Part 2- The TV5 Monde Hack and APT28

In his attribution of the DNC hack, Dmitri Alperovitch, of Crowdstrike and the Atlantic Council, linked APT28 (Fancy Bear) to previous hacks at TV5 Monde in France and of the Bundestag in Germany:

FANCY BEAR (also known as Sofacy or APT 28) is a separate Russian-based threat actor, which has been active since mid 2000s … FANCY BEAR has also been linked publicly to intrusions into the German Bundestag and France’s TV5 Monde TV station in April 2015.

Alperovitch’s identification of these two incidents ought to make them of particular interest for re-examination (CA readers will recall that the mention of Peter Gleick in the forged Heartland memo proved important.)  In each case, including the DNC hack, attribution of the TV5 Monde and Bundestag hacks resulted in a serious deterioration of relations between Russia and the impacted nation – arguably the major result of each incident.

In today’s post, I’ll re-visit the TV5 Monde hack, which took place in April 2015, almost exactly contemporary with the root9B article discussed in Part 1.  It proved to be a very interesting backstory.

The TV5 Monde Hack

TV5 Monde in France is one of the largest international news networks in the world. On April 8, 2015, control over its operations was seized by a group identifying itself as the Cybercaliphate. All aspects of TV5 Monde’s operations were seized.  The scale of the hack was “unprecedented”, described by Trend Micro as follows:

The scope of the attack was unprecedented. Attackers were able to:

  • Completely disrupt broadcasting on all 11 of TV5Monde’s channels.
  • Completely shut down TV5Monde’s internal network.
  • Take control of TV5Monde’s website and social media accounts.
  • Replace content on the website with pro-ISIS statements.
  • Post information on social media accounts purporting to be the names and personal information of the relatives of French soldiers involved in operations against ISIS.

Any one of these actions alone would qualify as a major cybersecurity incident. To have all of these actions occur as part of a synchronized attack puts this incident in a whole new category and takes critical infrastructure attacks to a another level.

The seizure of control of TV5 Monde caused a sensation in Europe – there are many contemporary news reports. This was not the first appearance of the “CyberCaliphate”: they had previously hacked control of US Centcom’s twitter account in January 2015, but the scope of the TV5 Monde hack went far beyond the earlier incident.

Initial Attribution 

April 9 Breaking 3.0

The first technical analysis was by Breaking 3.0. Their article is no longer online, but lengthy excerpts are in a contemporary article, which stated that the attackers came from Algeria and Iraq, using a Java flaw and used pseudonyms NAJAF and JoHn.Dz:

Anti-Daesh hackers have gone up the trail of the attack that paralyzed TV5 Monde and its websites. According to them, the computer at the origin of the piracy is in Algiers. name: NAJAF, nickname: JoHn.Dz. A second computer, located in Baghdad, reportedly participated in the attack. Exclusively for Geopolis, William Raymond, founder of Breaking3.0 reveals the scenario of the attack.

“We started to work with several on this attack, just before 10 pm. We are on the brink since the attack against Charlie Hebdo and the computer attack of 19,000 French sites. We were able to go up the track fairly quickly, “ says William Raymond of Breaking3.0 .

The computer at the origin of the cyberattack is based in Algiers. Name and alias of the pirate: NAJAF, JoHn.Dz. ” Dz as the signature of all the Algerian hackers. The colors of the Algerian flag are found on each page of TV5 hijacked by the cybercaliphate, name they gave themselves, “explains William Raymond.

According to the Breaking3.0 site, the Algerian hacker was reportedly helped by a computer located in Iraq. It would belong to a named Khattab. ” The hacking of TV5 was done via a Java flaw. A fault on a particular computer: that of the social network administrator of the chain or a PC directly connected to the control room. “…

How did this virus enter the TV5 network? The maneuver is disconcerting of simplicity and rapidity. ” It is for a hacker to grab a user’s IP via Skype. One of our sources did it in front of us, on one of our computers to illustrate it.  TV5 journalists like many other media use Skype. Including in their communications with certain jihadists. ”  For Breaking3.0, ‘c ‘ is probably during one of these sessions – recent  –  that the IP address has been stolen, and with it, the identity of the channel network” .

April 9 Blue Coat

Later that day, Blue Coat reported that they had located malware containing references to the same aliases, which was “an adaptation of the Visual Basic Script worm KJ_W0rm”, which in turn was connected to a hacker with the online handle of Security.Najaf, “apparently located in the Najaf province of Iraq”, who was “a prolific poster on the dev-point[.]com forums”:

Blue Coat has no insider information on this intrusion, but we were able to find a piece of malware which, though not identical, matches many of the indicators given in the Breaking3Zero story. Among others, it contains references to the same aliases (JoHn.Dz and Najaf). The md5 hash of this sample is 2962c44ce678d6ca1246f5ead67d115a.

This sample appears to be an adaptation of the Visual Basic Script worm KJ_W0rm, a derivative of the old and widespread NJ_W0rm.
This malware is commonly known by AV tools under the name VBS/Jenxcus. Since this is script-based, the malware is very easy to modify, something which has spawned a lot of modifications.

Jenxcus often occurs in the company of another malware called Bladabindi or NJ_Rat. Unlike Jenxcus, Bladabindi is not a script, but a Windows executable written in .NET. It has an extensive set of features, and can for example take screenshots, steal various online credentials, and download and install more malware.

Bladabindi is possible to create and configure using a publicly available creation tool, making the production of new variants straightforward. This has made it a very popular tool to use in the underground, and it is now one of the dominant malware families, particularly in the Middle East region. Indeed, it has been so common that Microsoft decided to take aggressive action against it. This resulted in the somewhat controversial botnet takedown in June 2014. The legal papers filed with this takedown identify the authors of the Bladabindi backdoor and Jenxcus worm as Naser Al Mutairi (Kuwait), and Mohamed Benabdellah (Algeria). Mutairi reportedly used the online handle njq8, and is presumably the person referenced in the “Credits” section in “our” malware sample. This mention is however likely to be just a shout out to the original author of what essencially now is an open source malware.

