Sunday, August 26, 2018

Real Hacks and Real Collusion

So, we have Peter Smith, a Republican donor with contacts in the Trump campaign and a regular association with Michael Flynn searching the dark web for Hillary Clinton's missing State Department e-mails, unconcerned with whether he was dealing with Russians.  We have Cambridge Analytica, the consulting firm that handled the Trump campaign's data analysis asking Wikileaks for Hillary's missing e-mails, presumably believing that Wikileaks got them from a Russian hack.  We have Roger Stone, not a campaign member but extremely close to the campaign, asking Wikileaks for specific State Department e-mails, presumably also expecting them to be fruits of a Russian hack.

All of these actors were close enough to the Trump campaign that they presumably knew what was acceptable and would not have acted against the campaign's wishes, but far enough away to allow for plausible deniability.  But all these efforts came to nothing, because the Russians did not, in fact, have Hillary's State Department e-mails. 

What the Russians did have were hacked e-mails from the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC) and Hillary Clinton campaign personnel, including her chairman, John Podesta.  The DNC and Podesta e-mails that actually were hacked were released with considerable skill, so as to cause maximum damage, and showed a sophisticated more understanding of U.S. politics than one would not expect a Russian to have.  This has led to speculation that the Trump campaign may have given the Russians advice on how to deploy the leaks to maximum effect.  This is what most people have meant by collusion.  To date no such evidence has emerged.  It may well be that there was no such coordination.  Perhaps Wikileaks has enough sophisticated US personnel to understand how best to deploy its leaks to cause maximum damage.  And the Troll Farm, which had been studying the intricacies of US politics since 2014, may have figured out how to deploy its trolls, bots and hoaxes based entirely on open sources and computer algorithms. 

But the Mueller Indictment of Russian Military Intelligence personnel has ample evidence of collusion the other way -- of US persons willing to accept stolen Russian information without regard to its origins.

The Russians actually launched the Website DCLeaks on June 8, 2016, six days before the hack was revealed on June 14, 2016 (paragraphs 36-40).  Although DCLeaks received over a million page views (paragraph 36), it never attracted the same attention as Wikileaks.  In fact, when the Washington Post revealed the hack on, it described the hack as "traditional espionage" and reassured readers:
The intrusions are an example of Russia’s interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president — much as American spies gather similar information on foreign candidates and leaders.
In fact, noting that the hack had particularly focused on opposition research on Trump, the article speculated that the Russians were trying to understand a candidate who was very much an unknown. The article did not in any way associate the hack with DCLeaks; indeed, it is not clear that the Post  was even aware of DCLeaks at the time.

The Russian origins of the DNC hack were announced by CrowdStrike (a cyber security company) and confirmed by other independent cyber security firms, and by US intelligence.  Once the hack was publicly revealed, Russian Military Intelligence responded the next day (Mueller Indictment paragraph 40) by creating the online personal "Guccifer 2.0" claiming to be a loan Romanian hacker. Within a day of the appearance of "Guccifer," trained observers were detecting "Russian fingerprints" on Guccifer, revealing it as a front for Russian intelligence.  This is significant because it means that everyone who received information from Guccifer was on notice, not only that the information was stolen, but that there was very strong reason to believe the information was stolen by the Russians.

The first to jump at the opportunity was apparently Wikileaks (referred to in the Mueller Indictment, paragraphs 47 and 48 as Organization 1).  Wikileaks e-mailed Guccifer on June 22, 2016, saying that their release of documents "will have a much higher impact than what you are doing."  On July 9, 2016, Wikileaks again contacted Guccifer explaining that the release of DNC e-mails right ahead of the party convention would be effective in driving a wedge between Hillary supporters and Bernie Sanders supporters.  Guccifer answered, "ok . . . i see."  (Indictment, paragraph 47.a).  Wikileaks received the DNC e-mails from Guccifer about July 18, 2016 and started publishing them ahead of the convention. 

Still, Wikileaks is not a US person, let along a political campaign.  It has made clear it has no regard for privacy law.  Nor is it a secret that Wikileaks was pulling for Trump during the campaign.  More interesting are the US persons the indictment (paragraph 43) lists as accepting information from Guccifer.

