A Tale of Two GRU Indictments

Yesterday, DOJ indicted a bunch of GRU hackers again, in part for hacks in retaliation for anti-doping associations’ reports finding a state-run Russian effort to help its athletes cheat (though also including hacks of Westinghouse and the Organization for the Prohibition of Chemical Weapons (OPCW)).

As the DNC GRU indictment did, this indictment provides a snapshot of the division of labor in GRU, made easier by the capture of four of these guys, with all their hacking toys in the trunk of their rented car, in the Netherlands. I find a comparison of the two indictments — of some of the same people for similar activity spanning the same period of time — instructive for a number of reasons.

The team

Consider the team.

There are Aleksei Morenets and Evgenii Serebriakov, whom the indictment calls “on-site GRU hackers who traveled to foreign countries with other conspirators, in some instances using Russian government issued diplomatic passports to conduct on-site operations.” Serebriakov even has a title, “Deputy Head of Directorate,” which sounds like a pretty senior person to travel around sniffing WiFi networks.

There are the three men we met in the DNC indictment, Ivan Yermakov, Artem Malyshev, and Dmitriy Badin, all of whom work  out of Moscow running hacks. Yermakov and Malyshev were closely involved in both hacks in 2016 (as demonstrated by the timeline below).

Finally, there are Oleg Sotnikov and Alexey Minin, who joined Morenets and Serebriakov as they tried to hack the Organization for the Prohibition of Chemical Weapons (OPCW) and tried to hack the Spiez Chemical laboratory that was analyzing the Novichok used to poison Sergei Skripal.

There are slightly different tactics than in the DNC hack. For example, GRU used a bunch of bit.ly links in this operation (though some of those are an earlier campaign against Westinghouse). And they sent out hackers to tap into targets’ WiFi networks directly, whereas none of the DNC hackers are alleged to have left Russia.

But there’s a ton of common activity, notably the spearphishing of targeted individuals and the use of their X-Agent hacking tool to exploit targeted machines.

Overlapping hack schedule

I’m also interested in the way the WADA hack, in particular, overlaps with the DNC one. I’ve got a timeline, below, of the two indictments look like (I’ve excluded both the Westinghouse and OPCW hacks from this timeline to focus on the overlapping 2016 operations).

Yermakov and Malyshev are described by name doing specific tasks in the DNC hack though May 2016. By August, they have turned to hacking anti-doping targets. Yermakov, in particular, seems to play the same research role in both hacks.

Given the impact of these operations, it’s fairly remarkable that such a small team conducted both.

Common bitcoin habits and possibly even infrastructure

There are also paragraphs in the WADA indictment, particularly those pertaining to the use of bitcoin to fund the operation used to substantiate the money laundering charge, that appear to be lifted in their entirety from the DNC one (or perhaps both come from DOJ or Western PA US Attorney boilerplate — remember that the DNC hack was originally investigated in Western PA, so this language likely originates there).

These include:

  •  58/106: Describing how conspirators primarily used bitcoin to pay for infrastructure
  • 59/107: Describing how bitcoin works, with examples specific to each operation provided
  • 60/108: Describing how conspirators used dedicated email accounts to track bitcoin transactions
  • 61/109: Describing how conspirators used the same computers to conduct hacking operations and facilitate bitcoin payments
  • 62/110: Describing how conspirators also mined bitcoin and then used it to pay for servers, with examples specific to each operation
  • 64/111: Describing how conspirators used the same funding structure and sometimes the same pool of funds to pay for hacking infrastructure, with examples specific to each operation provided

The similarity of these two passages suggests two things. First, it suggests that the August 8, 2016 transaction in the WADA indictment may have been orchestrated from the gfade147 email noted in the DNC indictment. With both, the indictment notes that “One of these dedicated accounts … received hundreds of bitcoin payment requests from approximately 100 different email accounts,” with the DNC indictment including the gfade147 address. (Compare paragraphs 60 in the DNC indictment with 108 in the WADA one.)  That would suggest these two operations overlap even more than suspect.

That said, there’s one paragraph in the DNC indictment that doesn’t have an analogue in the WADA one, 63. It describes conspirators,

purchasing bitcoin through peer-to-peer exchanges, moving funds through other digital currencies, and using pre-paid cards. They also enlisted the assistance of one or more third-party exchangers who facilitated layered transactions through digital currency exchange platforms providing heightened anonymity.

Given how loud much of these operations were, it raises questions about why some of the DNC hack (but not, at least by description) the WADA one would require “heightened anonymity.”

Different treatment of InfoOps

I’m perhaps most interested in the different treatment of the InfoOps side of the operation. As I noted here, in general there seems to be a division of labor at GRU between the actual hackers, in Unit 26165, which is located at  20 Komsomolskiy Prospekt, and the information operations officers, in Unit 74455, which is located in the “Tower” at 22 Kirova Street, Khimki. Both units were involved in both operations.

Yet the WADA indictment does not name or charge any Unit 74455 officers, in spite of describing (in paragraphs 1 and 11) how the unit acquired and maintained online social media accounts and associated infrastructure (paragraph 76 describes that infrastructure to be “procured and managed, at least in part, by conspirators in GRU Unit 74455”). Five of the seven named defendants in the WADA indictment are in Unit 26165, with Oleg Sotnikov and Alexey Minin not identified by unit.

By comparison, three of the 11 officers charged in the DNC indictment belong to Unit 744555.

And the WADA campaign did have a significant media component, as explained in paragraphs 76-87. The indictment even complains (as did DOJ officials as the press conference announcing this indictment) about,

reporters press[ing] for and receiv[ing] promises of exclusivity in such reporting, with one such reporter attempting to make arrangements for a right of first refusal for articles on all future leaks and actively suggesting methods with whicch the conspiracy could search the stolen materials for documents of interest to that reporter (e.g., keywords of interest).

That said, the language in much of this discussion (see paragraphs 77 through 81) uses the passive voice — “were registered,” “were named,” “was posted,” “were released,” “were released,” “were released,” “were released” — showing less certainty about who was running that infrastructure.

That’s particularly interesting given that the government clearly had emails between the Fancy Bear personas and journalists.

One difference may be, in part, that in the DNC indictment, there are specific hacking (not InfoOps) actions attributed to two of the Unit 74455 officers: Aleksandr Osadchuk and Anatoliy Kovalev. Indeed, Kovalev seems to have been added on just for that charge, as he doesn’t appear in the introduction section at the beginning of the indictment.

Whereas Unit 74455’s role in the WADA indictment seems to be limited to running the InfoOps infrastructure.

Importance of WikiLeaks and sharing with Republicans

It’s not clear how much we can conclude form all that. But the different structure in the DNC indictment does allow it to foreground the role of a number of others, such as WikiLeaks and Roger Stone and — as I suggested drop in some or all of  those others in a future conspiracy indictment — that were a key part of the election operation.

Timeline

February 1, 2016: gfade147 0.026043 bitcoin transaction

March 2016: Conspirators hack email accounts of volunteers and employees of Hillary campaign, including John Podesta

March 2016: Yermakov spearphishes two accounts that would be leaked to DC Leaks

March 14, 2016 through April 28, 2016: Conspirators use same pool of bitcoin to purchase VPN and lease server in Malaysia

March 15, 2016: Yermakov runs technical query for DNC IP configurations and searches for open source info on DNC network, Dem Party, and Hillary

March 19, 2016: Lukashev spearphish Podesta personal email using john356gh

March 21, 2016: Lukashev steals contents of Podesta’s email account, over 50,000 emails (he is named Victim 3 later in indictment)

March 25, 2016: Lukashev spearphishes Victims 1 (personal email) and 2 using john356gh; their emails later released on DCLeaks

March 28, 2016: Yermakov researched Victims 1 and 2 on social media

April 2016: Kozachek customizes X-Agent

April 2016: Conspirators hack into DCCC and DNC networks, plant X-Agent malware

April 2016: Conspirators plan release of materials stolen from Clinton Campaign, DCCC, and DNC

April 6, 2016: Conspirators create email for fake Clinton Campaign team member to spearphish Clinton campaign; DCCC Employee 1 clicks spearphish link

April 7, 2016: Yermakov runs technical query for DCCC’s internet protocol configurations

April 12, 2016: Conspirators use stolen credentials of DCCC employee to access network; Victim 4 DCCC email victimized

April 14, 2016: Conspirators use X-Agent keylog and screenshot functions to surveil DCCC Employee 1

April 15, 2016: Conspirators search hacked DCCC computer for “hillary,” “cruz,” “trump” and copied “Benghazi investigations” folder

April 15, 2016: Victim 5 DCCC email victimized

April 18, 2016: Conspirators hack into DNC through DCCC using credentials of DCCC employee with access to DNC server; Victim 6 DCCC email victimized

April 19, 2016: Kozachek, Yershov, and co-conspirators remotely configure middle server

April 19, 2016: Conspirators register dcleaks using operational email [email protected]

April 20, 2016: Conspirators direct X-Agent malware on DCCC computers to connect to middle server

April 22, 2016: Conspirators use X-Agent keylog and screenshot function to surveil DCCC Employee 2

April 22, 2016: Conspirators compress oppo research for exfil to server in Illinois

April 26, 2016: George Papadopolous learns Russians are offering election assistance in the form of leaked emails

April 28, 2016: Conspirators use bitcoin associated with Guccifer 2.0 VPN to lease Malaysian server hosting dcleaks.com

