Vault 7 Archives - Page 3 of 4

Posts

On CNN’s WikiLeaks Exclusive: Remember the Other Document Dumps

July 15, 2019/51 Comments/in 2016 Presidential Election, Mueller Probe, WikiLeaks /by emptywheel

CNN has a report on leaked security records describing some of the visitors and improved computer equipment Julian Assange got in 2016, as Russia was staging the election hack-and-leak. The story is a better expose of how increased pressure from the US and a change of president in Ecuador dramatically changed Assange’s freedom to operate in the Ecuadorian Embassy in London, with many details of the internal Ecuadorian politics, as it is proof of anything pertaining to the hack-and-leak.

As for the latter, the story itself insinuates ties between WikiLeaks and Russia’s hack-and-leak operation by matching the profile of Assange’s known (and dramatically increased number of) visitors in 2016 with the timing of those visits. Those people are:

A Russian national named Yana Maximova, about whom CNN states almost nothing is known, who visited at key moments in June 2016 (though CNN doesn’t provide the specific dates)
Five meetings in June 2016 with senior staffers from RT, including two visits from their London bureau chief, Nikolay Bogachikhin
German hacker Andrew Müller-Maguhn
German hacker Bernd Fix (who visited with Müller-Maguhn a few times)

These visitors have, in generally, been identified before, and with the exception of Müller-Maguhn, CNN doesn’t give the precise dates when people visited Assange, instead providing only screen shots of entry logs (which, CNN notes, key visitors wouldn’t be on). The exception is Müller-Maguhn, whose pre-election visits the TV version lists as:

February 19 and 20, 2016
March 14, 2016
May 8, 2016
May 23, 2016
July 7, 2016
July 14, 2016
July 28, 2016
August 3, 2016
August 24, 2016
September 1, 2016
September 19, 2016
October 21, 2016
October 31, 2016

And, yes, some of those visits match the known Russian hack-and-leak timeline in enticing ways, such as that Müller-Maguhn, who told WaPo that, “he was never in possession of the material before it was put online and that he did not transport it,” showed up the same day Mueller documents describe WikiLeaks obtaining an archive that had been uploaded (“put”) online and by that means transferred to WikiLeaks.

But that would be entirely consistent with Müller-Maguhn helping to process the emails — something the Mueller team determined did not violate US law — not serving as a mule. Not that Müller-Maguhn would be best used as a mule in any case.

The descriptions of the changes in computer and other gear are more interesting: with Assange bumping up his resources on June 19, a masked visitor dropping off a package outside the embassy on July 18, and exempt WikiLeaks personnel removing a ton of equipment on October 18, as Ecuador finally threatened to shut WikiLeaks down.

Shortly after WikiLeaks established contact with the Russian online personas, Assange asked his hosts to beef up his internet connection. The embassy granted his request on June 19, providing him with technical support “for data transmission” and helping install new equipment, the documents said.

[snip]

Days later, on July 18, while the Republican National Convention kicked off in Cleveland, an embassy security guard broke protocol by abandoning his post to receive a package outside the embassy from a man in disguise. The man covered his face with a mask and sunglasses and was wearing a backpack, according to surveillance images obtained by CNN.

[snip]

The security documents lay out a critical sequence of events on the night of October 18. Around 10 p.m., Assange got into a heated argument with then-Ecuadorian Ambassador Carlos Abad Ortiz. Just before midnight, Abad banned any non-diplomatic visitors to the embassy and left the building. Behind the scenes, Assange communicated with the foreign minister in Quito.

Within an hour of Abad’s departure, he called the embassy and reversed the ban.

By 1 a.m., two WikiLeaks personnel arrived at the embassy and started removing computer equipment as well as a large box containing “about 100 hard drives,” according to the documents.

Security officials on site wanted to examine the hard drives, but their hands were tied. The Assange associates who removed the boxes were on the special list of people who couldn’t be searched. The security team sent a memo back to Quito raising red flags about this late-night maneuver and said it heightened their suspicions about Assange’s intentions.

Again, none of that proves a knowing tie with Russian intelligence. But it does show an interesting rhythm during that year.

But this schedule doesn’t consider the other things going on with WikiLeaks in 2016. At almost the same time that WikiLeaks released the DNC emails, after all, they also released the AKP email archive.

More interesting still, according to the government’s current allegations about Joshua Schulte’s actions in leaking the CIA’s hacking tools to WikiLeaks, he made a copy of the CIA’s backup server on April 20, then transmitted the files from it to … someone (I suspect these may not have gone directly to WikiLeaks) … in late April to early May.

But then for some reason, on August 4, Schulte for the first time ever started conducting Google searches on WikiLeaks, without visiting the WikiLeaks site until the first release of the Vault 7 leaks.

Meanwhile, WikiLeaks claimed in August 2016 — and ShadowBrokers invoked that claim, in January 2017 — that WikiLeaks had obtained a copy of the original ShadowBrokers files released on August 13, 2016. A Twitter account claiming to be ShadowBrokers reiterated this claim late last year.

Consider the continued presence of highly skilled hackers at the Embassy and the removal of tons of computer equipment as Ecuador cracked down from the viewpoint of what happened to all of NSA and CIA’s hacking tools, rather than what happened with John Podesta’s risotto recipe. Add in the fact that the government seems to think Schulte altered the air gap tool he allegedly wrote for CIA outside of CIA.

To the extent they provide these dates (again, they do so with specificity only for Müller-Maguhn, and only before the election; not to mention, his emails appear to fit a fairly regular twice-monthly pattern), a few of them are quite intriguing. But there was a whole lot else going on with WikiLeaks that year that might be even more important for describing the true nature of WikiLeaks.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.

Joshua Schulte Keeps Digging: His Defensible Legal Defense Continues to Make a Public Case He’s Guilty

July 4, 2019/5 Comments/in emptywheel, Leak Investigations, WikiLeaks /by emptywheel

To defend him against charges of leaking the CIA’s hacking tools to WikiLeaks, Sabrina Shroff has made it clear that Joshua Schulte is the author of the CIA’s lies about its own hacking.

In a motion to suppress all the earliest warrants against Schulte submitted yesterday, Shroff makes an unintentionally ironic argument. In general, Shroff (unpersuasively) argues some things the government admitted in a Brady letter sent last September are evidence of recklessness on the part of the affiant on those earliest warrants, FBI Agent Jeff Donaldson. She includes most of the items corrected in the Brady letter, including an assertion Donaldson made, on March 13, 2017, that Schulte’s name did not appear among those published by WikiLeaks: “The username used by the defendant was published by WikiLeaks,” the prosecutors corrected the record in September 2018. To support a claim of recklessness, Schroff asserted in the motion that someone would just have to search on that username on the WikiLeaks site to disprove the initial claim.

Finally, the Brady letter explained that a key aspect of the affidavit’s narrative—that Mr. Schulte was the likely culprit because WikiLeaks suspiciously did not publicly disclose his identity—was false. Mr. Schulte’s identity (specifically, his computer username “SchulJo”) was mentioned numerous times by WikiLeaks, as a simple word-search of the WikiLeaks publication would have shown. See Shroff Decl. Exh. F at 7

If you do that search on his username — SchulJo — it only readily shows up in one file, the Marble Framework source code.

That file was not released until March 31, 2017. So the claim that Schulte’s name did not appear in the WikiLeaks releases was correct when Donaldson made it on March 13. That claim — like most of the ones in the Brady letter — reflect the incomplete knowledge of an ongoing investigation, not recklessness or incompetence (Schulte has written elsewhere that he believed the FBI acted rashly to prevent him from traveling to Mexico, which given other details of this case — including that he hadn’t returned his CIA diplomatic passport and snuck it out of his apartment when the FBI searched his place, they were right to do).

By sending her reader to discover that Schulte’s name appears as the author of the Marble Framework, she makes his “signature” that of obfuscation — hiding who actually did a hack.

Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection.

[snip]

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.

Marble was one of the files WikiLeaks — and DNC hack denialists — would point to to suggest that CIA had done hacks (including the DNC one) and then blamed them on Russia. In other words, in her attempt (again, it is unpersuasive) to claim that FBI’s initial suspicions did not reach probable cause, she identifies Schulte publicly not just with obfuscation about a breach’s true culprits, but with the way in which the Vault 7 leak — ostensibly done out of a whistleblower’s concern for CIA’s proliferation of weapons — instead has served as one prong of the propaganda covering Russia’s role in the election year hack.

That’s just an ironic effect of Shroff’s argument, not one of the details in yesterday’s releases that — while they may legally serve to undermine parts of the case against her client — nevertheless add to the public evidence that he’s not only very likely indeed the Vault 7 culprit, but not a terribly sympathetic one at that.

Back when FBI first got a warrant on Schulte on March 13, 2017, they had — based on whatever advanced notice they got from Julian Assange’s efforts to use the files to extort a pardon from the US government and the week of time since WikiLeaks had released the first and to that date only set of files on March 7 — developed a theory that he was the culprit. The government still maintains these core details of that theory to be true (this Bill of Particulars Schulte’s team released yesterday gives a summary of the government’s theory of the case as of April 29):

The files shared with WikiLeaks likely came from the server backing up the CIA’s hacking tools, given that the files included multiple versions, by date, of the files WikiLeaks released
Not that many people had access to that server
Schulte did have access
Not only had Schulte left the CIA in a huff six months before the WikiLeaks release — the only person known to have had access to the backup server at the time who had since left — but he had been caught during the period the files were likely stolen restoring his own administrator privileges to part of the server after they had been removed

But, after it conducted further investigation and WikiLeaks published more stolen files, the government came to understand that several other things that incriminated Schulte were not true.