  • On August 15, 2016, a candidate for Congress requested and received information from Guccifer.
  • On August 22, 2016, Guccifer sent some 2.5 gigabytes of stolen information from the DCCC to a state lobbyist and online source of political news.
  • On August 22, 2016, Guccifer send a reporter stolen documents on Black Lives Matter and received advice on how to release them and and offer to publish.
  • On September 9, 2016 (paragraph 44) a "person who was in regular contact with senior members of the presidential campaign of Donald J. Trump" received and e-mail from Guccifer about a stolen DCCC document posted online with information on Democratic turnout for the presidential campaign.  Guccifer asked what he thought of the information.  The unnamed correspondent answered "[p]retty standard."
The journalist has broken no laws.  It is illegal for journalists to steal documents, but not to publish documents stolen by third parties.  Still, there is something sleazy about giving Russians advice on how to release a document on Black Lives Matter for maximum racial impact.  The journalist has not been identified, but I am guessing probably worked for Breitbart.

The Congressional candidate is unnamed and is in violation of laws against accepting foreign assistance in an election.  (Another indictment coming up?).  Keep in mind also that this unnamed candidate did not merely accept what was offered, but actively sought it out.  My bet would be on Dana Rohrabacher.  As a member of the House, he is up for election every election year, and his affinity for Russia is so notorious that he has been suspected of being a Russian agent for years.

As for the state lobbyist, he is almost certainly Aaron Nevins.  Nevins is a Florida lobbyist and political consultant whose dirty tricks include a plan to shut down a highway running through many black communities during voting hours on election day in order to hold a private car race.  (He was not successful).  Nevins solicited and received get-out-the-vote strategies for Democratic candidates for Congress in Florida (no mention of the Presidential election).  Nevins regarded the information as "worth millions of dollars" and had no compunctions about receiving the stolen information, regardless of who it came from.  Presumably he is in violation of laws against accepting foreign assistance in an election.  Nevins ran a blog that posted his analysis of the stolen information and sent a link to Roger Stone.

And then there is that mystery "person who was in regular contact with senior members of the presidential campaign of Donald J. Trump."  There can be little doubt that he is Roger Stone.  Stone's contacts with Guccifer are well-established.  And it seems a safe bet that once Guccifer pointed out DCCC information on Democratic turnout for the Presidential election, Stone proceeded to bring this information to the attention of the Trump campaign, or that they used the information to their best advantage.  But this is not quite the smoking gun.  After all, once the information was posted online, it can hardly be a crime to use what is already public record.

Wednesday, August 22, 2018

The Importance of Keeping Our E-Mails Straight

So, here we get to keeping things straight.  On April 26, 2016, Trump foreign policy adviser George Papadopoulos learned that Russia had "dirt" on Hillary Clinton in the form of "thousands of e-mails."  Papadopoulos went on to drunkenly brag about this information to an Australian ambassador.

Much has been made of the fact that the Russian hack on the DNC was not yet public knowledge at the time.  But I have yet to hear anyone identify which e-mails were being referred to.  Keep in mind that although the public did not know about the hack at the time (and, indeed, even the DNC did not learn until three days later), what was public knowledge at the time was that Hillary had sent State Department e-mails on a private server that that (1) the private server was vulnerable to Russian hacking and (2) Hillary had deleted some 30,000 e-mails as "personal."  It appears to have been little short of an article of faith among Republicans (1) that the Russians had hacked Hillary's server, (2) that the Russians had the missing e-mails, and (3) the missing e-mails contained something very incriminating.  There is no evidence to support any of these beliefs.  My guess (admittedly just that) is that Papadopoulos' contact never told him which e-mails the Russians had.  Most likely, Papadopoulos simply assumed that this referred to Hillary's 30,000 missing e-mails, which contained "dirt."  There is no reason to believe that Papadopoulos even suspected a hack before it became public knowledge.

On the other hand, our intelligence agencies did know about the hack. We know for a positive fact that our intelligence agencies knew about the hack by the Russian Civilian Intelligence because the Dutch observed it in real time and passed it on to us.  And to judge from the amount of detail Mueller gives about the hack by Russian Military Intelligence, we may well have known about it as well.  And, while it can be extremely difficult to prove a negative, it seems probably that our intelligence agencies by then had concluded that the Russians did not have Hillary's missing e-mails.  In other words, most likely Papadopoulos did not understand the significance of what he was hearing.  But when word reached our intelligence agencies, they knew all too well.

