbits I found interesting (Marcy tackles the anonymous letter at the root of the story). First, Russian Ambassador Kislyak’s reaction to Trump son-in-law and transition team member Jared Kushner’s proposal to establish a backchannel between Trump’s team and Russia.

Kislyak reportedly was taken aback by the suggestion of allowing an American to use Russian communications gear at its embassy or consulate — a proposal that would have carried security risks for Moscow as well as the Trump team.

Yeah. Not the first time Russia agents found American behavior sketchy. Recall the 2015 arrest of three Russian spies in New York? Evgeny Buryakov was really skeptical about his American contact’s insistence on casino business, and with good reason. Kislyak sounds just as skeptical about Kushner’s request in today’s WaPo piece.

And then this bit:

Russia would also have had reasons of its own to reject such an overture from Kushner. Doing so would require Moscow to expose its most sophisticated communications capabilities — which are likely housed in highly secure locations at diplomatic compounds — to an American.

Remember Obama’s last sanctions on Russia, ordered December 29? They included evicting two diplomatic compounds — one in Long Island, another in Maryland (back to this Maryland compound in a moment). What’s the chances these evictions were not only punitive but as a deterrent to their use for backchannel communications?

I’ve wondered for a while now about the communications methods Russian spies have used in the U.S., pondering about them in my post about 2015’s three-man spy ring. What might have been left behind after the last Obama administration sanctions?

Now back to Maryland and that storied Pioneer Point estate on the water, used by putative Russian diplomats as their dacha away from the hubbub of Washington D.C. It’s a lovely place, conveniently located near Annapolis, not an overly long drive from D.C., delightful waterfront for boating.

And only a hop-skip-jump across the Chesapeake Bay Bridge or a boat ride over the bay from Strategic Campaign Group (SCG) at 191 Main St #310, Annapolis — an address about a block from docks and waterfront restaurants. You may recall SCG was raided earlier this month in relation to reported conservative fundraising scams. Just so happens SCG has ties to Paul Manafort and to the Trump organization by former employee James Perry. At the time of the raid, the FBI said SCG was under investigation for fundraising related to a 2013 race.

I’m sure the proximity of SCG to the Russian’s Pioneer Point dacha is just a coincidence. But squirrel away the location for future reference.

Off to have the first holiday weekend cocktail — and no, it’s not a White Russian or a Moscow Mule. Have a good one!

UPDATE — 9:50 p.m. EDT —
Reuters dropped another one about a half-hour ago. Really, Jared? You can’t recall three additional contacts with Russian ambassador Kislyak? You’re really going to make Jamie Gorelick torch her reputation with this “dog ate my homework” prevarication? Are you really so clueless about communications collection? Because if you are, that’s as big a reason for your security clearance to be yanked as your lying has been. Somebody terminate his clearance immediately, please, whether he’s a target of the investigation or not.

I need another cocktail. Race you to the bar. If only we could make Jared buy us all a round.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

The Kushner-Comey Connection

The WaPo is reporting that the FBI probe into ties between Russia and Trump’s campaign is looking at a person still in the White House, in addition to Mike Flynn and Paul Manafort.

The law enforcement investigation into possible coordination between Russia and the Trump campaign has identified a current White House official as a significant person of interest, showing that the probe is reaching into the highest levels of government, according to people familiar with the matter.

Further down in the article, WaPo names some people that might be this other person of interest — but just one of them is actually in the White House.

Current administration officials who have acknowledged contacts with Russian officials include President Trump’s son-in-law, Jared Kushner, as well as Attorney General Jeff Sessions and Secretary of State Rex Tillerson.

Still further down, the WaPo covers what first got me believing Jared Kushner is the ultimate target of this probe: his meeting with Sergey Gorkov, the FSB-trained head of the sanctioned Russian bank, Vnesheconombank.

The White House also has acknowledged that Kushner met with Kislyak, the Russian ambassador to the United States, in late November. Kushner also has acknowledged that he met with the head of a Russian development bank, Vnesheconombank, which has been under U.S. sanctions since July 2014. The president’s son-in-law initially omitted contacts with foreign leaders from a national security questionnaire, though his lawyer has said publicly he submitted the form prematurely and informed the FBI soon after that he would provide an update.

Vnesheconombank handles development for the state, and in early 2015, a man purporting to be one of its New York-based employees was arrested and accused of being an unregistered spy.

That man — Evgeny Buryakov — ultimately pleaded guilty and was eventually deported. He had been in contact with former Trump adviser Carter Page, though Page has said he shared only “basic immaterial information and publicly available research documents” with the Russian. Page was the subject of a secret warrant last year issued by the Foreign Intelligence Surveillance Court, based on suspicions he might have been acting as an agent of the Russian government, according to people familiar with the matter. Page has denied any wrongdoing, and accused the government of violating his civil rights.