If we compare the “Najaf” sample with a regular KJ_W0rm sample, we can see that there are clear similarities. Most differences revolve around how hardcoded parameters are placed in the code…

On the Internet, anyone can claim to be associated with any movement of their choosing. Not only that, they can use whatever tool they want, claim to be totally different people, and generally lie as much as they want to. Because of this attribution is hard, though not impossible. It requires solid data, experience, and often the involvement of law enforcement to do right. Because of this we’ll not make any assumptions about who was behind the intrusion in TV5. However, we can point out some indicators.

The 2962c44ce678d6ca1246f5ead67d115a sample is similar to the VBS script mentioned in the Breaking3Zero article. The script contains the same greetings, mentions the same JoHn.Dz and Najaf.

Security.Najaf seems to match the online handle of a developer apparently located in the Najaf province of Iraq. He is a prolific poster on the dev-point[.]com forums, a forum which has contained a lot of NJ-Rat/Worm-associated material. He is listed as recoder – presumably modifying programmer – in many other malicious scripts. One example is the file with md5 de8e6e14b7e548eda7d4ff33bb3705ad.  In this file, the C&C server is defined to aziza12.no-ip.biz, a domain which also has been used as C&C by Bladabindi malware such as the sample with md5 a5ce6dcb062ceb91a6fce73e99b3514d. This is a DynDNS domain, meaning that there is no domain registration data to look at. However, if we examine the IP history of this domain, we see that it has mapped to a number of IP addresses over time, many of which are located in Iraq. One of these, 178.73.223.9, has also earlier this year pointed to the domain islamstate.no-ip[.]biz.

Blue Coat added a variety of caveats, reminding readers that “IP overlaps can occur for many reasons”, that aliases are inconclusive:

So, does this really mean anything? No, not necessarily. IP overlaps can happen for any number of reasons, and aliases on forums and inside malwares are just text strings. NJRat and its related malware are used by a lot of activists in the Middle East, so their use in this intrusion – if that indeed is confirmed – can not be used as basis for any conclusion.

Security Affairs wrote up the findings of Breaking 3.0 and Blue Coat.

Trend Micro, April 10 and 11

Trend Micro’s April 10 article warned readers of the new power of non-state activists and cybercriminals:

this demonstrates that it’s not just the big states with tremendous resources that can execute devastating attacks. Sophisticated techniques are being adopted by non-state activists and cybercriminals as well. We’ve known this for some time, but this shows how true (and damaging) that can be.

On April 11, Trend Micro published its own analysis of malware used at TV5 Monde, describing it as a variant of VBS_KJWORM.SMA, which they had previously catalogued in Arabic language forums:

A malware that is being tied to the recent cyber attack in France is detected by Trend Micro as a variant of the NJWORM/Kjw0rm remote access Trojan (RAT). This malware (with the MD5 hash of 2962c44ce678d6ca1246f5ead67d115a), which we detect as VBS_KJWORM.SMA, is backdoor that may have been around since 2014.

Our initial analysis showed that VBS_KJWORM.SMA was created by a hacking tool named Sec-wOrm 1.2 Fixed vBS Controller. This is a RAT generator that we detect as HKTL_KJWORM.

It should be noted that the Kjw0rm family is already known to us; in January we had written about this family when it emerged from the NJWORM source code leak. Kjw0rm was found in the Arabic-language section of dev-point.com.

Figure 1. Sample screenshot of the RAT generator “Sec-wOrm 1.2 Fixed vBS Controller”. (SECWORM) Hat tip goes out to the Dev4dz forum

Using data from the Trend Micro™ Smart Protection Network we found that VBS_KJWORM.SMA is observed in at least 12 countries in the past week, including South Africa and India. This is not surprising, since this malware is available in underground forums and can be used by anyone.

This particular malware can be used as a backdoor into the infected system. In addition, the C&C server reportedly used in the attack has been tied to another backdoor, BKDR_BLADABINDI.C. Our investigation leads us to believe the actors behind Kjw0rm and BLADABINDI are the same.

Further information from the Smart Protection Network suggests that other VBS malware variants are currently circulating in the wild. Four separate C&C servers (distinct from those used by NJWORM) were also found. These different samples, in turn, are connected to previous NJRAT/JENXCUS attacks. NJRAT has been tied to DUNIHI attacks in the Latin American region.

Note: The SECWORM malware is a RAT derived from KJw0rm with some modifications and improvements.

Attribution to Russia

Over the next two months, French police carried out an investigation of the TV5 Monde. L’Express stated that they saw a confidential report on the investigation, which was led by ANSSI. L’Express appears to have retained Trend Micro and Fire Eye as consultants for their story. They said that the report identified an otherwise undisclosed an internet address (“precious data”):

Before taking action, the pirates took their time. After penetrating TV5 Monde’s computer system at the beginning of the year, they succeeded in acquiring all the rights, sesame types, to visit every corner of the chain’s internal network, map it, and thus understand how it works . Above all, in its note, the agency details the indices (also called indicators of compromise) left by the assailants during their passage. It also mentions an Internet address from which malicious software was sent Precious data…

L’Express reported that it gave this “confidential information” to Trend Micro, who associated it with banking malware used in Brazil:

L’Express submitted these confidential information to the computer security company Trend Micro. At the end of its investigation, the Japanese company concluded that the malicious program originated from a server located in Brazil. Its owner was based in São Paulo. Several codes are hosted there. “One of them is a banking malware, which has already been used in Spain and Brazil, and it was downloaded in France in March …”, notes Loïc Guézo, head of strategic development at Trend Micro. … [Previous Trend Micro discussion of Brazilian banking malware in May 28, 2013 here]

L’Express also gave information to Nicolas Ruff, another security expert, who told them the “clues left” and “mode of operation” were the same as other cases.

