Posts

At First, KT McFarland Told a Similarly Misleading Version of the Story Mike Flynn Will Be Pardoned For

In his abundant free time, the President tweeted about pardoning Mike Flynn on Sunday.

According to Matt Gertz, this was a response to a Lou Dobbs segment with John Solomon where Dobbs said there are 302s that “can’t be found.” Per transcripts Gertz shared, this is a reference to Sidney Powell’s claim — repeated with Dobbs the day before — that the first draft of Flynn’s 302 is missing (she also complained that Flynn never received a January 2017 memo stating that DOJ did not believe Flynn was an agent of Russia, which is unrelated to whether he was an agent of Turkey or lied to the FBI about his interactions with Russia).

Emmet Sullivan has already judged Trump’s complaint to be baseless

In December, Emmet Sullivan already judged this complaint to be baseless because the notes written before any “original 302” and all the 302s already provided Flynn track each other and the 302s consistently capture Flynn’s lies.

Mr. Flynn speculates that the government is suppressing the “original 302” of the January 24, 2017 interview, Def.’s Reply, ECF No. 133 at 28; he claims that the lead prosecutor “made it sound like there was only one 302,” id. at 29; and he makes a separate request for the FBI to search for the “original 302” in one of the FBI’s databases, id. at 28-30. In Mr. Flynn’s view, the “original 302”—if it exists—may reveal that the interviewing FBI agents wrote in the report “their impressions that [Mr.] Flynn was being truthful.” Id. at 28. Mr. Flynn claims that the FBI destroyed the “original 302” to the extent that it was stored in the FBI’s files. Id. at 30. Comparing draft FD-302s of Mr. Flynn’s January 24, 2017 interview to the final version, Mr. Flynn claims that the FBI manipulated the FD-302 because “substantive changes” were made after reports that Mr. Flynn discussed sanctions with the Russian Ambassador “contrary to what Vice President Pence had said on television previously.” Id. at 14-15. Mr. Flynn points to the Strzok-Page text messages the night of February 10, 2017 and Ms. Page’s edits to certain portions of the draft FD-302 that were “material.” Def.’s SurSurreply, ECF No. 135 at 8-9.

To the extent Mr. Flynn has not already been provided with the requested information and to the extent the information exists, the Court is not persuaded that Mr. Flynn’s arguments demonstrate that he is entitled to the requested information. For starters, the Court agrees with the government that there were no material changes in the interview reports, and that those reports track the interviewing FBI agents’ notes.

[snip]

Having carefully reviewed the interviewing FBI agents’ notes, the draft interview reports, the final version of the FD302, and the statements contained therein, the Court agrees with the government that those documents are “consistent and clear that [Mr. Flynn] made multiple false statements to the [FBI] agents about his communications with the Russian Ambassador on January 24, 2017.” Gov’t’s Surreply, ECF No. 132 at 4-5. The Court rejects Mr. Flynn’s request for additional information regarding the drafting process for the FD-302s and a search for the “original 302,” see Def.’s Sur-Surreply, ECF No. 135 at 8- 10, because the interviewing FBI agents’ notes, the draft interview reports, the final version of the FD-302, and Mr. Flynn’s own admissions of his false statements make clear that Mr. Flynn made those false statements.

Even though a judge has already ruled that this complaint is baseless, Trump took a break from mismanaging a pandemic to inch closer to a Flynn pardon based on it.

Given the increasing likelihood Trump will use the cover of the epidemic to pardon Flynn, it’s worth pointing to another set of evidence that Flynn’s prosecution for lying was sound: he’s not the only one who tried to cover up the Trump Transition’s efforts to undercut President Obama’s sanctions on Russia.

Like Flynn, KT McFarland hid Trump Transition efforts to undercut sanctions at first

In FBI interview reports (302s) released in the BuzzFeed/CNN FOIAs, some details of KT McFarland’s interviews prior to his guilty plea have been released. McFarland was interviewed four times before Flynn’s plea deal became public: August 29 (this 302 has not yet been released), September 14, October 17, and October 19, 2017.  Those 302s show that, at first, KT McFarland downplayed the Trump Transition efforts to undermine Obama’s sanctions on Russia that Mike Flynn got fired and prosecuted for (as well as tried to protect Jared Kushner in his role trying to undercut Obama policies on Israeli settlements).

McFarland’s first interview, on August 29, came in the wake of Mueller’s team acquiring Transition emails from the General Services Administration without notice to the campaign, followed by a warrant to read them. It’s likely her (still unreleased) initial interview and the beginning of her second one were based off a presumption that some emails making it clear the Transition had discussed sanctions would not get shared with Mueller’s team. When she got showed them, she claimed not to remember all details about them.

Her initial interview, as noted, has not been released. The unredacted passages from her second one (she did all pre-Flynn interviews without a lawyer, but in the presence of her spouse, who is a lawyer) show she shaded the truth about things she should have known the FBI had counter-evidence to. (In what follows, I’m bolding things she said in early interviews that her later testimony contradicts.)

For example, in that second interview, McFarland professed to not recall who attended a Presidential Daily Brief on December 28, 2016 where sanctions were discussed.

McFarland was shown a calendar entry for December 28, 2016 and confirmed the entry would have represented a PDB. She sat in the briefing, but did not recall who was there besides [Deputy Director of National Intelligence Edward] Gistaro. It was a small number of people and it took place in a basement studio apartment in the hotel.

Note: Gistaro had already testified at least once before this interview, on June 14, but that was likely focused on Trump’s demand that Dan Coats “help with the [Russian] investigation.” But it’s certainly possible his is one of the interviews in the interim that remain undisclosed.

In addition to her vague memories about meetings at Mar-a-Lago, McFarland also claimed she “did not recall any conversations she may have had with Flynn the day sanctions were announced.” While her description of what Flynn told her about his call with Sergey Kislyak is largely redacted, it’s clear she told the FBI it pertained to “Russian President Putin’s desire for a contemporary video conference after the inauguration.” This is the cover story Flynn asked her to tell the press in January 2017, and it’s part of what Flynn got fired for. Yet she was still relying on it in an interview with the FBI seven months later.

In her third interview, McFarland admitted that sanctions may have come up, but claimed again not to have specific knowledge of it.

News that the Obama Administration planned to impose sanctions on Russia started to come out on December 28, 2016, but they had not been officially announced and specifics were unknown. Sanctions were just one of “several and many things” going on at that time. McFarland, who was in Mar-a-Lago with the President-elect, did not recall what specific conversations she had at which times or to whom she spoke, but sanctions were in the news so it would make sense to her they were among the topics discussed.

In this interview report, McFarland’s explanation for an email involving Tom Bossert discussing sanctions is redacted, but the unredacted parts claim,

McFarland never discussed the specific terms of the sanctions with anyone. She would have told Michael Flynn about how the session with the President-elect went during one of their phone calls.

This claim would have been especially sketchy to the FBI since Flynn had already told the FBI, in January, that he only learned about sanctions from those at Mar-a-Lago.

McFarland also claimed not to remember what she discussed with Flynn when.

She did not have specific recollections about the times of the calls with Flynn or what was discussed in which call. Flynn mentioned several times several issues he intended to discuss with the Russians, and McFarland believed she would have given her theories about the sanctions.

McFarland’s memory started to grow clearer after outlines of Flynn’s testimony were released when he pled guilty on December 1, 2017.

McFarland’s post-Flynn plea memories grow significantly clearer

As the Mike Flynn cooperation addendum laid out, one reason Flynn’s reluctant cooperation was useful is it led others — including, but not limited to, McFarland — to unforget the truth.

[T]he defendant’s decision to plead guilty and cooperate likely affected the decisions of related firsthand witnesses to be forthcoming with the SCO and cooperate. In some instances, individuals whom the SCO interviewed before the defendant’s guilty plea provided additional, relevant details about their knowledge of key events after his cooperation became publicly.

Days after Flynn’s guilty plea, on December 5, she must have realized that he had given testimony that contradicted hers and informed FBI agents she was in the process of lawyering up. McFarland asked one of the FBI Agents she had been interacting with for the Tom Bossert and Mike Flynn emails she had already testified about, which were included in a December 2 NYT story on Flynn’s plea.

McFarland asked whether SSA [redacted] could provide two emails which he and SA [redacted] had shown to her in her interviews. She did not have the emails, but they were now apparently widely held, including by the New York Times, which published, but grossly misrepresented them. The emails were one from her dated December 29, 2016 in which she discussed President Obama’s three political objectives in imposing sanctions and mentioned Flynn’s scheduled call with the Russian ambassador that evening; and an email from Flynn to her the next day, December 30, 2017, in which Flynn reported on his conversation with the ambassador. McFarland felt she was at a a disadvantage since “everyone in the world” had copies of the emails except for her.

McFarland’s fourth 302 — which the Mueller Report heavily relies on — is heavily redacted. But what’s not redacted shows McFarland remembering details about conversations she had had about sanctions that she had professed not to remember in her earlier interviews.

McFarland and Bannon met on December 29. [redacted] but they also talked about sanctions. [redacted] Bannon told McFarland the sanctions would hurt their ability to have good relations with Russia. [redacted] Bannon thought a Russian escalation would make things more difficult. McFarland thought she told him Flynn was scheduled to talk to the Russian ambassador later that night. [redacted]

McFarland stated that she may have run into Priebus and given him a short version of her conversation with Bannon about the sanctions. [redacted] She may have told Priebus that Flynn was scheduled to talk to the Russian ambassador that night, but was not sure.

[redacted]

McFarland and Flynn spoke on the telephone at around 4:00 pm on December 29.

[redactions and snip]

McFarland knew before the [sic] Flynn’s call that Flynn was going to feel out the Russian ambassador on the overall relationship, knowing that the sanctions would influence it.

There’s a heavily redacted section that nevertheless shows that McFarland provided significant details about the meeting with Trump on December 29 (including that Trump “said he had reason to doubt it was the Russians” who had hacked the DNC). Even with the redactions, it’s clear she discussed what might happen with the sanctions at that meeting. And she admitted that “someone may have mentioned Flynn’s scheduled call with Kislyak as they were ending the meeting.”

Additionally, McFarland laid out all the details of conversations with Flynn she had previously claimed not to remember, both before and after his calls with Kislyak.

[Flynn] told McFarland the Russian response was not going to be escalatory because they wanted a good relationship with the Trump administration.

[snip]

When Flynn and McFarland spoke on December 31, Flynn told McFarland he talked to the Russian ambassador again. He said something to the effect of “Well, they want a better relationship. The relationship is back on track.” Flynn said it was a good call and he thought his own call had made a difference but not the only difference. [redacted] McFarland congratulated Flynn for his work.

In short, contrary to what she claimed in her earlier interviews, McFarland proved she had memories of:

  • Discussions she had with at least Steve Bannon about sanctions before Flynn’s call with Sergey Kislyak, and possibly Reince Priebus
  • The specific times of at least some of her calls with Flynn
  • Details of the meeting at which sanctions were discussed with Trump
  • Specific details of calls between her and Flynn, both before and after his calls with Kislyak

McFarland is not the only one whose memory grew clearer after it became clear Mueller had heard at least one truthful version of what had transpired in late December 2017; the story Bannon initially told, even after Flynn’s plea, almost certainly evolved as well (his later interviews have been withheld thus far, but we know his memories about the WikiLeaks releases got clearer over time). Reince Priebus’ first interview, on October 13, 2017, has not yet been released. The tiny unredacted bits of Priebus’ Janaury 18, 2018 interview, conducted in the wake of Flynn’s plea, showed that he hedged but did admit they may have discussed Flynn’s call in advance.

The consistency with which those who were present at Mar-a-Lago on December 29, 2017 tried not to remember discussing sanctions in advance of General Flynn’s calls, much less what might have gone down with Trump, suggests this is not a matter of Flynn being a rogue liar. Rather, it suggests a concerted effort to downplay what happened and to minimize any involvement Trump had in it, one that was undercut by Flynn’s plea deal.

One story downplaying efforts to undermine sanctions is a lie; multiple stories is a cover-up

That’s why no one should credit Trump’s claims to believe that Flynn was mistreated in his prosecution. Not only has Judge Sullivan ruled that it’s not true, but the available evidence — even with proof that Bill Barr’s DOJ is abusing the FOIA response process to hide the true extent of all this — shows that multiple people with consistent memories of what happened at Mar-a-Lago on December 29, 2017 initially professed not to remember what happened that day.

That’s not Flynn being ambushed and improperly prosecuted. That’s Flynn — who up until he decided to plead guilty was part of the Joint Defense Agreement with the President and others — being the first break in an effort to cover-up what really went down.

And the public record has one more highly damning detail that shows Flynn knew from the start that this was a cover-up.

In the section of the Mueller Report incorporating details Flynn and McFarland unforgot in November and December 2017, it reveals that Flynn intentionally excluded the details about the Kislyak follow-up call about sanctions when he sent McFarland a text message reporting on the call.

The next day, December 30, 2016, Russian Foreign Minister Sergey Lavrov remarked that Russia would respond in kind to the sanctions. 1262 Putin superseded that comment two hours later, releasing a statement that Russia would not take retaliatory measures in response to the sanctions at that time. 1263 Hours later President-Elect Trump tweeted, “Great move on delay (by V. Putin).” 1264 Shortly thereafter, Flynn sent a text message to McFarland summarizing his call with Kislyak from the day before, which she emailed to Kushner, Bannon, Priebus, and other Transition Team members. 1265 The text message and email did not include sanctions as one of the topics discussed with Kislyak. 1266 Flynn told the Office that he did not document his discussion of sanctions because it could be perceived as getting in the way of the Obama Administration’s foreign policy.1267

[snip]

According to McFarland, Flynn remarked that the Russians wanted a better relationship and that the relationship was back on track. 1270 Flynn also told McFarland that he believed his phone call had made a difference. 1271 McFarland recalled congratulating Flynn in response. 1272 [my emphasis]

In her second interview, months before she unforgot that they had had a self-congratulatory conversation about Flynn’s success in undermining Obama’s efforts to punish Russian for interfering in the election, McFarland also claimed not to be concerned that Flynn hadn’t mentioned sanctions in a text he sent her after the call. “She did not recall being concerned that Flynn did not mention sanctions in this email.”