April 28, 2016: Conspirators test IL server

May 2016: Yermakov hacks DNC server

May 10, 2016: Victim 7 DNC email victimized

May 13, 2016: Conspirators delete logs from DNC computer

May 25 through June 1, 2016: Conspirators hack DNC Microsoft Exchange Server; Yermakov researches PowerShell commands related to accessing it

May 30, 2016: Malyshev upgrades the AMS (AZ) server, which receives updates from 13 DCCC and DNC computers

May 31, 2016: Yermakov researches Crowdstrike and X-Agent and X-Tunnel malware

June 2016: Conspirators staged and released tens of thousands of stolen emails and documents

June 1, 2016: Conspirators attempt to delete presence on DCCC using CCleaner

June 2, 2016: Victim 2 personal victimized

June 8, 2016: Conspirators launch dcleaks.com, dcleaks Facebook account using Alive Donovan, Jason Scott, and Richard Gingrey IDs, and @dcleaks_ Twitter account, using same computer used for other

June 9, 2016: Don Jr, Paul Manafort, Jared Kushner have meeting expecting dirt from Russians, including Aras Agalarov employee Ike Kaveladze

June 10, 2016: Ike Kaveladze has calls with Russia and NY while still in NYC

June 14, 2016: Conspirators register actblues and redirect DCCC website to actblues

June 14, 2016: WaPo (before noon ET) and Crowdstrike announces DNC hack

June 15, 2016, between 4:19PM and 4:56 PM Moscow Standard Time (9:19 and 9:56 AM ET): Conspirators log into Moscow-based sever and search for words that would end up in first Guccifer 2.0 post, including “some hundred sheets,” “illuminati,” “think twice about company’s competence,” “worldwide known”

June 15, 2016, 7:02PM MST (12:02PM ET): Guccifer 2.0 posts first post

June 15 and 16, 2016: Ike Kaveladze places roaming calls from Russia, the only ones he places during the extended trip

June 20, 2016: Conspirators delete logs from AMS panel, including login history, attempt to reaccess DCCC using stolen credentials

June 22, 2016: Wikileaks sends a private message to Guccifer 2.0 to “send any new material here for us to review and it will have a much higher impact than what you are doing.”

June 27, 2016: Conspirators contact US reporter, send report password to access nonpublic portion of dcleaks

Late June, 2016: Failed attempts to transfer data to Wikileaks

July, 2016: Kovalev hacks into IL State Board of Elections and steals information on 500,000 voters

July 6, 2016: Conspirators use VPN to log into Guccifer 2.0 account

July 6, 2016: Wikileaks writes Guccifer 2.0 adding, “if you have anything hillary related we want it in the next tweo [sic] days prefabl [sic] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after”

July 6, 2016: Victim 8 personal email victimized

July 10-19: Morenets travels to Rio de Janeiro

July 14, 2016: Conspirators send WikiLeaks an email with attachment titled wk dnc link1.txt.gpg providing instructions on how to access online archive of stolen DNC documents

July 18, 2016: WikiLeaks confirms it has “the 1Gb or so archive” and would make a release of stolen documents “this week”

July 22, 2016: WikiLeaks releases first dump of 20,000 emails

July 27, 2016: Trump asks Russia for Hillary emails

July 27, 2016: After hours, conspirators attempt to spearphish email accounts at a domain hosted by third party provider and used by Hillary’s personal office, as well as 76 email addresses at Clinton Campaign

August 2016: Kovalev hacks into VR systems

August 2-9, 2016: Conspirators use multiple IP addresses to connect to or scan WADA’s network

August 2-4, 2016: Yermakov researches WADA and its ADAM database (which includes the drug test results of the world’s athletes) and USADA

August 3, 2016: Conspirators register wada.awa.org

August 5, 9, 2016: Yermakov researches Cisco firewalls, he and Malyshev send specific WADA employees spearfish

August 8, 2016: Conspirators register wada-arna.org and tas-cass.org

August 8, 2016: .012684 bitcoin transaction directed by dedicated email account

August 13-19, 2016: Morenets and Serebriakov travel to Rio, while Yermakov supports with research in Moscow

August 14-18, 2016: SQL attacks against USADA

August 15, 2016: Conspirators receive request for stolen documents from candidate for US congress

August 15, 2016: First Guccifer 2.0 exchange with Roger Stone noted

August 19, 2016: Serebriakov compromises a specific anti-doping official and obtains credentials to access ADAM database

August 22, 2016: Conspirators transfer 2.5 GB of stolen DCCC data to registered FL state lobbyist Aaron Nevins

August 22, 2016: Conspirators send Lee Stranahan Black Lives Matter document

September 1, 2016: Domains fancybear.org and fancybear.net registered

September 6, 2016: Conspirators compromise credentials of USADA Board member while in Rio

September 7-14, 2016: Conspirators try, but fail, to use credentials stolen from USADA board member to access USADA systems

September 12, 2016: Data stolen from WADA and ADAMS first posted, initially focusing on US athletes

September 12, 2016 to January 17, 2018: Conspirators attempt to draw media attention to leaks via social media

September 18, 2016: Morenets and Serebriakov travel to Lausanne, staying in anti-doping hotels, to compromise hotel WiFi

September 19, 2016 to July 20, 2018: Conspirators attempt to draw media attention to leaks via email

September 2016: Conspirators access DNC computers hosted on cloud service, creating backups of analytics applications

October 2016: Linux version of X-Agent remains on DNC network

October 6, 2016: Emails stolen from USADA first released

October 7, 2016: WikiLeaks releases first set of Podesta emails

October 28, 2016: Kovalev visits counties in GA, IA, and FL to identify vulnerabilities

November 2016: Kovalev uses VR Systems email address to phish FL officials

December 6, 2016 – January 2, 2017: Using IP frequently used by Malyshev, conspirators compromise FIFA’s anti-doping files

December 13, 2016: Data stolen from CCES released

January 19-24, 2017: Conspirators compromise computers of four IAAF officials

June 22, 2017: Data stolen from IAAF’s network released

July 5, 2017: Data stolen from IAAF’s network released

August 28, 2017: Data stolen from FIFA released

As I said in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Assange Exfiltration Would Have Taken Place in the Wake of Joshua Schulte Tor Activity

The Guardian has a wild story about a joint Ecuadorian-Russian attempt to spring Julian Assange from the embassy. The idea was that he’d be snuck out of the Embassy in a diplomatic vehicle and sent to live in either Russia or Ecuador.

Sources said the escape plot involved giving Assange diplomatic documents so that Ecuador would be able to claim he enjoyed diplomatic immunity. As part of the operation, Assange was to be collected from the embassy in a diplomatic vehicle.

Four separate sources said the Kremlin was willing to offer support for the plan – including the possibility of allowing Assange to travel to Russia and live there. One of them said that an unidentified Russian businessman served as an intermediary in these discussions.

A single source claims that the plan was supposed to take place on Christmas Eve of last year.

The operation to extract Assange was provisionally scheduled for Christmas Eve in 2017, one source claimed, and was linked to an unsuccessful attempt by Ecuador to give Assange formal diplomatic status.

[snip]

Assange’s Christmas Eve escape was aborted with just days to go, one source claimed. Rommy Vallejo, the head of Ecuador’s intelligence agency, allegedly travelled to the UK on or around 15 December 2017 to oversee the operation and left London when it was called off.

In February Vallejo quit his job and is believed to be in Nicaragua. He is under investigation for the alleged kidnapping in 2012 of a political rival to Correa.

I’m not 100% convinced about that timing for two reasons. First, because related events — Assange receiving Ecuadorian citizenship and Ecuador requesting he be given diplomatic status — only got reported in January.

The Foreign Office has turned down a request from the Ecuadorian government to grant the WikiLeaks founder, Julian Assange, diplomatic status as a means of breaking the stalemate over his continued presence in the UK.

The development comes amid reports that Assange – an Australian who has been holed up in the Ecuadorian embassy for more than five years – has recently become a citizen of the South American state.

If awarded the status of a diplomat, it is thought, Assange could obtain certain rights to legal immunity and might be able to leave the embassy in Knightsbridge, and eventually the UK, without being arrested for breaching his former bail conditions.

Also, when Fidel Narváez denied involvement to the Guardian, he denied meetings with Russia this year, not last (though that’s just as likely non-denial denial).

Two sources familiar with the inner workings of the Ecuadorian embassy said that Fidel Narváez, a close confidant of Assange who until recently served as Ecuador’s London consul, served as a point of contact with Moscow.

In an interview with the Guardian, Narváez denied having been involved in discussions with Russia about extracting Assange from the embassy.

Narváez said he visited Russia’s embassy in Kensington twice this year as part of a group of “20-30 more diplomats from different countries”. These were “open-public meetings”, he said, that took place during the “UK-Russian crisis” – a reference to the aftermath of the novichok poisoning of Sergei and Yulia Skripal in March.

That said, assuming the diplomatic request went in sometime in advance of the reporting on it, then the timing does make sense.

And that’s interesting because it would mean the Ecuadorian-Russian attempt to exfiltrate Assange would have happened in the wake of accused Vault 7 leaker Joshua Schulte endangering his bail by hopping on Tor to do … we don’t know what. Whatever he did, however, it led to Schulte’s detention in MCC and ultimately his delayed indictment for leaking the Vault 7 documents.