For Nicolas Ruff, another security expert, there is no doubt that the assailants have been operating sophisticated since at least 2010. “The clues left and the mode of operation, he points out, are the same as those found in other” other cases.”

According to L’Express, Trend Micro said that they clues indicated that the attack “could originate” from APT28 (Pawn Storm/Fancy Bear):

Trend Micro came to the same conclusion. “Thanks to the data provided by L’Express, we believe that the attack could originate from a group known as ‘Pawn Storm’.”

L’Express then recounted various hacking incidents associated with APT28, then observing two seeming smoking guns: lines of code in a Cyrillic keyboard and compilation in Moscow office hours:

These various examples, and their direct links with the interests of Moscow, pushed the cyber security company FireEye to deepen its investigations. For this American company, the pirates are linked to the Kremlin and often target opponents of the regime, journalists or military organizations in the United States and Europe. Two further elements support his conclusions: the lines of codes were typed on a Cyrillic keyboard and at times corresponding to office hours in St. Petersburg and Moscow. FireEye baptized the same group by another name: “APT28”.

Here, L’Express has incorrectly conflated FireEye’s analysis of APT28 in October 2014 with the TV5 Monde incident: the Cyrillic keyboard and Moscow hours had already been raised in October 2014 and do not occur in the TV5 Monde hack (as I understand it).   This error was perpetuated in a subsequent article by France 24 :

However, investigators discovered that the computer codes used in the attack were typed out on a Cyrillic keyboard during office hours in Moscow and St. Petersburg, L’Express wrote this week.

L’Express then observed that APT28 had previously targeted media outlets with phishing emails, summarizing (Google translation) that French intelligence had concluded that APT28 was implicated and the CyberCaliphate was a false flag:

The accumulation of these elements creates doubt about the reality of the claim of the CyberCaliphate in the piracy of TV5 World. From judicial sources, the implication of APT28 (or Pawn Storm) seems to be confirmed and the jihadist track, it, moves away. “It could be a lure, as suggested by the experts of the Anssi,” says the director of the channel.

Based on this information from French intelligence, the French government had already taken an antagonistic policy towards Russia, described by L’Express as follows:

Only certainty: relations between France and Russia have deteriorated in recent months. Francois Hollande refused to attend the parade commemorating the victory over Nazism in Moscow on 9 May. And Paris aroused the anger of the Kremlin by suspending the delivery of Mistral ships to Russia against a background of Ukrainian crisis. The Vladivostok first projection and command vessel should have been delivered in November 2014, but still docked in the port of Saint-Nazaire.

Since then, the negotiations between the two countries have changed in nature and only concern the compensation which the French authorities would be prepared to grant. In Le Figaro, the Russian writer and former diplomat Vladimir Fyodorovsky regretted this affair – a reflection of a great danger of historical rupture between Russia and the West: “We are witnessing a sort of return to the cold war.” In the age of the Internet.

June 9 Buzzfeed

On June 9, the renowned technical journal Buzzfeed reported that US security firm FireEye said that the ISIS CyberCaliphate was merely a front for Russian hackers APT28.

Russian hackers posing as the ISIS “Cyber Caliphate” were likely behind the hack of France’s TV5Monde television channel, according to cybersecurity experts who have examined the attack…

But a Russian group known as AT28 may have used ISIS as a cover for hacking, the U.S.-based security firm FireEye told BuzzFeed News Tuesday, after observing similarities in the infrastructure used by the Russian group and the one involved in the TV5Monde attack.

Their conclusion was based  on a stated commonality between the IP block for the CyberCaliphate website and prior APT28 infrastructure:

“There are a number of data points here in common,” said Jen Weedon, manager of threat intelligence at FireEye. “The ‘Cyber Caliphate website,’ where they posted the data on the TV5Monde hack, was hosted on an IP block which is the same IP block as other known APT28 infrastructure, and used the same server and registrar that APT28 used in the past.”

Whereas, in connection with their multi-faceted attribution, Blue Coat had warned that “IP overlaps can occur for many reasons”, FireEye issued no such caveat, leaping from the apparent IP overlap to attribution to APT28. (To my knowledge, FireEye never reported the actual overlapping IP addresses.)

June 10 BBC

On June 10, BBC wrote a short secondary article on the investigation. It was this article which Alperovitch later cited as authority for the link between APT28 and the TV5 Monde hack. It stated:

Jihadist propaganda was posted on the station’s website in April by individuals claiming to represent Islamic State. A police investigation is now focussing on a group of Russian hackers called APT28, according to French media… A judicial source told AFP that investigators were narrowing the search by probing the IP addresses of computers used in the attack.

 June 10 Register

On June 10, the Register summarized the French articles, stating that French investigators now believed that the attack had been carried out by Russian hackers,

However, French investigators announced this week that they believe the TV5 Monde attack was carried out by Russia-based hackers. Sources close to the investigation and TV5 Monde’s president told France 24 that the finger of blame for the megahack pointed towards Russia, confirming a report by French magazine L’Express, which broke the story about new leads in the investigation.

It repeated the falsehood (in respect to the TV5 Monde incident) about Cyrillic keyboard and Moscow hours:

Computer malware and scripts that featured in the attack were typed out on a Cyrillic keyboard and compiled during office hours in Moscow and St. Petersburg.

It stated that attribution to Russian hackers was “supported by findings from security vendors FireEye and Trend Micro”:

FireEye has evidence to suggest that the attack on TV5Monde could have been perpetrated by APT28, a Russia-based APT group it suspects works for the Kremlin. In particular, the Cyber Caliphate website which published leaked information was hosted on the same IP block as other APT28 infrastructure, and used the same name server and registrar that FireEye has seen APT28 use in the past.