Except that it would not be a matter of concern. It would be a matter of knowing that Flynn had created a false record of what happened. And months later, she would admit that she did know that was a false record. This appears to be the text (which she forwarded as an email) that she tried to obtain from the FBI once she realized that Flynn had flipped.

None of this will prevent Trump from pardoning Flynn. But it does provide reason why Judge Reggie Walton should review the 302s of those involved in the December 2017 events even as he reviews the full Mueller Report, which almost certainly includes an explanation of why Mueller did not charge McFarland for her initial misleading comments. The public deserves to have all the evidence that, in pardoning Flynn, Trump won’t be pardoning someone he believes to have been ambushed and who as a result told a misleading story. He’ll be pardoning the one person who paid a price for covering up the Trump Transition’s efforts to undercut sanctions imposed to punish Russia for tampering in the 2016 election.

[Some of] Where Trump Wants to Go with the Server in Ukraine Story

As I emphasized in this post, before Trump pushed Volodymyr Zelensky to frame Hunter Biden, he first pressed Ukraine’s president to “get to the bottom” of the “what happened with this whole situation with Ukraine.”

The President: I would like you to do us a favor though because our country has been through a lot and Ukraine knows a lot about it. I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike … I guess you have one of your wealthy people… The server, they say Ukraine has it. There are a lot of things that went on, the whole situation. I think you are surrounding yourself with some of the same people. I would like to have the Attorney General call you or your people and I would like you to get to the bottom of it. As you saw yesterday, that whole nonsense ended with a very poor performance by a man named Robert Mueller, an incompetent performance, but they say a lot of it started with Ukraine. Whatever you can do, it’s very important that you do it if that’s possible.

Contrary to virtually all the coverage on this, there is reason to believe that Bill Barr can get information from Ukraine that will feed the disinformation about the Russian operation. Trump has obviously been told — and not just by Rudy Giuliani (as Tom Bossert believes) — to ask for this, but some of this is probably part of the disinformation that Russia built in to the operation.

Rudy Giuliani wants to frame Alexandra Chalupa

This morning, Rudy Giuliani explained that he wants to know who in Ukraine provided information damning to Trump during the 2016 campaign.

GIULIANI: I have never peddled it. Have you ever hear me talk about Crowdstrike? I’ve never peddled it. Tom Bossert doesn’t know what he’s talking about. I have never engaged in any theory that the Ukrainians did the hacking. In fact, when this was first presented to me, I pretty clearly understood the Ukrainians didn’t do the hacking, but that doesn’t mean Ukraine didn’t do anything, and this is where Bossert…

STEPHANOPOULOS: So, why does the president keep repeating it?

GIULIANI: Let’s get on to the point…

STEPHANOPOULOS: Well, this was in the phone call.

GIULIANI: I agree with Bossert on one thing, it’s clear: there’s no evidence the Ukrainians did it. I never pursued any evidence and he’s created a red herring. What the president is talking about is, however, there is a load of evidence that the Ukrainians created false information, that they were asked by the Obama White House to do it in January of 2016, information he’s never bothered to go read. There are affidavits that have been out there for five months that none of you have listened to about how there’s a Ukrainian court finding that a particular individual illegally gave the Clinton campaign information. No one wants to investigate that. Nobody cared about it. It’s a court opinion in the Ukraine. The Ukrainians came to me. I didn’t go to them. The Ukrainians came to me and said…

STEPHANOPOULOS: When did they first come to you?

GIULIANI: November of 2016, they first came to me. And they said, we have shocking evidence that the collusion that they claim happened in Russia, which didn’t happen, happened in the Ukraine, and it happened with Hillary Clinton. George Soros was behind it. George Soros’ company was funding it.

This is an effort to frame Alexandra Chalupa, who while working as a DNC consultant in 2016 raised alarms about Paul Manafort. This is an effort that Trump has pursued since 2017 in part with a story first floated to (!!) Ken Vogel, an effort that key propagandist John Solomon was pursuing in May. Remember, too, that Chalupa was hacked separately in 2016, and believed she was being followed.

Peter Smith’s operation may have asked for help from a hacker in Ukraine

But per the transcript, this is not about Rudy, it’s about Barr. And even leaving Rudy’s antics aside, there is more that Trump may be after.

First, a fairly minor point, but possibly important. According to Charles Johnson, he advised Peter Smith to reach out to Weev for help finding Hillary’s deleted emails.

Johnson said he also suggested that Smith get in touch with Andrew Auernheimer, a hacker who goes by the alias “Weev” and has collaborated with Johnson in the past. Auernheimer—who was released from federal prison in 2014 after having a conviction for fraud and hacking offenses vacated and subsequently moved to Ukraine—declined to say whether Smith contacted him, citing conditions of his employment that bar him from speaking to the press.

At the time (and still, as far as I know), Weev was living in Ukraine. The Mueller Report says that his investigators never found evidence that Smith or Barbara Ledeen (or Erik Prince or Mike Flynn, who were also key players in this effort) ever contacted Russian hackers.

Smith drafted multiple emails stating or intimating that he was in contact with Russian hackers. For example, in one such email, Smith claimed that, in August 2016, KLS Research had organized meetings with parties who had access to the deleted Clinton emails, including parties with “ties and affiliations to Russia.”286 The investigation did not identify evidence that any such meetings occurred. Associates and security experts who worked with Smith on the initiative did not believe that Smith was in contact with Russian hackers and were aware of no such connection.287 The investigation did not establish that Smith was in contact with Russian hackers or that Smith, Ledeen, or other individuals in touch with the Trump Campaign ultimately obtained the deleted Clinton emails.

Weev is a hacker, but not Russian. So if Smith had reached out to Weev — and if Weev had given him any reason for optimism in finding the emails or even the alleged emails that Ledeen obtained — it might explain why Trump would believe there was information in Ukraine that would help him.

CrowdStrike once claimed its certainty on Russian attribution related to a problematic report on Ukraine

But that’s not the CrowdStrike tie.

At least part of the CrowdStrike tie — and what Zelensky actually could feed to Trump — pertains to a report they did in December 2016. They concluded that one of the same tools that was used in the DNC hack had been covertly distributed to Ukrainian artillery units, which (CrowdStrike claimed) led to catastrophic losses in the Ukranian armed forces. When the report came out — amid the December 2016 frenzy as President Obama tried to figure out what to do with Russia given the Trump win — CrowdStrike co-founder Dmitri Alperovitch pitched it as further proof that GRU had hacked the DNC. In other words, according to CrowdStrike, their high confidence on the DNC attribution was tied to their analysis of the Ukrainian malware.

In a now deleted post, infosec researcher Jeffrey Carr raised several problems with the CrowdStrike report. He correctly noted that CrowdStrike vastly overstated the losses to the Ukranian troops, which both an outside analyst and then the Ukranian Defense Ministry corrected. CrowdStrike has since updated its report, correcting the claim about Ukrainian losses, but standing by its analysis that GRU planted this malware as a way to target Ukrainian troops.

Carr also claimed to know of two instances — one, another security company, and the other, a Ukrainian hacker — where the tool was found in the wild.

Crowdstrike, along with FireEye and other cybersecurity companies, have long propagated the claim that Fancy Bear and all of its affiliated monikers (APT28, Sednit, Sofacy, Strontium, Tsar Team, Pawn Storm, etc.) were the exclusive developers and users of X-Agent. We now know that is false.

ESET was able to obtain the complete source code for X-Agent (aka Xagent) for the Linux OS with a compilation date of July 2015. [5]

A hacker known as RUH8 aka Sean Townsend with the Ukrainian Cyber Alliance has informed me that he has also obtained the source code for X-Agent Linux. [11]

Carr argued that since CrowdStrike’s attribution of the DNC hack assumed that only GRU had access to that tool, their attribution claim could no longer be trusted. At the time I deemed Carr’s objections to be worthwhile, but not fatal for the CrowdStrike claim. It was, however, damning for CrowdStrike’s public crowing about attribution of the DNC hack.

Since that time, the denialist crowd has elaborated on theories about CrowdStrike, which BuzzFeed gets just parts of here. Something that will be very critical moving forward but which BuzzFeed did not include, is that the president of CrowdStrike, Shawn Henry, is the guy who (while he was still at FBI) ran the FBI informant who infiltrated Anonymous, Sabu. Because the FBI reportedly permitted Sabu to direct Antisec to hack other countries as a false flag, the denialist theory goes, Henry and CrowdStrike must be willing to launch false flags for their existing clients. [See update below, which makes it clear FBI did not direct this.] The reason I say this will be important going forward is that these events are likely being reexamined as we speak in the grand jury that has subpoenaed both Chelsea Manning and Jeremy Hammond.

So Trump has an incentive to damage not just CrowdStrike’s 2016 reports on GRU, but also CrowdStrike generally. In 2017, Ukraine wanted to rebut the CrowdStrike claim because it made it look bad to Ukranian citizens. But if Trump gives Zelensky reason to revisit the issue, they might up the ante, and claim that CrowdStrike’s claims did damage to Ukraine.

I also suspect Trump may have been cued to push the theory that the GRU tool in question may, indeed, have been readily available and could have been used against the DNC by someone else, perhaps trying to frame Russia.

As I’ve noted, the GRU indictment and Mueller Report list 30 other named sources of evidence implicating the GRU in the hack. That list doesn’t include Dutch hackers at AIVD, which provided information (presumably to the Intelligence Community generally, including the FBI). And it doesn’t include NSA, which Bossert suggested today attributed the hack without anything from CrowdStrike. In other words, undermining the CrowdStrike claims would do nothing to undermine the overall attribution to Russia (though it could be useful for Stone if it came out before his November 5 trial, as the four warrants tied to his false statements relied on CrowdStrike). But it would certainly feed the disinformation effort that has already focused on CrowdStrike.

That’s just part of what Trump is after.

Update: Dell Cameron, who’s one of the experts on this topic, says that public accounts significantly overstate how closely Sabu was being handled at this time. Nevertheless, the perception that FBI (and Henry) encouraged Sabu’s attacks is out there and forms a basis for the claim that CrowdStrike would engage in a false flag attack. Here’s the chatlog showing some of this activity. Hammond got to the Brazilian target by himself.

Tit-for-Tat: What Mike Flynn’s 302 Reveals about the Lies He Told

Last week, I wrote this post arguing that Mike Flynn’s 302 (FBI interview report) shows what Flynn was hiding when he lied to the FBI: In addition to his most fundamental lie — that he and Sergei Kislyak had talked about Russia moderating its response to new Obama sanctions, Flynn lied about his coordination with KT McFarland, who was with Trump at Mar-a-Lago.

Since people are still wondering why Flynn lied, I thought I’d write it up to make it even more plain. This post relies on these sources:

As Flynn’s Statement of the Offense lays out, Obama signed the Executive Order imposing new sanctions on December 28, 2016.

On or about December 28, 2016, then-President Barack Obama signed Executive Order 13757, which was to take effect the following day. The executive order announced sanctions against Russia in response to that government’s actions intended to interfere with the 2016 presidential election (“U.S. Sanctions”).

Flynn admitted that Kislyak contacted him the day Obama imposed the sanctions.

On or about December 28, 2016, the Russian Ambassador contacted FLYNN.

Flynn told the FBI that was a text that, because of poor connectivity in Dominican Republic, he didn’t see for a day. (I suspect this is also a lie, but it is possible.)

Shortly after Christmas, 2016, FLYNN took a vacation to the Dominican Republic with his wife. On December 28th, KISLYAK sent FLYNN a text stating, “Can you call me?”

Sometime in the day after Obama imposed the sanctions, Lisa Monaco gave her successor, Tom Bossert, a heads up about how angry the Russians were, making it clear the Obama Administration had formally contacted them.

Obama administration officials were expecting a “bellicose” response to the expulsions and sanctions, according to the email exchange between Ms. McFarland and Mr. Bossert. Lisa Monaco, Mr. Obama’s homeland security adviser, had told Mr. Bossert that “the Russians have already responded with strong threats, promising to retaliate,” according to the emails.

That suggests that the Obama Administration formally alerted the Russians before Kislyak’s text and alerted the Trump Transition not long after. That is, the Flynn-Kislyak contacts occurred after Obama had informed both sides, if not Flynn directly.

In spite of that formal notification, Flynn attributed any delay in responding to Kislyak to Dominican Republic’s poor cell phone reception. He claims (probably assuming the only communications the FBI would ever review would be Kislyak’s communications) that he saw the text on the 29th, took a bit of time, then called the Russian Ambassador.

FLYNN noted cellular reception was poor and he was not checking his phone regularly, and consequently did not see the text until approximately 24 hours later. Upon seeing the text, FLYNN responded that he would call in 15-20 minutes, and he and KISLYAK subsequently spoke.

What Flynn didn’t tell the FBI is that, per his allocution, he spoke with KT McFarland immediately before his call with Kislyak (importantly, this is true whether he really didn’t find out until the 29th or if there was a longer conversation with McFarland).

On or about December 29, 2016, FLYNN called a senior official of the Presidential Transition Team (“PTT official”), who was with other senior ·members of the Presidential Transition Team at the Mar-a-Lago resort in Palm Beach, Florida, to discuss what, if anything, to communicate to the Russian Ambassador about the U.S. Sanctions. On that call, FLYNN and the PTT official discussed the U.S. Sanctions, including the potential impact of those sanctions on the incoming administration’s foreign policy goals. The PTT official and FLYNN also discussed that the members of the Presidential Transition Team at Mar-a-Lago did not want Russia to escalate the situation.