As I’ve noted since, there was a lot of smoke coming from Kushner’s direction: first, SSCI’s explicit interest in interviewing Kusher and then two competing stories about a Trump request for CIA’s Sergey Kislyak dossier that only makes sense if the audience were Kushner, not Flynn.

But there are a few more dots (in addition to people claiming to have confirmed this point) that support the idea that Kushner is the ultimate target here, and that Trump, in his clumsy attempts to protect Mike Flynn by firing Jim Comey, is actually attempt to protect the father of his grandchildren.

Back on March 2, Jim Comey’s then still secret Twitter account favorited this NYT article disclosing that Mike Flynn had a previously undisclosed face-to-face meeting with Sergey Kislyak at Trump Tower. (h/t TC)

Michael T. Flynn, then Donald J. Trump’s incoming national security adviser, had a previously undisclosed meeting with the Russian ambassador in December to “establish a line of communication” between the new administration and the Russian government, the White House said on Thursday.

Jared Kushner, Mr. Trump’s son-in-law and now a senior adviser, also participated in the meeting at Trump Tower with Mr. Flynn and Sergey I. Kislyak, the Russian ambassador. But among Mr. Trump’s inner circle, it is Mr. Flynn who appears to have been the main interlocutor with the Russian envoy — the two were in contact during the campaign and the transition, Mr. Kislyak and current and former American officials have said.

[snip]

They generally discussed the relationship and it made sense to establish a line of communication,” Ms. Hicks said. “Jared has had meetings with many other foreign countries and representatives — as many as two dozen other foreign countries’ leaders and representatives.”

The story was presented as White House confirmation of earlier New Yorker reporting that Kushner had the meeting, with the White House newly disclosing Flynn’s presence at it. But we now know that the representation that Kushner’s meeting with Kislyak was just one of a slew of meetings with foreign leaders wasn’t quite right. He had sent an aide to a subsequent meeting, and coming out of that meeting, he met with Gorkov, basically meeting with someone personally lobbying to get rid of Ukraine-related sanctions.

Later that month, though, Mr. Kislyak requested a second meeting, which Mr. Kushner asked a deputy to attend in his stead, officials said. At Mr. Kislyak’s request, Mr. Kushner later met with Sergey N. Gorkov, the chief of Vnesheconombank, which the United States placed on its sanctions list after President Vladimir V. Putin of Russia annexed Crimea and began meddling in Ukraine.

Of course, while we only learned that fact later, when Comey favorited that story on March 2, he would have known the full details of the follow-up communications. In other words, he would recognize that story as yet another case of the White House hiding Russian communications. He would also likely already know that Kushner had not included that meeting on his security clearance form.

We only learned that story on March 27, when the NYT revealed the Senate Intelligence Committee wanted to interview Kushner about the meeting. As I noted at the time, the discussion between Gorkov and Kushner, coming before Flynn’s December 29 discussions with Kislyak, would dramatically change the connotation of Flynn’s discussions of sanctions. Because, while the immediate context of the December 29 discussions would have been the new hacking related sanctions imposed on December 28, with the prior meeting with Gorkov, they would likely also include the Ukrainian ones. That was the payoff discussed in any quid pro quo related to the election: Putin would help elect Trump, and in exchange Trump would end economic sanctions.

Of course, to make the argument that Flynn was offering to give Russia the payoff for the election-related help, you’d have to get Flynn to cooperate. If you got Flynn to cooperate, he’d be able to tell the FBI whether or not those December 29 conversations pertained just to the hacking sanctions or also to the Ukrainian ones.

The FBI has a great many things they can and will use to get Flynn to cooperate, including his undisclosed foreign payments and his lies to the FBI in his January 24 interview.

[Large section based off erroneous reading of Wittes’ post removed.]

When Trump fired Comey, he claimed that Comey had thrice told him “he” wasn’t under investigation. Even assuming Comey did, consider how Trump would understand that and how normal people would. To us, “he” would include just Trump. But to someone like Trump whose only real loyalty is to family, “he” would include his family. Including Kushner.

Trump may well think Flynn is a nice man that deserves his loyalty. More likely, though, Trump knows that Flynn could sink his son-in-law. I believe that’s why Trump had to fire Comey in an effort to undercut the Flynn investigation.

And Rod Rosenstein, the survivor, just picked a partner from the firm of Kushner and Ivanka’s lawyer Jamie Gorelick, Robert Mueller, to take over the investigation into Flynn.

Update: Sure enough, Reuters is reporting that Mueller, by design, may not be able to investigate Kushner or Paul Manafort.