We do not know whether this information from Papadopoulos filtered up the Trump campaign.  But there is ample evidence that other members of the Trump campaign believed that Russia had the missing e-mails and had no compunctions about either receiving stolen information or cooperating with a hostile foreign power.

  • In mid-June, 2016, after the Russian hack of the DNC had become public knowledge, Peter Smith, a Republican donor and mid-level operative in regular contact with Michael Flynn, went cruising the Dark Web, communicating with unknown persons claiming to have Hillary's State Department e-mails and unconcerned whether he was receiving information from the Russians.
  • Some time during summer of 2016, Cambridge Analytica, the data analytics firm for the Trump campaign, asked Wikileaks for the missing State Department e-mails so they could turn the e-mails into a searchable database.  The request was refused, presumably because Wikileaks did not have the e-mails.
  • And in September, 2016, Roger Stone reached out to Wikileaks (through an intermediary) to ask for the State Department e-mails in August, 2011.  Clearly Stone was looking for something specific -- apparently confirmation of his belief that Hillary disrupted a Libyan peace initiative.
  • It should be noted that none of these initiatives came from within the Trump campaign.  All were from individuals or organizations close enough to the campaign to know what was or was not acceptable, but far enough away to allow for plausible deniability.  But they provide vital context for Trump's notorious speech on July 26, 2016 in which he said: "Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press."  Taken by itself, this might pass for a joke.  In light of all these surrounding, entirely serious attempts by people close to (but not quite part of) the Trump campaign to get the e-mails, it becomes impossible to take this as anything but a serious request.  
  • According to Mueller's indictment of Russian Military Intelligence personnel (paragraph 22), it was the day after this speech that Russian Military Intelligence first attempted (apparently unsuccessfully), to hack directly into Hillary's personal office.  Many others have interpreted the hacks to be in direct response to the request.  I remain unconvinced, as before, because we are again talking about different sets of e-mails.
At the same time, I will have to admit in favor of Donald Trump, Jr. and his meeting with the Russians at Trump Tower that nothing in the introductory e-mail so much as hints at any hacked e-mails belonging to Hillary, and rather implies the opposite.  Junior was offered "some official documents and information that would incriminate Hillary and her dealings with Russia and would be very useful to your father."  This implies that what was being offered was not the fruits of a hack, but information of some direct and shady dealings between Hillary Clinton and the Russian government that the Russians were now prepared to blow the whistle on.  Junior's willingness to accept such information is at least somewhat understandable if he believed he was getting evidence of genuinely shady dealings that the Russian government knew about as participant.  

Of course, looking at such an offer with a clear head, there are ample reasons to be suspicious.  If Hillary and the Russians were engaged in shady dealings, why would the Russians want to publicize that fact?  And why would the Russians want their co-conspirator to lose and instead favor her rival?  An offer like this should have looked suspicious as hell.

But for even the most gullible, the initial message made clear that the offer was anything but innocent, "This is obviously very high level and sensitive information but is part of Russia and its government's support for Mr. Trump."

Sunday, August 19, 2018

Things Start to Happen: 2015 and Spring of 2016

If the stage was set in 2014, things began to happen in 2015, slowly at first.

On March 2, 2015, the New York Times broke the story that Hillary Clinton has used a private server to send e-mails while serving as Secretary of State.  This was doubly improper, both in that it was vulnerable to hacking by enemies such as Russia, and that it evaded public records requirements.  Hillary did not help herself by deleting about half of the total, saying that they were personal.  Although no evidence has emerged to date either that Russia hacked Hillary's server, or that there was anything incriminating on the missing e-mails, both beliefs became something close to articles of faith among her opponents, especially in the Trump campaign.  The convictions that the Russians had hacked her e-mails, that they had the missing ones, and that the missing e-mails contained something terribly incriminating informed the actions of the Trump campaign.

Investigation of Hillary's e-mails continued throughout the summer of 2015.  In June, 2015, Donald Trump announced his run for President.  Also in the summer of 2015, Russian Civilian Intelligence hacked into the DNC server, all under the watchful eyes of the Dutch.  However, Russian Civilian Intelligence did not publicly release any of what they found, and it is not clear whether they were attempting to sway the election, or merely gathering intelligence.  