FireEye bizarrely associated their attribution with a then current New York Times story about the “troll factory” in St Petersburg:

“We suspect that this activity aligns with Russia’s institutionalized systematic “trolling” – devoting substantive resources to full-time staff who plant comments and content online that is often disruptive, and always favourable to President Putin,” FireEye concludes.

The Register then raised an obvious question not asked in the French articles, but which ought to have been front and center

But what possible motive would Putin crack cyber-squad have for hacking into a French TV network and spewing jihadist propaganda? France and Russia are at loggerheads over the Ukraine but both are equally opposed to the rise of ISIS.

FireEye, the lead promoter of the Russia theory, speculated that APT28 had vandalized TV5 Monde for no reason other than to “test” damage on a media outlet, with the “CyberCaliphate” being nothing more than a fabricated front to conceal their involvement (a wild theory later presumed to be a fact during attribution of Guccifer 2):

Greg Day, VP & CTO EMEA at FireEye, told El Reg that it might be that Russian hackers were testing what type of damage they might be able to inflict on a media outlet (beyond running a standard DDoS attack) against a real target. If this theory is right, then the Cyber Caliphate-theme was there purely to provide plausible deniability.

Richard Turner, FireEye president EMEA, added in a statement that the “APT28 group has been hacking into computer networks for the past seven years using highly advanced and aggressive methods.”

Register quoted L’Express that Trend Micro had characterized the attack as having the “same hallmarks” as APT28 attacks:

Trend Micro told L’Express that the TV5Monde attack has the same hallmarks as the so-called “Pawn Storm” hack against government, media and military agencies in the United States, Pakistan, and Europe. “Pawn Storm” featured spearphishing, watering hole attacks and malware-laced Word documents. Trend blames the whole run of attacks on hackers backed by the Russian government. Pawn Storm has previously targeted Chechen separatists and Islamic extremists in former Yugoslavia, making co-operation between it and islamic hactivists in turning over TV5Monde rather unlikely.

Trend Micro, June 11

The following day (June 11), Trend Micro published a response to L’Express in which it repudiated a firm attribution of the attack to APT28.

Trend Micro stated that they had been asked by L’Express to review indicators of compromise which had been shared with media organizations by ANSSI. Trend Micro’s opinion was that these indicators indicated “an infestation of Sednit malware” but stated that they could not “definitively link the stolen information or compromised accounts from the April attack to this Pawn Storm compromise”:

Yesterday evening French magazine L’Express published a report linking an attack against TV5 Monde very firmly to the Russian state. The attack, which knocked 11 of its global channels off air for a period of time and resulted in a compromised website and Facebook page, took place back in April.

At the time when the attack took place, a group calling itself CyberCaliphate immediately took responsibility for the hack and went on to publish details purportedly of serving French military personnel involved in the struggle against Islamic State or ISIS. The attribution at the time seems simple and immediate; Islamic Extremist motivated hacktivism.

L’Express approached Trend Micro with certain indicators of compromise which had been shared with 43 media organisations by the Agence nationale de la sécurité des systèmes d’information (ANSSI) in France, with a view to uncovering more about the attacker or the motivations behind the attack. These indicators very definitely evidence an infestation of Sednit (also known as Sofacy) malware, associated with the ongoing targeted attack campaigns by the Pawn Storm operators (also referred to as APT28). What they did not do was to definitively link the stolen information or compromised accounts from the April attack to this Pawn Storm compromise. Neither is it possible to state with certainty that the two are *not* related.

Trend Micro then raised three distinct possibilities, one of which was attribution of the “ISIS” takeover to APT28 – which they described as “extremely out of character” for APT28:

Attribution in online crime is complex, more so when there may be nation-state involvement. Trend Micro’s assessment of the current possibilities, with reference to the facts as they stand today leaves us with three possibilities.

1 – We could be looking at two entirely unrelated incidents, a Pawn Storm infestation and a separate hactivist compromise
2 – Perhaps the Pawn Storm group gave attack relevant data to a third party, directly or indirectly to islamic hactivists. While possible, this would seem highly unlikely as we have seen Pawn Storm actively targeting Chechen separatists and Islamic extremists in former Yugoslavia
3 – Finally, the Pawn Storm group carried out a highly visible website, Facebook and TV network compromise (which would be extremely out of character) and used it as a false flag operation to lay the blame at the door of islamic extremists.

Trend Micro rather uncertainly settled on their option 1: two “entirely unrelated incidents”:

While the false flag option is not entirely out of the question, it is at least somewhat out of character of previous operations of the Pawn Storm campaign. My spider senses right now are tingling on option one. TV5 Monde, as a media operation is a target entirely within the remit of the regular Pawn Storm operations and an infestation of Sednit malware there should perhaps not be a surprise at all. The fact that during the time of this Sednit compromise, they were also targeted by Islamic extremist hacktivists, given the contemporary news and political environment in France is perhaps also not surprising.

Attribution online is always complex, sometimes though things can be entirely as they seem.

Discussion

Re-reading the two stages of contemporary articles, the first analyses of malware, linking back to malware known in Arabic language forums, to IP addresses in Iraq and Algeria and to jihadi-sympathizing hackers, are much more specific than the subsequent analyses attributing the hack to APT28, which did not present a single technical detail (hash, IP address etc.) It is also frustrating and troubling that the proponents of APT28 attribution did not discuss and refute the seemingly plausible connections to jihadi sources. It is also troubling that so much emphasis in contemporary discussion of FireEye’s analysis incorrectly associated the Cyrillic characters previously described by FireEye in October 2014 with the TV5 Monde incident.

Second, the confidence of attribution to APT28 was dramatically aggrandized in subsequent reporting, fostered in part by inaccurate original reporting.  Contrary to newspaper reports, Trend Micro did not attribute the seizure of TV5 facilities to APT28. Its assessment was indeterminate, weakly preferring that the seizure was separate from APT28 eavesdropping.