Within hours of Mueller’s appointment on Wednesday, the White House began reviewing the Code of Federal Regulations, which restricts newly hired government lawyers from investigating their prior law firm’s clients for one year after their hiring, the sources said.

An executive order signed by Trump in January extended that period to two years.

Mueller’s former law firm, WilmerHale, represents Trump’s son-in-law Jared Kushner, who met with a Russian bank executive in December, and the president’s former campaign manager Paul Manafort, who is a subject of a federal investigation.

Legal experts said the ethics rule can be waived by the Justice Department, which appointed Mueller. He did not represent Kushner or Manafort directly at his former law firm.

If the department did not grant a waiver, Mueller would be barred from investigating Kushner or Manafort, and this could greatly diminish the scope of the probe, experts said.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Minority Report: A Look at Timing of WannaCry and Trump’s Spillage

CAVEAT: Note well these two points before continuing —

1) Check the byline; this is Rayne, NOT Marcy; we may have very different opinions on matters in this post.

2) This post is SPECULATIVE. If you want an open-and-shut case backed by unimpeachable evidence this is not it. Because it addresses issues which may be classified, there may never be publicly-available evidence.

Moving on…

Like this past week’s post on ‘The Curious Timing of Flynn Events and Travel Ban EO‘, I noticed some odd timing and circumstances. Event timing often triggers my suspicions and the unfolding of the WannaCry ransomware attack did just that. WannaCry didn’t unfold in a vacuum, either.

Timeline (Italics: Trump spillage)

13-AUG-2016 — Shadow Brokers dumped first Equation Group/NSA tools online

XX-XXX-201X — Date TBD — NSA warned Microsoft about ETERNALBLUE, the exploit which Microsoft identified as MS17-010. It is not clear from report if this warning occurred before/after Trump’s inauguration.

XX-FEB-2017 — Computer security firm Avast Software Inc. said the first variant of WannaCry was initially seen in February.

14-MAR-2017 — Microsoft released a patch for vulnerability MS17-010.

14-APR-2017 — Easter weekend — Shadow Brokers dumps Equation Group/NSA tools on the internet for the fifth time, including ETERNALBLUE.

(Oddly, no one noted the convenience to Christian countries celebrating a long holiday weekend; convenient, too, that both western and eastern Orthodox Christian sects observed Easter on the same date this year.)

10-MAY-2017White House meeting between Trump, Foreign Minister Sergei Lavrov, and Ambassador Sergey Kislyak. No US media present; Russian media outlet TASS’ Washington bureau chief and a photographer were, however.

12-MAY-2017 — ~8:00 a.m. CET — Avast noticed increased activity in WannaCry detections.

[graphic: Countries with greatest WannaCry infection by 15-MAY-2017; image via Avast Software, Inc.]

12-MAY-2017 — 3:24 a.m. EDT/8:24 a.m. BST London/9:24 a.m. CET Madrid/10:24 a.m. MSK Moscow — early reports indicated telecommunications company Telefonica had been attacked by malware. Later reports by Spanish government said, “the attacks did not disrupt the provision of services or network operations…” Telefonica said the attack was “limited to some computers on an internal network and had not affected clients or services.”

12-MAY-2017 — 10:00 a.m. CET — WannaCry “escalated into a massive spreading,” according to Avast.

12-MAY-2017 — timing TBD — Portugal Telecom affected as was UK’s National Health Service (NHS). “(N)o services were impacted,” according to Portugal Telecom’s spokesperson. A Russian telecom firm was affected as well, along with the Russian interior ministry.

12-MAY-2017 — ~6:23 p.m. BST — Infosec technologist MalwareTechBlog ‘sinkholes’ a URL to which WannaCry points during execution. The infection stops spreading after the underlying domain is registered.

13-MAY-2017 — Infosec specialist MalwareTechBlog posts a tick-tock and explainer outlining his approach to shutting down WannaCry the previous evening

15-MAY-2017 — ~5:00 p.m. EDT — Washington Post reported Trump disclosed classified “code worded” intelligence to Lavrov and Kislyak during his meeting the previous Wednesday.

16-MAY-2017 — National Security Adviser H. R. McMaster said “I wanted to make clear to everybody that the president in no way compromised any sources or methods in the course of this conversation” with Lavrov and Kislyak. But McMaster did not say information apart from sources or methods had been passed on; he did share that “‘the president wasn’t even aware of where this information came from’ and had not been briefed on the source.”

The information Trump passed on spontaneously with the Russian officials was related to laptop bomb threats originating from a specific city inside ISIS-held territory. The city was not named by media though it was mentioned by Trump.

16-MAY-2017 — Media outlets reported Israel was the ally whose classified intelligence was shared by Trump.