Immediately after his phone call with the PTT official, FLYNN called the Russian Ambassador and requested that Russia not escalate the situation and only respond to the U.S. Sanctions in a reciprocal manner.

The account of the timing of discussions both at Mar-a-Lago and with advisors who were dispersed across the globe in the NYT story is vague. Though NYT makes it clear that one email, at least, described the Flynn call with Kislyak prospectively.

As part of the outreach, Ms. McFarland wrote, Mr. Flynn would be speaking with the Russian ambassador, Mr. Kislyak, hours after Mr. Obama’s sanctions were announced.

One of those emails, importantly, included the following talking points.

Obama is doing three things politically:

  • discrediting Trump’s victory by saying it was due to Russian interference
  • lure trump into trap of saying something today that casts doubt on report on Russia’s culpability and then next week release report that catches Russia red handed
  • box trump in diplomatically with Russia. If there is a tit-for-tat escalation trump will have difficulty improving relations with Russia which has just thrown USA election to him. [my emphasis]

Per the NYT, that email appears to have been forwarded to — among others — Flynn.

Mr. Bossert forwarded Ms. McFarland’s Dec. 29 email exchange about the sanctions to six other Trump advisers, including Mr. Flynn; Reince Priebus, who had been named as chief of staff; Stephen K. Bannon, the senior strategist; and Sean Spicer, who would become the press secretary.

One thing makes it more likely that Flynn received McFarland’s email (or at least equivalent talking points via phone), and received it before he returned the call to Kislyak. When the Agents moved to the stage of the interview where — per Peter Strzok’s later description — “if Flynn said he did not remember something they knew he said, they would use the exact words Flynn used,” they quoted that “tit-for-tat” language.

The interviewing agents asked FLYNN if he recalled any conversation with KISLYAK in which the expulsions were discussed, where FLYNN might have encouraged KISLYAK not to escalate the situation, to keep the Russian response reciprocal, or not to engage in a “tit-for-tat.” FLYNN responded, “Not really. I don’t remember. It wasn’t, “Don’t do anything.” [my emphasis]

So whether Flynn saw this language in an email first, it seems clear he spoke to McFarland — who was coordinating all this from Mar-a-Lago, where Trump was — before he spoke with Kislyak. And that’s important, because Flynn claimed he had no idea that the US had expelled a bunch of Russian diplomats “until it was in the media.”

The U.S. Government’s response was a total surprise to FLYNN. FLYNN did not know about the Persona-Non-Grata (PNG) action until it was in the media.  KISLYAK and FLYNN were starting off on a good footing and FLYNN was looking forward to the relationship. With regard to the scope of the Russians who were expelled, FLYNN said he did not understand it. FLYNN stated he could understand one PNG, but not thirty-five.

It’s possible that Flynn didn’t learn about the expulsions until Obama’s press releases on the 29th, if he didn’t check with McFarland before that. Except he also claimed the FBI that he didn’t have access to TV news in DR.

FLYNN noted he was not aware of the then-upcoming actions as he did not have access to television news in the Dominican Republic and his government BlackBerry was not working.

In context in his 302, though, that seems to be offered as a substantiating detail to support his claim that he didn’t know about the expulsions before he spoke with Kislyak — or, indeed, the even crazier claim that Kislyak didn’t raise it on that call, regardless of what Flynn knew going into the call.

The interviewing agents asked FLYNN is he recalled any conversation with KISLYAK surrounding the expulsion of Russian diplomats or closing of Russian properties in response to Russian hacking activities surrounding the election. FLYNN stated that he did not. FLYNN reiterated his conversation was about [Astana peace conference] described earlier.

Consider how ridiculous this lie is: Flynn wanted the FBI to believe that, having asked Flynn to contact him after Russia was informed of Obama’s sanctions, Kislyak didn’t even mention the sanctions to him.

That’s obvious nonsense. But it was a necessary to hide two things. First, that he had spoken with Kislyak about sanctions — which is what the focus has been on until now.

But claiming that he hadn’t heard about the expulsions before he called Kislyak also served to hide an equally critical detail: Flynn had not only heard of the sanctions (if he hadn’t already heard) from his deputy, KT McFarland, who was at Mar-a-Lago with Trump, but she and he and a number of other people had coordinated what he would say to Kislyak before the call. And they did do based off the belief that Obama’s actions against Russia were all a political set-up and not a sound response to Russia’s involvement in the election.

Flynn not only coordinated his messaging with McFarland, but he used language she offered, writing from Mar-a-Lago: “tit-for-tat.”

After Flynn pled guilty, McFarland spent some time cleaning up what she had told the FBI the previous summer (at a time when everyone seemed to believe their emails recording all this would never be reviewed by the FBI). According to WaPo’s coverage, McFarland,

walked back her previous denial that sanctions were discussed, saying a general statement Flynn had made to her that things were going to be okay could have been a reference to sanctions, these people said.

Flynn’s statement of the offense actually reflects two conversations that McFarland may have initially lied about — one on December 29, when Flynn reported back on his call with Kislyak, and another after his December 31 call with Kislyak, when Flynn reported back to “senior members of the Presidential Transition Team.”

Shortly after his phone call with the Russian Ambassador, FLYNN spoke with the PTT official to report on the substance of his call with the Russian Ambassador, including their discussion of the U.S. Sanctions.

On or about December 30, 2016, Russian President Vladimir Putin released a statement indicating that Russia would not take retaliatory measures in response to the U.S. Sanctions at that time.

On or about December 31, 2016, the Russian Ambassador called FLYNN and informed him that Russia had chosen not to retaliate in response to FL YNN’s request.

After his phone call with the Russian Ambassador, FLYNN spoke with senior members of the Presidential Transition Team about FL YNN’s conversations with the Russian Ambassador regarding the U.S. Sanctions and Russia’s decision not to escalate the situation.

It appears that Flynn tried to hide the entire existence of the call on December 31 (unless that’s why he claimed he had to keep calling back to Kislyak because of connectivity issues).

The interviewing agents asked FLYNN if he recalled any conversation with KISLYAK in which KISLYAK told him the Government of Russia had taken into account the incoming administration’s position about the expulsions, or where KISLYAK said the Government of Russia had responded, or chosen to modulate their response, in any way to the U.S.’s actions as a result of a request by the incoming administration. FLYNN stated it was possible that he talked to KISLYAK on the issue, but if he did, he did not remember doing so. FLYNN stated he was attempting to start a good relationship with KISLYAK and move forward. FLYNN remembered making four to five calls that day about this issue, but that the Dominican Republic was a difficult place to make a call as he kept having connectivity issues. FLYNN reflected and stated that he did not think he would have had a conversation with KISLYAK about the matter.

The point, however, is multiple people in the Transition lied about this back-and-forth involving people at Mar-a-Lago with Trump.

Their correction of those stories is probably one thing described in this redaction in Flynn’s sentencing addendum.

The fact that Flynn’s lies attempted to hide coordination with Mar-a-Lago and the Transition team generally is significant for several reasons.

First, it appears that at least KT McFarland and probably Sean Spicer were in on at least part of Flynn’s cover story. If that’s right, it would require more coordination than we’ve seen reported based on emails. It’s still unclear how much those who lied about Flynn’s conversations early in January 2017 — including Spicer but especially Mike Pence, who has not been named as receiving the emails among the Transition team — knew about Flynn’s conversations.

A perhaps more important detail, legally, is one that Ty Cobb — at the time, still working for Trump — tried to deny: at least one person in the Trump camp had assured the Obama Administration that they would not undercut Obama’s efforts to retaliate against Russia.

The Trump transition team ignored a pointed request from the Obama administration to avoid sending conflicting signals to foreign officials before the inauguration and to include State Department personnel when contacting them. Besides the Russian ambassador, Mr. Flynn, at the request of the president’s son-in-law, Jared Kushner, contacted several other foreign officials to urge them to delay or block a United Nations resolution condemning Israel over its building of settlements.

Mr. Cobb said the Trump team had never agreed to avoid such interactions. But one former White House official has disputed that, telling Mr. Mueller’s investigators that Trump transition officials had agreed to honor the Obama administration’s request.

This puts a totally different spin on Susan Rice’s role in unmasking intercepts involving Trump transition officials exhorting the Russian Ambassador to blow off Obama’s sanctions and working with Mohammed bin Zayed al-Nahyan to keep a face-to-face meeting in NY secret (and probably also other intercepts assuring Bibi Netanyahu the Trump Transition would do all they could to undercut an Obama effort to punish Israeli settlements).

Rice would have unmasked those conversations having some reason to believe that the people involved in those discussions (Flynn and Kushner) were blowing off a Trump Transition commitment not to undercut Obama policy.

Such actions, then, would appear to go beyond a mere Logan Act violation. That is, Flynn and Kushner would have appeared to be pursuing their own foreign policy agenda, not just undercutting Obama’s policy, but also undercutting Trump’s (contested) agreement not to undercut Obama’s policies at least through the transition. And they would be doing so, by appearances, in pursuit of their own personal profit.

And those seeming instances of free-lancing would have accompanied Flynn’s request (in the days before it would be exposed that his Transition calls had been intercepted) to Rice to delay arming the Kurds, at a time when he was still legally hiding this relationship with Turkey.

Ultimately, we’re almost certainly going to learn all this was done with Trump’s explicit approval.

But because Flynn made such an effort to hide that his efforts to placate the Russians (and help the Turks and carry out undisclosed conversations with the Emirates and Israel) were done on the specific direction of Trump and Kushner, it would have looked like he was undermining both the Trump Administration and the interests of the United States.

It turns out he was only doing the latter.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Don McGahn’s Bullshit Report Covering Up the Flynn Firing

Murray Waas, who writes about one and only one subject on the Russian investigation, has for the second time written a story claiming that a report Don McGahn wrote on February 15, 2017 — and not Trump’s serial offers to pardon people who are serving as his firewall —  is “the strongest evidence to date implicating the president of the United States in an obstruction of justice” and “the most compelling evidence we yet know of that Donald Trump may have obstructed justice.” Murray then goes on to parrot Rudy Giuliani’s preferred narrative about what would happen next.

Several people who have reviewed a portion of this evidence say that, based on what they know, they believe it is now all but inevitable that the special counsel will complete a confidential report presenting evidence that President Trump violated the law. Deputy Attorney General Rod Rosenstein, who oversees the special counsel’s work, would then decide on turning over that report to Congress for the House of Representatives to consider whether to instigate impeachment proceedings.

Because even people covering the story closely mistake the Flynn firing for an obstruction crime instead evidence of the conspiracy, I’d like to lay out why this story is silly. This will lay out things implicit in this post, which shows that in fact the White House narrative about Flynn is all an effort to treat his firing as obstruction and not “collusion.”

Neither story about Don McGahn’s exoneration of Trump should be credited

Murray claims that because Trump knew that Mike Flynn was under investigation when he asked Jim Comey to let the investigation into Flynn go, it will undercut an explanation offered in January that Trump thought Flynn had been cleared by the FBI.

In arguing in their January 29 letter that Trump did not obstruct justice, the president’s attorneys Dowd and Sekulow quoted selectively from this same memo, relying only on a few small portions of it. They also asserted that even if Trump knew there had been an FBI investigation of Flynn, Trump believed that Flynn had been cleared. Full review of the memo flatly contradicts this story.

The memo’s own statement that Trump was indeed told that Flynn was under FBI investigation was, in turn, based in part on contemporaneous notes written by Reince Priebus after discussing the matter with the president, as well as McGahn’s recollections to his staff about what he personally had told Trump, according to other records I was able to review. Moreover, people familiar with the matter have told me that both Priebus and McGahn have confirmed in separate interviews with the special counsel that they had told Trump that Flynn was under investigation by the FBI before he met with Comey.

Murray repeats a suspect McGahn timeline describing himself, along with Reince Priebus and White House lawyer John Eisenberg, “confronting” Flynn about intercepts showing that he had raised sanctions with Kislyak, contrary to what (they were claiming) he had told them.

On February 8, 2017, The Washington Post contacted the White House to say that it was about to publish a story citing no less than nine sources that Flynn had indeed spoken to Kislyak about sanctions. In attempting to formulate a response, Priebus, McGahn, and Eisenberg questioned Flynn. Confronted with the information that there were intercepts showing exactly what was said between him and Kislyak, Flynn’s story broke down. Instead of denying that he had spoken to Kislyak about sanctions, the timeline said, Flynn’s “recollection was inconclusive.” Flynn “either was not sure whether he discussed sanctions, or did not remember doing so,” the McGahn timeline says.

Priebus then “specifically asked Flynn whether he was interviewed by the FBI,” the timeline says. In response, “Flynn stated that FBI agents met with him to inform him that their investigation was over.” That claim, of course, was a lie. The FBI never told Flynn their investigation of him was over. Shortly thereafter, Vice President Pence, Priebus, and McGahn recommended that Flynn be fired.

According to the story Murray got snookered into repeating, because those three never informed Trump about this confrontation, his understanding of the investigation would remain what Priebus and McGahn had already briefed him — that Flynn was under investigation — and so by asking Comey to back off, he was obstructing justice.

In arguing that the president did nothing wrong, Trump defense attorneys John Dowd and Jay Sekulow, in both informal conversations and later in formal correspondence with the special counsel, relied on the false statements of Flynn to Priebus, McGahn, and Eisenberg that the FBI had closed out their investigation of him. In the attorneys’ reasoning, if Trump had no reason to think that Flynn was under criminal investigation when he allegedly pressured Comey to go easy on Flynn, the president did not obstruct justice. More broadly, Sekulow and Dowd argued in correspondence with the special counsel that the “White House’s understanding” was that “there was no FBI investigation that could conceivably have been impeded” at the time of Trump’s White House meeting with Comey.