Third, Trend Micro was asked to comment on indicators of compromise by L’Express. One can only conclude from events that the indicators did not include the indicators of compromise considered by Breaking 3.0 and Blue Coat in the original attribution of the attack (or else Trend Micro would have discussed them). It seems implausible that the original indicators were invalid, given how specific they were. So why were these indicators not included in the list given to L’Express and/or Trend Micro?

As a research comment, I began by googling “TV5 Monde hack” and followed various links. I did searches in which I limited dates to contemporary dates. While I located all manner of stories and articles about the Russian hack, the stories about the original attribution to jihadi sources did not turn up in any of these searches. I eventually located the stories through specific searches in the Trend Micro blog, not in a generic Google search. Armed with malware name from Trend Micro, I could turn up contemporary articles. I’m surprised that they didn’t turn up in general searches.

Overall, the presumption that the CyberCaliphate was a false flag created by APT28 to conceal their vandalization of TV5 Monde seems very much unproven, with substantial evidence to the contrary. It seems ludicrous that attribution of the DNC hack should, in any way, be based on such piffle.

 

Update: Jaap wrote in comments”

More information on the TV5 hack in English (based on the ANSSI presentation) is here:
Lessons from TV5Monde 2015 Hack

It gives the timelines, and while it ignores (or doesn’t explain) the attribution of the malware used between 2015-01-23 and 2015-03-17 (which is most fairly common tools and only has pointers to the Middle East) , it does give many other interesting details.

This also allowed to identify a suspicious DLL (ConnectBack.DLL is an arbitrary name) on the active malicious session ran by rundll32.exe and C&C IP. This malicious DLL can then be analyzed to understand in depth what the malware is doing but also identify code similarities with other malwares.

Unfortunately the picture does not show the IP address.

Also (this is about March 2015, perhaps 2015-03-17):

The attacker compromised another administrator machine (Codenamed: ANKOU) which contains the Remote Access Control (RAT) which was used for the sabotage. Prior to this, the attacker also dropped njRAT as a decoy on the system but didn’t run it — ANSSI isn’t sure why.

Upto this time all malware (RAT’s) are those than can be attributed to Islamic hackers with IP adresses in the Middle East.
But apparently this last DLL was found (or also found) and that one is the one that made ANSII conclude it was APT28.
Perhaps that DLL is a version on Xagent? Or was it a more common generic backdoor and the attribution was based on the IP adress used?
Both of these are not clear.

Apparently that information was only in the secret report that ANSII did give to (a.o.) L’Express, which in turn asked Trend Micro for a reaction.

L’Express approached Trend Micro with certain indicators of compromise which had been shared with 43 media organisations by the Agence nationale de la sécurité des systèmes d’information (ANSSI) in France, with a view to uncovering more about the attacker or the motivations behind the attack. These indicators very definitely evidence an infestation of Sednit (also known as Sofacy) malware, associated with the ongoing targeted attack campaigns by the Pawn Storm operators (also referred to as APT28).
What they did not do was to definitively link the stolen information or compromised accounts from the April attack to this Pawn Storm compromise. Neither is it possible to state with certainty that the two are *not* related.

So what we need to establish is exactly what these indicators where. And what was the IP address used for the C&C?
It seems those details were given to no less than 43 media organizations, so one would expect it to be reported somewhere…


794 Comments

  1. Posted Oct 10, 2017 at 2:53 PM | Permalink

    I’m dying. After reading paragraph after paragraph of badly translated quotations (done by Google Translate), reaching about a dozen, I got to this:

    L’Express then observed that APT28 had previously targeted media outlets with phishing emails, summarizing (Google translation) that French intelligence had concluded that APT28 was implicated and the CyberCaliphate was a false flag:

    i don’t speak French so I can’t tell how much the bad translation impacts the meaning of these paragraphs, but I do think this is hilarious. There were about a dozen paragraphs which weren’t noted as having been translated, then suddenly, in-between paragraphs taken from the same source, a note about Google Translation is suddenly thrown in.

    I find it difficult to get past that to look at what this post argues, partially on principle but also partially because I don’t know how phrases like, “De source judiciaire” get translated to, “From judicial sources” which then gets interpreted as referring to “French intelligence.” Maybe that’s right, but given how bad the (mostly unmarked) translations used in this post are, I’m somewhat skeptical.

    Adding to my skepticism is how the first quote in the “Initial Attribution” section is a misquotation. I was able to get the exact same text as used in that quote block with Google Translate, but when I do, there are numerous sentences which I got that were not included. Obviously one doesn’t have to include all text from a source when quoting it, but when you cut out parts of a quotation, you have to indicate such to readers by using things like ellipses.

    I find it incredibly difficult to pay attention to the substance of a post when it does things like use bad translations without informing readers or cuts (significant) portions of quotations out willy-nilly.

    • Follow the Money
      Posted Oct 10, 2017 at 4:43 PM | Permalink

      ““From judicial sources” which then gets interpreted as referring to “French intelligence.” ”

      I expect Steve M. had more French in school than I. But “source judicaire” can mean top source or very good source. And I do not think it unhelpful that Steve chose in his own comment “French Intelligence” over “ANSSI”.

      Is that all?

      • Steve McIntyre
        Posted Oct 10, 2017 at 4:59 PM | Permalink

        Don’t know how much French you had, but I had 5 years of French at school. I’ve also done legal documents in French (as customer not writer). I can read French reasonably, but don’t speak it well. For the purposes of a blog post, I thought that the Google translate was adequate – this isn’t Moliere.

        ANSSI translates to National Cybersecurity Agency. I’m not sure how that would compare to the NSA, but don’t believe that it matters. I think that “French intelligence” captures the right nuance.

        • Follow the Money
          Posted Oct 10, 2017 at 5:36 PM | Permalink

          My expectation, now confirmed, was based on my knowledge that you are Canadian and I am not.