[T]he government appears to have abandoned the central themes of the March 13 affidavit: namely, that the CIA information was likely stolen on March 7–8, 2016, that Mr. Schulte was essentially “one of only three people” across the entire CIA who could have taken it, and that WikiLeaks’s supposed effort to conceal his identity was telltale evidence of his culpability

There’s no indication, however, that Donaldson was wrong to believe what he did when he first obtained the affidavit; Shroff claims recklessness, but never deals with the fact that the FBI obtained new evidence. Moreover, for two of the allegations that the government later corrected — the date the files were stolen and the number of people who had access to the server, Donaldson admitted those were preliminary conclusions in his initial affidavit (which Shroff doesn’t acknowledge):

It is of course possible that the Classified Information was copied later than March 8, 2016, even though the creation/modification dates associated with it appear to end on March 7, 2016.

[snip]

Because the most recent timestamp on the Classified Information reflects a date of March 7, 2016, preliminary analysis indicates that the Classified Information was likely copied between the end of the day on March 7 and the end of the day on March 8.

[snip]

It is, of course, possible that an employee who was not a designated Systems Administrator could find a way to gain access to the Back-Up Server. For example, such an employee could steal and use–without legitimate authorization–the username and password of a designated Systems Administrator. Or an employee lacking Systems Administrator access could, at least theoretically, gain access to the Back-Up Server by finding a “back- door” into the Back-Up Server.

Between the two corrections, the revised information increases the number of possible suspects from two to five, out of 200 people who would have regular access to the files. A footnote to a later affidavit (PDF 138) describes that on April 5, 2017, FBI received information that suggested the number might be higher or lower. (I suspect Schulte argued in a classified filing submitted yesterday that even more people could have accessed it, not least because he has been arguing that in his various writings posted to dockets and other things,)

But, even though the Brady letter corrects the dates on which Schulte reinstated his administrator privileges for the Back-Up server slightly (he restored his own access on April 11, not April 14, which is when his managers discovered he had done so), Shroff only addresses his loss of privileges as innocent, without addressing that he got that access back on his own improperly.

More importantly, the motion doesn’t address, at all, that Schulte kicked everyone else off one of his programs, the Brutal Kangaroo tool used to hack air gapped networks using thumb drives. Nor does it address allegations against Schulte made in August 2016 as part of his clearance review, including that his demeanor changed for the worse around February 2016, he might be “subject to outside coercion,” and he tended not to abide by “guidelines concerning when and what kinds of media or data (such as external drives) could be connected or uploaded to CIA computer systems.” There are other details in the affidavit — such as Schulte’s attempt to learn what his former colleagues knew of the investigation — that support probable cause too (these may be among the things Shroff addresses in a classified filing).

That is, the probable cause that Schulte was the culprit was pretty strong even with the errors in the original affidavit, and none of the errors suggests malice or incompetence or even the recklessness Shroff alleges.

Shroff is right that the March 13 affidavit doesn’t offer as much probable cause to tie Schulte’s home to the crime; but that’s the magistrate’s fault and fairly standard for computer crimes, not the FBI’s. Shroff obscures the effect of FBI obtaining a second warrant to actually search the 150 storage media and computer devices they found in his home (a list of what they seized starts on PDF 116), as well as a second warrant to obtain child porn.

It is also true, as the defense argues, that the evidence to search for child porn was thin. But given that the government had a warrant to search the computer in question, and given precedents about child porn, that may not matter (though I think it is more likely to succeed than the rest of this). In any case, by the time of the main searches on child porn, three different magistrates had signed off on these searches.

This is a totally understandable attempt to get some of this evidence suppressed. But along the way the affidavits released yesterday provide a slew of damaging new details such as:

Schulte conducted a ton of searches on Google in April 2016 about detecting USB insertion, copying big files, deleting files, preventing other admins from seeing what someone was doing on a LAN
Schulte made a snapshot of (part of?) the LAN on April 20, 2016
In early May, Schulte researched how to use Tor and Tails, which the government alleges he used to send the files
On August 4, 2016 — the day after Snowden sent this tweet — Schulte did a Google search for WikiLeaks for the first time ever (note, I believe the Snowden tweet may have been preparation for the misleading IG report on him released the following month)

Between then and March 7, Schulte searched on WikiLeaks over 20 more times, reading hundreds of articles on it; but he didn’t visit WikiLeaks for the first time until March 7, 2017, the first day the files posted; he also searched for that Snowden tweet

In short, just Schulte’s Google searches alone provide very strong evidence that he’s the Vault 7 leaker. Which explains why his attorneys are making what will probably be an unsuccessful attempt to claim the Google searches were overly broad and lacked probable cause (something Schulte wrote elsewhere seems to reflect that he has been told this will be treated under a Good Faith exception).

Schulte has been trying to disclose all these materials for over a year. But they really don’t help his case.

Accused Vault 7 Leaker Joshua Schulte Planned to Have WikiLeaks Publish Disinformation to Help His Defense

June 19, 2019/23 Comments/in WikiLeaks /by emptywheel

When WikiLeaks announced its publication of the CIA’s hacking tools in March 2017, the first tool it highlighted was an effort called Umbrage, which it claimed the CIA used to “misdirect attribution.”

UMBRAGE

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Experts noted at the time that Umbrage served mostly to save time by reusing existing code. Nevertheless, the representation that the CIA would sometimes use other nation’s tools was immediately integrated into conspiracy theories denying that Russia carried out the 2016 hacks on Democrats. Because the CIA sometimes obscured its own hacks, denialists have said since, the CIA must have been behind the 2016 hacks, part of a Deep State operation to frame Russia and in so doing, undermine Trump.

Documents released this week reveal that Joshua Schulte, who is accused of leaking those documents to WikiLeaks, believed he could get WikiLeaks to publish disinformation to help his case.

Several documents submitted this week provide much more clarity on Schulte’s case. On Monday, the government responded to a Schulte effort to have his communications restrictions (SAMs) removed; their brief not only admitted — for what I believe to be the first time in writing — that the CIA is the victim agency, but described an Information War Schulte attempted to conduct from jail using contraband phones and a slew of social media accounts.

Yesterday, in addition to requesting that Schulte’s child porn charges be severed from his Espionage ones, his defense team moved to suppress the warrants used to investigate his communication activities in jail based on a claim the FBI violated Schulte’s attorney-client privilege. During the initial search, agents reviewed notebooks marked attorney-client with sufficient attention to find non-privileged materials covered by the search warrant, and only then got a privilege team to go through the notebooks in more detail. The privilege team confirmed that 65% of the contents of the notebooks was privileged. In support of the suppression motion, Schulte’s lawyers released most of the warrants used to conduct those searches, including the downstream one used to access three ProtonMail accounts discovered by the government and another downstream one used to access his ten social media accounts (see below for a list of all of Schulte’s accounts). Effectively, they’re arguing that the FBI would have never found this unbelievably incriminating communications activity, which will make it fairly easy for the government to prove that Schulte is the Vault 7 leaker without relying on classified information, without accessing those notebooks marked privileged.

But along the way, the documents released this week show that the guy accused of leaking that Umbrage file that denialists have relied on to claim the 2016 hack was a false flag operation framing Russia himself planned false flag activities to proclaim his innocence.

The government’s SAMs response describes in cursory fashion and the affidavits for the warrants as a whole describe in more detail how Schulte planned to adopt two fake identities — a CIA officer and an FBI Agent — to proclaim his innocence. The idea behind the latter was to corroborate two claims Schulte posted on his JoshSchulte WordPress sites on October 1, 2018 — that the FBI had planted the child porn discovered on his computer.

i. “I now believe the government planted the CP after their search warrants turned up empty-not only to save their jobs and investigation, but also to target and decimate my reputation considering my involvement in significant information operations and covert action.”

As noted above, in the Fake FBI Document in the Schulte Cell Documents, a purported FBI “whistleblower” claimed that the FBI had placed child pornography on Schulte’s computer after its initial searches of the device were unsuccessful in recovering evidence. See supra~ 14(a)(iii).

ii. “So who’s responsible for Vault 7? The CIA’s own version of the FBI’s Peter Strzok and Lisa Page,”

As noted above, in the September Tweet in the Schulte Cell Documents, a purported former CIA colleague of Schulte (but who was in fact simply Schulte himself) claimed that two other CIA former colleagues, one of whom Schulte described as the “Peter Strzok of the CIA,” had conspired to blame Schulte for Vault 7, WikiLeaks’ disclosure of the CIA material.

As noted above, two of the documents found in Schulte’s cell mixed in with the attorney-client material show how Schulte planned to create false identities to spread the same stories. One was an article he planned to send to WikiLeaks, claiming to be from an FBI whistleblower describing how Schulte was framed.

iii. A document that appears to be an article for release by WikiLeaks.org (“WikiLeaks”), in which a purported FBI “whistleblower” claimed to have provided the discovery in this case to WikiLeaks and that the FBI had planted evidence of child pornography on Schulte’s computer to frame him (the “Fake FBI Document”).

The documents also include his plans to release a fake CIA tweet claiming he was framed for the Vault 7 leak.

iv. Drafts of a tweet (the “Fake CIA Tweet”) that appear to have been drafted around August 30, 2018,3 in which Schulte pretending to be a former CIA colleague claimed that two other former CIA colleagues, both of whom Schulte referred to by full name and one of whom he described as the “Peter Strzok of the CIA,” had “set up” Schulte and used him as a “scapegoat” for “Vault 7,” which is the name of WikiLeaks serial disclosures of CIA material that began on or about March 7, 2017 and which forms the basis of some of the current charges against Schulte. On the following page of the Schulte Cell Documents appears the text “Just to authenticate me fast” followed by other apparent draft tweets that discussed the CIA’s alleged activities and methods, some of which appear to be classified (the “Fake Authentication Tweets”).4 . . I believe that Schulte planned to potentially publish the Fake Authentication Tweet before the Fake CIA Tweet in an effort to purportedly verify the author’s employment with the CIA and knowledge of the information in the Fake CIA Tweet.