But Sekulow and Dowd’s account of these conversations is partial and misleading. In fact, there is no information or evidence that Flynn’s false assertions were ever relayed to the president.

Murray doesn’t ask an obvious question: why, if Priebus and McGahn had already briefed Trump that Flynn was under investigation, they would have to confront Flynn about it. Nor does he mention a lot of other relevant details.

Two narratives

Before I get into the most relevant details, consider what we’re looking at: what Murray claims is his scoop, which provides more details on the original McGahn report, written the day after Trump tried to get Comey to end an investigation into why Mike Flynn lied about his conversation about sanctions on December 29, 2016. As always seemed the case and still appears to be true based on Murray’s claims about the report, the McGahn report misrepresented what Sally Yates said and a bunch of other things, but  in so doing laid out a narrative whereby the firing of Mike Flynn would serve as punishment for something Flynn did wrong.

Murray contrasts that with the letter Trump’s lawyers sent at the end of January but leaked in June in part to feed a narrative — one that had already been debunked — that Mueller was primarily investigating Trump for obstruction. The letter was Jay Sekulow and John Dowd’s attempt, in the wake of Mike Flynn’s cooperation agreement, to use the McGahn narrative to spin the firing of Flynn. In the January 29, 2018 telling, Flynn is not at fault, he’s just confused. And so, in the January letter, is the president. It portrays a story where no one really knew what Flynn said to Kislyak and everything that followed was just a big game of confused telephone for which the participants can’t be held legally liable. If Flynn were confused, of course, then his purported lies to Mike Pence would need to be excused, which is probably why Sekulow and Dowd didn’t address that part of the story.

When this whole process started — before Trump fired Jim Comey and in the process extended the investigation and got Robert Mueller looking into the stories being told — McGahn and Priebus and everyone else probably presumed that firing Flynn would shut everything down. That was the intent, anyway. Fire Flynn, end of investigation about why he lied to the FBI about discussing sanctions with Sergei Kislyak. And if you end the investigation, there would be no further scrutiny into what everyone else knew at the time, nor would anyone ask Comey and Yates their side of the story.

Of course, Trump fucked that all up, and fired Comey, which led to Mueller’s appointment, which led to his convening of a grand jury, which led to all that falling apart.

Bill Burck’s other clients already knew that Flynn had discussed sanctions

Which brings us to the most important of the missing details.

As noted, Trump couldn’t leave well enough alone and so fired Comey which led to Mueller which led to an actual investigation which led, in August, to Mueller obtaining the transition communications of 13 key members of the transition team, unmediated by Trump lawyers, who at the time were just responding to wholly inadequate document requests from Congress and sharing with Mueller.

Specifically, on August 23, 2017, the FBI sent a letter (i.e., not a subpoena) to career GSA staff requesting copies of the emails, laptops, cell phones, and other materials associated with nine PTT members responsible for national security and policy matters. On August 30, 2017, the FBI sent a letter (again, not a subpoena) to career GSA staff requesting such materials for four additional senior PTT members.

Among others, Mueller would have obtained emails that would have revealed that contrary to the story the White House had told in early January 2017 (which Murray repeats in his story), numerous Transition officials were aware of the emails regarding sanctions. Indeed, Reince Priebus, along with Flynn, Steve Bannon, Sean Spicer, and two other people (Kushner’s inclusion is implied elsewhere in the story), got forwarded an email KT McFarland sent Tom Bossert the day that Mike Flynn made his calls with Kislyak, talking about Flynn’s upcoming call with Kislyak and the need to avoid public comment defending Russia. McFarland also relayed what Obama’s Homeland Security Czar, Lisa Monaco, expected from the call, and the expectation Kislyak would respond with threats.

On Dec. 29, a transition adviser to Mr. Trump, K. T. McFarland, wrote in an email to a colleague that sanctions announced hours before by the Obama administration in retaliation for Russian election meddling were aimed at discrediting Mr. Trump’s victory. The sanctions could also make it much harder for Mr. Trump to ease tensions with Russia, “which has just thrown the U.S.A. election to him,” she wrote in the emails obtained by The Times.

[snip]

McFarland wrote, Mr. Flynn would be speaking with the Russian ambassador, Mr. Kislyak, hours after Mr. Obama’s sanctions were announced.

“Key will be Russia’s response over the next few days,” Ms. McFarland wrote in an email to another transition official, Thomas P. Bossert, now the president’s homeland security adviser.

[snip]

Bossert forwarded Ms. McFarland’s Dec. 29 email exchange about the sanctions to six other Trump advisers, including Mr. Flynn; Reince Priebus, who had been named as chief of staff; Stephen K. Bannon, the senior strategist; and Sean Spicer, who would become the press secretary.

[snip]

“If there is a tit-for-tat escalation Trump will have difficulty improving relations with Russia, which has just thrown U.S.A. election to him,” she wrote.

Mr. Bossert replied by urging all the top advisers to “defend election legitimacy now.”

[snip]

Obama administration officials were expecting a “bellicose” response to the expulsions and sanctions, according to the email exchange between Ms. McFarland and Mr. Bossert. Lisa Monaco, Mr. Obama’s homeland security adviser, had told Mr. Bossert that “the Russians have already responded with strong threats, promising to retaliate,” according to the emails.

Flynn took orders on and relayed his results to McFarland, who was in Mar-a-Lago with Trump. And the transition team, when it complained that Mueller obtained these emails, suggested that they would have — perhaps did, in their compliance with congressional requests — treat this one as privileged. The day after Flynn’s calls, Trump hailed the outcome his National Security Advisor appointee had accomplished on the calls the day before.

In other words, a great deal of evidence suggests that Trump not only knew what went on in those calls, but directed Flynn through McFarland to placate the Russians.

Within days after the call, Flynn briefed other members of the transition team on the call. It is highly unlikely that he lied to people who had been informed in advance of his call that he would be discussing sanctions.

FBI may have believed, in January 2017 and even February 2017, when McGahn wrote his memo, that Flynn lied on his own, to hide the contents of his calls from others in the Administration. But by November 2017, they knew that the most important people in the transition — including Bill Burck’s other clients, Steve Bannon and Reince Priebus — knew well what had transpired in the calls with Kislyak.

None of this, of course, shows up in the tale White House sources are telling Murray. As a result, he tells a story that presents the McGahn narrative as more closely matching the “truth” than the later Sekulow and Dowd letter.

The problems with the McGahn narrative

But neither are true, and so while it’s nifty for Murray to claim this is the biggest yet proof of obstruction (it’s not, compared to the pardons promised), that’s not actually what happened, and Mueller would know that.

For example, the entire story about Flynn lying to Pence — which is something Sekulow and Dowd simply ignored in their January letter — is probably not true; and if it is, key White House staffers, including at least two of Burck’s clients, were lying to the nominal Transition head and were parties to Flynn’s lie.

On January 12, 2017, Washington Post columnist David Ignatius disclosed that US intelligence agencies had intercepted the phone calls, although Ignatius’s sources did not disclose the specifics of what either Flynn or Kislyak said. Vice President Mike Pence was immediately enlisted to defend Flynn. Flynn assured Pence that he never spoke to Kislyak about sanctions, whereupon Pence repeated those denials on Fox News and CBS’s Face the Nation. Flynn was then also questioned by the FBI about the phone calls, but once again denied that he had ever spoken to Kislyak about sanctions.

Similarly, the notion that Priebus would have to ask Flynn what he said to Kislyak on February 8 (when he had known it would include sanctions before Flynn made the call) is nonsense.

 On February 8, 2017, The Washington Post contacted the White House to say that it was about to publish a story citing no less than nine sources that Flynn had indeed spoken to Kislyak about sanctions. In attempting to formulate a response, Priebus, McGahn, and Eisenberg questioned Flynn. Confronted with the information that there were intercepts showing exactly what was said between him and Kislyak, Flynn’s story broke down. Instead of denying that he had spoken to Kislyak about sanctions, the timeline said, Flynn’s “recollection was inconclusive.” Flynn “either was not sure whether he discussed sanctions, or did not remember doing so,” the McGahn timeline says.

Both Priebus and Flynn would know better. It’s possible Flynn and Priebus were putting on a show for the lawyers (but if so, that show would likely be just for John Eisenberg, because otherwise Burck would have a major conflict). It’s more likely the McGahn narrative was an attempt to make the internal story consistent with the public claims that only Flynn knew of the content of the calls.

One of the other key pieces of bullshit in the McGahn narrative is the claim that there was any doubt whether Flynn could be fired when Yates first presented her concerns to McGahn.

The McGahn timeline recounts: “Part of [our] concern was a recognition by McGahn that it was unclear from the meeting with Yates whether or not an action could be taken without jeopardizing an ongoing investigation.”

She clearly suggested (and would be backed by Mary McCord) that’s what they should do.

Finally, there’s something else missing from this narrative: that Flynn had spent the weekend between this alleged grilling from Priebus and McGahn in Mar-a-Lago with the President, sitting in on yet more sensitive meetings (in that case, with Shinzo Abe).

McGahn’s narrative may offer an explanation for why Trump fired Flynn, even if it doesn’t accord with known facts. But the entire narrative fails to explain why, if all the players knew and did what they said, Trump didn’t fire Flynn as soon as Yates suggested he should, or after they reviewed the intercepts (showing what they knew the conversation entailed), or after Priebus and McGahn grilled Flynn.

Which is not to say that McGahn’s letter isn’t proof of obstruction (albeit far less damning than Trump’s offers of pardons). It’s just an entirely different model of obstruction, and Murray’s story may be yet more PR from Don McGahn to make sure he’s on the right side of any obstruction charges.

The Quest: Trump Learns of the Investigation (Part Four)

In this series, I’m analyzing the Mueller questions as understood by Jay Sekulow and leaked to the NYT to show how they set up a more damning investigative framework than commentary has reflected.

This post laid out how the Agalarovs had been cultivating Trump for years, in part by dangling real estate deals and close ties with Vladimir Putin. This post shows how during the election, the Russians and Trump danced towards a quid pro quo agreement, with the Russians offering dirt on Hillary Clinton in exchange for a commitment to sanctions relief, with some policy considerations thrown in. This post laid out how, during the transition period, Trump’s team took a series of actions they attempted to keep secret that moved towards consummating the deal they had made with Russia, both in terms of policy concessions, particularly sanctions relief, and funding from Russian sources that could only be tapped if sanctions were lifted.

This post will look at Mueller’s reported investigative interest in Trump’s reaction to discovering the “Deep State” was investigating the election year operation, including the actions his team had tried to keep secret. Note, I have put all of the events leading up to Flynn’s firing here (not least because I think the firing itself often gets treated improperly as obstruction), though just some of the Jim Comey events. I will repeat the timeline of events in the next post, which overlaps temporally, for clarity.

January 6, 2017: What was your opinion of Mr. Comey during the transition?

This is a baseline question for Trump’s firing of Jim Comey. At a minimum, Trump would need to explain his decision to keep Comey. It also provides Trump an opportunity to rebut Comey’s claim that, in the January 6 meeting, Trump told Comey he:

had conducted myself honorably and had a great reputation. He said I was repeatedly put in impossible positions. He said you saved her and then they hated you for what you did later, but what coice did you have? He said he thought very highly of me and looked forward to working with me, saying he hoped I planned to stay on. I assured him I intended to stay. He said good.

January 6, 2017: What did you think about Mr. Comey’s intelligence briefing on Jan. 6, 2017, about Russian election interference?

One key detail Comey (and the other representatives of the intelligence community) would have detailed for Trump that day is not just that Russia interfered in the election, but their basis for concluding that “We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances,” a conclusion Republicans have objected to repeatedly.

In his book, but not his memos, Comey describes that immediately after the briefing, Trump first asked for assurances Russian interference hadn’t affected the outcome and then, with his team, started strategizing how to spin the conclusions so as to dismiss any outcome on the election.

‘I recall Trump listening without interrupting, and asking only one question, which was really more of a statement: “But you found there was no impact on the result, right?” The intelligence team said they had done no such analysis.

‘What I found telling was what Trump and his team didn’t ask. They were about to lead a country that had been attacked by a foreign adversary, yet they had no questions about what the future Russian threat might be.’

Instead, Trump and his team immediately started discussing how they would “spin” the information on Russia as if the intelligence officers were not in the room. ‘They were keen to emphasize that there was no impact on the vote, meaning that the Russians hadn’t elected Trump.’

This reflects the same concern expressed in the KT McFarland email from just days earlier (which probably reflected detailed Trump involvement) that acknowledging Russian involvement would “discredit[] Trump’s victory by saying it was due to Russian interference.”

January 6, 2017: What was your reaction to Mr. Comey’s briefing that day about other intelligence matters?

In its analysis of the questions, NYT takes this question to be exclusively about Comey’s briefing on the Steele dossier, and it may be. But in Obama’s January 5 briefing covering the same issues, according to Susan Rice, Comey and others discussed concerns about sharing classified information with the Trump team, especially Mike Flynn.

The memorandum to file drafted by Ambassador Rice memorialized an important national security discussion between President Obama and the FBI Director and the Deputy Attorney General. President Obama and his national security team were justifiably concerned about potential risks to the Nation’s security from sharing highly classified information about Russia with certain members of the Trump transition team, particularly Lt. Gen. Michael Flynn.

Even though concerns about Flynn came up in that Obama briefing, the FBI counterintelligence investigation did not. It’s possible that this passage from Comey’s memo, which describes the main part of the briefing and not that part dedicated to the Steele dossier, pertained to the counterintelligence concerns about Flynn,which Obama had already shared with Trump the previous fall; such a warning may or may not have included Flynn’s conversations with Sergey Kislyak.