          I know Canadiens anglais (from Alberta and BC) who love to talk about how many years of French they were compelled to take in school. They rave about it. I think they wish they were forced to take even more!

        • Daniel
          Posted Oct 12, 2017 at 4:03 PM | Permalink

          Perhaps as a French I may help in this semantic questions..
          “de source judiciaires” refers to a source close to the police & justice department investigations
          “French intelligence” would refer to either the equivalent of CIA ,NSA or FBI
          “ANSSI” is not really considered as part of the intelligence community; this agency is in charge of overhauling IT security and upgrding cybersecurity in France, first within the public authorities, but also within the private sector. Very different from NSA which is a spionage agency.

        • Steve McIntyre
          Posted Oct 12, 2017 at 4:50 PM | Permalink

          Thanks for this – analogizing to NSA led me astray on this. In US (and even Canada), this is not the sort of incident that would be investigated by a “Department of Justice”, so there seems to be institutional differences in how matters are approached.

      • Posted Oct 10, 2017 at 5:17 PM | Permalink

        Follow the Money, I don’t know how that phrase should be interpreted. What I do know is I wouldn’t interpret the English phrase “judicial sources” as “French intelligence.” If “French intelligence” is how the original French ought to be interpreted in this case, that’s fine. The interpretation given in this post just doesn’t support that. It’s a bad translation though so maybe a good one would.

        I have no problem with people using Google Translate. However, if you’re using a translation, particularly a bad one, you should indicate it is a translation. If the translation you provide is inaccurate/imprecise in regard to a point you want to make (like perhaps in this case), you should note the discrepancy so people can understand why what they read does not match what you come up with. If all you provide is the English phrase “judicial sources,” nobody can see why you say that means “French intelligence.”

        And whether you’re using a translation or not, if you present a continuous quotation with part of the text removed, you need to indicate that removal. That’s a basic principle of using quotations. If you don’t do that, what you provide is a misquotation, not a quotation.

    • pbw
      Posted Oct 10, 2017 at 6:59 PM | Permalink

      “I’m dying.”

      Rumours of your imminent demise are exaggerated.

  2. Posted Oct 10, 2017 at 4:26 PM | Permalink

    Ferreting this information out are true marks of a saga.

    Still very illuminating!

    • Posted Oct 10, 2017 at 4:51 PM | Permalink

      I’m pretty sure you meant sage, as in an experienced investigator.

      I would be as skeptical as Brandon if it were not for so many feints and contradictory expert opinions. It really does seem that this whole enterprise of attribution of cyber-attacks is wide open for confirmation bias (for the committed) to outright chicanery (for the unsavory).

      I like that ‘piffle” and “prattle” are making comebacks.

      • Posted Oct 10, 2017 at 5:21 PM | Permalink

        Ron Graf, what you describe would seem to be a reason for more skepticism, not less.

        • bmcburney
          Posted Oct 11, 2017 at 11:24 AM | Permalink

          Brandon,

          It is indeed a reason for more skepticism regarding the ability of cyber security “experts” to make attributions, their track records regarding attributions and more skepticism regarding media reports concerning those attributions (and, perhaps, more skepticism regarding the “good faith” of Google search results). But I think that is what Ron meant.

          Oddly, you seem to mean the opposite. The worse the narrative/sausage looks being made, the more faith you believe we should place in the results.

      • Posted Oct 11, 2017 at 7:29 AM | Permalink

        Saga is the proper word in my comment.

        Though Steve certainly is a true sage in many ways.

        The journey, Steve undertook and doggedly pursued, was not and is not simple. Given the amount of bafflegab by the less diligent anti-malware agents, coupled with the over-the-top news releases; tracking through this mess and organizing and quantifying facts is a very tough chore.

        Find the detailed information.
        Organize the data by date.
        Identify missing points and locate them.
        Track and correlate different data threads.
        Separate data into directly relevant, not directly relevant and the worst category, facts entwined and buried within bafflegab security claims.

        It is a saga, with vested interests trying to keep preferred views as primary.

    • Posted Oct 11, 2017 at 9:41 AM | Permalink

      ATheok, my apologies. I agree that ferreting out the truth is often a saga.

      Brandon, I am skeptical of surefooted, self-serving cyber attack attributions and thus not as skeptical as you of Steve’s analysis as you are. I hope you agree.

      Last night I watched a few CSPAN discussions on cyber crime by 3 recent authors. All underscored the difficulties in attribution and response. One even pointed out the lack of accurate definition of terms for discussing and reporting, like what exactly one means by reporting an attack by Fancy Bear. Despite this the forum held by the Atlantic Council had one of their panelists, Senior Fellow for the Atlantic Council Laura Galante, assuming Russian attribution for all aspects of the DNC hacks, WL and G2. She was the Director of Global Intelligence for FireEye for 5 years until last March. I found this quote of hers last October before the election:

      In my mind, so many more different factors lead us to make the conclusion that we think Russia behind this activity. If you think about how WikiLeaks is timing their releases, who’s benefiting from it, what information is being exposed — those factors lead us to believe WikiLeaks is in some kind of alignment with Russia. http://www.politico.com/story/2016/10/wikileaks-russia-hillary-clinton-campaign-democrats-229707

      She’s just doing the logical analysis except through her bias, supporting my asserting any picture can be developed that one wants. The author at that forum, Alexander Klimberg (THE DARKENING WEB The War For Cyberspace [2017]), rightly pointed out that the major damage of cyber-attack is that of breaking down trust. Separately it came up that the US government, US media and US institutions in general are polling at all time lows in public trust. I am still holding open the possibility that Russian intelligence put on Russian clown makeup. The thing that still bothers me is why and how did someone choose to bring in Warren Flood.

      • Posted Oct 11, 2017 at 9:47 AM | Permalink

        Sorry I did not end tag the block quote.