Finally, the FBI also found Schulte’s to do list of how he planned to share both the fake FBI document and his discovery with WikiLeaks.

What appears to be a “to-do” list dated September 12, 2018, in which Schulte wrote that on September 17 and 18, he would “DL Disc. UL WL,” and.that on September 19, 20, and 21, he would “schedule tweets[.]” I believe that here, “DL Disc. UL WL” means that Schulte planned to download his discovery (”DL Disc.”) from the Schulte Laptop and upload that discovery to WikiLeaks (“UL WL”). As noted above, in another place in the Schulte Cell Documents, Schulte drafted the Fake FBI Document, a purported statement by a supposed FBI “whistleblower” who provided Schulte’s discovery to WikiLeaks and claimed that the FBI had planted evidence of child pornography on Schulte’s computer.

From a legal standpoint, Schulte’s lawyers have disclosed all these warrant materials in an urgent effort to suppress everything the government found after first accessing his notebooks from jail. The FBI investigation proceeded from those notebooks to the WordPress site showing him claiming something identical to disinformation he was packaging up to share with WikiLeaks. They also got from those notebooks to ProtonMail accounts where Schulte offered to share what may or may not be classified information with a journalist. The reason why the defense is pushing to suppress this — one of the only challenges they’re making in his prosecution thus far — is because the stuff Schulte did in prison is utterly damning and seems to confirm both his familiarity with WikiLeaks and his belief that he needed to create disinformation to claim to be innocent.

We’ll see whether this Fourth and Sixth Amendment challenge works.

But along the way, the defense has released information — the provenance of which they’re not disputing in the least — that shows that Schulte planned to use WikiLeaks to conduct a disinformation campaign. But it wouldn’t be the first time Schulte had gotten WikiLeaks to carry out his messaging. A year ago today — in the wake of Schulte being charged with the Vault 7 leak — WikiLeaks linked to the diaries that Schulte was writing and posting from his jail cell, possibly showing that Schulte continued to communicate with WikiLeaks — either via a family member or directly — even after he had been put in jail. Those diaries are among the things seized in the search.

In a follow-up, I think I can show that Schulte did succeed in using WikiLeaks as part a disinformation campaign.

Social media accounts Joshua Schulte accessed from jail

ProtonMail: annon1204, presumedguilty, freejasonbourne

Twitter: @freejasonbourne (created September 1, 2018 and used through October 2, 2018)

Buffer (used to schedule social media posts): (created September 3, 2018, used through September 7, 2018)

WordPress: joshschulte.wordpress.com, presumptionofslavery.wordpress.com, presumptionofinnocence.net (all created August 14, 2018)

Gmail: [email protected], [email protected] (created April 15, 2018), [email protected],

Outlook: [email protected]

Facebook: ‘who is JOHN GALT? (created April 17, 2018)

Update: The government also believed at the time that an account in the name Conj Khyas was used by Schulte to receive classified information at his annon1204 account. It was not listed in these warrants, but would amount to a 14th account.

On Joshua Schulte and Julian Assange’s 10 Year Old Charges

June 11, 2019/19 Comments/in Leak Investigations, WikiLeaks /by emptywheel

The WaPo has confirmed what Natasha Bertrand earlier reported: the extradition package for Julian Assange will only include the 10 year old charges related to the publication of Chelsea Manning’s leaks, not any of WikiLeaks more controversially handled charges. I’ve been meaning to write a post on how this is the stupidest available approach, which will satisfy neither those who regard him as a villain, will expose other journalists to similarly dangerous charges, and possibly even fuck up the security establishment’s entire effort to exact some revenge against Assange. I hope to return to that when I get some deadlines and travel done, but suffice it to say this is a big hot mess.

To be clear, I actually think it’s not eleven-dimensional chess on the part of Bill Barr to save Trump some embarrassment once Roger Stone’s trial reveals the extent to which Trump’s campaign tried to “collude” with WikiLeaks (though it will not only have that effect, but make it harder for DNC to sustain its lawsuit against the GOP and WikiLeaks for their actions in the 2016 election). Rather, I think this is an attempt to prosecute Assange with the least cost on the security establishment, being run by people who are utterly tone deaf to the costs it will incur elsewhere.

But I do want to say several things about why and how DOJ is not charging Assange in the Vault 7 leak.

Bertrand noted that I thought that the EDVA charges would be related to Vault 7.

Still, just several months ago, numerous experts felt confident that prosecutors would also hit Assange with charges over Vault 7. Prominent national security journalist Marcy Wheeler predicted in Februarythat DOJ would “very clearly go after Assange” for the Vault 7 disclosure, and that a sealed indictment against him in the Eastern District of Virginia was likely related to that leak — the CIA is, after all, headquartered in Virginia, as ABC noted. Assange himselfreportedly expressed concern that prosecutors would charge him with crimes related to Vault 7.

She didn’t provide even the full context of my tweet, much less my post, arguing that Assange’s efforts to extort a pardon using the Vault 7 files would be something obviously unconnected to journalism. The superseding indictment does mention Assange’s use of “insurance files” to ensure his ability to publish documents in his possession, but no charges were attached to that, which later uses of the tactic and the Vault 7 pardon effort would have supported.

Which is to say the government could have charged Assange for something specifically excluded from Bartnicki’s protection of the publication of stolen materials, but did not. Again, the government has chosen to go about this in the stupidest way possible.

That said, I’m not surprised they’re not going after Assange for the Vault 7 leak itself.

As it is, the CIA has been inexcusably uncooperative with Joshua Schulte’s discovery efforts. At times. some pretty aggressive prosecutors have seemed almost apologetic about it. Schulte has staked a lot on trying to expose details of his initial warrants, and while his later behavior seems to suggest there was something to their targeting of him (or, at the very least, his post-indictment behavior has been self-destructive), at the very least the CIA may have participated in some epically bad parallel construction. They may be trying to hide that as much as the actual details of CIA’s hacking program.

Meanwhile, the government and Schulte have been discussing severing his charges from last year — which include one charge of contempt and a charge of attempted leak of classified information — from everything else.

As the Court is aware, trial in this matter is currently set for April 8, 2019. (See Minute Entry for August 8, 2018 Conference). To afford the parties sufficient time to prepare the necessary pretrial motions, including suppression motions and motions pursuant to the Classified Information Procedures Act (“CIPA”), the parties respectfully request that the Court adjourn the trial until November 4, 2019. The parties are also discussing a potential agreement concerning severance, as well as the order of the potentially severed trials. The parties will update the Court on severance and a pretrial motion schedule at or before the conference scheduled for April 10, 2019.

That might be something they tried to base a plea off of: they’d have video evidence to back their case, so it might avoid the CIPA process CIA is unwilling to engage in.

Back in May, Schulte’s team submitted a motion to vacate his SAMs (Special Administrative Measures limit a prisoner’s communication with others). It was based off the case the government made prior to his superseding indictment and left out all the allegations the government made about the 13 email and social media accounts Schulte was allegedly running from his jail cell, and as such deliberately understated why the government wanted the SAMs. The government asked for and got an extension to respond until Monday — notably, after all decisions about Assange would have had to have been made. Any response (unless it’s sealed) will have to provide more details about what happened last fall, so if they’re trying to get a plea deal, it might come this week in lieu of that SAMs response.

But the question would be what that plea agreement would look like.

Finally, the government is going to have to provide some explanation for why Chelsea Manning remains in jail for contempt. Unless they can claim they’re going after other people related to WikiLeaks, they should not be able to keep her jailed.

The Assange Complaint Was Filed the Day the UK Rejected Assange’s Diplomatic Status

April 15, 2019/19 Comments/in WikiLeaks /by emptywheel

EDVA has released the affidavit and original complaint charging Julian Assange with conspiring with Chelsea Manning to crack a password. Two things support the likelihood that this extradition request arose in response to Ecuador’s attempt to get Assange diplomatic status that would allow it or Russia to exfiltrate him from London.

As I noted earlier, the extradition warrant itself dates to December 22. But the complaint and supporting affidavit date to December 21, 2017. That’s the day, according to multiple reports, that the British government denied Ecuador’s request to grant Assange “special designation” as a diplomat.

Ecuador last Dec. 19 approved a “special designation in favor of Mr. Julian Assange so that he can carry out functions at the Ecuadorean Embassy in Russia,” according to the letter written to opposition legislator Paola Vintimilla.

“Special designation” refers to the Ecuadorean president’s right to name political allies to a fixed number of diplomatic posts even if they are not career diplomats.

But Britain’s Foreign Office in a Dec. 21 note said it did not accept Assange as a diplomat and that it did not “consider that Mr. Assange enjoys any type of privileges and immunities under the Vienna Convention,” reads the letter, citing a British diplomatic note.

The Guardian (which is less reliable when it pertains to stories about Assange) claims that this effort was meant to support an exfiltration attempt, possibly to Russia.

Russian diplomats held secret talks in London last year with people close to Julian Assange to assess whether they could help him flee the UK, the Guardian has learned.

A tentative plan was devised that would have seen the WikiLeaks founder smuggled out of Ecuador’s London embassy in a diplomatic vehicle and transported to another country.

One ultimate destination, multiple sources have said, was Russia, where Assange would not be at risk of extradition to the US. The plan was abandoned after it was deemed too risky.

The operation to extract Assange was provisionally scheduled for Christmas Eve in 2017, one source claimed, and was linked to an unsuccessful attempt by Ecuador to give Assange formal diplomatic status.

The supporting affidavit is notable because it is even more troubling than the indictment itself is for its description of Assange’s work with Manning to publish classified documents.