If Comey briefed anything to do with Flynn, it would significantly change the importance of subsequent events.

As for the Steele dossier conversation, which surely is included with this question, Comey has claimed that Trump first tried to convince Comey is wasn’t true that he would need to “go there” to sleeping with prostitutes, “there were never prostitutes,” even though Trump’s reference to “the women who had falsely accused him of grabbing or touching them” actually undermined his defense.

Comey has also claimed that Trump seemed relieved when he said (in the context of the Steele briefing), that the FBI was not investigating him. Importantly, this took place after Comey had said he didn’t want people to claim the information came from the FBI.

I said media like CNN had them and were looking for a news hook. I said it was important that we not give them an excuse to write that the FBI has the material or [redacted] and that we were keeping it very close-hold.

[snip]

I responded that we were not investigating him and the stuff might be totally made up but that it was being said out of Russia and our job was to protect the President from efforts to coerce him. I said we try to understand what the Russians are doing and what they might do. I added that I also wanted him to know this in case it came out in the media.

He said he was grateful for the conversation, said more nice things about me and how he looks forward to working with me and we departed the room.

January 12, 2017: What was your reaction to news reports on Jan. 12, 2017?

On January 12, in the context of a discussion of Trump aiming for better relationships with Putin, David Ignatius reported revealed that Flynn had called Sergey Kislyak “several times,” asking whether but not asserting that it might be an attempt to undercut sanctions.

Trump said Wednesday that his relationship with President Vladimir Putin is “an asset, not a liability.” Fair enough, but until he’s president, Trump needs to let Obama manage U.S.-Russia policy.

Retired Lt. Gen. Michael T. Flynn, Trump’s choice for national security adviser, cultivates close Russian contacts. He has appeared on Russia Today and received a speaking fee from the cable network, which was described in last week’s unclassified intelligence briefing on Russian hacking as “the Kremlin’s principal international propaganda outlet.”

According to a senior U.S. government official, Flynn phoned Russian Ambassador Sergey Kislyak several times on Dec. 29, the day the Obama administration announced the expulsion of 35 Russian officials as well as other measures in retaliation for the hacking. What did Flynn say, and did it undercut the U.S. sanctions? The Logan Act(though never enforced) bars U.S. citizens from correspondence intending to influence a foreign government about “disputes” with the United States. Was its spirit violated? The Trump campaign didn’t immediately respond to a request for comment.

The report neither revealed the FBI had intercepts of the conversation nor confirmed an investigation. But it may have alerted Trump that the actions he was probably a party to weeks earlier might have legal consequences.

January 24: FBI interviews Mike Flynn and he lies about talking about sanctions

January 26 and 27, 2017: What did you know about Sally Yates’s meetings about Mr. Flynn?

According to Sally Yates’ public testimony, she met with Don McGahn to discuss Mike Flynn’s interview with the FBI on January 26, 2017. She framed it by describing that DOJ knew Mike Pence’s January 15 comments about Flynn’s conversations with Kislyak were not correct.

YATES: So I told them again that there were a number of press accounts of statements that had been made by the vice president and other high-ranking White House officials about General Flynn’s conduct that we knew to be untrue. And we told them how we knew that this – how we had this information, how we had acquired it, and how we knew that it was untrue.

And we walked the White House Counsel who also had an associate there with him through General Flynn’s underlying conduct, the contents of which I obviously cannot go through with you today because it’s classified. But we took him through in a fair amount of detail of the underlying conduct, what General Flynn had done, and then we walked through the various press accounts and how it had been falsely reported.

We also told the White House Counsel that General Flynn had been interviewed by the FBI on February [sic] 24. Mr. McGahn asked me how he did and I declined to give him an answer to that. And we then walked through with Mr. McGahn essentially why we were telling them about this and the first thing we did was to explain to Mr. McGahn that the underlying conduct that General Flynn had engaged in was problematic in and of itself.

Secondly, we told him we felt like the vice president and others were entitled to know that the information that they were conveying to the American people wasn’t true. And we wanted to make it really clear right out of the gate that we were not accusing Vice President Pence of knowingly providing false information to the American people.

And, in fact, Mr. McGahn responded back to me to let me know that anything that General Flynn would’ve said would have been based — excuse me — anything that Vice President Pence would have said would have been based on what General Flynn had told him.

We told him the third reason was — is because we were concerned that the American people had been misled about the underlying conduct and what General Flynn had done, and additionally, that we weren’t the only ones that knew all of this, that the Russians also knew about what General Flynn had done.

And the Russians also knew that General Flynn had misled the vice president and others, because in the media accounts, it was clear from the vice president and others that they were repeating what General Flynn had told them, and that this was a problem because not only did we believe that the Russians knew this, but that they likely had proof of this information.

And that created a compromise situation, a situation where the national security adviser essentially could be blackmailed by the Russians. Finally, we told them that we were giving them all of this information so that they could take action, the action that they deemed appropriate.

I remember that Mr. McGahn asked me whether or not General Flynn should be fired, and I told him that that really wasn’t our call, that was up to them, but that we were giving them this information so that they could take action, and that was the first meeting.

Then there was a follow-up meeting on January 27. Among the five topics discussed, McGahn asked if Flynn was in legal jeopardy, and if “they” (presumably meaning he and the Associate WHCO in the meeting) could see the underlying intelligence.

WHITEHOUSE: Did you discuss criminal prosecution of Mr. Flynn — General Flynn?

YATES: My recollection is that did not really come up much in the first meeting. It did come up in the second meeting, when Mr. McGahn called me back the next morning and asked the — the morning after — this is the morning of the 27th, now — and asked me if I could come back to his office.

And so I went back with the NSD official, and there were essentially four topics that he wanted to discuss there, and one of those topics was precisely that. He asked about the applicability of certain statutes, certain criminal statutes and, more specifically,

[snip]

And there was a request made by Mr. McGahn, in the second meeting as to whether or not they would be able to look at the underlying evidence that we had that we had described for him of General Flynn’s conduct. And we told him that we were inclined to allow them to look at that underlying evidence, that we wanted to go back to DOJ and be able to make the logistical arrangements for that. This second meeting on the 27th occurred late in the afternoon, this is Friday the 27th. So we told him that we would work with the FBI over the weekend on this issue and get back with him on Monday morning. And I called him first thing Monday morning to let him know that we would allow them to come over and to review the underlying evidence.

By the time the materials for review became available on January 30, Yates had been fired, nominally because she refused to defend Trump’s Muslim ban.

The HPSCI report (particularly content newly unredacted on May 4; see PDF 63 ff) reveals there were several concerns about Flynn’s contradictory comments (which Republicans bizarrely present as conflict). First, there had been a counterintelligence investigation into Flynn still active in December 2016, though FBI may have been moving to shut it down. The interview may have been sparked by Logan Act concerns, or it may have been Flynn’s public comments to Pence (the Republican report ignores that this would pose a blackmail problem). Comey told HPSCI that the agents found Flynn — a lifetime intelligence officer — exhibited no physical signs of deceit, but made it clear the Agents did find his statements plainly conflicted with known facts.

When Mueller asks the President what he knew about the meetings, he likely wants to know (and already has answers from McGahn and likely the Associate) whether they told him about the Flynn interview, if so when, and in how much detail. If they did tell Trump, Mueller may also want to know about whether McGahn’s questions on the 27th (including whether Flynn was in legal jeopardy) reflect Trump’s own questions.

Obviously, one other subtext of this question pertains to whether Yates’ pursuit of Flynn contributed to her firing.

The other critical point about whether and what Trump knew of Yates’ meetings with McGahn: on January 27, he had his first creepy meeting with Jim Comey. Then, on January 28, he had his first phone call with Vladimir Putin, a call Flynn attended.

January 27, 2017: What was the purpose of your Jan. 27, 2017, dinner with Mr. Comey, and what was said?

At lunchtime on January 27 — so after McGahn had called Yates to set up a follow-up meeting and indicated concerns about Flynn’s legal jeopardy, but before that meeting happened — Trump called Comey and set up dinner that day. According to Comey, several minor things that would recur later came up, including questions about Andrew McCabe and Trump’s exposition of the Hillary email investigation.

In addition, five other key things happened at the meeting.

He invited the FBI to investigate “the Golden Showers” thing to prove it was a lie:

At this point, he turned to what he called “the golden showers thing”

[snip]

He said he had spoken to people who had been on the Miss Universe trip with him and they had reminded him that he didn’t stay over night in Russia for that. [this is not true]

[snip]

He said he thought maybe he should ask me to investigate the whole thing to prove it was a lie. I did not ask any questions. I replied that it was up to him, but I wouldn’t want to create a narrative that we were investigating him, because we were not and I worried such a thing would be misconstrued. Ii also said that is very difficult to disprove a lie. He said ‘maybe you’re right,’ but several times asked me to think about it and said he would also think about it.

He asked if the FBI leaks:

He asked whether the FBI leaks and I answered that of course in an organization of 36,000 we were going to have some of that, but I said I think the FBI leaks far less than people often say.

He asked if Comey wanted to keep his job, even though they had discussed it twice before:

He touched on my future at various points. The first time he asked “so what do you want to do,” explaining that lots of people wanted my job (“about 20 people”), that he thought very highly of me, but he would understand if I wanted to walk away given all I had been through, although he thought that would be bad for me personally because it would look like I had done something wrong, that he of course can make a change at FBI if he wants, but he wants to know what I think. There was no acknowledgement by him (or me) that we had already talked about this twice.

I responded by saying that he could fire me any time he wished, but that I wanted to stay and do a job I love to and think I am doing well.

He asked for loyalty:

He replied that he needed loyalty and expected loyalty.

[snip — this comes after the request for an investigation]

He then returned to loyalty, saying “I need loyalty.” I replied that he would always get honesty from me. He paused and said that’s what he wants, “honest loyalty.” I replied, “you will get that from me.”

He claimed to suspect Mike Flynn’s judgment because he had delayed in telling Trump about Putin’s congratulatory phone call:

He then went on to explain that he has serious reservations about Mike Flynn’s judgment and illustrated with a story from that day in which the President apparently discovered during his toast to Teresa May that [Vladimir Putin] had called four days ago. Apparently, as the President was toasting PM May, he was explaining that she had been the first to call him after his inauguration and Flynn interrupted to say that [Putin] had called (first, apparently). It was then that the President learned of [Putin’s] call and he confronted Flynn about it (not clear whether that was in the moment or after the lunch with PM May). Flynn said the return call was scheduled for Saturday, which prompted a heated reply from the President that six days was not an appropriate period of time to return a call from the [President] of a country like [Russia]. (“This isn’t [redacted] we are talking about.”) He said that if he called [redacted] and didn’t get a return call for six days he would be very upset. In telling the story, the President pointed his fingers at his head and said “the guy has serious judgment issues.” I did not comment at any point during this topic and there was no mention or acknowledgement of any FBI interest in or contact with General Flynn.

Trump would be hard pressed to argue the meeting was unrelated to the Yates meeting and the FBI investigation. Which would mean one thing Trump did — in a meeting where he also lied to claim he hadn’t had sex in Moscow — was to disclaim prior knowledge of the Putin meeting the next day (even while emphasizing the import of it).

Of course, the claim he thought Flynn had poor judgment didn’t lead him to keep Flynn out of the phone call with Putin the next day.

January 28: Trump, Pence, Flynn, Priebus, Bannon, and Spicer phone Vladimir Putin

February 9, 2017: What was your reaction to news reports on Feb. 8-9, 2017?

According to Jim Comey, he went for a meet and greet with Reince Priebus on February 8. While he was waiting, Mike Flynn sat down to chat with him though didn’t mention the FBI interview. Then, after clarifying that the conversation with Comey was a “private conversation,” he asked if there was a FISA order on Flynn. Comey appears to have answered in the negative. Priebus then took Comey in to meet with Trump, who defended his answer in an interview with Bill O’Reilly released on February 6) that “There are a lot of killers. You think our country’s so innocent?” After Comey criticized that part of the answer, Trump, “clearly noticed I had directly criticized him.” (h/t TC for reminding me to add this.) Since Yates had told McGahn how they knew Flynn had lied, Priebus’ question about a FISA order suggests the White House was trying to find out whether the collection was just incidental, or whether both sides of all Flynn’s conversations would have been picked up.

On February 9, the WaPo reported that Flynn had discussed sanctions, in spite of public denials from the White House that he had.

National security adviser Michael Flynn privately discussed U.S. sanctions against Russia with that country’s ambassador to the United States during the month before President Trump took office, contrary to public assertions by Trump officials, current and former U.S. officials said.

Flynn’s communications with Russian Ambassador Sergey Kislyak were interpreted by some senior U.S. officials as an inappropriate and potentially illegal signal to the Kremlin that it could expect a reprieve from sanctions that were being imposed by the Obama administration in late December to punish Russia for its alleged interference in the 2016 election.

Flynn on Wednesday [February 8] denied that he had discussed sanctions with Kislyak. Asked in an interview whether he had ever done so, he twice said, “No.”

On Thursday [February 9], Flynn, through his spokesman, backed away from the denial. The spokesman said Flynn “indicated that while he had no recollection of discussing sanctions, he couldn’t be certain that the topic never came up.”

Officials said this week that the FBI is continuing to examine Flynn’s communications with Kislyak. Several officials emphasized that while sanctions were discussed, they did not see evidence that Flynn had an intent to convey an explicit promise to take action after the inauguration.

In addition to tracking Flynn’s changing claims, it also noted that on January 15, Mike Pence had denied both any discussion of sanctions in the December call and discussions with Russia during the campaign.