        The other two books are, War and Peace in the Information Age by Bill Gertz and Dark Territory (The Secret History of Cyber War) by Fred Kaplan.

        • Posted Oct 11, 2017 at 8:31 PM | Permalink

          After researching these 3 books and also Malcolm Nance’s The Plot to Hack America, all assume that the Russian were behind Cozy, Fancy, G2 and used WL as an information laundromat. There is little forensic analysis. They rely on the US IC’s “high confidence.”

      • Posted Oct 11, 2017 at 10:08 AM | Permalink

        Here is Laura Galante at TED last spring explaining how information operations hack your mind. Her sole focus is on Russia though. It’s 9 minutes.

      • Posted Oct 11, 2017 at 10:09 AM | Permalink

        No apology(s) needed Ron.
        I did not take your comment as negative. Simply as a request for clarification.

      • Posted Oct 11, 2017 at 2:11 PM | Permalink

        Ron Graf:

        Brandon, I am skeptical of surefooted, self-serving cyber attack attributions and thus not as skeptical as you of Steve’s analysis as you are. I hope you agree.

        I rarely find skepticism for one narrative increases my faith in the validity of another. Besides, McIntyre has made numerous errors and false claims. He’s no more reliable a source than the people he criticizes. If anything, I’d say he’s less reliable.

        Heck, he hasn’t even fixed the gross misquotation in this post I pointed out yesterday. If people want to talk about skepticism, I’d say using misquotations and choosing not to address/correct them when they’re pointed out is a good reason to be skeptical of a person’s commentary.

        Steve: I don’t agree that there was a “gross misquotation” in the post. However, there was a missing ellipsis in the first two quotations which I’ve remedied.

        • bmcburney
          Posted Oct 12, 2017 at 9:23 AM | Permalink

          Brandon,

          You say “McIntyre has made numerous errors and false claims. He’s no more reliable a source than the people he criticizes.”

          Please identify the “numerous errors and false claims” referenced above. A top ten list, if there are too many to identify them all.

        • Posted Oct 12, 2017 at 2:58 PM | Permalink

          Steve McIntyre writes in an inline response:

          Steve: I don’t agree that there was a “gross misquotation” in the post. However, there was a missing ellipsis in the first two quotations which I’ve remedied.

          The record won’t show this since inline remarks aren’t timestamped (one of the reasons I’ve criticized using them for non-moderation purposes), but McIntyre only posted this out after I wrote a post to point out he had secretly edited his post to fix an error I pointed out. What happened is this:

          1) The post went live with a misquotation.
          2) I pointed out the misquotation.
          3) The post was secretly changed to (attempt to) fix the error I pointed out.
          4) I pointed out this change had been secretly made.
          5) McIntyre edited one of my comments to add an inline remark which disclosed the change.

          Of course, the public record doesn’t show this given the lack of traceability in McIntyre’s changes. The “fixed” version also isn’t correct. There were three problems with the quotation as originally presented. Only one was fixed.

      • Tom t
        Posted Nov 17, 2017 at 4:08 PM | Permalink

        So there is that name again “The Atlantic Council”. So crowdstrike a firm clossluy associated with the Atlantic Council is making a Russian attribution relying on evidence from another firm FireEye.

        Can we not just say that all the Russian attribution is coming from the violently anti-Russian think tan The Atlantic Council through proxies.

        • Don Monfort
          Posted Nov 17, 2017 at 8:43 PM | Permalink

          You can say that, if you want to blithely dismiss the assessment of the U.S. intelligence services. You wouldn’t be alone here. You are late to the party, but you get theme. Have fun.

        • Tom t
          Posted Dec 13, 2017 at 1:43 PM | Permalink

          U.S. Intelligence services admittedly relied on the analysis of Crowdstrike the Atlantic Council proxy who relied on FireEye the Atlantic Council proxy.

          All roads are leading back to the Atlantic Council.

          If some kids had his Facebook hacked and his messenger conversations with a one night stand sent to his girlfriend an Atlantic Council proxy like CrowdStrke would attribute the hack to Russian intelligence.

        • Tom t
          Posted Dec 13, 2017 at 1:50 PM | Permalink

          Okay had a chance to go back and look at your posts. You are pathetic. You make blanket appeals to authority and no one here gives you the time of day because of how pathetic your argument is. You think that your vapid posts that no one really gives a damn about amount you to winning the argument because you have a complex.

          ‘Its a slam dunk Mr. President’

          CIA director George Tenant to President Bush on Iraqi WMD. Our intelligence agencies have been junk for a long time.

        • Posted Dec 14, 2017 at 7:38 PM | Permalink

          Steve McIntyre’s observation five months ago that Steele’s Trump-dossier, laundered through “trusted” international intelligence sources, prompted surveillance on the Trump campaign, must count as a Sherlock Holmesian display of deduction. Well…if the FBI will finally answer in the affirmative congressman Jim Jordan’s standing query. Until they answer Jordan says he will assume it is so.

          A topic that interests me greatly and which I’ve been meaning to write about: the “fingerprints” of Steele Dossier memoranda can be seen in news stories as early as September 2016 and even late August 2016 then attributed to leaks from the intel community. I’m also convinced that the super-secret intel relied upon by CIA Director Brennan to set Obama administration hair on fire in early August 2016 (as described in June 23 WaPo story) was nothing more than Steele Dossier memoranda. I think that Trump would be tactically wise to declassify and publish everything, thus proving what a cock-up it was. [SM Jul 23, 2017]

        • Posted Dec 15, 2017 at 9:31 AM | Permalink

          Agreed, Ron!

          Except, a quibble about Sherlock Holmesian influence; mostly because Holmes is a Conan Doyle literary invention.

          Consider Steve’s work akin to U.S. Naval Intelligence work prior to the Midway battle; e.g. Lt. Commander Jasper Homes’s “AF” deduction and assessment where he tested the hypothesis with a false message that Midway needed immediate water desalination unit replacement and repair.