Attack attribution

You’ll recall I was a skeptic about North Korea as the source of the Sony hack. There could be classified information cinching the link, but I don’t have access to it. I remain skeptical since Sony Group’s entities leaked like sieves for years.

I’m now skeptical about the identity of the hacker(s) behind WannaCry ransomware this past week.

At first it looked like Russia given Cyrillic character content within the malware. But this map didn’t make any sense. Why would a Russian hacker damage their own country most heavily?

[graphic: WannaCry distribution; image via BBC]

The accusations have changed over time. North Korea has been blamed as well as the Lazarus Group. Convenient, given the missile test this past week which appeared focused on rattling Russia while President Putin was attending a conference in China. And some of the details could be attributed to North Korea.

But why did the ransomware first spread in Spain through telecom Telefonica? Why did it spread to the UK so quickly?

This didn’t add up if North Korea is the origin.

Later reports said the first infections happened in western Asia; the affected countries still don’t make sense if North Korea is the perpetrator, and/or China was their main target.

Malware capability

Given the timing of the ransomware’s launch and the other events also unfolding concurrently — events we only learned about last evening — here’s what I want to know:

Can vulnerability MS17-010, on which WannaCry was based, be used as a remote switch?

Think about the kind and size of laptops still running Windows XP and Windows 8, the operating systems Microsoft had not patched for the Server Message Block 1.0 (SMBv1) vulnerability. They’re not the slim devices on which Windows 10 runs; they’re heavier, more often have hard disk drives (HDDs) and bulkier batteries. I won’t go into details, but these older technologies could be replaced by trimmer technologies, leaving ample room inside the laptop case — room that would allow an older laptop to host other resources.

Let’s assume SMBv1 could be used to push software; this isn’t much of an assumption since this is what WannaCry does. Let’s assume the software looks for specific criteria and takes action or shuts down depending on what it finds. And again, it’s not much of an assumption based on WannaCry and the tool set Shadow Brokers have released to date.

Let’s assume that the software pushed via SMBv1 finds the right criteria in place and triggers a detonation.

Yes. A trigger. Not unlike Stuxnet in a way, though Stuxnet only injected randomness into a system. Nowhere near as complicated as WannaCry, either.

Imagine an old bulky laptop running Windows XP, kitted out internally as an IED, triggered by a malware worm. Imagine several in a cluster on the same local network.

Is this a realistic possibility? I suspect it is based on U.S. insistence that a thinly-justified laptop ban on airplanes is necessary.

Revisit timing

Now you may grasp why the timing of events this past week gave me pause, combined with the details of location and technology.

The intelligence Trump spilled to Lavrov and Kislyak had been linked to the nebulous laptop threat we’ve heard so much about for months — predating the inauguration. Some outlets have said the threat was “tablets and laptops” or “electronic devices” carried by passengers onto planes, but this may have been cover for a more specific threat. (It’s possible the MS17-010 has other counterparts not yet known to public so non-laptop threats can’t be ruled out entirely.)

The nature of the threat may also offer hints at why an ally’s assets were embedded in a particular location. I’ll leave it to you to figure this out on your own; this post has already spelled out enough possibilities.

Trump spilled, the operation must be rolled up, but the roll up also must include closing backdoors along the way to prevent damage if the threat has been set in motion by Trump’s ham-handed spillage.

Which for me raises these questions:

1) Was Shadow Brokers the force behind WannaCry — not just some hacker(s) — and not just the leaking of the underlying vulnerability?

2) Was WannaCry launched in order to force telecoms and enterprise networks, device owners, and Microsoft to patch this particular vulnerability immediately due to a classified ‘clear and present danger’?

3) Was WannaCry launched to prevent unpatched MS17-010 from being used to distribute either a malware-as-trigger, or to retaliate against Russia — or both? The map above shows a disproportionate level of impact suggesting Russia was a potential target if secondary to the operation’s aim. Or perhaps Russia screwed itself with the intelligence entities behind Shadow Brokers, resulting in a lack of advance notice before WannaCry was unleashed?

4) Was WannaCry launched a month after the Shadow Brokers’ dump because there were other increasing threats to the covert operation to stop the threat?

5) Are Shadow Brokers really SHADOW BROKERS – a program of discrete roll-up operations? Is Equation Group really EQUATION GROUP – a program of discrete cyber defense operations united by a pile of cyber tools? Are their interactions more like red and blue teams?

6) Is China’s response to WannaCry — implying it was North Korea but avoiding directly blaming them — really cover for the operation which serves their own (and Microsoft’s) interests?

The pittance WannaCry’s progenitor raised in ransom so far and the difficulty in liquidating the proceeds suggests the ransomware wasn’t done for the money. Who or what could produce a snappy looking ransomware project and not really give a rat’s butt about the ransom?