November 9, 2017: Wikileaks publishes Vault 8 exploit

November 14, 2017: Assange posts Vault 8 Ambassador follow-up

November 14, 2017: Arrest warrant in VA

November 15, 2017: Charged in Loudon County for sexual assault

November 16, 2017: Use of Tor

November 17, 2017: Use of Tor

November 26, 2017: Use of Tor

November 29, 2017: Abundance of caution, attorney should obtain clearance

November 30, 2017: Use of Tor

December 5, 2017: Use of Tor, Smith withdraws

December 7, 2017: NYPD arrests on VA warrant for sexual assault

December 12, 2017: Move for detention, including description of email and Tor access

Separately, since the defendant was released on bail, the Government has obtained evidence that he has been using the Internet. First, the Government has obtained data from the service provider for the defendant’s email account (the “Schulte Email Account”), which shows that the account has regularly been logged into and out of since the defendant was released on bail, most recently on the evening of December 6, 2017. Notably, the IP address used to access the Schulte Email Account is almost always the same IP address associated with the broadband internet account for the defendant’s apartment (the “Broadband Account”)—i.e., the account used by Schulte in the apartment to access the Internet via a Wi-Fi network. Moreover, data from the Broadband Account shows that on November 16, 2017, the Broadband Account was used to access the “TOR” network, that is, a network that allows for anonymous communications on the Internet via a worldwide network of linked computer servers, and multiple layers of data encryption. The Broadband Account shows that additional TOR connections were made again on November 17, 26, 30, and December 5.

[snip]

First, there is clear and convincing evidence that the defendant has violated a release condition—namely, the condition that he shall not use the Internet without express authorization from Pretrial Services to do so. As explained above, data obtained from the Schulte Email Account and the Broadband Account strongly suggests that the defendant has been using the Internet since shortly after his release on bail. Especially troubling is the defendant’s apparent use on five occasions of the TOR network. TOR networks enable anonymous communications over the Internet and could be used to download or view child pornography without detection. Indeed, the defendant has a history of using TOR networks. The defendant’s Google searches obtained in this investigation show that on May 8, 2016, the defendant conducted multiple searches related to the use of TOR to anonymously transfer encrypted data on the Internet. In particular, the defendant had searched for “setup for relay,” “test bridge relay,” and “tor relay vs bridge.” Each of these searches returned information regarding the use of interconnected computers on TOR to convey information, or the use of a computer to serve as the gateway (or bridge) into the TOR network.

Which is to say, things were falling apart in this period. And the response, tellingly, was for the Russians to try to find a way to exfiltrate Assange.

Update: Reuters describes the timing as still more problematic.

Ecuador last Dec. 19 approved a “special designation in favor of Mr. Julian Assange so that he can carry out functions at the Ecuadorean Embassy in Russia,” according to the letter written to opposition legislator Paola Vintimilla.

“Special designation” refers to the Ecuadorean president’s right to name political allies to a fixed number of diplomatic posts even if they are not career diplomats.

But Britain’s Foreign Office in a Dec. 21 note said it did not accept Assange as a diplomat and that it did not “consider that Mr. Assange enjoys any type of privileges and immunities under the Vienna Convention,” reads the letter, citing a British diplomatic note.

More and more this looks like an attempt to legally exfiltrate him.

Roger Stone’s Excuse for His “Podesta Time in a Barrel” Comment Is Even Stupider Given the Paul Manafort Prosecution

In addition to Randy Credico, Jerome Corsi will testify before the Mueller grand jury on Friday. That means that the grand jury will hear testimony from two people who can address the truth of two claims Roger Stone made before the House Intelligence Committee on September 26, 2017.

First, there’s Stone’s claim he learned about WikiLeaks’ plans to release the John Podesta emails in October via Credico.

Now, let me address the charge that I had advance knowledge of the timing, content and source of the WikiLeaks disclosures from the DNC. On June 12, 2016, WikiLeaks’ publisher Julian Assange, announced that he was in possession of Clinton DNC emails. I learned this by reading it on Twitter. I asked a journalist who I knew had interviewed Assange to independently confirm this report, and he subsequently did. This journalist assured me that WikiLeaks would release this information in October and continued to assure me of this throughout the balance of August and all of September. This information proved to be correct. I have referred publicly to this journalist as an, “intermediary”, “go-between” and “mutual friend.” All of these monikers are equally true.

Credico has not only said this is not true, but that Stone threatened him to prevent him from testifying as much.

Then, there’s Stone’s claim (first made publicly by Corsi the previous March) that his tweet predicting John Podesta would soon catch political heat pertained to a project he and Corsi were working on at the time.

My Tweet of August 21, 2016, in which I said, “Trust me, it will soon be the Podesta’s time in the barrel. #CrookedHillary” Must be examined in context. I posted this at a time that my boyhood friend and colleague, Paul Manafort, had just resigned from the Trump campaign over allegations regarding his business activities in Ukraine. I thought it manifestly unfair that John Podesta not be held to the same standard. Note, that my Tweet of August 21, 2016, makes no mention, whatsoever, of Mr. Podesta’s email, but does accurately predict that the Podesta brothers’ business activities in Russia with the oligarchs around Putin, their uranium deal, their bank deal, and their Gazprom deal, would come under public scrutiny. Podesta’s activities were later reported by media outlets as diverse as the Wall Street Journal and Bloomberg. My extensive knowledge of the Podesta brothers’ business dealings in Russia was based on The Panama Papers, which were released in early 2016, which revealed that the Podesta brothers had extensive business dealings in Russia. The Tweet is also based on a comprehensive, early August opposition research briefing provided to me by investigative journalist, Dr. Jerome Corsi, which I then asked him to memorialize in a memo that he sent me on August 31st , all of which was culled from public records. There was no need to have John Podesta’s email to learn that he and his presidential candidate were in bed with the clique around Putin.

I noted at the time that that Corsi’s explanation didn’t make any sense, because while the July 31 report did pertain to John Podesta, his August 31 report focused exclusively on Tony (the Corsi materials start at page 39 of Stone’s HPSCI testimony; note the conflation of Tony for John got repeated in Craig Murray’s explanations for the WikiLeaks’ go-between he met in September).

But the explanation is even less credible given what has happened since: Paul Manafort, whose plight the Corsi report was (per Stone) explicitly a response to, got indicted in part because he told Tony Podesta to hide his ties to Russian-backed Ukrainian politicians. Indeed, in classic Corsi style, he describes Podesta’s role in Manafort’s crime, without disclosing that Podesta was in legal trouble because of Manafort’s effort to hide his own crimes; Corsi presented them as equal partners in this crime.

CNN further reported on Aug. 19 the Podesta Group had issued a statement affirming the firm has retained the boutique Washington-based law http://www.capdale.com firm Caplin & Drysdale “to determine if we were mislead by the Centre for a Modern Ukraine or any other individuals with potential ties to foreign governments or political parties.” The Podesta Group statement issued to CNN continued: “When the Centre became a client, it certified in writing that ‘none of the activities of the Centre are directly or indirectly supervised, directed, controlled, financed or subsidized in whole or in part by a government of a foreign country or a foreign political party.’ We relied on that certification and advice from counsel in registering and reporting under the Lobbying Disclosure Act rather than the Foreign Agents Registration Act.”

The CNN statement concluded with the statement, “We will take whatever measures are necessary to address this situation based on Caplin & Drysdale’s review, including possible legal action against the Centre.” In breaking the story that the Podesta Group had hired Caplin & Drysdale, Buzz Feed https://www.buzzfeed.com/rosiegray/top-lobbying-firm-hiresoutside-counsel-in-ukraine-manafort?utm term=.duLexkeKBx#.rj4gn3gmln reported on Aug. 19, that both the Podesta Group and Manafort’s D.C. political firm were working under contract with the same group advising Yanukovych and his Ukrainian Party of Regions – namely the non-profit European Centre for a Modern Ukraine based in Brussels. On Dec. 20, 2013, Reuters reported http://www.reuters.com/article/us-usaukraine-lobbying-idUSBRE9BJ1B220131220#6oTXxKZp25obYxzF.99 the European Centre for a Modern Ukraine paid $900,000 to the Podesta Group for a two-year contract aimed at improving the image of the Yanukovych government in the United States that the Podesta Group told Reuters they were implementing through contacts with key congressional Democrats.

That detail is important of a number of reasons. First, because it makes it entirely unlikely that Stone (who was meeting with Rick Gates during this period, if not his “boyhood friend” Manafort himself) learned of Podesta’s ties via Panama Papers and not from Manafort himself. But it also provides a reason why Corsi and Stone would be focusing on Tony at the time — to draw attention away from Manafort, and with it, the corruption that Manafort implicated the Trump Administration in. Indeed, the Manafort EDVA court record shows that Gates and Manafort were using a range of financial and political means of doing the same at precisely that time.

It’s clear, given what we’ve learned as part of the Manafort prosecutions, that the effort to impugn Tony Podesta had everything (as Stone partly tells truthfully)to do with the plight of Manafort at the time.

Which is to say, it didn’t have anything to do with John, and so can’t be used to explain that tweet.

On top of everything else. Mueller appears to be finishing up false statements charges against Stone.

The Mueller Investigation: What Happens on September 7?

I hesitate to write this post, partly because I think it’s a good idea to dismiss every single thing that Rudy Giuliani says, and partly because we’ve all learned that it is sheer folly to pretend anyone can anticipate what Mueller will do, much less when.

Nevertheless, I wanted to address questions about what might happen in the next two weeks, as we approach the 60-day mark before midterm elections.