But it’s also notable for the case it makes that Assange took refuge in the Ecuadorian embassy not to hide from the Swedish prosecution but from US prosecution.

Assange has made numerous comments reflecting that he took refuge in the Ecuadorian embassy to avoid extradition and charges in the United States.

For example, in 2013, the WikiLeaks website posted an affidavit by Assange concerning alleged monitoring of his activities and the search and seizure of his property. In the affidavit, Assange acknowledged that he was “granted asylum after a formal assessment by the government of Ecuador in relation to the current and future risks of persecution and cruel, inhuman and degrading treatment in the United States in response to my publishing activities and my political opinion. I remain under the protection of Ecuador in London for this reason.” See https://wikileaks.org/IMG/html/Affidavit_of_Julian_Assange.html.

On May 19, 2017, in response to Sweden’s decision to discontinue its investigation regarding suspected rape by Julian Assange, Assange publicly stated, “While today was an important victory and an important vindication … the road is far from over The war, the proper war, is just commencing. The UK has said it will arrest me regardless. Now the United States, CIA Director Pompeo, and the U.S. Attorney General have said that I and other WikiLeaks staff have no rights … we have no first amendment rights.. .and my arrest and the arrest of our other staffis a priority…. The U.K. refuses to confirm or deny at this stage whether a U.S. extradition warrant is already in the U.K. territory. So, this is a dialogue that we want to happen. Similarly, with the United States, while there have been extremely threatening remarks made, I am always happy to engage in a dialogue with the Department of Justice about what has occurred.” https://www.bloomberg.eom/news/articles/2017-05-19/swedishprosecutors-to-drop-rape-investigation-against-assange.

It seems likely that the UK rejected Ecuador’s request, in part, because the US lodged an extradition request, possibly because they learned of the exfiltration plan.

If so, that may change the extradition calculus significantly, even if Sweden refiles its request. The UK may have already agreed that Assange was only ever fleeing US prosecution. Indeed, their decision back in December 2017 may have served precisely to enable the arrest that occurred last Thursday.

If that’s right, there’s little chance the UK will give precedence to Sweden — though Labour within the UK and a number of entities in the EU are fighting this extradition request.

As I’ve noted, this all took place against the background of the Vault 7 prosecution which implicated Assange in far more activities unrelated to journalism, ones that the United States’ Five Eyes partner would likely be very sympathetic to. And that may well be what this indictment was always a placeholder for. Yes, the government may fill in a larger conspiracy in-between 2010 and 2017. But this action seems to have as much to do with what Assange did in 2017 as he was doing in 2010.

Update: Corrected indictment dating to December 22; I meant the extradition warrant.

In Subpoenaing Chelsea Manning, the Government Picks a Likely Needless Fight with the Transparency Community Again

March 8, 2019/30 Comments/in 2016 Presidential Election, Mueller Probe, WikiLeaks /by emptywheel

I’m bumping this post from earlier in the week. After refusing to answer questions before the grand jury under a grant of immunity, the Judge in this matter, Claude Hilton, held Chelsea Manning in contempt. She has been booked into the Alexandria jail until she either answers the questions or the grand jury expires.

Here’s an interview Manning did just before going in for her contempt hearing.

As NYT first reported, a grand jury in EDVA has subpoenaed Chelsea Manning to testify. She has said she’ll fight the subpoena.

Ms. Manning, who provided a copy of the subpoena to The New York Times, said that her legal team would file a motion on Friday to quash it, arguing that it would violate her constitutional rights to force her to appear. She declined to say whether she would cooperate if that failed.

“Given what is going on, I am opposing this,” she said. “I want to be very forthright I have been subpoenaed. I don’t know the parameters of the subpoena apart from that I am expected to appear. I don’t know what I’m going to be asked.”

The WaPo adds details about a grand jury appearance last year by David House. Notably, he appears to have been asked about the Iraq and Afghan war logs, not the State department cables that have been more central to public reporting based off WikiLeaks releases.

Last July, computer expert David House, who befriended Manning in 2010 at a hacker space in Boston he founded, testified for 90 minutes before the grand jury. In an interview, House said he met the WikiLeaks founder in January 2011 while Assange was under house arrest at Ellingham Hall, a manor house 120 miles northeast of London. Assange was fighting an extradition request by Sweden, where he faced an inquiry into allegations of sexual assault.

Assange asked House to help run political operations for WikiLeaks in the United States. “Specifically, he wanted me to help achieve favorable press for Chelsea Manning,” he said.

House, who testified in exchange for immunity, said the grand jury was interested in his relationship with Assange. “They wanted full insight into WikiLeaks, what its goals were and why I was associated with it,” he said. “They wanted explanations of why certain things occurred and how they occurred. . . . It was all related to disclosures around the war logs.”

The WaPo also argues that Manning will have a tough time fighting this subpoena, which is probably right, though I’m not sure how her legal exposure works given the commutation. She may have a real basis to challenge the subpoena (or at least invoke the Fifth) based off a double jeopardy claim.

Setting aside the legal questions though, I think this subpoena raises real tactical ones. Unless the government believes they need to show a newly-understood pattern of behavior on the part of WikiLeaks dating to before the time Julian Assange took refuge in Ecuador’s embassy as part of a bid to boot him, I think this move is likely to backfire, even from the most hawkish government perspective.

Subpoenaing people for stuff that happened nine years ago, when WikiLeaks’ actions are more immediately suspect in the context of the Vault 7 releases, only makes sense if prosecutors are pursuing some new theory of criminal activity. Contra what Steve Vladeck says to the WaPo (that Assange’s charges last year may be about a 10 year statute of limitations tied to the Espionage Act), prosecutors may be pursuing a conspiracy charge that has continued to more recent years, of which the 2009 actions were the first overt acts (which would also toll the statutes of limitation).

But it’s not just the US government that appears to have a new understanding of WikiLeaks’ actions. So do people who have been involved with the organization over the years, particularly in the wake of WikiLeaks’ 2016 efforts to help Russia elect Donald Trump. The public reversals on supporting Assange from Xeni Jardin, Barrett Brown, and Emma Best have been accompanied by a whole lot of reporting (some of it obviously based on leaks of communications from other former insiders) that lay out activities that go beyond the passive receipt of public interest documents and subsequent publication of them. More will surely be coming.

What journalists and activists are presenting about WikiLeaks doesn’t necessarily get the government beyond a First Amendment defense — certainly not one that might put a lot of respectable investigative reporting at risk. But it does undermine Assange’s claims to be a mere publisher.

And unless there’s a really good legal reason for the government to pursue its own of evolving theory of WikiLeaks’ activities, it doesn’t make sense to rush where former WikiLeaks supporters are headed on their own. In virtually all venues, activists’ reversed understanding of WikiLeaks is bound to have more credibility (and almost certainly more nuanced understanding) than anything the government can offer. Indeed, that would likely be especially true, internationally, in discussions of Assange’s asylum claim.

A charge against Assange in conjunction with Vault 7 or the 2016 election operation might accelerate that process, without foreclosing the government’s opportunity to present any evolved understanding of WikiLeaks’ role in the future (especially if tied to conspiracy charges including the 2016 and 2017 activities).

But getting into a subpoena fight with Chelsea Manning is likely to have the opposite effect.

That’s true, in part, because post-commutation a lot of people worry about the impact renewed pressure from the government against Manning will have, regardless of the legal soundness of it. The government wanted Aaron Swartz to become an informant when they ratcheted up the pressure on him between 2011 and 2013. They didn’t get that information. And his suicide has become a key symbol of the reasons to distrust law enforcement and its ham-handed legal tactics.

There’s even good reason to believe history will likely eventually show that FBI’s use of Sabu as an informant likely didn’t get them what they thought they got. And it’s not just Sabu. It is my strong suspicion that we’ll eventually learn that at key moments, the known instincts and habits of the FBI were exploited just as badly as the good faith efforts of transparency activists, even before the Bureau’s bumbling efforts played the perhaps decisive role in the 2016 election.

We’re at a moment when, amid rising tribalism, both federal law enforcement and the transparency community are actually reassessing. That reassessment is key to being less susceptible to exploitation, on both sides.

But ratcheting up the stakes, as a subpoena of Manning at this moment amounts to, will reverse that trend.

Fun with Dr. Corsi’s “Forensics”!

February 3, 2019/39 Comments/in 2016 Presidential Election, Mueller Probe /by emptywheel

By far the most ridiculous part of Jerome Corsi’s book is where he spends an entire chapter pretending that he figured out on his own that WikiLeaks had John Podesta’s emails rather than being told that by someone whose identity he’s trying to avoid sharing with Mueller’s team.

The chapter is one of three in the book that he presents as having been written in real time, effectively as diary entries. Corsi presents it as the fevered narrative he writes on November 18, 2018, at a time when Mueller’s team was cracking down on him for his continued lies but before he refused the plea deal, after a night of nightmares.

Last night, I was plagued by nightmares that caused me to sleep very poorly.

His change in voice is followed with an even more direct address to readers, which he returns to as an interjection in the middle of his crazed explanation.

I am going to write this chapter to explain to you, the reader, how I used my basic intuitive skills as a reporter to figure out in August 2016 that Assange had Podesta’s emails, that Assange planned to start making the Podesta file public in October 2016, and that Assange would release the emails in a serial, day-by-day fashion, right up to election day.

[snip]

Now, I know this is tedious and will tax many readers, so I’ve decided here to take a break. You have to understand what I am going through is a roller-coaster. Sometimes I feel like everything is normal and that the federal government will understand that I am a reporter and should be protected by the First Amendment. Then, I realize that the next ring of the doorbell could be the FBI seeking to handcuff me and arrest me in full view of my family.

Resuming after a much-needed break, we need only a few more dates to complete the analysis.