While Microsoft complains about the NSA’s vulnerability hording, they don’t have much to complain about. WannaCry will force many users off older unsupported operating systems like XP, Win 7 and 8, and Windows Server 2003 in a way nothing else has done to date.

[graphic: 5-year chart, MSFT performance via Google Finance]

Mother’s Day ‘gift’?

I confess I wrestled with writing this; I don’t want to set in motion even more ridiculous security measures that don’t work simply because a software company couldn’t see their software product had an inherent risk, and at least one government felt the value of that risk as a tool was worth hiding for years. It’s against what I believe in — less security apparatus and surveillance, more common sense. But if a middle-aged suburban mom in flyover country can line up all these ducks and figure out how it works, I could’t just let it go, either.

Especially when I figured out the technical methodology behind a credible threat on Mother’s Day. Don’t disrespect the moms.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Hot and Cold Running Sources and Methods Outrage

Let’s stipulate that Donald Trump is an incompetent president. Let’s stipulate that his fondness for the Russians exhibits at least naiveté about their intentions, if not out and out compromise. Let’s agree that when he fucks up, it is fair game to scream about it as a way to limit his power. Let’s acknowledge ruefully, again, that the man who got elected heckling “Lock her up!” continues to engage in far more egregious mistreatment of classified information than an email server.

But it’s worth looking at one paragraph in the WaPo story on how Donald Trump shared code word intelligence with the two Russian Sergeys, Foreign Minister Sergey Lavrov and the omnipresent Ambassador to the US Sergey Kislyak last week.

First, some background.

The whole point of the story, which is sourced to “current and former U.S. officials,” just one of whom is described as a former intelligence official (meaning the others could be members of Congress), is that Trump’s actions are particularly egregious because he revealed the city from which ISIS was allegedly plotting a laptop attack on US planes that has led US Homeland Security to consider ineffective bans on laptops in passenger areas of planes.

Trump went on to discuss aspects of the threat that the United States learned only through the espionage capabilities of a key partner. He did not reveal the specific intelligence-gathering method, but he described how the Islamic State was pursuing elements of a specific plot and how much harm such an attack could cause under varying circumstances. Most alarmingly, officials said, Trump revealed the city in the Islamic State’s territory where the U.S. intelligence partner detected the threat. [my emphasis]

Revealing the city, these US officials sharing the information anonymously because of “the sensitivity of the subject” explain, might help ID the US ally or capability involved in revealing this laptop threat.

The identification of the location was seen as particularly problematic, officials said, because Russia could use that detail to help identify the U.S. ally or intelligence capability involved. Officials said the capability could be useful for other purposes, possibly providing intelligence on Russia’s presence in Syria. Moscow would be keenly interested in identifying that source and perhaps disrupting it.

Hmmm. How many cities does ISIS still hold…?

The other problem with sharing this information is that it is not ours to share. This ally gets very frustrated when it discovers we shared information that it hasn’t permitted us to share.

At a more fundamental level, the information wasn’t the United States’ to provide to others. Under the rules of espionage, governments — and even individual agencies — are given significant control over whether and how the information they gather is disseminated, even after it has been shared. Violating that practice undercuts trust considered essential to sharing secrets.

[snip]

At a more fundamental level, the information wasn’t the United States’ to provide to others. Under the rules of espionage, governments — and even individual agencies — are given significant control over whether and how the information they gather is disseminated, even after it has been shared. Violating that practice undercuts trust considered essential to sharing secrets.

The officials declined to identify the ally but said it has previously voiced frustration with Washington’s inability to safeguard sensitive information related to Iraq and Syria.

“If that partner learned we’d given this to Russia without their knowledge or asking first, that is a blow to that relationship,” the U.S. official said.

So: bad to share because this ally gets to veto any sharing of this information, and “if that partner learned we’d given this to Russia without their knowledge or asking first, that is a blow to that relationship.” And especially bad to share the city (even though there can’t be many possibilities) because that would make it easier to figure out the underlying sources and methods.

This stuff is so sensitive, the WaPo explains, that if anyone else were to share it (with an adversary, they caveat), it’d be illegal.

For almost anyone in government, discussing such matters with an adversary would be illegal.

You with me so far? Sharing bad without okay of frustrated ally, sharing location especially bad, illegal if you’re not the President.

Okay. Now read this paragraph:

The Post is withholding most plot details, including the name of the city, at the urging of officials who warned that revealing them would jeopardize important intelligence capabilities.