Rudy G is wrong about everything

The aforementioned Rudy G, who has been saying that Mueller has to shut down his entire investigation (or even finish up and go home) on September 1 on account of DOJ’s policy against overt investigative action close to an election.

As I said, the policy only prohibits overt acts, and only 60 days before the election. Mueller might argue that it’s entirely irrelevant, given that none of his known targets (save, perhaps, Dana Rohrabacher) are on the ballot. But enough credible journalists have suggested that DOJ is taking this deadline seriously with respect to Trump’s associates (including Michael Cohen in SDNY, where DOJ actually leaks), that it’s probably correct he’ll avoid overt acts in the 60 days before the November 6 election.

But that timeline starts on September 7, not September 1.

Paul Manafort’s stall

One thing we know will dominate the press in that pre-election period is Manafort’s DC trial, scheduled to start on September 17.

Unless he flips.

While I still don’t think he will flip, he is stalling in both his trials. In EDVA, he asked for and got a 30-day deadline to move for an acquittal or mistrial. He may have done so to provide extra time to consider the complaints raised by one juror that others were deliberating before they should have, which Manafort had asked for a mistrial over. If that’s right, juror Paula Duncan’s comments, describing the one holdout and explaining that even she, a Trump supporter, found the case a slam dunk, may persuade Manafort that challenging this trial won’t bring about any other result and may mean he gets convicted on the remaining 10 counts.

In any case, however, by getting 30 days to decide, Manafort moved the deadline from (by my math) September 3 to September 21, when he’s scheduled to be deep into the DC case (and therefore too busy to submit such a motion). It did, however, move the decision date past that September 7 date.

Speaking of the DC case, after getting an extension on the pre-trial statement in that case, Manafort basically punted on many of the substantive issues, effectively saying he’ll provide the required input later.

He may not be flipping, but he’s not prepared to start this trial.

Is it Roger Stone’s time in the barrel?

The big question, for me, is whether Mueller has finished his six month effort to put together a Roger Stone indictment.

Tantalizingly, back on August 10, Mueller scheduled Randy Credico to explain to the grand jury how Stone threatened him about his testimony. That appearance is for September 7. Given how far out Mueller scheduled this, I wondered at the time whether Credico was being slated to put the finishing touches on a Stone indictment.

What might prevent Mueller from finalizing Stone’s indictment, however, is Stone associate Andrew Miller, from whom Mueller has been trying to get testimony since May 9. Miller is challenging his grand jury subpoena; he’s due to submit his opening brief in his appeal on September 7. That might mean that Mueller has to wait. But two filings (District, Circuit), the docket in his subpoena challenge, and this CNN report may suggest they can move forward without first getting Miller’s testimony.

Both the Circuit document and CNN provide more details about a May 9 interview with two FBI Agents, with no attorney present (no offense to Miller, but what the fuck kind of self-described libertarian, much less one in Roger Stone’s immediate orbit, agrees to an FBI interview without a lawyer present)?

Mr. Miller was first interviewed by two agents of the Federal Bureau of Investigation who visited him unannounced on or about May 9, 2018, in Saint Louis, MO, where he resides. He was cooperative, answering all their questions for approximately two hours, and at the conclusion of the interview, was handed a subpoena to produce documents and testify as a witness before the grand jury.

CNN describes that’s what poses a perjury concern for Miller with regards to his testimony before the grand jury because of that original interview.

Miller’s case is complicated by the fact that he initially cooperated with the special counsel’s investigation. When FBI agents first approached him in May, he spoke with them at his home in St. Louis for two hours without an attorney.

[snip]

Dearn said in an interview that she was just being “carefully paranoid” and protecting her client from accidentally committing perjury if he testifies and contradicts something he told investigators back in May without a lawyer present.

As the District filing seems to suggest, Miller got not one but two subpoenas (???), just one of which called for document production:

Mr. Miller was served with two subpoenas dated June 5, 2018, both requiring his appearance before the Grand Jury on June 8, but only one of which required that he search and bring with him the documents described in the Attachment to one of the subpoenas. See Exhibits 1 and 2. After a filing a motion to quash on grounds not raised herein, this Court issued a Minute Order on June 18 requiring Mr. Miller’s appearance before the Grand Jury on June 29 and to produce the documents requested as limited by agreement of the parties by June 25.

Miller turned over 100MB of documents on June 25, but shortly thereafter, Mueller prosecutor Aaron Zelinsky asked for more.

Mr. Miller has since complied with that part of the order producing voluminous documents in a file that is 100MB in size to government counsel on Monday, June 25. In her cover email to government counsel, Aaron Zelinsky, Miller’s counsel stated in pertinent part: “Mr. Miller does not waive and hereby preserves all rights he has to object to the subpoena requiring his appearance before the Grand Jury this Friday…and from any continuing duty or obligation to supply additional documents subject to the subpoena.” See Exhibit 6. Nevertheless, Mr. Zelinsky recently informed counsel that he is not satisfied with this production and is unreasonably requesting additional documents from Mr. Miller.

CNN reported that those documents pertained to WikiLeaks and Guccifer 2.0.

After a protracted back and forth between Dearn and Mueller’s team, Miller handed over a tranche of documents. In turn, the government had agreed to limit its search to certain terms such as Stone, WikiLeaks, Julian Assange, Guccifer 2.0, DCLeaks and the Democratic National Committee, according to court filings and interview with attorneys.

So at the very least, Mueller has 100MB of documents that relate to Wikileaks and Guccifer 2.0 (which raises real questions about how Miller can say he knows nothing about the topic), and 2 hours of testimony that Miller may not want to tell the grand jury now that he has lawyers who might help him avoid doing so.

Meanwhile, there are some filings from the end of his District Court docket.

The Circuit document mostly explains what filings 33, 34, 35, and 37 are (though doesn’t explain why Mueller refused to stipulate that Miller be held in contempt): they’re the process by which he was held in contempt and therefore legally positioned to appeal.

6. Because Mr. Miller desired to appeal the order denying his motion, ensuing discussions with Special Counsel to stipulate that Mr. Miller be held in contempt for not appearing on the upcoming appearance before the grand jury on August 10, 2018, and to stay the contempt pending appeal did not succeed.

7. Consequently, two days before his appearance, on the evening of August 8, 2018, counsel emailed government counsel and Judge Howell’s clerk (and on the following morning of August 9, hand-filed with the clerk’s office), a Motion By Witness Andrew Miller To Be Held In Civil Contempt For Refusing To Testify Before The Grand Jury And To Stay Such Order To Permit Him To Appeal It To The U.S. Court Of Appeals For The District Of Columbia Circuit and citing authorities for granting a stay of contempt. ECF No. 33. The government served and a response on the evening of August 9 ( ECF. No. 35) and Mr. Miller served a reply early morning on August 10. ECF No. 37.

8. On August 10, undersigned counsel for Mr. Miller met government counsel at 9:00 a.m. as previously agreed to at the entrance to the grand jury offices, and was advised by government counsel that a motion to show cause was filed shortly before 9:00 a.m. ECF No. 34.

9. Approximately two hours later, the court held the show cause hearing, with the Mr. Miller and local counsel appearing telephonically from Saint Louis, MO.

10. The court granted Mr. Miller’s and the government’s request that he be held in contempt and stayed the order if the notice of appeal were filed by 9:00 a.m. August 14, 2018. ECF No. 36.

That doesn’t explain what Document 38 is, to which Miller didn’t respond, and in response to which Beryl Howell issued an order.

CNN’s description of Miller’s attorney’s concern seems to split his testimony into two topics: Guccifer and Wikileaks, and Stone’s PACs. Miller’s only worried about legal jeopardy in the latter of those two. (For some details on what the legal exposure might pertain to, see this post.)

[Alicia] Dearn was adamant that Miller not be forced to testify to the grand jury about one topic in specific: Stone. She asked that her client be granted immunity, “otherwise he’s going to have to take the Fifth Amendment,” she said in a court hearing in June.

Aaron Zelinsky, one of Mueller’s prosecutors, noted Miller’s lawyer was making two seemingly contradictory arguments: “On the one hand, that the witness knows nothing, has nothing to hide, and has participated in no illegal activity. On the other hand, that there is a Fifth Amendment concern there.”

In the hearing, Dearn said she was concerned Miller would be asked about his finances and transactions related to political action committees he worked on with Stone.

Miller “had absolutely no communication with anybody from Russia or with Guccifer or WikiLeaks,” Dearn said in an interview.

By process of elimination, the only thing she believes her client could get caught up on are questions about his financial entanglements with Stone and his super PAC.

The Circuit document concedes that Miller may be the subject — but not target — of this grand jury investigation.

12. Lest there be any misunderstanding, Mr. Miller was not a “target of grand jury subpoenas” (Concord Mot. at 1), but rather a fact witness or at most a subject of the grand jury; nor was he a “recalcitrant witness.” Id. at 13. As the foregoing background demonstrates, Mr. Miller has been a cooperative witness in this proceeding.

It would be really weird if Miller really did get two subpoenas, and that’s not consistent with the Circuit document. So it may be there were two topics or crimes described in the subpoena: conspiring with Russia, and running a corrupt PAC. And if Miller’s only personally legally exposed in the latter of those, then it’s possible Mueller would treat these differently.

So it’s possible Mueller got what they need to move forward on the main conspiracy case against Stone, while it has to wait on Miller’s own involvement in Stone’s corrupt PACs until after the DC Circuit reviews things.