On February 10, Trump was asked by reporters about Flynn’s answer. Trump played dumb: “I don’t know about that. I haven’t seen it. What report is that? I haven’t seen that. I’ll look into that.” (h/t TC)

Presumably, Mueller wants to know how surprised Trump was about this story (which actually builds on whether McGahn told him about the Yates conversation). But given Trump’s earlier question about FBI leaks, I also wonder whether Mueller knows that Trump knew this was coming. That is, some of the leaks may have come from closer to the White House, as an excuse to fire Flynn, using the same emphasis that the story (and Yates) had: the claim that Flynn had lied to Pence.

Except Mueller probably knows that the effort to soothe Russia’s concerns about sanctions made in December were a surprise to few top aides in the White House, least of all Trump.

February 13, 2017: How was the decision made to fire Mr. Flynn on Feb. 13, 2017?

We have remarkably little reporting on how and why Flynn was actually fired — mostly just the cover story that it was because Flynn lied to Pence — though after Flynn flipped last year, Trump newly claimed he had to fire Flynn because he lied to the FBI (something that, if the claims about the original 302 are correct, FBI hadn’t concluded at the time Trump fired him).

The thing is, neither story makes sense. It’s virtually certain that many people in the White House knew what Flynn had said to Sergey Kislyak back in December 2016; Tom Bossert was included in KT McFarland’s emails to Mike Flynn, and he sent it to Reince Priebus, Stephen Bannon, Sean Spicer, and at least two other people. All of those people, save Bossert, are known to have provided testimony to Mueller’s team.

But it also makes little sense to argue that Trump had to fire Flynn because he lied. If so, he would have done so either immediately, before the Putin meeting, or much later, after FBI actually came to the conclusion he had lied.

One logical explanation is that Flynn lied because he was told to lie, in an effort to continue to hide what the Trump Administration was doing in the transition period to pay off its debts to Russia. But faced with the prospect that the FBI would continue to investigate Flynn, Trump cut him out in an effort to end the investigation. Which explains why things with Comey proceeded the way they did.

Update: This post has been updated with new details surrounding February 8-10 and newly unredacted details from the HPSCI report.

RESOURCES

These are some of the most useful resources in mapping these events.

Mueller questions as imagined by Jay Sekulow

CNN’s timeline of investigative events

Majority HPSCI Report

Minority HPSCI Report

Trump Twitter Archive

Jim Comey March 20, 2017 HPSCI testimony

Comey May 3, 2017 SJC testimony

Jim Comey June 8, 2017 SSCI testimony

Jim Comey written statement, June 8, 2017

Jim Comey memos

Sally Yates and James Clapper Senate Judiciary Committee testimony, May 8, 2017

NPR Timeline on Trump’s ties to Aras Agalarov

George Papadopoulos complaint

George Papadopoulos statement of the offense

Mike Flynn statement of the offense

Internet Research Agency indictment

Text of the Don Jr Trump Tower Meeting emails

Jared Kushner’s statement to Congress

Erik Prince HPSCI transcript

THE SERIES

Part One: The Mueller Questions Map Out Cultivation, a Quid Pro Quo, and a Cover-Up

Part Two: The Quid Pro Quo: a Putin Meeting and Election Assistance, in Exchange for Sanctions Relief

Part Three: The Quo: Policy and Real Estate Payoffs to Russia

Part Four: The Quest: Trump Learns of the Investigation

Part Five: Attempting a Cover-Up by Firing Comey

Part Six: Trump Exacerbates His Woes

New Right Hook: Mike Flynn Lied When He Admitted to a Judge He Lied to the FBI

Apparently, the latest Grassley-Graham effort to spin a very understandable reaction to the discovery that the incoming National Security Advisor might be compromised by Russia — to have a meeting about whether that requires a change in the government’s investigative approach and then memorialize the meeting — as a Christopher Steele plots is not an isolated event. To accompany the Grassley-Graham effort to obscure, the right wing is now seeing a conspiracy, best captured in this Byron York piece with follow-ups elsewhere, in Mike Flynn’s guilty plea.

At issue is leaked March 2017 testimony from Jim Comey (in a piece complaining about the leak of Flynn’s FISA intercepts) that the FBI agents who interviewed Flynn on January 24, 2017 believed any inaccuracies in Flynn’s interview with the FBI were unintentional.

In March 2017, then-FBI Director James Comey briefed a number of Capitol Hill lawmakers on the Trump-Russia investigation.

[snip]

According to two sources familiar with the meetings, Comey told lawmakers that the FBI agents who interviewed Flynn did not believe that Flynn had lied to them, or that any inaccuracies in his answers were intentional. As a result, some of those in attendance came away with the impression that Flynn would not be charged with a crime pertaining to the Jan. 24 interview.

From that, York spins out a slew of laughable claims: Mike Flynn would have no reason to address the FBI amid swirling coverage of lies about Russian ties! The Deputy Attorney General “sends” FBI agents to conduct interviews! DOJ “effectively gave” Jim Comey authority to decide Hillary’s fate but then fired him for usurping that authority! They lead up to York’s theory that DOJ may have overridden the FBI agents in forcing Flynn to sign a plea admitting he made false statements.

It could be that the FBI agents who did the questioning were overruled by Justice Department officials who came up with theories like Flynn’s alleged violation of the Logan Act or his alleged vulnerability to blackmail.

[snip]

To some Republicans, it appears the Justice Department used a never-enforced law and a convoluted theory as a pretext to question Flynn — and then, when FBI questioners came away believing Flynn had not lied to them, forged ahead with a false-statements prosecution anyway. The Flynn matter is at the very heart of the Trump-Russia affair, and there is still a lot to learn about it.

Along the way, York feigns apparent ignorance of everything he knows about how criminal investigations work.

For example, York pretends to be unaware of all the pieces of evidence that have surfaced since that time that have changed the context of Flynn’s January 24 interview. There’s the weird dinner Trump invited Comey to on January 27, a day after Sally Yates first raised concerns about the interview with White House Counsel Don McGahn, where Trump told Comey “I need loyalty, I expect loyalty.” There’s the more troubling meeting on February 14, where (after asserting that Flynn had indeed lied to Mike Pence) Trump asked Comey to drop the Flynn investigation.

He repeated that Flynn hadn’t done anything wrong on his calls with the Russians, but had misled the Vice President. He then said, “I hope you can see your way clear to letting this go, to letting Flynn go. He is a good guy. I hope you can let this go.”

There’s the March 30 phone call in which the President complained about the “cloud” of the Russian investigation. There’s the April 11 phone call where the President complained about that “cloud” again, and asked for public exoneration. There’s the newly reported Don McGahn call following that conversation, to Dana Boente asking for public exoneration. There’s Comey’s May 9 firing, just in time for Trump to tell Russians on May 10 that firing that “nut job” relieved pressure on him. There’s the letter Trump drafted with Stephen Miller’s help that made it clear Comey was being fired because of the Russian investigation.

Already by the time of Comey’s firing, the White House claim that Mike Flynn got fired because he lied about his conversations to Sergey Kislyak to Mike Pence, was falling apart.

Then, in August, the Mueller team obtained the transition emails that transition lawyers had withheld from congressional requests (and therefore from Mueller), including those of Flynn himself, Jared Kushner, and KT McFarland. The transition would go on to squawk that these emails, which didn’t include Trump and dated to before Trump became President, were subject to executive privilege, alerting Mueller that the emails would have been withheld because the emails (some sent from Mar-A-Lago) reflected the involvement of Trump. Not to mention that the emails tied conversations about Russia to the “thrown election.”

Then there’s Jared Kushner’s interview with Mueller’s team in the weeks before Mike Flynn decided to plead guilty. At it, prosecutors asked Jared if he had any information that might exculpate Flynn.

One source said the nature of this conversation was principally to make sure Kushner doesn’t have information that exonerates Flynn.

There were reports that Flynn felt like he had been sold out just before he flipped, and I would bet this is part of the reason why. In addition to instructions regarding the sanction calls with Kislyak, which were directed by KT McFarland, Flynn’s statement of offense describes someone we know to be Kushner directing Flynn to call countries, including Russia, to try to persuade them to avoid a vote on Israeli West Bank settlements.

On or about December 22, 2016, a very senior member of the Presidential Transition Team directed FLYNN to contact officials from foreign governments, including Russia, to learn where each government stood on the resolution and to influence those governments to delay the vote or defeat the resolution.

Granted, Mueller’s team didn’t make the point of the lies as obvious as they did with the George Papadopoulos plea, where they made clear Papadopoulos lied to hide that he learned of the “dirt” on Hillary in the form of emails after he started on the campaign and whether he told the campaign about those emails (not to mention that he had contacts with Ivan Timofeev).

Mueller’s not telling us why Flynn’s lies came to have more significance as Mueller collected more and more evidence.

But what they make clear is that the significance of Flynn’s lies was not, as it first appeared, that he was trying to hide the subject of the calls from Mike Pence. I mean, maybe he did lie to Pence about those calls. But discussions about how to work with the Russians were not secret; they included at least Kushner, McFarland, Tom Bossert, Reince Priebus, Steve Bannon, and Sean Spicer. Some of those conversations happened with McFarland emailing while at Mar-A-Lago with the President-Elect.

So given the weight of the evidence collected since, Flynn’s lies now appear neither an effort to avoid incriminating himself on Logan Act charges, nor an effort to cover up a lie he told others in the White House, but the opposite. His lies appear to have hidden how broadly held the Russian discussions were within the transition team, not to mention that he was ordered to make the requests he did, possibly by people relaying orders from Trump, rather than doing them on his own.

That, by itself, doesn’t make the Flynn conversations (as distinct from the lies) illegal. But it means Trump went to great lengths to try to prevent Flynn from suffering any consequences for lying to hide the degree to which negotiations with Russia during the transition period were the official policy of the Trump team. And when Trump (or rather, his son-in-law) stopped protecting Flynn on that point, Flynn decided to admit to a judge that he had been knowingly lying.

It doesn’t take a conspiracy to realize that the FBI Agents who interviewed Flynn in January had none of the evidence since made available largely because Trump tried so hard to protect Flynn that he fired his FBI Director over it. It takes looking at the evidence, which makes it clear why those false statements looked very different as it became clear Flynn, after acting on Trump transition team instructions, got sold out as other senior Trump officials started trying to protect themselves.

Fake Russian Metadata that Will Do Nothing to Prevent Nuclear War

Apparently I’m not the only one troubled by Tom Bossert’s attribution of WannaCry to North Korea the other day.

In this post, Jack Goldsmith suggests the attribution will do nothing for deterrence.

He said that he thought the public attribution alone, without more, accomplished something important in holding North Korea accountable. As he put it, somewhat confusingly, later:

It’s about simple culpability. We’ve determined who was behind the attack and we’re saying it. It’s pretty straightforward. All I learned about cybersecurity I learned in kindergarten. We’re going to hold them accountable and we’re going to say it. And we’re going to shame them for it.

There you have it: The U.S. government thinks that naming and shaming by itself is a useful response to a cyberattack that caused billions of dollars of damage (though relatively little in the United States) and targeted precisely the types of critical infrastructure officials have long warned was a red line.

[snip]

it’s not just that name and shame is ineffective. For at least two reasons, it is counterproductive for the United States to take evident pride in an attribution of a major cyberattack that it at the same time concedes it lacks the tools to retaliate against or deter. First, the consequence of the attribution, and the emphasis on the damage caused by WannaCry, is to raise expectations, at least domestically, about a response. Second, the effect of such a drum-beating attribution and statement of damage, combined with a weak response, is to reveal what has been apparent for a while: “We currently cannot put a lot of stock … in cyber deterrence,” as former DNI Clapper last year. “It is … very hard to create the substance and psychology of deterrence.” When we overtly signal to North Korea that we have no tools to counteract their cyberattacks, we invite more attacks by North Korea and others—though to be fair, for the reasons Inglis stated, North Korea already has plenty of incentive, since cyber is a relatively inexpensive but very consequential tool for it, and since the United States has already imposed such extensive sanctions and seems out of tools.

I must be missing something here. Probably what I am missing is that the public attribution sends an important signal to the North Koreans about the extent to which we have penetrated their cyber operations and are watching their current cyber activities. But that message could have been delivered privately, and it does not explain why the United States delayed public attribution at least six months after its internal attribution, and two months after the U.K. had done so publicly.

In this thread, Emily Maxima notes that not everyone in the Infosec community agrees with this attribution (here’s an old piece I did on some oddities with it) and worries that the attribution might be used to justify war with North Korea.

So in the context of a potential hot-war with DPRK, the attribution chain from Wannacry to DPRK is *really* fucking important.

She then goes on to explain one of her concerns about the attribution to Lazarus group.

A few months back, I was doing some research into malware that used obfuscation mechanisms in their campaigns and code that could be used to misattribute them to other actors/nations.

It turns out, Lazarus group was one of these actors that had examples of misleading operation that made it seem like it was made in Russia, but was likely built to act as a false flag deus ex machina to lead researchers away from the true actors.

[snip]

[W]e’re talking about an increasingly tense situation where the largest attack on networked computer infrastructure in probably the last 5 years may be pinned on a group known for running false flag operations.

She points to this article that shows that some 2016 watering hole attacks that had targeted Polish and Mexican bank supervisor sites, which might be associated with Lazarus, used Russian words as a false flag to hide their origin.

In spite of some ‘Russian’ words being used, it is evident that the malware author is not a native Russian speaker.

Of our previous examples, five of the commands were likely produced by an online translation. Below we provide the examples and the correct analogues for reference:

Word Type of error Correct analogue
“ustanavlivat” omitted sign at the end, verb tense error “ustanovit'” or “ustanoviti”
“poluchit” omitted sign at the end “poluchit'” or “poluchiti”
“pereslat” omitted sign at the end “pereslat'” or “pereslati”
“derzhat” omitted sign at the end “derzhat'” or “derzhati”
“vykhodit” omitted sign at the end, verb tense error “vyiti”

Another example is “kliyent2podklyuchit”. This is most likely a result of an online translation of “client2connect” (which means ‘client-to-connect’). In this case, the two words “client” and “connect”were translated separately, then transliterated from the Russian pronunciation form into the Latin alphabet and finally joined to produce “kliyent2podklyuchit”.