The chapter consists of three things, none of which even remotely presents a case for how he could have concluded WikiLeaks was sitting on John Podesta’s emails:

An argument that claims he simply reasoned it all out, without proof
A chronology that makes no sense given the July and August 2016 emails he’s trying to explain away
Other crap theories designed to undermine Mueller’s argument about Russian involvement, most of which post-date the date when Corsi claims to have figured out the Podesta emails were coming

Corsi’s “argument”

Corsi’s main argument is this:

Clearly, I reasoned there had to have been Podesta emails on that server that would have discussed the Clinton/DNC plot to deny Bernie Sanders the Democratic Party presidential nomination in 2016. Where were these Podesta emails, I wondered?

[snip]

I felt certain that if Assange had Podesta’s emails he would wait to drop them in October 2016, capturing the chance to stage the 2016 “October Surprise,” a term that had been in vogue in U.S. presidential politics since 1980 when Jimmy Carter lost re-election to Ronald Reagan, largely because the Reagan camp finessed Ayatollah Khomeini to postpone the release of the hostages from the American embassy in Tehran until after that year’s November election. I also figured that Assange would release the Podesta emails in drip-drip fashion, serially, over a number of days, stretching right up to the Election Day. In presidential politics, the news cycle speeds up, such that what might take a month or a week to play out in a normal news cycle might take only a day or two in the heightened intensity of a presidential news cycle—especially a presidential news cycle in October, right at Election Day is nearing.

In spite of his claims, elsewhere, to have done forensic analysis that told him John Podesta’s emails were coming, ultimately his argument boils down to this: he figured out that Podesta’s emails (which he purportedly hadn’t read) would be the most damning possible thing and therefore WikiLeaks must have and intend to release them in a serial release because it made sense.

Corsi’s chronology

From there, Corsi proceeds to spin out the following bullshit about how he came to that conclusion:

Starting in February 2016, a woman named LH whose ex-husband was a former top NSA figure told him [why?] incorrect things about how the Democrats organize their servers. This information seems to be inflected by the flap over VAN space the previous December, but Corsi doesn’t mention that. This information is wrong in many of the ways later skeptics of the Russian hack would be wrong, but Corsi claims he had that wrong understanding well in advance of the crowd.
When Assange announced on June 12 that he had upcoming Hillary leaks, Corsi was “alerted to the possibility Assange had obtained emails from the DNC email server,” which he took to mean VAN.
When the WaPo reported on the DNC hack on June 14, 2016, Corsi took Democrats’ (false) reassurances about financial data to be true, matched it to his incorrect claimed understanding of how the Democrats organized their data, and assumed VAN had been hacked (this is the day before Guccifer 2.0 would claim he got in through VAN, remember). Corsi also claims to have noted from the WaPo story that Perkins Coie and Crowdstrike were involved, the latter of which he tied to Google’s Eric Schmidt (who was helping Dems on tech), which together he used to suggest that in real time he believed the Democrats had “manufactured” evidence to pin the hack on the Russians. Again, Corsi is suggesting he got to the conspiracy theories it took the rest of Republicans a year to get to, but in real time.
Corsi incorrectly read the Crowdstrike white paper (on which the WaPo story was obviously based and which Ellen Nakashima had had for about a week, and which includes an update written in response to the appearance of Guccifer 2.0) as a response to Guccifer 2.0’s post on June 15 and — in spite of the WaPo report that Cozy Bear had been “monitoring DNC’s email and chat communications” — concluded that the hackers had not taken email.
After the DNC emails were released, Corsi had what he claims was his big insight: that these emails largely came from DNC’s Comms Director and their finance staffers, which meant Podesta’s (and DWS’, which he logically should but did not, pursue) had to be what was left. Mind you, the former point is something WikiLeaks made clear on its website:

On July 22, 2016, Wikileaks began releasing over two days a total of 44,053 emails and17,761 email attachments from key figures in the DNC. What I noticed immediately was that the largest number of emails by far came from DNC Communications Director Luis Miranda (10,520 emails), who had approximately three-times the emails released for the next highest on the list, National Finance Director Jordon Kaplan (3,799 emails) and Finance Chief of Staff Scott Corner (3,095 emails). What I noticed immediately was that emails from Debbie Wasserman Schultz and John Podesta were missing. Yet, by analyzing the addresses in the emails, it was clear the “From,” “To,” and or “CC” listings indicate the email was sent by or to an addressee using the DNC email server, identified as @dnc.org.

In his narrative of how he “figured out” there must be Podesta emails, he relies not on the July 25 NBC story he cites earlier in his book, quoting Assange saying there was “no proof” the emails came from Russia (and suggesting his set were a different one than the ones analyzed by cybersecurity experts), but a CNN story he dates to July 26 but which got updated early morning July 27, citing Assange saying, “Perhaps one day the source or sources will step forward and that might be an interesting moment some people may have egg on their faces. But to exclude certain actors is to make it easier to find out who our sources are;” Corsi also cites a July 27 NYMag story citing the CNN one. Corsi claims that as he was listening to this interview, he realized that Assange had Podesta emails “lifted from the DNC server,” which would be incorrect even if it were true, given that Podesta’s emails were from his Gmail account.

Listening to this interview on CNN, all the pieces fit in place for me. Assange had Podesta emails that were also lifted from the DNC server and these were the emails he was holding to drop later in the campaign.

Corsi describes “the last piece of the puzzle” to be Seth Rich’s death on July 10, 2016, but which occurred before Assange’s post DNC release interviews, in one of which Assange suggested his sources were still alive to “step forward,” then points to Assange’s offer of a reward for information leading to a conviction on August 9. This happened after he had already suggested to Stone that Podesta’s emails were coming.

None of this explains how Corsi would not have decided that Clinton Foundation emails were what was missing, which is what Stone believed when he instructed Corsi to reach out to Ted Malloch on July 25, the day before the Assange interviews Corsi says led him to conclude WikiLeaks instead had Podesta’s emails. And much of it assumes that a unified hack occurred (otherwise it would be impossible to decide what was coming from what had already been released), an assumption he claims not to believe in much of the rest of his crap.

Corsi’s crap

In addition to that chronology, though, Corsi throws in a bunch of crap meant to discredit the evidence laid out in the Mueller GRU indictment. Much of this evidence post-dates the moment he claims he figured out that WikiLeaks had Podesta’s emails, which makes it irrelevant to his theory, nevertheless Corsi throws it out there.

Corsi takes the Guccifer 2.0 leak of DCCC files to Aaron Nevins — which didn’t happen until over a month after he told Stone that WikiLeaks had Podesta emails — to be “proof” not just that Guccifer 2.0 only hacked DNC files, which he again asserts incorrectly came from VAN, but also that Guccifer 2.0 had not hacked emails.
Corsi claims that Guccifer 2.0 “never bragged that he hacked the DNC email server that contained the Podesta emails,” even though Guccifer 2.0 did brag that WikiLeaks had published documents he gave them after the DNC leak.
Corsi claims that Guccifer 2.0 published donor lists and voter analysis at DCLeaks, which is generally inaccurate (indeed, some Podesta files came out via DCLeaks!), but also admits a tie between Guccifer 2.0 and DCLeaks that would either rely on contemporary reporting that asserted a tie, the GRU indictment, or some personal knowledge not otherwise explained.
Corsi claims that, unlike Marcel Lazar, “Guccifer 2.0 has never been positively identified let alone arrested,” without explaining how he’s sure that the 12 GRU officers Mueller indicted don’t amount to positively identifying the people running Guccifer 2.0. Indeed, rather than addressing that indictment, Corsi instead tries to rebut the Intelligence Community Assessment’s “high confidence” attribution of Guccifer 2.0 to GRU, which he claims relies on ‘tradecraft’ that relies on circumstantial evidence at best, presuming a hacker leaves a signature.” In the ICA, that discussion appears in a section that also notes that “Some analytic judgments are based directly on collected information,” as the Mueller indictment makes clear the GRU one was.
Corsi claims the Vault 7 release suggesting the CIA has a tool to falsely attribute its own hacks “undermined” the IC’s attribution of Cozy Bear and Fancy Bear, without realizing that’s a different issue from whether the CIA, NSA, and FBI can correctly attribute the hack (though if the Russians obtained those files in the weeks after Joshua Schulte allegedly stole them in 2016, it would have made it harder for CIA to chase down the Russians).
Corsi initially argues, providing no evidence except that he’s sure the DNC emails come from the DNC email server and not NGP-VAN or Hillary’s private server, that, “While the DNC email server could have been hacked by an outside agent, what is equally plausible is that the emails could have been stolen by someone on the inside of the DNC, perhaps an employee with their own @dnc.org email address.” He then feeds the Seth Rich conspiracy.
Corsi uses what he claims to have learned about serialization in a college course covering Dickens (but details of which, regarding the history of Dickens’ serialization, he gets entirely wrong) to explain how he knew the Podesta emails would come out in a serialized release.
Corsi dismisses the possibility the Russians used a cut-out with this garble:

The attempt to distinguish is disingenuous, suggesting the Russians may have been responsible for the hack, turning the information to a third party, not the Russians or a state actor, who handed WikiLeaks the emails and thus became “the source.”

Corsi cites the Nation’s August 9, 2017 version of the Bill Binney theory purportedly proving that a set of files purporting to be from the DNC — which were never released by WikiLeaks — were copied inside the US and also noting that the Russian metadata in the first Guccifer 2.0 documents was placed there intentionally. As I noted at the time, the two theories actually don’t — at all — disprove the claim that Russia hacked the DNC. But they’re even worse for Corsi’s claims, because (even though the set of files were called NGP/VAN) they undermine his false claim about the Democrats’ servers and they acknowledge that the files he said disproved that Guccifer 2.0 had Podesta files actually were Podesta files.