Other September deadlines

The September 7 timing is interesting for two other reasons. First, that’s also the day that George Papadopoulos — whose plea deal covers his lies and obstuction but not any conspiracy case — is due to be sentenced.

Just 10 days later Mike Flynn (whose plea deal was also limited to his lies) has a status report due, just a 24-day extension off his previous one. That timing suggests he’s about done with his cooperation. Perhaps that shortened time frame is only due to his team’s push to get him back earning money to pay for his lawyers again. Perhaps there’s some other explanation.

Timeline

August 24: Revised deadline for Manafort pre-trial statement — Manafort punted on many issues.

August 28: Hearing in DC Manafort case.

September 3: Current deadline for motions in EDVA Manafort trial

September 4: Brett Kavanaugh confirmation hearings scheduled to begin (projected to last 3-4 days)

September 7: Randy Credico scheduled to testify before grand jury; George Papadopoulos scheduled for sentencing; Andrew Miller brief due before DC Circuit; 60 days before November 6 mid-terms

September 17: DC Manafort trial starts, status report due in Mike Flynn case

September 21: Requested deadline for motions in EDVA Manafort trial

September 28: Government brief due in DC Circuit appeal of Andrew Miller subpoena

October 9: Miller reply due in DC Circuit

November 6: Mid-term election

November 10: Status report due in Rick Gates case

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

What Roger Stone’s Latest Lies Tell Us about Mueller’s Investigation into Him

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

After a puff piece in the NYT over the weekend, Roger Stone took to the Daily Caller to attack Mueller’s case against him. As bad as the Daily Caller is, it actually ends up being far more informative than the NYT because Stone is so bad at telling lies they’re informative for what they mirror.

So assuming, for the moment, that Stone’s piece reflects some kind of half-accurate reflection of what witnesses have said they were questioned about him, here’s what we learn.

Mueller is examining conduct that goes back 10 years

Obviously, statutes of limitation have probably tolled on any crimes Stone committed more than five years ago, but this suggests witnesses are being asked about conduct that goes back further, ten years.

Mueller is running a criminally abusive, constitutionally -unaccountable, professionally and politically incestuous conspiracy of ethically conflicted cronies colluding to violate my Fourth, Fifth and Sixth Amendment rights and those of almost everyone who had any sort of political or personal association with me in the last 10 years.

Given the involvement of Peter Jensen and Kristin Davis in Stone’s recent rat-fucking, perhaps as an explanation of more recent rat-fucking we’ll finally get an accounting of Stone’s role in taking out Eliot Spitzer ten years ago. (h/t Andrew Prokop for Jensen tie to Spitzer op)

Mueller is considering charging Stone with ConFraudUs

I assume this reference to ConFraudUs comes from a friendly witness passing on what a subpoena described were the crimes being investigated.

Mueller and his hit-men seek to frame some ludicrous charge of “defrauding the United States.”

This is, of course, based on a false and unproven assumption that Assange is a Russian agent and Wikileaks is a Russian front — neither of which has been proven in a court of law. Interestingly Assange himself has said, “Roger Stone has never said or tweeted anything we at Wikileaks had not already said publicly.”

As described, it looks like how I envisioned Stone might be charged with ConFraudUs back in June.

As Mueller’s team has itself pointed out, for heavily regulated areas like elections, ConFraudUs indictments don’t need to prove intent for the underlying crimes. They just need to prove,

(1) two or more persons formed an agreement to defraud the United States;

(2) [each] defendant knowingly participated in the conspiracy with the intent to defraud the United States; and

(3) at least one overt act was committed in furtherance of the common scheme.

Let’s see how evidence Mueller has recently shown might apply in the case of Roger Stone, Trump’s lifelong political advisor.

[snip]

Stone repeatedly entertained offers from foreigners illegally offering dirt that would benefit the Trump campaign — Greenberg, Guccifer 2.0, possibly Peter Smith’s Dark Web hackers. He may even have exhibited a belief that Australian Julian Assange had and could release the latter dirt, possibly with the knowledge they came from Russians.

So we’ve got Stone meeting with other people, repeatedly agreeing to bypass US election law to obtain a benefit for Trump, evidence (notwithstanding Stone’s post-hoc attempts to deny a Russian connection with Guccifer 2.0 and Wikileaks) that Stone had the intent of obtaining that benefit, and tons of overt acts committed in furtherance of the scheme.

Stone appears to address just one conspiracy with a foreigner — Julian Assange — to obtain something of value, by insisting (though less strongly than he has in the past!) that Assange is not a Russian asset. Except, foreign is foreign, whether Australian or Russian, so making a weak case that Assange is not Russian won’t get you off on ConFraudUs.

Moreover, now that I’ve reviewed some dodginess about Stone’s PACs, I suspect there may be two levels of ConFraudUs, one pertaining to depriving the US government from excluding foreign influence on the election, and the other pertaining to depriving the US government of the ability to track how political activities are being funded.

That is, Mueller’s reported focus on Stone’s finances may well pertain to a second ConFraudUs prong, one based on campaign finance violations.

Stone thinks Mueller wants him to flip, rather than to punish him for the case in chief

In spite of the abundant evidence that Stone is a key target of this investigation, Stone appears to believe that Mueller only wants to charge him to get him to flip on Trump.

Mueller’s hit team is poking into every aspect of my personal, private, family, social, business and political life — presumably to conjure up some bogus charge or charges to use to pressure me to plead guilty to their Wikileaks fantasy and testify against Donald Trump who I have known intimately for almost 40 years.

Side note: I appreciate the way Stone — an unabashed swinger — worked that word “intimately” into his description of his relationship with Trump.

Which is one of the reasons I’m so interested in how he describes hiring a new lawyer, a nationally known one who used to work for Trump.

I have been ably served by two fine lawyers Grant Smith and Rob Buschel who won dismissal of a harassment lawsuit based on the same Wikileaks/Russian conspiracy theory by an Obama directed legal foundation in D.C. last month. No evidence to support this false narrative was produced in court other than a slew of fake news clippings from lefty media sites.

I have recently reached agreement to retain a highly respected and nationally known attorney who has represented Donald Trump to join my legal team and lead my defense.

Possibly this is just a hint that some operative like Victoria Toensing or Joseph DiGenova is going to take on Stone’s propaganda case. Possibly it reflects a recognition from Trump that Stone now presents as big a risk to him as Manafort does. Whichever it is, I look forward to learning how serious a lawyer Stone has and whether — Stone claims reports that he has $20 million are false, but if he has been engaging in epic campaign finance violations, who knows? — Trump is paying for his defense going forward.

Stone doesn’t understand how stored communications work

As I pointed out the last time Stone claimed he was targeted by a FISA order, what likely happened instead is Mueller obtained the contents of his phone along with four or nine others in a probable cause warrant on March 9. But that doesn’t stop Stone from claiming he was targeted under FISA again, explaining that his emails, text messages, and (this is less credible) phone calls have been seized going back to 2016.

Even more chilling is the fact that I have learned that — in this effort to destroy me — the government began reading my e-mails and text messages and monitoring my phone calls as early as 2016.

I believe that I, like Carter Page and Paul Manafort, was subject to an illegal FISA warrant in 2016, as the New York Times reported on January 20, 2017. The New York Times published this claim in a page-one story on the same day as President Trump’s inauguration ceremony.

A whistleblower has told my lawyers where my name and the fact that application had been made for a FISA warrant on me was redacted from the stunning Carter Page FISA warrant application released by the FBI last week with 300 of 400 pages blacked out.

What Stone’s dumbass “whistleblower” was pointing to instead was a passage describing the other people being investigated in October 2016, when Page was first targeted. But being investigated is not the same as being targeted under FISA, and what Stone is really trying to obscure here is that Mueller (probably) already showed a judge, back in March, he had probable cause that Rog committed some crimes back in 2016.

Another witness Stone would like to discredit by calling an informant

Back in June, Stone tried to spin the fact that he willingly accepted a meeting with yet another Russian offering dirt on Hillary by noting (correctly, it appears) that the Russian had served as a source for the FBI on Russian organized crime before — just like Felix Sater, whom the Trump folks are all still peachy with. In spite of the fact that it was so obviously bunk the last time, he’s trying again, hinting at a second informant working against him.

We also now know that at least one FBI informant in the United States on an informant’s visa approached me in May 2016 in an effort to entrap me and compromise Donald Trump. I declined his proposal to “buy dirt on Hillary.” There is now substantial evidence that a second FBI informant may have infiltrated my political operations in 2016. Stand by.

Who knows whether this is another person — like the Russian dealing dirt on Hillary, “Henry Greenberg,” is just someone who has worked his way out of legal trouble by serving as an informant — or whether there’s some other reason Stone is calling him or her an informant. Most likely, Stone is trying to suggest a perfectly ordinary witness cooperating with the government against him is an informant, to inflame his people. Possibly, this is prepping a claim that Randy Credico set up Roger.

Jeannie Rhee is leading the questioning of Stone witnesses

In tandem with Trump’s attacks on Mueller prosecutors with Hillary ties, Stone states that Jeannie Rhee led the questioning of his witnesses, and claims it’s a conflict.

Incredibly, leading the questioning of witnesses before the Grand Jury about me is Jeannie Rhee, who in private practice represented the Clinton foundation in the Hillary e-mail scandal that is front and center in the special prosecutor’s investigation of me! Can you say conflict of interest?

Of course, he gets the attack wrong: Rhee represented the Foundation, not Hillary’s email defense, and she did so against a nutbag Republican challenge, not with DOJ.