[snip]

Internally, the ActionScript also uses transliterated Russian words, similar to the tactic seen in the bot code:

Transliterated Russian words used in AS Translated from Russian
Podgotovkaskotiny Preparation of farm animals
geigeigei3raza Hey, hey, hey 3 times
chainik Dummy (a stupid person)
chainikaddress Dummy’s address
poishemdatu Let’s search for data
poiskvpro Searching in ‘pro’
vyzov_chainika Calling the dummy (a stupid person)
daiadreschainika Get address of the dummy
runskotina Execute farm animals
babaLEna Old woman Lena

As seen in the table, while the words are technically Russian, their usage is out-of-context.

In one code fragment, the ActionScript contains both “chainik” and “dummy”:

01 private function put_dummy_args(param1:*) : *
02 {
03 return chainik.call.apply(null,param1);
04 }
05 private function vyzov_chainika() : *
06 {
07 return chainik.call(null);
08 }

As such, it is obvious that the word “dummy” has been translated into “chainik”. However, the word “chainik” in Russian slang (with the literal meaning of “a kettle”) is used to describe an unsophisticated person, a newbie; while, the word “dummy” in the exploit code is used to mean a “placeholder” or an “empty” data structure/argument.

The BAE analysis suggests that this incorrect usage is evidence proving the attackers are not native Russian speakers (leaving open the possibility they’re North Korean, though the report doesn’t attribute that aggressively).

I point to all this because of my continuing obsession with attacks featuring Russian metadata — starting from the first stolen Democratic files released by Guccifer 2.0 in June 2016 to faked Macron leak documents and extending to metadata ShadowBrokers left in some SWIFT files released in April — that served to deflect blame.

Perhaps it’s just fashionable to blame Russians these days.

Mind you, that other Russian metadata is for a totally unrelated watering hole attack, not for WannaCry. It’s worth remembering, however, that in addition to using Lazarus code, WannaCry also appears to have used code from Metasploit.

Ah well. I guess none of this will matter when North Korea nukes Seoul.

The Bankrupt Attribution of WannaCry

I’ve been puzzling through this briefing, purportedly attributing the WannaCry hack to North Korea, which followed last night’s Axis of CyberEvil op-ed (here’s the text). The presser was … perhaps even more puzzling than the Axis of CyberEvil op-ed.

Unlike the op-ed, Homeland Security Czar Tom Bossert provided hints about how the government came to attribute this attack.

Bossert makes much of the fact that the Five Eyes plus Japan all agree on this.

We do so with evidence, and we do so with partners.

Other governments and private companies agree.  The United Kingdom, Australia, Canada, New Zealand, and Japan have seen our analysis, and they join us in denouncing North Korea for WannaCry.

He also points to the Microsoft and (unnamed — because it’d be downright awkward to name Kaspersky in the same briefing where you attack them as a cybersecurity target) security consultant attributions from months ago.

Commercial partners have also acted.  Microsoft traced the attack to cyber affiliates of the North Korean government, and others in the security community have contributed their analysis.

Here are the specific things he says about how the US, independent of Microsoft and villains like Kaspersky, made an attribution.

What we did was, rely on — and some of it I can’t share, unfortunately — technical links to previously identified North Korean cyber tools, tradecraft, operational infrastructure.  We had to examine a lot.  And we had to put it together in a way that allowed us to make a confident attribution.

[snip]

[I]t’s a little tradecraft, to get to your second question.  It’s hard to find that smoking gun, but what we’ve done here is combined a series of behaviors.  We’ve got analysts all over the world, but also deep and experienced analysts within our intelligence community that looked at not only the operational infrastructure, but also the tradecraft and the routine and the behaviors that we’ve seen demonstrated in past attacks.  And so you have to apply some gumshoe work here, not just some code analysis.

Nevertheless, Bossert alludes to people launching this attack from “keyboards all over the world,” but says because these “intermediaries … had carried out those types of attacks on behalf of the North Korean government in the past,” they were confident in the attribution.

People operating keyboards all over the world on behalf of a North Korean actor can be launching from places that are not in North Korea.  And so that’s one of the challenges behind cyber attribution.

[snip]

[T]here were actors on their behalf, intermediaries, carrying out this attack, and that they had carried out those types of attacks on behalf of the North Korean government in the past.  And that was one of the tradecraft routines that allowed us to reach that conclusion.

Taking credit for stuff the private sector did

In his prewritten statement, Bossert provides on explanation for the timing of all this. One of the reasons the US is attributing the WannaCry attack now — aside from the need to gin up war with North Korea — is that Facebook and Microsoft, “acting on their own initiative last week,” took action last week against North Korean targets.

We applaud our corporate partners, Microsoft and Facebook especially, for acting on their own initiative last week without any direction by the U.S. government or coordination to disrupt the activities of North Korean hackers.  Microsoft acted before the attack in ways that spared many U.S. targets.

Last week, Microsoft and Facebook and other major tech companies acted to disable a number of North Korean cyber exploits and disrupt their operations as the North Koreans were still infecting computers across the globe.  They shut down accounts the North Korean regime hackers used to launch attacks and patched systems.

Yet even while acknowledging that Microsoft and Facebook are busy keeping the US safe, he demands that the private sector … keep us safe.

We call today — I call today, and the President calls today, on the private sector to increase its accountability in the cyber realm by taking actions that deny North Korea and the bad actors the ability to launch reckless and disruptive cyber acts.

Golly how do you think the US avoided damage from the attack based on US tools so well?

Then Bossert invites Assistant Secretary for Cybersecurity and Communications at DHS Jeanette Manfra to explain not how the US attributed this attack (the ostensible point of this presser), but how the US magically avoided getting slammed — by an attack based on US tools — as badly as other countries did.

By midafternoon, I had all of the major Internet service providers either on the phone or on our watch floor sharing information with us about what they were seeing globally and in the United States.  We partnered with the Department of Health and Human Services to reach out to hospitals across the country to offer assistance.  We engaged with federal CIOs across our government to ensure that our systems were not vulnerable.  I asked for assistance from our partners in the IT and cybersecurity industry.  And by 9:00 p.m. that night, I had over 30 companies represented on calls, many of whom offered us analytical assistance throughout the weekend.

By working closely with these companies and the FBI throughout that night, we were able to issue a technical alert, publicly, that would assist defenders with defeating this malware.  We stayed on alert all weekend but were largely able to escape the impacts here in this country that other countries experienced.

Managing to avoid getting slammed by an attack that the US had far more warning of (because it would have recognized and had 96 days to prepare) is proof, Manfra argues, of our preparation to respond to attacks we didn’t write the exploit for.

[T]he WannaCry attack demonstrated our national capability to effectively operate and respond.

Ix-Nay on the AdowBrokers-Shay

Which brings us to the dramatic climax of this entire presser, where Tom Bossert plays dumb about the fact that his this attack exploited an NSA exploit. In his first attempt to deflect this question, Bossert tried to distinguish between vulnerabilities and the exploits NSA wrote for them.

Q    Had they not been able to take advantage of the vulnerabilities that got published in the Shadow Brokers website, do you think that would have made a significant difference in their ability to carry out the attack?

MR. BOSSERT:  Yeah.  So I think what Dave is alluding to here is that vulnerabilities exist in software.  They’re not — almost never designed on purpose.  Software producers are making a product, and they’re selling it for a purpose.

Pretending a vulnerability is the same thing as an exploit, Bossert pointed to the (more visible but still largely the same) Vulnerabilities Exploit Process Trump has instituted.

When we find vulnerabilities, the United States government, we generally identify them and tell the companies so they can patch them.

In this particular case, I’m fairly proud of that process, so I’d like to elaborate.  Under this President’s leadership and under the leadership of Rob Joyce, who’s serving as my deputy now and the cybersecurity coordinator, we have led the most transparent Vulnerabilities Equities Process in the world.

Hey, by the way, why isn’t Rob Joyce at this presser so the person in government best able to protect against cyber attacks can answer questions?

Oh, never mind–let’s continue with this VEP thing.

And what that means is the United States government finds vulnerabilities in software, routinely, and then, at a rate of almost 90 percent, reveals those.  They could be useful tools for us to then exploit for our own national security benefit.  But instead, what we choose to do is share those back with the companies so that they can patch and increase the collective defense of the country.  It’s not fair for us to keep those exploits while people sit vulnerable to those totalitarian regimes that are going to bring harm to them.

So, in this particular case, I’m proud of the VEP program.  And I’d go one step deeper for you:  Those vulnerabilities that we do keep, we keep for very specific purposes so that we can increase our national security.  And we use them for very specific purposes only tailored to our perceived threats.  I think that they’re used very carefully.  They need to be protected in such a way that we don’t leak them out and so that bad people can get them.  That has happened, unfortunately, in the past.

Hell! Let’s go for broke. Let’s turn the risk that someone can steal our toys and set off a global worm into the promise that we’ll warn people they’ve been hacked.

But one level even deeper.  When we do use those vulnerabilities to develop exploits for the purpose of national security for the classified work that we do, we sometimes find evidence of bad behavior.  Sometimes it allows us to attribute bad actions.  Other times it allows us to privately call — and we’re doing this on a regular basis, and we’re doing it better and in a more routine fashion as this administration advances — we’re able to call targets that aren’t subject to big rollouts.  We’re able to call companies, and we’re able to say to them, “We believe that you’ve been hacked.  You need to take immediate action.”  It works well; we need to get better at doing that.  And I think that allows us to save a lot of time and money.

We’re not yet broke yet, though! When Bossert again gets asked whether WannaCry was based off a US tool, he tried to argue the only tool involved was the final WannaCry one, not than the underlying NSA exploit.

Q    So you talked about the 90 percent of times when you guys share information back with companies rather than exploit those vulnerabilities.  Was this one of the 10 percent that you guys had held onto?

MR. BOSSERT:  So I think there’s a case to be made for the tool that was used here being cobbled together from a number of different sources.  But the vulnerability that was exploited — the exploit developed by the culpable party here — is the tool, the bad tool.

This soon descends into full-on Sergeant Schultz.

I don’t know what they got and where they got it, but they certainly had a number of things cobbled together in a pretty complicated, intentional tool meant to cause harm that they didn’t entirely create themselves.

MalwareTech took a risk doing what he always does [er, did, before the US government kidnapped him] with malware?

Then there’s weird bit — one of those Bossert moments (like when he said WannaCry was spread by phishing) that makes me think he doesn’t know what he’s talking about. When asked if this North Korean attribution changed the government’s intent to prosecute MalwareTech (Marcus Hutchins), Bossert dodged that tricksy question (the answer is, yes, the prosecution is still on track to go to trial next year) but then claimed that Hutchins “took a risk” doing something he has repeatedly said he always does when responding to malware.

I can’t comment on the ongoing criminal prosecution or judicial proceedings there.  But I will note that, to some degree, we got lucky.  In a lot of ways, in the United States we were well-prepared.  So it wasn’t luck — it was preparation, it was partnership with private companies, and so forth.  But we also had a programmer that was sophisticated, that noticed a glitch in the malware, a kill-switch, and then acted to kill it.  He took a risk, it worked, and it caused a lot of benefit.  So we’ll give him that.  Next time, we’re not going to get so lucky.

After dodging the issue of why the government is prosecuting the guy whose “luck” Bossert acknowledges saved the world, he has the gall to say — in the very next breath!! — we need to do the kind of information sharing that Hutchins’ prosecution disincents.

So what we’re calling on here today is an increased partnership, an increased rapidity in routine speed of sharing information so that we can prevent patient zero from being patient 150.

Whatever you do, don’t follow the lack of money

All that was bad enough. But then things really went off the rail when a journalist asked about what one of the poorest countries on earth — a country with a severe exchangeable currency shortage — did with the money obtained in this ransomware attack.

Q    Tom, the purpose of ransomware is to raise money.  So do you have a sense now of exactly how much money the North Koreans raised as a result of this?  And do you have any idea what they did with the money?  Did it go to fund the nuclear program?  Did it go just to the regime for its own benefit?  Or where did that money go?

MR. BOSSERT:  Yeah, it’s interesting.  There’s two conundrums here.  First, we don’t really know how much money they raised, but they didn’t seem to architect it in the way that a smart ransomware architect would do.  They didn’t want to get a lot of money out of this.  If they did, they would have opened computers if you paid.  Once word got out that paying didn’t unlock your computer, the payment stopped.

And so I think that, in this case, this was a reckless attack and it was meant to cause havoc and destruction.  The money was an ancillary side benefit.  I don’t think they got a lot of it.

Wow. A couple things here. First, of one of the poorest countries in the world, Bossert said with a straight face: “They didn’t want to get a lot of money out of this.”

He has to do that, because he has just said that, “They’ve got some smart programmers.” So he has to treat the attack, as implemented, as the attack that the perpetrators wanted. That apparently doesn’t mean he feels bound to offer some explanation for why North Korea would forgo the money that their smart programmers could have earned. Because he never offers that, without which you have zero credible attribution.

Still nuttier, at one level it cannot be true that “we don’t know how much money they raised.” Later in his presser he claims, “cryptocurrency might be difficult to track” and suggests the government only learned about how little they were making because, “targets seem to have reported to us, by and large, that they mostly didn’t pay. … So we were able to track the behavior of the targets in that case.”

Um. No. It was very public! We watched WannaCry’s perps collect $144,000 via the @Actual_ransom account, and we watched the account be cashed out in the immediate wake of the aforementioned MalwareTech arrest (as Hutchins noted, making it look like he had absconded with his Bitcoin rather than gotten arrested by the FBI).  That, too, is a detail that Bossert would have needed to address for this to be a marginally credible press conference.