These things are utterly irrelevant to the soundness of Corsi’s own claim to have been able to guess that the Podesta emails were coming and — as I note — a number of them sharply contradict what he claims to believe.

Corsi’s mistaken notion of his role in proving “collusion”

But the crap does serve Corsi’s larger point, which is to undermine what he imagines Mueller’s theory of “collusion” to be.

Mueller & Company had decided the Trump campaign somehow encouraged Russia to steal the DNC emails and give them to Assange, so WikiLeaks could publish them. Then to establish “Russian collusion” with the Trump campaign, Mueller was out to connect his own dots. The Mueller prosecutors had been charged with the mission to grill me until

I would “give up” my source to Assange. I was their critical “missing link.” If Rhee, Zelinsky, and Goldstein only got me to confess, Mueller figured he could connect the dots from Roger Stone to me to Assange, and from Assange back again to me, and from me to Roger Stone, who would feed the information to Steve Bannon, then chairing the Trump campaign.

The final dots, the Mueller prosecutors assumed, would connect Bannon to Trump and the “Russian collusion” chain of communication would be complete. The only problem was that I did not have a source connecting me to Assange, so Mueller’s chain-link narrative does not connect.

While I actually think it possible that Corsi’s shenanigans may have harmed the neatness of Mueller’s case against Stone, perhaps even leading Mueller to charge Stone only with the obstruction charges rather than in a larger conspiracy, it doesn’t affect the understanding with which Mueller seems to be approaching the Don Jr side of any conspiracy, in which Trump’s son accepted a meeting offering dirt, thinking the family might make $300 million off it, and promised policy considerations that — even before he was sworn into office — his father took steps to pay off.

That conspiracy remains, even if Mueller can’t show that at the same time, Trump was maximizing the advantage of the WikiLeaks releases via his old political advisor Roger Stone.

But who knows? Perhaps Mueller may one day prove that, too?

One other thing that’s worth noting, however: As I laid out above, Corsi doesn’t just attempt to explain how he came to guess that WikiLeaks would release John Podesta’s emails. In the guise of doing that, he lays out what amounts to the Greatest Hits of the Denialist Conspiracies, throwing every possible claim mobilized to undermine the conclusion that Russia hacked the Democrats out there, even the ones that undermine Corsi’s own claimed beliefs.

And, as Corsi himself notes, Mueller has Corsi’s Google searches.

Truthfully, I was astounded because it seemed as if the FBI had studied me down to knowing the key strokes that I had used on my computer to do Google searches for articles. I realized my Google file would have much information about my locations and my Internet searches, but the way Zelinsky drilled down on how I wrote this article was shocking.

Repeatedly Zelinsky had warned me that I had no idea how truly extensive the Special Counselor’s investigation had been. Now, I imagined an army of FBI computer specialists at Quantico mapping out my every electronic communication in 2016, including my emails, my cellphone calls, and my use of the laptop and the Internet to conduct my research and write my various articles and memos.

They actually know whether he read this stuff (notably, the NBC, CNN, and NYMag articles he cites from late July 2016) in real time or only after the fact. They know when Corsi downloaded a bunch of other things (including the Guccifer 2.0 releases), and they know whether he read the GRU indictment. The FBI has also likely obtained what he was doing in November, 2018, as he was writing this stuff.

So it may be that when Corsi’s book comes out in hard cover on March 12, Mueller’s team will already have put together the forensic evidence to prove that Corsi’s claims about how he came by his own forensic analysis — and the rest of these conspiracies — are absolute bullshit. It is, admittedly, frightening how much the government can obtain about our contemporaneous thinking.

But it would be an ironic and just outcome for Corsi if Mueller’s best demonstration about the power of FBI’s forensic analysis comes not in the GRU indictment Corsi so studiously avoided mentioning in the entire book attempting to discredit it, but in proving Corsi’s own claims about forensics to be utterly false.

Corsi’s Timeline

March 16, 2016: WikiLeaks indexes FOIAed Hillary emails

June 12, 2016: Assange announces he has more information on Hillary

In that interview, Assange disclosed that WikiLeaks has “upcoming leaks in relation to Hillary Clinton,” though Assange distinguished the Hillary Clinton emails WikiLeaks possessed pending publication came from a different source than the emails from Hillary’s private email server. This alerted me to the possibility Assange had obtained emails from the DNC email server.

June 14, 2016: WaPo announces the DNC hack

June 15, 2016: Crowdstrike publicly releases white paper on DNC hack and Guccifer 2.0 first posts

July 10, 2016: Seth Rich’s murder

July 22, 2016: WikiLeaks releases the DNC emails

July 25, 2016: Stone emails Corsi asking him to Get to Assange to “get the pending WikiLeaks emails;” Corsi forwards the email to Ted Malloch

July 26, 2016: Assange tells CNN a lot more material is coming and refuses to exclude Russia as a source because “to exclude certain actors is to make it easier to find out who our sources are”

July 28, 2016: Corsi and his wife leave for Italy

July 31, 2016: Stone emails Corsi to “call me MON” instructing him to get Malloch to see Assange

August 2, 2016: Corsi emails Stone,

Word is friend in embassy plans 2 more dumps. One shortly after I’m back. 2nd in Oct. Impact planned to be very damaging.… Time to let more than Podesta to be exposed as in bed w enemy if they are not ready to drop HRC. That appears to be the game hackers are now about. Would not hurt to start suggesting HRC old, memory bad, has stroke — neither he nor she well. I expect that much of next dump focus, setting stage for Foundation debacle.

August 9, 2016: WikiLeaks offers $20,000 reward for information leading to conviction for murder of Seth Rich

August 12, 2016: Corsi returns from Italy

March 7, 2017: WikiLeaks starts to release Vault 7 documents, including an Umbrage file showing that CIA uses disinformation to hide which attacks it launches

May 25, 2017: WSJ reports on Aaron Nevins files that Guccifer 2.0 noted in real time; Corsi deems this (in a Murdoch paper) to be part of the anti-Stone narrative

It Is False and Defamatory to Accuse WikiLeaks of a Bunch of Things that Aren’t the Key Allegations against It

January 7, 2019/42 Comments/in 2016 Presidential Election, Mueller Probe /by emptywheel

WikiLeaks decided it was a good idea to release a long list of claims about Julian Assange and WikiLeaks that it considers defamatory. Emma Best obtained and liberated the list. Given that the list clearly attempts (unsuccessfully in some places, and hilariously in other places where they deem matters of opinion defamatory) to be factually correct, I’m interested in the way WikiLeaks uses the list to try to deny a bunch of things that might end up in a US criminal indictment.

The US is only angry with Assange because Ecuador has lots of debt

Pretty far down the list, WikiLeaks denies being gagged for claims made about Sergey Skripal in such a way as to falsely suggest the only concerns the US had over Assange came to do with debt pressure.

It is false and defamatory to suggest that Ecuador isolated and gagged Mr. Assange due to his comments on Sergei Skripal [in fact, he was isolated over his refusal to delete a factually accurate tweet about the arrest of the president of Catalonia by Spain in Germany, along with U.S. debt pressure on Ecuador. The president of Ecuador Lenin Moreno admitted that these two countries were the issue, see https://defend.wikileaks.org/about-julian/].

It’s nonsensical to claim that Assange was gagged just because of debt pressure, but it’s a good way to hide how the timing of his gag correlated with actions he took to piss of the US government, including by releasing a live CIA malware file.

The US charged Assange for actions it already decided not to charge him for, on which statutes of limitation have expired

The rest of the list is sprinkled with efforts to spin the US government’s legal interest in Assange. There’s an extended series of items that attempt to claim, as WikiLeaks has since DOJ accidentally revealed the existence of a recently filed complaint against Assange, that the charges instead relate to long-past publications (like Cablegate).

It is false and defamatory to deny that Julian Assange has been formally investigated since 2010 and charged by the U.S. federal government over his publishing work [it is defamatory because such a claim falsely imputes that Mr. Assange’s asylum is a sham and that he is a liar, see https://defend.wikileaks.org/].

It is false and defamatory to suggest that such U.S. charges have not been confirmed [in fact, they have, most recently by Associated Press (AP) and the Washington Post in November 2018].
– It is false and defamatory to suggest that the U.S. government denies the existence of such charges.
– It is false and defamatory to suggest that Julian Assange is not wanted for extradition by the U.S. government [in fact, public records from the Department of Justice show that the U.S. government says it had been intentionally concealing its charges against Mr. Assange from the public specifically to decrease his ability to “avoid arrest and extradition”].
– It is false and defamatory to suggest that the U.S. government has not publicly confirmed that it has an active grand jury, or pending or prospective proceedings, against Julian Assange or WikiLeaks, each year since 2010.

These claims are all true. WikiLeaks has been under investigation since well before 2010. There are charges that the US would like to extradite Assange for.

But all the public evidence suggests those charges relate to WikiLeaks’ recent actions, almost certainly involving Vault 7 and probably involving Russia’s election year operation.

Julian Assange is not a hacker, which is different from being someone who solicits or assists in hacks

WikiLeaks makes repeated claims that might appear to deny that the organization has solicited or assisted in hacks. The list denies that the DNC (which doesn’t have all the evidence Mueller does) has accused Assange of soliciting hacks of the DNC or Podesta. (Everywhere, this list is silent about the DCCC and other election year targets).

It is false and defamatory to suggest that the Democratic National Committee has claimed that Julian Assange directed, conspired, or colluded to hack the Democratic National Committee or John Podesta [in fact, the DNC makes no such claim: https://www.courthousenews.com/wp-content/uploads/2018/12/WikiLeaksDNC.pdf].

It denies that France has claimed that the MacronLeaks came from Russia (which again stops short of saying that the MacronLeaks came from Russia).