But in telling us that Rhee is leading this inquiry, Stone is (helpfully) telling us that a person who has led the Russian side of the inquiry is leading the inquiry into … oh my! Roger Stone!

Even with all his prevarications, it turns out, a Stone column might be more informative than a NYT puff piece!

And/Or: An Ominous Sign for WikiLeaks in the Joshua Schulte Indictment

There’s been a lot of attention paid to the language in the GRU indictment from Friday showing WikiLeaks asking to receive stolen Hillary emails in time to cause maximal outrage among Bernie supporters.

On or about June 22, 2016, Organization I sent a private message to Guccifer 2.0 to “[s]end any new material [stolen from the DNC] here for us to review and it will have a much higher impact than what you are doing.” On or about July 6, 2016, Organization 1 added, “if you have anything hillary related we want it in the next tweo [sic] days prefable [sic] because the DNC [DemocraticNationalConvention] is approaching and she Will solidify bernie supporters behind her after.” The Conspirators responded,“0k . . . i see.” Organization I explained,“we think trump has only a 25% chance of winning against hillary . . . so conflict between bernie and hillary is interesting.”

But I want to look at a minor–but potentially significant–detail in the Joshua Schulte indictment describing how he provided CIA’s hacking tools to WikiLeaks. The description of Count Two, Illegal Transmission of Lawfully Possessed National Defense Information, reads like this:

In or about 2016, in the Eastern District of Virginia and elsewhere, JOSHUA ADAM SCHULTE, the defendant, lawfully having possession of, access to, control over, and being entrusted with information relating to the national defense, to wit, certain portions of the Classified Information, which information the defendant had reason to believe could be used to the injury of the United States and to the advantage of a foreign nation, did knowingly and willfully communicate, deliver and transmit, and cause to be communicated, delivered, and transmitted, that aforesaid information to a person not entitled to receive it, to wit, Schulte caused the Classified information to be transmitted to Organization-1.

(Title 18, United States Code, Sections 793(d) and 2.)

The “and” there was pointed out to me by GDingers on Twitter.

As GDingers noted, the suggestion that Schulte knew a foreign nation (unnamed, but surely Russia if DOJ had any specific one, backed by evidence, in mind) would benefit, along with the US being damaged, is a fairly strong statement, one implicating WikiLeaks as well.

Moreover, that language didn’t have to be in the indictment. Here’s what the statutory language looks like:

Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; [my emphasis]

The statutory language uses “or.” DOJ chose, in this indictment, to use “and.” As Secrecy News’ Steven Aftergood suggested via email, asserting both in the indictment sets a higher mens rea bar for proving Schulte’s guilt. DOJ didn’t have to do so, but they did.

So along with exposing Schulte to 130 years of potential prison time — a life sentence even accounting for how it will work in sentencing — DOJ wants to prove that Schulte leaked CIA’s hacking tools not just to hurt the United States but to help another nation, possibly Russia by name.

That bodes poorly for Schulte. But it also suggests a different kind of role for WikiLeaks than prior discussions have made out.

Update: Nerdyatty suggested that this is a DOJ practice. Except that Count One, charging a different part of 18 USC 793, maintains the “or” of the statute:

… with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation … [my emphasis]

Which tracks this language from the statute:

Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation,

[snip]

Whoever, for the purpose aforesaid, and with like intent or reason to believe, [my emphasis]

Yesterday, Roger Stone Answered, then Backtracked, on a Question Mueller Has Already Posed to Trump

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Contrary to Trump’s squeals about the hack indictment yesterday, it’s utterly damning for him. It shows:

  • Russian hackers responded to his plea for more Hillary emails by targeting her office that same day
  • Trump’s lifelong political advisor, Roger Stone, was described directly communicating with a GRU-run persona
  • Stone’s own advisor on these matters, then Breitbart and current Sputnik journalist Lee Stranahan, asked for and obtained files from the same GRU-run persona
  • GRU stole Hillary’s analytics in September, the heart of the general election, and did … the indictment doesn’t say what GRU did with the data
  • The same GRU persona made available information helping some of Trump’s most vocal defenders in Congress, ones he has discussed pushback strategies with on Air Force One

Like my own testimony, because this investigation started in Pittsburgh, and only later got moved under Mueller sometime last fall (I know one key witness who was about to speak to prosecutors when I saw him in October), it minimally overlaps with Peter Strzok’s involvement in the case, if at all.

In this post, I want to look at the second bullet: Roger Stone.

Since Stone got described in an indictment of those who helped Trump win the election, he has  (as is his habit) provided conflicting explanations, first suggesting it wasn’t him, then suggesting it couldn’t be him because he wasn’t “a person who was in regular contact with senior members of the presidential campaign of Donald J. Trump,” as the indictment described.

My contact with the campaign in 2016 was Donald Trump. I was not in regular contact with campaign officials.

Only, this morning (as Ryan Goodman noted), Stone has changed his tune, admitting that he did talk to Trump campaign officials and probably is the person described in the indictment who said all the things he said in his DMs to Guccifer 2.0.

I certainly acknowledge that I was in touch with Trump campaign officials.

Here’s why Stone’s changing story about whether he only spoke with Trump or in fact spoke with other campaign officials. Among the questions (as interpreted by Jay Sekulow) that Mueller has already posed to Trump is this one:

What did you know about communication between Roger Stone, his associates, Julian Assange or Wikileaks?

Mueller wants to know how much of Stone’s discussions with election operation participants Trump knew about. And Stone’s first instinct when seeing himself mentioned in an indictment of those participants was to say he only spoke to Trump.

I guess it’s clear why he’s backtracking from that.

John Solomon’s Baby Assange

There are two telling details that John Solomon left out of this story, suggesting Jim Comey blew an opportunity to prevent the damage done by WikiLeaks’ Vault 7 leak (and, purportedly, to learn the “real” source of the DNC emails), based on a “trove” of documents but posting only fragments of 5. First, Solomon doesn’t include this text, showing Adam Waldman issuing an extortion threat stating Assange “is going to do something catastrophic for the dems, Obama, CIA and national security.”

Solomon is also silent about the recent indictment of anti-Obama former CIA hacker Joshua Schulte for stealing all these CIA files. Notably, Solomon doesn’t note that as this was going on, the FBI had obtained probable cause search warrants against Schulte. Having left out those key details (and surely, a bunch of other once included in his “trove” that don’t help the latest right wing narrative), Solomon produces the convenient narrative that Jim Comey personally hurt the government.

“He told me he had just talked with Comey and that, while the government was appreciative of my efforts, my instructions were to stand down, to end the discussions with Assange,” Waldman told me. Waldman offered contemporaneous documents to show he memorialized Warner’s exact words.

Waldman couldn’t believe a U.S. senator and the FBI chief were sending a different signal, so he went back to Laufman, who assured him the negotiations were still on. “What Laufman said to me after he heard I was told to ‘stand down’ by Warner and Comey was, ‘That’s bullshit. You are not standing down and neither am I,’” Waldman recalled.

Solomon pays no consideration to the ongoing investigation, no consideration to the fact that if Comey stood down, he did so in the face of threats to the Democrats (though it’s not clear why they’d be at fault), which as always is contrary to the hoaxes against Comey. More importantly, Solomon doesn’t answer the question posed, but not answered, here: whether Assange was seeking to meet at a cafe in London, or whether he wanted to come to the US and get a pardon once he got here.

The real punchline — the one we may see come back — is the claim that Jim Comey, on top of refusing an extortion attempt directed at the Democrats, also prevented — or maybe this isn’t about the FBI at all — from learning the real story behind the DNC hack.

Not included in the written proffer was an additional offer from Assange: He was willing to discuss technical evidence ruling out certain parties in the controversial leak of Democratic Party emails to WikiLeaks during the 2016 election. The U.S. government believes those emails were hacked by Russia; Assange insists they did not come from Moscow.

[snip]

Soon, the rare opportunity to engage Assange in a dialogue over redactions, a more responsible way to release information, and how the infamous DNC hacks occurred was lost — likely forever.

In honesty, this looks like an effort to set up the next campaign to suggest that Comey prevented the “truth” about the DNC hack from coming out because it would undermine the alleged Witch Hunt into Trump. It also looks like the first of three efforts to tee up the alternate explanation for the DNC hack in exchange for a Trump pardon, which resumed by August (and therefore which wasn’t a forever thing).

It also makes it clear that Vault 7 was entirely about extortion.

Timeline

January 12: Bruce Ohr considers Waldman’s offer

February 3: Laufman reaches out to Waldman

February 4: Wikileaks first pitches Vault 7

February 15: Waldman reaches out to Warner

February 16: Waldman issues extortion threat against Democrats

February 17: Warner says he’s got important call (with Comey), relays stand down order

March 7: Wikileaks releases first Vault 7 documents

March 13, 2017: Google search warrant on Schulte

Mid-March: Waldman contacts Laufman, suggests Assange is interested

March 20, 2017: Search on Schulte (including of cell phone, from which passwords to his desktop obtained)

March 23: Second Vault 7 release

March 28: Safe passage offer not including details about hack

March 31: Third Vault 7 release

April 5: Laufman asks whether Assange wants safe passage into London or to the US

April 7: Wikileaks posts third dump, which Solomon suggests was the precipitating leak for Mike Pompeo’s declaration of Wikileaks as non-state intelligence service (these are weekly dumps by this point)

Two Days after Julian Assange Threatened Don Jr, Accused Vault 7 Leaker Joshua Schulte Took to Tor

Monday, the government rolled out a superseding indictment for former NSA and CIA hacker Joshua Schulte, accusing him (obliquely) of leaking the CIA’s hacking tools that became the Vault 7 release from Wikileaks. The filings in his docket (as would the search warrants his series of defense attorneys would have seen) make it clear that the investigation into him, launched just days after the first CIA release, was always about the CIA leak. But when the government took his computer last spring, they found thousands of child porn pictures dating back to 2009. It took the government over three months and a sexual assault indictment in VA to convince a judge to revoke his bail last December, and then another six months to solidify the leaking charges they had been investigating him from the start.