So multiple people learned of this event, and went out and leaked it (which is illegal to do for most anyone besides the President, the WaPo helpfully notes), not just with the WaPo’s two reporters, but with reporters from Buzzfeed, NYT, WSJ, and more. They leaked it to reporters who they presumably knew would then report it, alerting the frustrated ally that Trump had shared the information, which is a blow to that relationship, and also alerting the frustrated ally that they then proceeded to go leak it more.

I’m confused, is that a blow to that relationship too, leaking the sharing so it can be revealed? Or did, say, the Saudis call up a bunch of members of Congress and former spooks and permit them to leak this to the press so Donald and his close relationship with the Russians can be undermined?

And these sources who are outraged that Trump shared the city where our frustrated ally that shouldn’t learn we’re leaking it without its permission learned of the plot? These sources shared plot details, including the name of the city, with journalists whose job it is to publish stuff like this, though the journalists didn’t share it with us or the Russians.

Now, I’ll grant you, WaPo’s reporters aren’t an adversary (depending on who you ask), though neither are they tasked with keeping a nation that has already lost a plane to ISIS safe. WaPo’s reporters aren’t fighting for power in Syria like Russia (and our frustrated ally), so they can’t personally use this information for advantage there.

So, yeah, it’s different. But these very outraged sources are still sharing the information that it is so outrageous to share.

Me? I’m hoping all this sharing and leaking about sharing will reveal what the underlying threat really is supposed to be. Because some of our frustrated allies have a habit of exaggerating threats so we implement stupid transportation policies and grow ever more reliant on their intelligence that they seem to keep sharing even though it seems to keep getting leaked.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Implications of the Competing Flynn-Billingslea Stories

In advance of Sally Yates’ testimony Monday, the WaPo and AP have released stories on concerns about Mike Flynn’s ties with Russia during the transition period.

The stories themselves are interesting enough. But that and how they differ make them all the more interesting.

The WaPo story makes the Trump White House — and very specifically Marshall Billingslea, whom Trump recently nominated to be Treasury’s terrorist finance Assistant Secretary — look the hero of a story about warnings Trump’s people gave Mike Flynn about Russia. In this version, after growing concerned that Flynn had showed more interest in meeting Sergey Kislyak than any of the other ambassadors who were pestering him for meetings, Billingslea intervened to obtain CIA’s profile of Kislyak in time for a November 28 meeting Flynn and (though this receives far less emphasis) Jared Kushner attended.

Billingslea warned Flynn that Kislyak was likely a target of U.S. surveillance and that his communications — whether with U.S. persons or superiors in Moscow — were undoubtedly being monitored by the FBI and National Security Agency, according to officials familiar with the exchange. Flynn, a retired Army lieutenant general who led the Defense Intelligence Agency, would presumably have been aware of such surveillance.

Billingslea then said that he would obtain a copy of the profile of Kislyak, officials said, a document that Billingslea urged Flynn to read if he were going to communicate with the Russian envoy. Flynn’s reaction was noncommittal, officials said, neither objecting to the feedback nor signaling agreement.

Shortly thereafter, during the week of Nov. 28, Billingslea and other transition officials met with lower-level Obama administration officials in the Situation Room at the White House.

At the end of the meeting, which covered a range of subjects, Billingslea asked for the CIA profile. “Can we get material on Kislyak?” one recalled Billingslea asking.

Days later, Flynn took part in a meeting with Kislyak at Trump Tower. White House spokeswoman Hope Hicks has confirmed that both Flynn and Jared Kushner, Trump’s adviser and son-in-law, took part in that session, which was not publicly disclosed at the time.

In that story of the Trump Administration’s effort to warn off someone who (unlike the barely mentioned Kushner) had spent a lifetime working with spies of spying, the CIA dossier, which reportedly doesn’t say Kislyak is a spy (though other outlets have claimed he is this year) gets placed in the transition SCIF.

The CIA bio on Kislyak was placed in a room in the Trump transition offices set up to handle classified material. Officials familiar with the document said that even if Flynn had read it, there was little in it that would have triggered alarms.

The file spanned three or four pages, describing Kislyak’s diplomatic career, extensive involvement in arms negotiations, and reputation as a determined proponent of Russian interests. It noted that he routinely reported information back to Moscow and that any information he gathered would be shared with Russia’s intelligence services. But the file did not say Kislyak was a spy.

Compare that key detail to something that appears in the AP version, which is told from the perspective of Obama officials. That story reveals that documents (they’re not described as the CIA dossier) were copied and removed from the SCIF.

After learning that highly sensitive documents from a secure room at the transition’s Washington headquarters were being copied and removed from the facility, Obama’s national security team decided to only allow the transition officials to view some information at the White House, including documents on the government’s contingency plans for crises.

In the AP story, Billingslea’s request was seen as a warning sign about Flynn’s preparation (who, again, had a lifetime of working with spies) to deal with America’s adversarial relationship with Russia.