It is false and defamatory to suggest that the French government found that “MacronLeaks” were hacked by Russia [in fact, the head of the French cyber-security agency, ANSSI, said that they did not have evidence connecting the hack with Russia, see https://wikileaks.org/macron-emails/].

It denies that Assange has hacked the state of Ecuador (but not the Embassy of Ecuador or other states, including the US or Iceland).

It is false and defamatory to suggest that Julian Assange has ever hacked the state of Ecuador.

And it denies that Assange is, himself, a hacker.

It is false and defamatory to suggest that Julian Assange is a “hacker”.

All of these hacking denials stop well short of denying that WikiLeaks has solicited hacks before, including by publicizing a “most wanted” list that Russian hackers might respond to.

Mueller described WikiLeaks as an unindicted co-conspirator but that doesn’t mean Mueller has any interest in the organization

Close to the top of the list, WikiLeaks makes two claims to suggest the organization and Assange are not targets in the Mueller investigation.

It is false and defamatory to suggest that WikiLeaks or Julian Assange has ever been contacted by the Mueller investigation.

It is false and defamatory to suggest that there is any evidence that the U.S. charges against Julian Assange relate to the Mueller investigation.

This is misdirection hiding a great deal of evidence that WikiLeaks is a target in the Mueller investigation. The list is silent, for example, on whether Congressional investigators have contacted Assange, whether Assange ultimately did accept SSCI’s renewed request last summer to meet with Assange, and whether Assange demanded immunity to travel to the US to respond to such inquiries.

Nor does WikiLeaks deny having been described — in a fashion usually reserved for unindicted co-conspirators — in a Mueller indictment.

WikiLeaks doesn’t deny that WikiLeaks denied Russians were its source for 2016 materials

WikiLeaks twice denies, in very similar language, that it suggested that Seth Rich was its source for the DNC emails.

It is false and defamatory to suggest that WikiLeaks or Julian Assange claimed that any person or entity was their source for WikiLeaks’ 2016 U.S. election publications [it is defamatory because Julian Assange’s professional reputation is substantially based on source protection].

[snip]

It is false and defamatory to suggest that WikiLeaks or Julian Assange has ever stated or suggested that any particular person was their source for any publication, including Seth Rich.

A good lawyer would be able to sustain a claim that Assange had indeed “suggested” that Rich was his source, though it would make an interesting legal battle.

But when WikiLeaks denies feeding Seth Rich conspiracies, it does so only by denying the most extreme conspiracy, that the Democrats had Rich killed.

It is false and defamatory to suggest that WikiLeaks or Julian Assange has ever published, uttered or tried to promote alleged conspiracy theories claiming “John Podesta engaged in satanic rituals”, the “Democratic Party had Seth Rich Killed”, “Clinton wore earpieces to the 2016 US election debates”, on “Clinton’s health” or “Clinton kidnapping children”.

All of this, of course, dodges the way that WikiLeaks repeatedly tried to claim that Russia was not its ultimate source for the 2016 files.

Should we take the silence on this point as an admission?

Marcy Wheeler is false and defamatory

Finally, there are four claims relating to Vault 7, three of which pertain to my coverage of the way WikiLeaks attempted to leverage the Vault 7 releases in conversations with the Trump Administration. WikiLeaks denies that the two times Assange suggested to the President’s spawn that he should be made an ambassador to the US constituted an effort by WikiLeaks to get Trump to appoint Assange ambassador (note, this is also a denial that Assange tried to serve in another diplomatic role, which is different than being Ambassador).

It is false and defamatory to suggest that WikiLeaks tried to have the Trump administration appoint Julian Assange as an ambassador or to have any other person or state appoint him as an ambassador.

I find it notable that this claim departs from the form used in many of these denials, speaking for both Assange and WikiLeaks.

Then the list twice denies that Assange suggested he wouldn’t release the Vault 7 files if the Trump Administration provided him immunity.

It is false and defamatory to suggest that Julian Assange has ever extorted the United States government.

It is false and defamatory to suggest that Julian Assange has ever proposed that he not publish, censor or delay a publication in exchange for any thing.

Assange would and will claim that the discussions with Adam Waldman where just this arrangement was floated are protected by Attorney-Client privilege. But Waldman may have said enough to people at DOJ to refute this denial regardless.

Finally, WikiLeaks insisted it has never retracted any of the bullshit claims it made about its Vault 7 files.

It is false and defamatory to suggest that any of WikiLeaks’ claims about its 2017 CIA leak, Vault 7, “were later retracted”.

Given that one of the claims directly parroted the bullshit claims Shadow Brokers was making, a claim it made in a release that will probably be part of the charges against it, this non-retraction doesn’t necessarily help it much.

Note that one other thing WikiLeaks is silent about here are its public statements about Joshua Schulte, whose attempts to continue leaking from jail the FBI got on video. I find that interesting both for WikiLeaks’ attempt to corroborate Schulte’s thin excuse for using Tor after he was charged, and for its relative silence about whether he would be a whistleblower if he were its source for CIA’s hacking tools.

Update: WikiLeaks has released a revised version that takes out, among other things, the Ambassador claim, the Seth Rich claims, and also a denial that it is close to Russia.

The Year Long Trump Flunky Effort to Free Julian Assange

December 4, 2018/82 Comments/in 2016 Presidential Election, emptywheel, Mueller Probe, WikiLeaks /by emptywheel

The NYT has an unbelievable story about how Paul Manafort went to Ecuador to try to get Julian Assange turned over. I say it’s unbelievable because it is 28 paragraphs long, yet it never once explains whether Assange would be turned over to the US for prosecution or for a golf retirement. Instead, the story stops short multiple times of what it implies: that Manafort was there as part of paying off Trump’s part of a deal, but the effort stopped as soon as Mueller was appointed.

Within a couple of days of Mr. Manafort’s final meeting in Quito, Robert S. Mueller III was appointed as the special counsel to investigate Russian interference in the 2016 election and related matters, and it quickly became clear that Mr. Manafort was a primary target. His talks with Ecuador ended without any deals.

The story itself — which given that it stopped once Mueller was appointed must be a limited hangout revealing that Manafort tried to free Assange, complete with participation from the spox that Manafort unbelievably continues to employ from his bankrupt jail cell — doesn’t surprise me at all.

After all, the people involved in the election conspiracy made multiple efforts to free Assange.

WikiLeaks kicked off the effort at least by December, when they sent a DM to Don Jr suggesting Trump should make him Australian Ambassador to the US.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

Weeks later, Hannity would go to the Embassy to interview Assange. Assange fed him the alternate view of how he obtained the DNC emails, a story that would be critical to Trump’s success at putting the election year heist behind him, if it were successful. Trump and Hannity pushed the line that the hackers were not GRU, but some 400 pound guy in someone’s basement.

Then the effort actually shifted to Democrats and DOJ. Starting in February through May 2017, Oleg Deripaska and Julian Assange broker Adam Waldman tried to convince Bruce Ohr or Mark Warner to bring Assange to the US, using the threat of the Vault 7 files as leverage. In February, Jim Comey told DOJ to halt that effort. But Waldman continued negotiations, offering to throw testimony from Deripaska in as well. He even used testimony from Christopher Steele as leverage.

This effort has been consistently spun by the Mark Meadows/Devin Nunes/Jim Jordan crowd — feeding right wing propagandists like John Solomon — as an attempt to obstruct a beneficial counterintelligence discussion. It’s a testament to the extent to which GOP “investigations” have been an effort to spin an attempt to coerce freedom for Assange.

Shortly after this effort failed, Manafort picked it up, as laid out by the NYT. That continued until Mueller got hired.

There may have been a break (or maybe I’m missing the next step). But by the summer, Dana Rohrabacher and Chuck Johnson got in the act, with Rohrabacher going to the Embassy to learn the alternate story, which he offered to share with Trump.

Next up was Bill Binney, whom Trump started pushing Mike Pompeo to meet with, to hear Binney’s alternative story.

At around the same time, WikiLeaks released the single Vault 8 file they would release, followed shortly by Assange publicly re-upping his offer to set up a whistleblower hotel in DC.

Those events contributed to a crackdown on Assange and may have led to the jailing of accused Vault 7 source Joshua Schulte.

In December, Ecuador and Russia started working on a plan to sneak Assange out of the Embassy.

A few weeks later, Roger Stone got into the act, telling Randy Credico he was close to winning Assange a pardon.

These efforts have all fizzled, and I suspect as Mueller put together more information on Trump’s conspiracy with Russia, not only did the hopes of telling an alternative theory fade, but so did the possibility that a Trump pardon for Assange would look like anything other than a payoff for help getting elected. In June, the government finally got around to charging Schulte for Vault 7. But during the entire time he was in jail, he was apparently still attempting to leak information, which the government therefore obtained on video.

Ecuador’s increasing crackdown on Assange has paralleled the Schulte prosecution, with new restrictions, perhaps designed to provide the excuse to boot Assange from the Embassy, going into effect on December 1.

Don’t get me wrong: if I were Assange I’d use any means I could to obtain safe passage.

Indeed, this series of negotiations — and the players involved — may be far, far more damning for those close to Trump. Sean Hannity, Oleg Deripaska, Paul Manafort, Chuck Johnson, Dana Rohrabacher, Roger Stone, and Don Jr, may all worked to find a way to free Assange, all in the wake of Assange playing a key role in getting Trump elected. And they were conducting these negotiations even as WikiLeaks was burning the CIA’s hacking tools.

The Theory of Prosecution You Love for Julian Assange May Look Different When Applied to Jason Leopold

November 16, 2018/75 Comments/in 2016 Presidential Election, Mueller Probe, WikiLeaks /by emptywheel

The WaPo confirmed something Seamus Hughes disclosed last night: Sometime before August 22, EDVA had filed a sealed complaint (not indictment) against Julian Assange.