In September, 2015, the FBI warned the DNC that its system had been breached.  The FBI called on the phone, not wanting to risk sending an e-mail that would be detected.  But the tech support person who answered suspected a prank call, looked through the system, did not find the hack, and dismissed the warning.  The FBI made repeated phone calls, but never sent anyone to the DNC in person, nor the the person who received the call pass the warning up the chain of command.

Russian Military Intelligence, the agency that actually leaked the e-mails, did not break into the DNC or target its personnel until spring of 2016.  But they were apparently making plans, setting up the cyber and financial infrastructure for their future attack.  The Mueller indictment (paragraph 37) tantalizingly refers to some spearphishing attacks on Republicans in 2015, presumably to advance Trump during the primaries, but we know nothing further about it.

And the Troll Farm was setting up sites and stirring up trouble.

But it was in March and April 2016 that things started picking up.  The Russian Military Intelligence hacked into the DNC server, the Democratic Congressional Committee (DCC) server, and the e-mails of important campaign officials, including campaign chairman John Podesta.  Around April 29, 2016, the DNC finally recognized that it had been hacked and hired the cyber security firm CrowdStrike to figure out the culprits.  CrowdStrike quickly recognized that two Russian intelligence agencies had broken into the DNC, apparently without any coordination and without knowing of each other's presence (as evidenced by duplicated efforts).   The DNC undertook a thorough effort to clean out their system, with uncertain results.  But it must be emphasized that until June 14, 2016, the hack was not public knowledge, and there was no reason even for people who knew to believe this was anything more than than an intelligence gathering operation. 

In the meantime, Trump foreign policy adviser George Papadopoulos was traveling around Europe, meeting with Russians and Russian-connected individuals (and presumably others as well).  On April 26, 2016 Joseph Mifsud, a Maltese professor with strong Russian ties, told Papadapoulos that the Russians had "dirt" on Hillary Clinton in the form of "thousands of e-mails."* It is not clear whether Papadopoulos passed this information up the chain of command.  Two things are clear.  First, Papadopoulos then made numerous, futile attempts to arrange a meeting between the campaign and the Russians.  Second, in May Papadopoulos drunkenly passed this information on to the Australian ambassador in London.  After the DNC hack became public knowledge, the Australians passed this information on the the FBI, which opened and investigation into possible Trump campaign ties to Russia.

See here for a detailed timeline. 

Next up: Keeping our e-mails straight.

_____________________________________
*Mifsud has since disappeared; whether dead or in hiding is unknown.

Tuesday, August 14, 2018

Background to Trump/Russia: 2014

OK, so with that (the three Russian agencies and three sets of e-mails) set forth, what happened?

I am attempting a rough chronology, with particular attention on keeping the separate actors straight.

So:

Summer, 2014, two unrelated developments occur.  The House Select Committee on Benghazi, after spending two years vainly seeking to find some wrongdoing by Hillary Clinton as Secretary of State on the Benghazi attack, does discover that she improperly sent State Department e-mails on a private server, and improperly deleted about half of the total and finally have a scandal to attack her election campaign. 

At about the same time, the Dutch intelligence service, while attempting to hack into a Russian university building in Moscow, strike pay dirt and hack into the Russian Civilian Intelligence.  They are able to observe its hacks in real time, and even to hack into one of its cameras and observe the individuals involved in action.  This was, of course, an immensely valuable intelligence finding.  Among other things, the Dutch were able to observe hacks on the United States.  Working together, the two countries were able to thwart or expel an attempt to breach the US State Department.  The Dutch also witnesses the Russian Civilian Intelligence hack into the Democratic National Committee (DNC) in 2015. 

However, valuable though this information was, to date there is no public evidence that it had anything to do with Russian election interference, at least so far as I can tell.  The Mueller investigation has issued two Russian indictments, one against the Troll Farm in St. Petersburg for its cyber propaganda and one against the Russian Military Intelligence for its hacking and release of DNC and Podesta e-mails.  Both give a degree of detail that suggests someone has hacked into these activities as well.  But neither indictment addressed the Russian Civilian Intelligence and therefore neither indictment could be based on the Dutch hack into Russian Civilian Intelligence. 