In late November, a member of Donald Trump’s transition team approached national security officials in the Obama White House with a curious request: Could the incoming team get a copy of the classified CIA profile on Sergey Kislyak, Russia’s ambassador to the United States?

Marshall Billingslea, a former Pentagon and NATO official, wanted the information for his boss, Michael Flynn, who had been tapped by Trump to serve as White House national security adviser. Billingslea knew Flynn would be speaking to Kislyak, according to two former Obama administration officials, and seemed concerned Flynn did not fully understand he was dealing with a man rumored to have ties to Russian intelligence agencies.

To the Obama White House, Billingslea’s concerns were startling: a member of Trump’s own team suggesting the incoming Trump administration might be in over its head in dealing with an adversary.

But later in the AP story, it describes the Obama’s team’s concern that the Kislyak dossier was the only one requested.

Leading up to the revelation that Trump officials copied classified documents from the SCIF (which is how it ends), the AP first warns that some of this story will come out in Sally Yates’ testimony next Monday. It also reveals that the Obama Administration withheld information from Trump’s team, worried they’d share it with Russia.

In late December, as the White House prepared to levy sanctions and oust Russians living in the in the U.S. in retaliation for the hacks, Obama officials did not brief the Trump team on the decision until shortly before it was announced publicly. The timing was chosen in part because they feared the transition team might give Moscow lead time to clear information out of two compounds the U.S. was shuttering, one official said.

While it’s not inappropriate for someone in Flynn’s position to have contact with a diplomat, Obama officials said the frequency of his discussions raised enough red flags that aides discussed the possibility Trump was trying to establish a one-to-one line of communication — a so-called back channel — with Russian President Vladimir Putin. Obama aides say they never determined why Flynn was in close contact with the ambassador.

Viewed in comparison, the stories seem like competing efforts to get ahead of what both sides know will come out on Monday. The Trump team, knowing some of what Yates will say (in testimony they tried to prevent), is now making the remaining White House officials look good, and providing a somewhat plausible explanation for obtaining just the Kislyak dossier. But AP’s revelation that Trump’s people were copying documents from the SCIF that held the dossier raise questions about whether the reason it was obtained was to share the dossier. Neither story mentions what Adam Schiff has, which is that one really interesting detail will be the delay in ousting Flynn after Yates first told the White House of her concerns.

Both the stories leave out a detail the NYT previously reported that seems important, however: that Kislyak meeting, which the spook-savvy Flynn and the young Kushner attended, led to a second and a third, ultimately leading Kushner to meet the FSB-trained head of a sanctioned bank.

Until now, the White House had acknowledged only an early December meeting between Mr. Kislyak and Mr. Kushner, which occurred at Trump Tower and was also attended by Michael T. Flynn, who would briefly serve as the national security adviser.

Later that month, though, Mr. Kislyak requested a second meeting, which Mr. Kushner asked a deputy to attend in his stead, officials said. At Mr. Kislyak’s request, Mr. Kushner later met with Sergey N. Gorkov, the chief of Vnesheconombank, which drew sanctions from the Obama administration after President Vladimir V. Putin of Russia annexed Crimea and began meddling in Ukraine.

The subtext of taking the two Billingslea stories and the Sergey Gorkov one together is that Flynn — or even the President’s son-in-law — may have provided intelligence to the Russians, in events that led up to the closest thing we’ve seen to a possible quid pro quo.

In any case, the dossier seems either better suited to warning Kushner, not Flynn, of the dangers he was navigating, or a document that, if copied and handed to its subject, would be interesting though not devastating intelligence to share.

One final point: this story helps to explain why both the December 28 sanctions and the early January hack report were so awful; remember, too, when first announced, the press had the wrong location of the Long Island compound in question. At the time, I thought both were designed to be a document, any document, ones that didn’t reveal what the intelligence community actually knew (aside from the identities of the 35 expelled diplomats), particularly regarding who actually conducted the DNC hack. The AP story reveals Obama’s team was particularly worried Trump’s team would warn the Russians in time to dismantle some of the communications equipment at the two compounds. The crummy documents, plus the delay in informing Congress of the scope of the investigation until Flynn had been ousted, are both best explained by a concern that the National Security Advisor would share the information directly with Russia.

So will we learn that Flynn — or Kushner — did share such information?

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

CIA or NSA Warrantlessly Accessed the Content of More than 300 US Persons (Probably More than 1,300) Who Aren’t Terror Suspects

Because Circa did a really sloppy report on the I Con the Record Transparency Report and Rand Paul quoted, there is a great deal of confusion about what back door searches are.