But wait! There’s more! We also know that as soon as WannaCry’s perps publicly cashed out, Shapeshift blacklisted all its known accounts, making it impossible for WannaCry to launder the money, and adding still more transparency to the process. Which means Bossert should know well the answer to the question “how much did North Korea (or whatever perp) make off this?” is, zero. None. Because their money got cut off in the laundering process. (For some reason, Bossert gave Shapeshift zero credit here, which raises further questions I might return to at a later date.) Either attribution includes details about this process or … it’s not credible.

Bossert’s backflips to pretend Trump isn’t treating North Korea differently than Russia

Now, all this is before you get into the gymnastics Bossert performed to pretend that Trump isn’t treating North Korea — against whom this attribution will serve as justification for war — differently than Russia. After being asked about it, Bossert claimed,

President Trump not only continued the national emergency for cybersecurity, but he did so himself and sanctioned the Russians involved in the hacks of last year.

His effort to conflate last year’s hack-related sanctions with the sanctions imposed by Congress but not fully implemented looked really pathetic.

Q    Have all the sanctions been implemented?

MR. BOSSERT:  This was — yeah, this was the Continuation of the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities.  President Trump continued that national emergency, pursuant to the International Emergency Economic Powers Act, to deal with the “unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”

Pivoting to one of the most important private companies

Immediately after which, perhaps in an act of desperation, Bossert pivoted to Kaspersky, one of the most important security firms in unpacking WannaCry and therefore utterly central to any claim the answer to cyberattacks is to share between the private and public sector. Bossert said this to defend the claim that the Trump administration is taking Russian threats seriously.

Now, look, in addition, if that’s not making people comfortable, this year we acted to remove Kaspersky from all of our federal networks.  We did so because having a company that can report back information to the Russian government constituted a risk unacceptable to our federal networks.

And then — in the same press conference where Bossert hailed cooperation, including with private security firms like Kaspersky, he boasted about how “in the spirit of cooperation” the US has gotten “providers, sellers, retail stores” to ban one of the firms that was critical in analyzing and minimizing the WannaCry impact.

In the spirit of cooperation, which is the second pillar of our strategy — accountability being one, cooperation being the second — we’ve had providers, sellers, retail stores follow suit.  And we’ve had other private companies and other foreign governments also follow suit with that action.

In case you’re counting, he has boasted about cooperation in the same breath as speaking of both MalwareTech and Kaspersky.

Whatever. From this we’re supposed to conclude we should go to war against North Korea and their non-NK keyboarders the world over and  that the way to defend ourselves against them is to simultaneously demand “cooperation” even while treating two of the most important entities who minimized the threat of WannaCry as outlaws.

Tom Bossert Brings You … Axis of CyberEvil!

I was struck, when reviewing the NYT article on the KT McFarland email, how central Homeland Security Czar Tom Bossert was to the discussion of asking Russia not blow off Obama’s Russia sanctions.

“Key will be Russia’s response over the next few days,” Ms. McFarland wrote in an email to another transition official, Thomas P. Bossert, now the president’s homeland security adviser.

[snip]

Mr. Bossert forwarded Ms. McFarland’s Dec. 29 email exchange about the sanctions to six other Trump advisers, including Mr. Flynn; Reince Priebus, who had been named as chief of staff; Stephen K. Bannon, the senior strategist; and Sean Spicer, who would become the press secretary.

[snip]

Mr. Bossert replied by urging all the top advisers to “defend election legitimacy now.”

[snip]

Obama administration officials were expecting a “bellicose” response to the expulsions and sanctions, according to the email exchange between Ms. McFarland and Mr. Bossert. Lisa Monaco, Mr. Obama’s homeland security adviser, had told Mr. Bossert that “the Russians have already responded with strong threats, promising to retaliate,” according to the emails.

There Tom Bossert was, with a bunch of political hacks, undercutting the then-President as part of an effort to “defend election legitimacy now.”

Which is one of the reasons I find Bossert’s attribution of WannaCry to North Korea — in a ridiculously shitty op-ed — so sketchy now, as Trump needs a distraction and contemplates an insane plan to pick a war with North Korea.

The guy who — well after it was broadly known to be wrong — officially claimed WannaCry was spread by phishing is now offering this as his evidence that North Korea is the culprit:

We do not make this allegation lightly. It is based on evidence.

A representative of the government whose tools created this attack, said this without irony.

The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.

And the guy whose boss has, twice in the last week, made googly eyes at Vladimir Putin said this as if he could do so credibly.

As we make the internet safer, we will continue to hold accountable those who harm or threaten us, whether they act alone or on behalf of criminal organizations or hostile nations.

Much of the op-ed is a campaign ad falsely claiming a big break with the Obama Administration.

Change has started at the White House. President Trump has made his expectations clear. He has ordered the modernization of government information-technology to enhance the security of the systems we run on behalf of the American people. He continued sanctions on Russian hackers and directed the most transparent and effective government effort in the world to find and share vulnerabilities in important software. We share almost all the vulnerabilities we find with developers, allowing them to create patches. Even the American Civil Liberties Union praised him for that. He has asked that we improve our efforts to share intrusion evidence with hacking targets, from individual Americans to big businesses. And there is more to come.

A number of the specific items Bossert pointed to to claim action are notable for the shoddy evidence underlying them, starting with the Behzad Mesri case and continuing to Kaspersky — which has consistently had more information on the compromises we blame it for than the US government.

When we must, the U.S. will act alone to impose costs and consequences for cyber malfeasance. This year, the Trump administration ordered the removal of all Kaspersky software from government systems. A company that could bring data back to Russia represents an unacceptable risk on federal networks. Major companies and retailers followed suit. We brought charges against Iranian hackers who hacked several U.S. companies, including HBO. If those hackers travel, we will arrest them and bring them to justice. We also indicted Russian hackers and a Canadian acting in concert with them. A few weeks ago, we charged three Chinese nationals for hacking, theft of trade secrets and identity theft. There will almost certainly be more indictments to come.

The Yahoo case, which is backed by impressive evidence, was based on evidence gathered under Obama, from whose Administration Bossert claims to have made a break.

And this kind of bullshit — in an op-ed allegedly focused on North Korea — is worthy of David Frum playing on a TRS-80.

Going forward, we must call out bad behavior, including that of the corrupt regime in Tehran.

Especially ending as it does with a thinly disguised call for war.

As for North Korea, it continues to threaten America, Europe and the rest of the world—and not just with its nuclear aspirations. It is increasingly using cyberattacks to fund its reckless behavior and cause disruption across the world. Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.

I mean, maybe dirt poor North Korea really did build malware designed not to make money. But this is not the op-ed to credibly make that argument.

Trump Appears to Have Withheld the KT McFarland Email about the “Thrown Election”

This post explains what appears to be the real reason for the fake outrage about Mueller obtaining information from GSA: by doing so, he appears to have obtained proof that the Transition was withholding emails material to the investigation. Go to this post for a more general summary of what we know about the claim. 

Here’s the letter that Trump For America lawyer sent to Congress to cause a big hullabaloo about how Robert Mueller obtained transition period emails. I unpacked it in this Twitter thread and commented on it in an update to this post.

But this passage deserves a separate post, because it seems to go to the heart of why the Republicans are spewing propaganda like this.

Additionally, certain portions of the PTT materials the Special Counsel’s Office obtained from the GSA, including materials that are susceptible to privilege claims, have been leaked to the press by unknown persons. Moreover, the leaked records have been provided to the press without important context and in a manner that appears calculated to inflict maximum reputational damage on the PTT and its personnel, without the inclusion of records showing that PTT personnel acted properly – which in turn forces TFA to make an impossible choice between (a) protecting its legal privileges by keeping its records confidential and (b) waiving its privileges by publicly releasing records that counteract the selective leaks and misguided news reports. In short, since the GSA improperly provided them to the Special Counsel’s Office, the PTT’s privileged materials have not only been reviewed privately by the Special Counsel’s Office without notification to TFA – they have also been misused publicly.

Kory Langhofer is insinuating — without quite risking the claim — that after GSA shared certain emails with Robert Mueller’s office, “unknown persons” leaked them to the press. The insinuation is that Mueller’s team leaked them.

I can think of just one set of emails that fit this description: emails from KT McFarland that provided proof that Mike Flynn lied to the FBI about his conversations with Sergei Kislyak on December 29, 2016. The NYT quoted extensively from them in a December 2 story.

Among other things, McFarland stated in the emails that Russia “has just thrown the U.S.A. election to” Trump.

On Dec. 29, a transition adviser to Mr. Trump, K. T. McFarland, wrote in an email to a colleague that sanctions announced hours before by the Obama administration in retaliation for Russian election meddling were aimed at discrediting Mr. Trump’s victory. The sanctions could also make it much harder for Mr. Trump to ease tensions with Russia, “which has just thrown the U.S.A. election to him,” she wrote in the emails obtained by The Times.

[snip]

Mr. Obama, she wrote, was trying to “box Trump in diplomatically with Russia,” which could limit his options with other countries, including Iran and Syria. “Russia is key that unlocks door,” she wrote.

She also wrote that the sanctions over Russian election meddling were intended to “lure Trump in trap of saying something” in defense of Russia, and were aimed at “discrediting Trump’s victory by saying it was due to Russian interference.”

“If there is a tit-for-tat escalation Trump will have difficulty improving relations with Russia, which has just thrown U.S.A. election to him,” she wrote.

Contrary to Langhofer’s suggestion, NYT made some effort to mitigate the damage of McFarland’s comment seemingly confirming the Trump team knew the election had been stolen, including speaking to a White House lawyer about it.

It is not clear whether Ms. McFarland was saying she believed that the election had in fact been thrown. A White House lawyer said on Friday that she meant only that the Democrats were portraying it that way.

And while NYT’s explanation that they got the emails “from someone who had access to transition team communications” certainly could include Mueller’s team among the culprits, it could also include GSA officials themselves or — even more likely — a former Trump official with a grudge. At least three were CCed on the email in question: Bannon, Priebus, and Spicer.

Mr. Bossert forwarded Ms. McFarland’s Dec. 29 email exchange about the sanctions to six other Trump advisers, including Mr. Flynn; Reince Priebus, who had been named as chief of staff; Stephen K. Bannon, the senior strategist; and Sean Spicer, who would become the press secretary.

In other words, Langhofer uses the leak as an excuse to suggest wrong-doing by Mueller, when other possibilities are far more likely.

But consider the other implication of this: Langhofer is suggesting that this email chain (which included no named active lawyers, nor included Trump directly, though they were written in Trump’s presence at Mar a Lago) is “susceptible to privilege claims.” He is further suggesting that GSA is the only way this email could have been released (ignoring, of course, the Bannon/Priebus/Spicer) options.

If that’s right, then he’s suggesting that Trump was involved in this email chain directly. There’s no reason to believe he was CCed. But since the emails were written from Mar-a-Lago, it’s likely he was consulted in the drafting of the emails.

In addition, Langhofer is also admitting that Trump’s team didn’t release these emails directly — at least not to Congress.

Emails which couldn’t be more central to the point of Mueller’s investigation.

Did the GOP just admit that Trump withheld this email? Because if so, it suggests the “thrown election” comment is far more damning than the NYT laid out.

Update: It’s not clear whether Mueller ever tried to obtain these records via GSA (though it’s possible FBI obtained emails before the inauguration). But this, from the letter, makes it clear at least Congress had made requests, which led TFA to try to take GSA out of the loop even though SCO had a document preservation request.

In order to comply with congressional document production requests, TFA ordered from the GSA electronic copies of all PTT emails and other data. Career GSA staff initially expressed concern that providing copies of PTT emails to TFA might violate a document preservation request that the GSA had received from the Special Counsel’s Office.

Withholding this email from Congress would be particularly problematic, as McFarland testified in conjunction with her now-frozen nomination to be Ambassador to Singapore that she knew nothing about Flynn’s communications with Kislyak. h/t SS

Update: Ah, this explains how Mueller was getting emails: via voluntary production, along with everything the Transition was giving Congress. Which means the email was withheld, and this October subpoena was an attempt to see whether they’d cough it up on their own.

Special counsel Robert Mueller’s team in mid-October issued a subpoena to President Donald Trump’s campaign requesting Russia-related documents from more than a dozen top officials, according to a person familiar with the matter.

The subpoena, which requested documents and emails from the listed campaign officials that reference a set of Russia-related keywords, marked Mr. Mueller’s first official order for information from the campaign, according to the person. The subpoena didn’t compel any officials to testify before Mr. Mueller’s grand jury, the person said.

The subpoena caught the campaign by surprise, the person said. The campaign had previously been voluntarily complying with the special counsel’s requests for information, and had been sharing with Mr. Mueller’s team the documents it provided to congressional committees as part of their probes of Russian interference into the 2016 presidential election.

[snip]

Mueller’s team had previously issued subpoenas individually to several top campaign officials, including former campaign chairman Paul Manafort and former national security adviser Mike Flynn.

[Correction: I’ve been corrected on this passage, which makes it clear this is about campaign emails, not transition ones. But I assume he made parallel requests for all three phases of Trump organization.]

Update: Mueller’s spox, Peter Carr, issued a statement saying, “When we have obtained emails in the course of our ongoing criminal investigation, we have secured either the account owner’s consent or appropriate criminal process.” Given what I’ve laid out here, I actually think “C” may have been the case:

  • Subpoena to Flynn, obtain voluntary compliance for specific things as well as evidence shared with Congress prior to August
  • In August (perhaps after being alerted to withheld documents by Priebus/Spicer/Bannon/Papadopoulos?) obtain emails from GSA, technically the device owners
  • In October, subpoena for Russian-related emails from the same ~13 people