But the case appears to have taken a key turn on November 16, 2017, when he did something — it’s not clear what — on the Tor network. While there are several things that might explain why he chose to put his release at risk by accessing Tor that day, it’s notable that it occurred two days after Julian Assange tweeted publicly to Donald Trump Jr that he’d still be happy to be Australian Ambassador to the US, implicitly threatening to release more CIA hacking tools.

Schulte was, from days after the initial Vault 7 release, apparently the prime suspect to be the leaker. As such, the government was always interested in what Schulte was doing on Tor. In response to a warrant to Google served in March 2017, the government found him searching, on May 8, 2016, for how to set up a Tor bridge (Schulte has been justifiably mocked for truly abysmal OpSec, and Googling how to set up a bridge is one example). That was right in the middle of the time he was deleting logs from his CIA computer to hide what he was doing on it.

When he was granted bail, he was prohibited from accessing computers. But because the government had arrested him on child porn charges and remained coy (in spite of serial hold-ups with his attorneys regarding clearance to see the small number of classified files the government found on his computer) about the Vault 7 interest, the discussions of how skilled he was with a computer remained fairly oblique. But in their finally successful motion to revoke Schulte’s bail, the government revealed that Schulte had not only accessed his email (via his roommate, Schulte’s lawyer would later claim), but had accessed Tor five times in the previous month, on November 16, 17, 26, and 30, and on December 5, 2017, which appears to be when the government nudged Virginia to get NYPD to arrest him on a sexual assault charge tied to raping a passed out acquaintance at his home in VA in 2015.

Perhaps the most obvious explanation for why Schulte accessed Tor starting on November 16, 2017, is that he was trying to learn about the assault charges filed in VA the day before.

But there is a more interesting explanation.

As you recall, back in November 2017, some outlets began to publish a bunch of previously undisclosed DMs between Don Jr and Wikileaks. Most attention focused on Wikileaks providing Don Jr access to an anti-Trump site during the election. But I was most interested in Julian Assange’s December 16, 2016 “offer” to be Australian Ambassador to the US — basically a request for payback for his help getting Trump elected.

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

In the wake of the releases, on November 14, 2017, Assange tweeted out a follow-up.

As I noted at the time, the offer included an implicit threat: by referencing “Vault 8,” the name Wikileaks had given to its sole release, on November 9, 2017 of an actual CIA exploit (as opposed to the documentation that Wikileaks had previously released), Assange was threatening to dump more hacking tools, as Shadow Brokers had done before it. Not long after, Ecuador gave Assange its first warning to stop meddling in other countries politics, explicitly pointing to his involvement in the Catalan referendum but also pointing to his tampering with other countries. That warning became an initial ban on visitors and Internet access in March of this year followed by a more formal one on May 10, 2018 that remains in place.

There’s a reason I think those Tor accesses may actually be tied to Assange’s implicit threat. In January of this year, when his then lawyer Jacob Kaplan made a bid to renew bail, he offered an excuse for those Tor accesses. He claimed Schulte was using Tor to research the diaries on his experience in the criminal justice system.

In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

Someone posted those diaries to a Facebook account titled “John Galt’s Defense Fund” on April 20, 2018 (in addition to being an accused rapist and child porn fan, Schulte’s public postings show him to be an anti-Obama racist and an Ayn Rand worshiping libertarian).

Yesterday, Wikileaks linked those diaries, which strikes me as an attempt to corroborate the alibi Schulte has offered for his access to Tor last November.

The government seems to have let Schulte remain free for much of 2017, perhaps in search of evidence to implicate him in the Vault 7 release. Whether it was a response to a second indictment or to Assange’s implicit threats to Don Jr, Schulte’s use of Tor last year (and, surely, the testimony of the roommate he was using as a go-between) may have been one of the keys to getting the proof the government had been searching for since March 2017.

Whatever it is, both Wikileaks and Schulte would like you to believe he did nothing more nefarious than research due process websites when he put his bail at risk by accessing Tor last year. I find that a dubious claim.


2009: IRC discussions of child porn

2011 and 2012: Google searches for child porn

April 2015: Rapes a woman (possibly partner) who is passed out and takes pictures of it

March to June 2016: Schulte deleting logs of access to CIA computer

May 8, 2016: Schulte Googles how to set up a Tor bridge

November 2016: Leaves CIA, moves to NY, works for Bloomberg

December 16, 2016: Assange DM to Don Jr about becoming Ambassador

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

February 4, 2017: Wikileaks starts prepping Vault 7

March 7, 2017: Wikileaks starts releasing Vault 7

March 13, 2017: Google search warrant

March 20, 2017: Search (including of cell phone, from which passwords to his desktop obtained)

June 2017: Interview

August 17, 2017: Dana Rohrabacher tries to broker deal for Assange with Trump

August 23, 2017: Arrest affidavit

August 24, 2017: Arraignment

THE COURT: Well, it sounds like, based on the interview, that he knew what the government was looking at.

MR. LAROCHE: That wasn’t the basis of the interview, your Honor.

 

MR. KOSS: I think it was either two or three [interviews]. I think it was three occasions. I was there on all three, including one of which where we handed over the telephone and unblocked the password to the phone, which they did not have, and gave that to them. And as I said, I have been in constant contact with the three assistant U.S. attorneys working on this matter literally on a weekly basis for the last 4, 5, 6 months. And any time Mr. Schulte even thought about traveling, I provided them an itinerary. I cleared it with them first and made sure it was okay. On any occasion that they said they might want him close so that he could speak to them, I cancelled the travel and rescheduled it so that we would be available if they needed him at any given time.

September 13, 2017: Bail hearing

MR. LAROCHE: Well, I believe there still is a danger because it’s not just computers, your Honor, but electronic devices are all over society and easy to procure and this type of defendant having the type of knowledge he has does in terms of accessing things — so he has expertise and not only just generally computers but using things such as wiping tools that would allow him to access certain website and leave no trace of it. Those can be done from not just a computer but from other electronic devices.

But the child pornography itself is located on the defendant’s desktop computer. They can be accessed irrespective of those servers. So if all the government had was this desktop computer, we could recover the child pornography. So I think this idea that numerous people had access to the serves and potentially could have put it there, is simply a red herring. This was on the defendant’s desktop computer. And the location where it was found, this sub-folder within several layers of encryption, there were other personal information of the defendant in that area. There was his bank accounts. I think there was even a resume for the defendant where he was storing this information. And the passwords that were used to get into that location, those passwords were the same passwords the defendant used to access his bank account, to access various other accounts that are related to him. So this idea that he shared them with other people, the government just strongly disagrees.

October 11, 2017: Schulte lawyer Spiro withdraws

October 24, 2017: At Trump’s request Bill Binney meets with Mike Pompeo to offer alternate theory of the DNC hack

November 8, 2017: Status hearing

SMITH: I believe the government has told us that there’s more data in this case than in any other like case that they have prosecuted.

MR. STANSBURY: Let me just clarify that part first. We proposed this just in an abundance of caution given the defendant’s former employer and the fact that — and I meant to flag this before. I apologize now for not. There’s a small body of documents that were found in the defendant’s residence that were taken from his former employer that might implicate some classified issues. We have been in the process of having those reviewed and I think we’re going to be in a position to produce those in the next probably few days. But we wanted to just make sure that we were acting out of an abundance of caution in case any SEPA [sic] issues come about in the case. I don’t expect them too at this point but we wanted to do that out of an abundance of caution.

November 9, 2017: Wikileaks publishes Vault 8 exploit

November 14, 2017: Assange posts Vault 8 Ambassador follow-up

November 14, 2017: Arrest warrant in VA

November 15, 2017: Charged in Loudon County for sexual assault

November 16, 2017: Use of Tor

November 17, 2017: Use of Tor

November 26, 2017: Use of Tor

November 29, 2017: Abundance of caution, attorney should obtain clearance

November 30, 2017: Use of Tor

December 5, 2017: Use of Tor, Smith withdraws

December 7, 2017: NYPD arrests on VA warrant for sexual assault

December 12, 2017: Move for detention, including description of email and Tor access

Separately, since the defendant was released on bail, the Government has obtained evidence that he has been using the Internet. First, the Government has obtained data from the service provider for the defendant’s email account (the “Schulte Email Account”), which shows that the account has regularly been logged into and out of since the defendant was released on bail, most recently on the evening of December 6, 2017. Notably, the IP address used to access the Schulte Email Account is almost always the same IP address associated with the broadband internet account for the defendant’s apartment (the “Broadband Account”)—i.e., the account used by Schulte in the apartment to access the Internet via a Wi-Fi network. Moreover, data from the Broadband Account shows that on November 16, 2017, the Broadband Account was used to access the “TOR” network, that is, a network that allows for anonymous communications on the Internet via a worldwide network of linked computer servers, and multiple layers of data encryption. The Broadband Account shows that additional TOR connections were made again on November 17, 26, 30, and December 5.