With the help of the NSA, the FBI collects information via traditional FISA orders. They got 1,559 of them last year, of which 1,477 were targeted at someone in the United States, and of which 336 were targeted at American citizens or permanent residents. All that data goes into a cloud server at the FBI and a separate one at NSA.

In addition, NSA collects information targeted at people overseas under Section 702. FBI can also ask NSA to collect on people they’ve come across in their investigations. Altogether, NSA collected on over 106,000 individual targets last year, via both upstream collection and by asking American providers (Google, Facebook, Yahoo, and the like) for any data they’ve got on those 106,000 targets. They’ll get both sides of targets’ conversations, stored documents and photos, calendar information, and other information.

After NSA gets that information, it will share the parts of that are most relevant to the CIA and the FBI’s missions with them, in raw form. At the FBI, that data is stuck on the same cloud server as the domestic-focused FISA data is in. It is understood that FBI receives any terrorism, counterproliferation, or spying data that has a domestic component (such as Russian spies or ISIS recruiters trying to recruit Americans).

All three agencies — NSA, CIA, and FBI — can then search their own collections of FISA information using the identifier of a US person (a citizen or permanent resident). At NSA and CIA, the analyst has to have a foreign intelligence purpose, such as they think Russians are trying to recruit Mike Flynn. At FBI, an agent has to be looking for criminal information, national security information, or even doing an assessment (such as to figure out whether Carter Page would make a good informant on what the Trump campaign is doing). FBI does so many of these searches they can’t count them.

If there are conversations involving these people in the relevant databases, it appears to the analyst or agent in unmasked form. Yes, if CIA and NSA want to write reports to the White House about what they found, then the name might be masked (but in the vast majority of reports based off 702 reports involving US persons — perhaps 74% — the US person identities eventually get unmasked), but the FBI may dump that data into investigative files.

To understand how and who this might impact in the United States, take this comment from Jim Comey the other day. When asked how many active terrorist investigations the FBI has, he said there were 1,000 investigations where the target was known to be talking to terrorist overseas, and 1,000 where the target embraced radicalism all by him or herself, without talking to an ISIS or any other overseas recruiter.

COMEY: Yes I do. If — we have about 1,000 home grown violent extremist investigations and we probably have another 1,000 or so that are — I should define my terms. Home grown violent extremists, we mean somebody — we have no indication that they’re in touch with any terrorists.

TILLIS: Any foreign touch. Right.

COMEY: Yes. Then we have another big group of people that we’re looking at who we see some contact with foreign terrorists. So you take that 2,000 plus cases, about 300 of them are people who came to the United States as refugees.

Let’s take the higher number, and say there are 2,000 people in the US the intelligence community thinks might be terrorists or susceptible to being convinced to become one.

Now let’s look at the back door search numbers. The NSA used the identifiers (say, their cell phone identifier or their email) of US persons and searched the metadata from their stash of 702 data 30,355 times last year. (The CIA and FBI refuse to count how many metadata searches they did.) That means that NSA tried to do a network analysis on over 28,000 Americans and permanent residents who are not the subject of investigations by the FBI for being terrorists.

Between CIA and FBI combined, they did 5,288 queries on US persons last year. Back in 2013, the CIA did far more searches than the NSA (on 1,400 selectors as compared to NSA’s 198); we don’t know how the split works now. But assume that at least one agency is doing at least 2,644 searches. At the NSA, all 336 traditional FISA targets can be (and I assume are) tasked for back door searches; presumably a chunk of the 336 people targeted under are being investigated for terrorism, though that would also include people like (allegedly) Carter Page, people the FBI has gotten the FISA court to believe are agents of foreign powers). But even if we assume none of the people targeted under FISA are terrorists and all domestic terrorists are being back door searched at NSA, that leaves over 300 people (2,644 – 1,000 – 1,000 – 336) who are having their content accessed without a warrant by the NSA (to say nothing of the FBI, which does it so often it can’t count it). The number is probably higher, though, given that 1,000 of those terrorist suspects aren’t conversing with foreigners. The NSA (or CIA) is only going to access content if they know it exists from metadata, and Comey comment suggests there’s no metadata indicating such conversations. And at least some of those 336 targeted US persons are terror suspects.

Which means one agency — NSA or CIA — is likely accessing the raw content of 1,300 people who aren’t terrorist suspects.

That’s fine. There are other things they might be: suspected weapons proliferators, suspected Russian or Chinese spies, people the government is worried are being recruited by spies, suspected hackers, suspected leakers, Americans who’ve been kidnapped.

But the numbers make clear that the presumption that all of this spying is targeted at terrorists is simply wrong. There are at least 300 people — and probably more like 1,300 people — who even the NSA is accessing the content of without a warrant who are not terrorist suspects.

And the number at FBI is so high it can’t count it.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.