WikiLeaks founder Julian Assange has been charged under seal, prosecutors inadvertently revealed in a recently unsealed court filing — a development that could significantly advance the probe into Russian interference in the 2016 election and have major implications for those who publish government secrets.

The disclosure came in a filing in a case unrelated to Assange. Assistant U.S. Attorney Kellen S. Dwyer, urging a judge to keep the matter sealed, wrote that “due to the sophistication of the defendant and the publicity surrounding the case, no other procedure is likely to keep confidential the fact that Assange has been charged.” Later, Dwyer wrote the charges would “need to remain sealed until Assange is arrested.”

Dwyer is also assigned to the WikiLeaks case. People familiar with the matter said what Dwyer was disclosing was true, but unintentional.

The confirmation closely follows a WSJ story describing increased confidence that the US will succeed in extraditing Assange for trial.

The confirmation that Assange has been charged has set off a frenzy, both among Assange supporters who claim this proves their years of claims he was indicted back in 2011 and insisting that charging him now would amount to criminalizing journalism, and among so-called liberals attacking Assange lawyer Barry Pollack’s scolding of DOJ for breaking their own rules.

I’ve long been on record saying that I think most older theories of charging Assange would be very dangerous for journalism. More recently, though, I’ve noted that Assange’s actions with respect to Vault 7, which had original venue in EDVA where the Assange complaint was filed (accused leaker Joshua Schulte waived venue in his prosecution), go well beyond journalism. That said, I worry DOJ may have embraced a revised theory on Assange’s exposure that would have dire implications for other journalists, most urgently for Jason Leopold.

There are, roughly, four theories DOJ might use to charge Assange:

Receiving and publishing stolen information is illegal
Conspiring to release stolen information for maximal damage is illegal
Soliciting the theft of protected information is illegal
Using stolen weapons to extort the US government is illegal

Receiving and publishing stolen information is illegal

The first, theory is the one that Obama’s DOJ rejected, based on the recognition that it would expose NYT journalists to prosecution as well. I suspect the Trump Administration will have the same reservations with such a prosecution.

Conspiring to release stolen information for maximal damage is illegal

The second imagines that Assange would be charged for behavior noted in the GRU indictment — WikiLeaks’ solicitation, from someone using the persona of Guccifer 2.0, of material such that it would be maximally damaging to Hillary Clinton.

On or about June 22, 2016, Organization 1 sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after.” The Conspirators responded, “ok . . . i see.” Organization 1 explained, “we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

After failed attempts to transfer the stolen documents starting in late June 2016, on or about July 14, 2016, the Conspirators, posing as Guccifer 2.0, sent Organization 1 an email with an attachment titled “wk dnc link1.txt.gpg.” The Conspirators explained to Organization 1 that the encrypted file contained instructions on how to access an online archive of stolen DNC documents. On or about July 18, 2016, Organization 1 confirmed it had “the 1Gb or so archive” and would make a release of the stolen documents “this week.”

Significantly, WikiLeaks (but not Roger Stone) was referred to in the way an unidicted co-conspirator normally is, not named, but described in such a way to make its identity clear.

This is a closer call. There is a Supreme Court precedent protecting journalists who publish stolen newsworthy information. But it’s one already being challenged in civil suits in ways that have elicited a lot of debate. Prosecuting a journalist for trying to do maximal damage actually would criminalize a great deal of political journalism, starting with but not limited to Fox. Note that when the founders wrote the First Amendment, the norm was political journalism, not the so-called objective journalism we have now, so they certainly didn’t expect press protections to be limited to those trying to be fair to both sides.

Such a charge may depend on the degree to which the government can prove foreknowledge of the larger agreement with the Russians to damage Hillary, as well as the illegal procurement of information after WikiLeaks expressed an interest in information damaging Hillary.

Mueller might have evidence to support this (though there’s also evidence that WikiLeaks refused to publish a number of things co-conspirators leaked to them, including but not limited to the DCCC documents). The point is, we don’t know what the fact pattern on such a prosecution would look like, and how it would distinguish the actions from protected politically engaged journalism.

Soliciting the theft of protected information is illegal

Then there’s the scenario that Emma Best just hit on yesterday: that DOJ would prosecute Assange for soliciting hacks of specific targets. Best points to Assange’s close coordination with hackers going back to at least 2011 (ironically, but in a legally meaningless way, with FBI’s mole Sabu).

This is, in my opinion, a possible way DOJ would charge Assange that would be very dangerous. I’m particularly worried because of the way the DOJ charged Natalie Mayflower Edwards for leaking Suspicious Activity Reports to Jason Leopold. Edwards was charged with two crimes: Unauthorized Disclosure of Suspicious Activity Reports and Conspiracy to Make Unauthorized Disclosures of Suspicious Activity Reports (using the same Conspiracy charge that Mueller has been focused on).

In addition to describing BuzzFeed stories relying on SARs that Edwards saved to a flash drive by October 18, 2017 and then January 8, 2018, it describes a (probably Signal) conversation from September 2018 where Leopold — described in the manner used to describe unindicted co-conspirators — directed Edwards to conduct certain searches for material that ended up in an October story on Prevezon, a story published the day before Edwards was charged.

As noted above, the October 2018 Article regarded, among other things, Prevezon and the Investment Company. As recently as September 2018, EDWARDS and Reporter-1 engaged in the following conversation, via the Encrypted Application, in relevant part:

EDWARDS: I am not getting any hits on [the CEO of the Investment Company] do you have any idea what the association is if I had more information i could search in different areas

Reporter-1: If not on his name it would be [the Investment Company]. That’s the only other one [The CEO] is associated with Prevezon Well not associated His company is [the Investment Company]

Based upon my training and experience, my participation in the investigation, and my conversations with other law enforcement agents familiar with the investigation, I believe that in the above conversation, EDWARDS was explaining that she had performed searches of FinCEN records relating to Prevezon, at Reporter-l’s request, in order to supply SAR information for the October 2018 Article.

Edwards still has not been indicted, two weeks after her arraignment. That suggests it’s possible the government is trying to persuade her to plead and testify against Leopold in that conspiracy, thereby waiving indictment. The argument, in that case, would be that Leopold went beyond accepting stolen protected information, to soliciting the theft of the information.

This is the model a lot of people are embracing for an Assange prosecution, and it’s something that a lot of journalists not named Jason Leopold also do (arguably, it’s similar but probably more active than what James Rosen got dubbed a co-conspirator in the Stephen Jin-Woo Kim case).

Charging Leopold in a bunch of leaks pertaining to Russian targets would be a nice way (for DOJ, not for journalism) to limit any claim that just Assange was being targeted under such a theory. Indeed, it would placate Trump and would endanger efforts to report on what Mueller and Congress have been doing. Furthermore, it would be consistent with the aggressive approach to journalists reflected in the prosecution of James Wolfe for a bunch of leaks pertaining to Carter Page, which involved subpoenaing years of Ali Watkins’ call records.

In short, pursuing Leopold for a conspiracy to leak charge would be consistent with — and for DOJ, tactically advantageous — the theory under which most people want Assange charged.

Using stolen weapons to extort the US government is illegal

Finally, there’s the fourth possibility, and one I think is highly likely: charging Assange for his serial efforts to extort a pardon from the US government by threatening to release the Vault 7 (and ultimately, a single Vault 8 live malware) files.

This post shows how, starting in January 2017, Assange (and Oleg Deripaska) representative Adam Waldman was reaching out to top DOJ officials trying to negotiate a deal and using the release of the Vault 7 documents as leverage.

This post shows how, the second time Assange tweeted Don Jr asking for an Ambassadorship, he included a threatening reference to Vault 8, WikiLeaks’ name for the actual malware stolen and leaked from CIA, the first file from which Assange had released days earlier.

[B]ack in November 2017, some outlets began to publish a bunch of previously undisclosed DMs between Don Jr and Wikileaks. Most attention focused on Wikileaks providing Don Jr access to an anti-Trump site during the election. But I was most interested in Julian Assange’s December 16, 2016 “offer” to be Australian Ambassador to the US — basically a request for payback for his help getting Trump elected.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

In the wake of the releases, on November 14, 2017, Assange tweeted out a follow-up.

As I noted at the time, the offer included an implicit threat: by referencing “Vault 8,” the name Wikileaks had given to its sole release, on November 9, 2017 of an actual CIA exploit (as opposed to the documentation that Wikileaks had previously released), Assange was threatening to dump more hacking tools, as Shadow Brokers had done before it. Not long after, Ecuador gave Assange its first warning to stop meddling in other countries politics, explicitly pointing to his involvement in the Catalan referendum but also pointing to his tampering with other countries. That warning became an initial ban on visitors and Internet access in March of this year followed by a more formal one on May 10, 2018 that remains in place.

Notably, Ecuador may have warned Assange back then to stop releasing America’s malware from their Embassy; those warnings have laid the groundwork for the rigid gag rules recently imposed on Assange on risk of losing asylum.

Immediately after this exchange, accused Vault 7/8 leaker Joshua Schulte had some Tor accesses which led to him losing bail. They didn’t, however, lead BOP to take away his multiple devices (!?!?!). Which means that when they raided his jail cell on or around October 1, they found a bunch of devices and his activity from 13 email and social media accounts. Importantly, DOJ claims they also obtained video evidence of Schulte continuing his efforts to leak classified information.

The announcement of that raid, and the additional charges against Schulte, coincided with a period of increased silence from WikiLeaks, broken only by last night’s response to the confirmation Assange had been charged.

I think it possible and journalistically safe to go after Assange for releasing stolen weapons to extort a criminal pardon. But most of the other theories of prosecuting Assange would also pose real risks for other journalists that those rooting for an Assange prosecution appreciate and rely on.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.