[snip]

First, there is clear and convincing evidence that the defendant has violated a release condition—namely, the condition that he shall not use the Internet without express authorization from Pretrial Services to do so. As explained above, data obtained from the Schulte Email Account and the Broadband Account strongly suggests that the defendant has been using the Internet since shortly after his release on bail. Especially troubling is the defendant’s apparent use on five occasions of the TOR network. TOR networks enable anonymous communications over the Internet and could be used to download or view child pornography without detection. Indeed, the defendant has a history of using TOR networks. The defendant’s Google searches obtained in this investigation show that on May 8, 2016, the defendant conducted multiple searches related to the use of TOR to anonymously transfer encrypted data on the Internet. In particular, the defendant had searched for “setup for relay,” “test bridge relay,” and “tor relay vs bridge.” Each of these searches returned information regarding the use of interconnected computers on TOR to convey information, or the use of a computer to serve as the gateway (or bridge) into the TOR network.

December 14, 2017: US custody in NY

MR. KAPLAN: Well, your Honor, we’ve obtained the discovery given to prior counsel, and I’ve started to go through that. In addition, there was one other issue which I believe was raised at our prior conference, which was a security clearance for counsel to go through some of the national security evidence that might be present in the case.

While most of the national security stuff does not involve the charges, the actual charges against Mr. Schulte, the basis for the search warrants in this case involve national security.

So I’m starting the process with their office to hopefully get clearance to go through some of the information on that with an eye towards possibly a Franks motion going forward. So I would ask for more time just to get that rolling.

January 8, 2018: Bail appeal hearing

MR. KAPLAN: Judge, on the last court date, when we left, the idea was that we had consented to detention with the understanding that Mr. Schulte would be sent down to Virginia to face charges based on a Virginia warrant. None of that happened. Virginia never came to get him. Virginia just didn’t do anything in this case. But before I address the bail issues, I think it’s important that this Court hear the full story of how we actually get here. At one of the previous court appearances, I believe it was the November 8th date, this Court asked why the defense attorney in this case would need security clearance. And the answer that was given by one of the prosecutors, I believe, was that there was some top secret government information that was found in Mr. Schulte’s apartment, and that out of an abundance of caution it would be prudent that the defense attorney get clearance. But I don’t think that’s entirely accurate.

While the current indictment charges Mr. Schulte with child pornography, this case comes out of a much broader perspective. In March of 2017, there was the WikiLeaks leak, where 8,000 CIA documents were leaked on the Internet. The FBI believed that Mr. Schulte was involved in that leak. As part of their investigation, they obtained numerous search warrants for Mr. Schulte’s phone, for his computers, and other items, in order to establish the connection between Mr. Schulte and the WikiLeaks leak.

As we will discuss later in motion practice, we believe that many of the facts relied on to get the search warrants were just flat inaccurate and not true, and part of our belief is because later on, in the third or fourth search warrant applications, they said some of the facts that we mentioned earlier were not accurate. So we will address this in a Franks motion going forward, but what I think is important for the Court is, in April or May of 2017, the government had full access to his computers and his phone, and they found the child pornography in this case, but what they didn’t find was any connection to the WikiLeaks investigation. Since that point, from May going forward, although they later argued he was a danger to the community, they let him out; they let him travel. There was no concern at all. That changed when they arrested him in August on the child pornography case.

[snip]

The second basis that the government had in its letter for detaining Mr. Schulte was the usage of computers. In the government’s letter, they note how, if you search the IP address for Mr. Schulte’s apartment, they found numerous log-ons to his Gmail account, in clear violation of this court’s order. But what the government’s letter doesn’t mention is that Mr. Schulte had a roommate, his cousin, Shane Presnall, and this roommate, who the government and pretrial services knew about, was allowed to have a computer.

And more than that, based on numerous conversations, at least two conversations between pretrial services, John Moscato, Josh Schulte and Shane Presnall, it was Shane’s understanding that pretrial services allowed him to check Mr. Schulte’s e-mail and to do searches for him on the Internet, with the idea that Josh Schulte himself would not have access to the computer.

And the government gave 14 pages of log-on information to establish this point. And, Judge, we have gone through all 14 pages, and every single access and log-in corresponds to a time that Shane Presnall is in the apartment. His computer has facial recognition, it has an alphanumeric code, and there is no point when Josh Schulte is left himself with the computer without Shane being there, and that was their understanding.

LAROCHE: And part of that investigation is analyzing whether and to what extent TOR was used in transmitting classified information. So the fact that the defendant is now, while on pretrial release, using TOR from his apartment, when he was explicitly told not to use the Internet, is extremely troubling and suggests that he did willfully violate his bail conditions.

 

KAPLAN: In this case, the reason why TOR was accessed was because Mr. Schulte is writing articles, conducting research and writing articles about the criminal justice system and what he has been through, and he does not want the government looking over his shoulder and seeing what exactly he is searching.

 

LAROCHE: Because there is a classified document that is located on the defendant’s computer, it is extremely difficult, and we have determined not possible, to remove that document forensically and still provide an accurate copy of the desktop computer to the defendant.

So in those circumstances, defense counsel is going to require a top secret clearance in order to view these materials. It’s my understanding that that process is ongoing, and we have asked them to expedite it. As soon as the defendant’s application is in, we believe he will get an interim classification to review this material within approximately two to three weeks. Unfortunately, that hasn’t occurred yet. So the defendant still does not have access to that particular aspect of discovery. So we are working through that as quickly as we can.

January 17, 2018: Bail appeal denied

March 15, 2018: Sabrina Shroff appointed

March 28, 2018: Initial ban of Internet access and visitors for Assange

April 20, 2018: Schulte’s diaries (ostensibly the purpose of using Tor) posted

May 10, 2018: Ecuador bans visitors for Assange

May 16, 18, 2018: Documents placed in vault

May 16, 2018: Schulte Facebook site starts legal defense fund

June 18, 2018: Schulte superseding indictment

June 19, 2018: Wikileaks posts links to diary

It’s Not Hannity’s Pee Tape that Matters

Late afternoon on Sunday, Margaret Sullivan wrote a column arguing that Donald Trump might survive his own Saturday Night Massacre of firing Rod Rosenstein or Robert Mueller. The reason Trump might survive where Nixon didn’t, she argues, is Sean Hannity.

Nixon didn’t have Fox News in his corner.

President Trump does — and that might make all the difference if he were to fire Deputy Attorney General Rod J. Rosenstein or even special counsel Robert S. Mueller III.

The pro-Trump media, led by Fox, would give cover, and huge swaths of Americans would be encouraged to believe that the action was not only justified but absolutely necessary.

You can see it coming.

Night after night — for many months — Trump’s sycophant-in-chief, Sean Hannity, has been softening the ground. And his message is sinking in.

In a recent Reuters/Ipsos poll, three of four Republicans said they believed the Justice Department and the FBI are actively working to undermine Trump.

“Hannity has been poisoning the well for Mueller’s ‘deeply corrupt’ investigation and laying the groundwork to support the president if he seeks an authoritarian recourse,” wrote Matthew Gertz, of the progressive watchdog group Media Matters for America. That was back in October.

Six months, five convictions and more than a dozen indictments later, that poison has done its job.

Less than 24 hours later, Michael Cohen’s lawyer revealed the name of the third client to whom Cohen claimed to have provided legal advice he wanted to protect under attorney-client privilege, a person who — Cohen had claimed in a brief Sunday, hadn’t wanted his name disclosed. “The client’s name that is involved is Sean Hannity.

In response to the ensuing uproar over learning he was the hidden Client 3, Hannity offered a series of contradictory statements, presumably designed to tamp down any speculation that Cohen had negotiated a hush payment for the star, but which only served to make Cohen’s legal claims more specious.

Michael Cohen has never represented me in any matter. I never retained him, received an invoice, or paid legal fees. I have occasionally had brief discussions with him about legal questions about which I wanted his input and perspective.

I assumed those conversations were confidential, but to be absolutely clear they never involved any matter between me and a third-party.

In response to some wild speculation, let me make clear that I did not ask Michael Cohen to bring this proceeding on my behalf, I have no personal interest in this proceeding, and, in fact, asked that my de minimis discussions with Michael Cohen, which dealt almost exclusively about real estate, not be made a part of this proceeding.

As I joked, Hannity said he had eight lawyers. I wonder which three different lawyers wrote these statements, and whether one of them was the other lawyer he shares with Donald Trump, Jay Sekulow.

So Cohen advised Hannity “almost exclusively about real estate,” which in this crowd sometimes means money laundering, and not about buying off Playboy bunnies.

But what are the other conversations about?

Hannity has played even more of a role in protecting Trump than Sullivan makes out. It’s not just that he fed the uproar over Trump’s lawyer being raided. But he did an interview with Julian Assange in January 2017 that helped seed the narrative that Russia didn’t hand the DNC files to Wikileaks. More grotesquely, Hannity fed the conspiracy theories about Seth Rich (I hope the multiple entities that are suing Hannity over that will demand discovery on any claimed privileged conversations about the topic with Trump’s lawyer).

Sure, the matters on which Cohen purportedly gave legal advice to Hannity might be about buying a condo.

But given the effort Cohen made to protect those conversations from the eyes of the FBI, they also might involve coordination on some of the more insidious pushback on the Russian story.

image_print