This also has to be kept in mind in the face of accusations like this one that the Obama Administration knew about the Russian election interference as early as 2014 and did nothing, and for why most other narratives about the Obama Administration inaction begin in 2016.  Certainly any attempt to counter Russian election interference in 2014 would not have been controversial.  Republicans in 2014 would have been entirely happy to prevent the nomination of Donald Trump, who they viewed as both ideologically unreliable and having no chance of winning.  The Dutch report hints that Dutch intelligence may have witnessed the Russian attack on the US election, but acknowledges that "[i]t's unknown what exact information the hackers acquire about the Russians." 

At present, as far as we know, it was Russian Military Intelligence that published Democratic e-mails and the Troll Farm that spread anti-Hillary internet propaganda. The Russian Civilian Intelligence simply collected intelligence.  To state the obvious, for the Russian intelligence to hack into the US government or a major political party is undesirable.  It is a thing we will do our best to prevent, and to limit if it occurs.  But it is also spycraft as usual.  We expect the Russians to attempt to hack into our government, just as the Dutch hacked into theirs. 

Russian Civilian Intelligence was apparently very aggressive in doing so.  The Dutch report calls the  attempt to hack into the State Department "the worst hack attack ever" on the US government, so clearly this went beyond normal espionage.  But the difference was one of degree, not of kind.  Valuable though it was, the Dutch hack thus far seems to be little more than a red herring.

In the meantime, members of the Troll Farm were tracking US social media sites in an attempt to understand US politics and also began visiting the US, posing as citizens, and collecting information.  They talked to US activists and learned some of the intricacies of US politics such as "purple states" and the importance of targeting them. Mueller's indictment states that there were public reports on the trolls and their doings as early as June 2014, but their serious propaganda operations did not begin until 2016. 

And keep in mind that Trump did not formally declare his candidacy and Hillary's e-mails did not become public knowledge until 2015.  And Russian Military Intelligence did not enter into the picture until 2016.

Trump/Russia: The Importance of Not Mixing Things Up

One of the things that can easily lead to confusion in the Trump/Russia investigation is that there are multiple things going on that are easy to confuse with each other.

To state the most obvious, there three sets of e-mails swirling around Hillary Clinton.  These must be kept separate and not confused with each other.

  1. Hillary Clinton's State Department e-mails.  Hillary Clinton used a private server to send State Department e-mails.  This was doubly improper.  First, the private server was not properly secured and was vulnerable to hacking by adversaries, including Russia, although no evidence has emerged so that that the server actually was hacked.  It also looked like an attempt to evade disclosure laws.  When asked to turn over her e-mails, Hillary deleted some 30,000, or about half the total, saying they were personal.  We will call these the State Department e-mails.
  2. The Democratic National Committee (DNC) really was hacked by the Russians, and its e-mails published by Wikileaks.  We will call these the DNC e-mails.  They contained private but not classified information and are completely different from the State Department e-mails.  
  3. Hillary Clinton's campaign manager, John Podesta was also hacked and his e-mails were published by Wikileaks.  We will call these the Podesta e-mails.  Neither the DNC e-mails nor the Podesta e-mails revealed any sort of criminality, but they did show politicians behaving like politicians, which is never edifying.  
There were also separate Russian agencies involved in the hacking and attempt to subvert the election:
  1. The Russian Foreign Intelligence Service, or SVR, whose hackers operated under the name of "Cozy Bear."  The SVR/Cozy Bear operated out of Moscow and hacked into the DNC as early as 2015.  It did not, however, publicly disclose what it found.  We will call it Rusia's Civilian Intelligence.
  2. The Russian Main Intelligence Directorate or GRU, its military intelligence.  Under the name of "Fancy Bear," its hackers broke into the DNC server and Podesta's system and turned the contents over to Wikileaks.  We will call it Russian Military Intelligence.
  3. The Internet Research Agency (IRA) is a purportedly private Russian company operating out of St. Petersburg that ran Russia's troll farms stirring up trouble both in the US and other countries.  We will call it the troll farm.
Presumably if one goes high enough in the Kremlin, someone was aware of all three operations.  However, to the best of our knowledge, the operating level personnel were not aware of what any other agency was doing.

Keeping these actors and e-mails straight is important to understanding what happened.