          Following the faintest information/misinformation threads Steve, and the example Lt. Commander Homes, recognized and tested initial malfeasance/misinformation patterns.

          Yes, it is classic Sherlock Holmesian storyline framework, but as doggedly applied by excellent Naval Intelligence officers, and their supportive senior officer(s).

        • chris moffatt
          Posted Jan 25, 2018 at 8:37 PM | Permalink

          Don Monfort: not one of those intelligences agancies, most of which didn’t have a dog in this fight anyway, got to see any evidence of a russian breach of DNC servers. The DNC actually refused to let the FBI have access and there was never question of any other agency seeing the so-called evidence. The whole nonsense, and it is nonsense because we know how Wikileaks got the emails (just ask Craig Murray), relies on the “forensic” examination conducted only by CrowdStrike in the space of about two hours.

        • Don Monfort
          Posted Jan 26, 2018 at 12:48 AM | Permalink

          You are clueless, mofat. Read my comments up-thread. Or, not. I know you are lazy, so I I will give you a sample:

          http://foreignpolicy.com/2013/10/15/the-nsas-new-code-breakers/

          “… The NSA, FBI et al. discovered what they determined to be Russian hacking of the DNC back in Summer of 2015. I am guessing they didn’t just pick Russia out of a hat. They continued to monitor the activity and repeatedly warned the DNC up until the time the DNC finally took action and the story became public…”

          Even a very reluctant POTUS Trump came around to accept that the Russians likely hacked the DNC. Admiral Rodgers showed him the evidence. Try to use your head.

        • mpainter
          Posted Jan 26, 2018 at 5:13 PM | Permalink

          “Try to use your head”.

          Good advice. Is Alperovitch a Ukrainian agent? If he is, investors can kiss away their $265 million. It will all come out. Remember, over 90% of the exfiltration occurred with CrowdStrike watching. What a coincidence. I have a feeling that there are Ukrainian fingerprints all over this DNC “hacking”.

        • Don Monfort
          Posted Jan 27, 2018 at 3:25 AM | Permalink

          I say “Use your head.” You say “I have a feeling…”. Nice work.

        • mpainter
          Posted Jan 27, 2018 at 5:25 AM | Permalink

          Alperovitch is connected to Atlantic Council of anti-Russian vehemence, as are the notorious Chalupa sisters. There are other indicators that this organization is a Ukrainian lobby. The Ukraine hated candidate trump, naturally. They have a part in this murky business.

          My theory: Alperovitch set up the DNC for a Ukrainian operation. Thus 90% of the exfiltration after CrowdStrike arrived. The Ukraine is an innocent lamb? Rubbish. The DNC an innocent victim? I doubt that as well. Use your nose. Or don’t. We shall learn the truth later this year.

        • Don Monfort
          Posted Jan 27, 2018 at 1:41 PM | Permalink

          Everybody is entitled to a theory. You serially make up stories that exonerate the KGB Putinskis and blame the Ukrainians. Weird.

          “Thus 90% of the exfiltration after CrowdStrike arrived.” Definitely not provable by you.

        • mpainter
          Posted Jan 27, 2018 at 2:03 PM | Permalink

          And you don would have us believe that the Ukrainians have naught to do with the Democrats and their plots.

        • mpainter
          Posted Jan 27, 2018 at 2:33 PM | Permalink

          Also, your consuming passion against Putin and Russia warps your judgment, imo. Four legs good, two legs bad, you say.

        • mpainter
          Posted Jan 27, 2018 at 5:00 PM | Permalink

          Yes, you vociferate against Russians and Putin and against anyone who does not share your views, calling them names. As above.

          That is why you claim CrowdStrike and Alperovitch are reliable and honest because to admit otherwise exposes your prejudice. And the Ukraine is the innocent victim and not the malefactor against Trump.Your world collapses when the truth outs.

        • Don Monfort
          Posted Jan 27, 2018 at 6:38 PM | Permalink

          You just keep making crap up and ignoring the facts. Ukraine did not invade Russia. I never claimed that Crowdstrike and Alperovitch are reliable and honest. Admiral Rodgers is reliable and honest. That is why he is Trump’s Director of NSA. And your “feeling” that Ukrainian fingerprints are all over the DNC hack is a very foolish feeling. If the Ukrainians are against Trump why would they expose the DNC emails?

          Try to come up with a coherent and logical story. That is all the time I have for your foolishness. Just be very happy and grateful that Trump won. You don’t need to make up a lot of dumb crap to defend him. (Like pretending that the Stalinist KGB dictator Putinski is the good guy.) The big orange fella will get along fine without your blundering blubbering. MAGA!

        • mpainter
          Posted Jan 27, 2018 at 6:47 PM | Permalink

          Now you skitter and slide all over the place. Incoherently. Is Alperovitch honest or not? Which?

        • Don Monfort
          Posted Jan 28, 2018 at 2:14 AM | Permalink

          You stupidly keep pretending that I have relied on Crowdstrike/Alpobitch’s credibility. One of my previous comments:

          “Ron, I don’t care what Alpobitch said. The NSA-FBI warned the DNC back in Sept 2015, that they were being attacked by Russian hackers. The NSA-FBI warned them more times subsequently that they were still being attacked, up to the time the DNC hack became public. Crowdstrike had nothing to do with any of that. The NSA-FBI was monitoring the hacking in real time and they knew where the hacking was coming from. Have you read the Economist article that I have left the link to a couple of times describing the signal intelligence, cryptanalysis capabilities etc. etc. of the NSA and CYBERCOM? Add to that the snooping of the black bag boys. What you people are discussing here is the info handed out by CrowdStrike and whatever tidbits the government has revealed. What use is that? Trump accepts that it was probably Russia. He has access to all the information. What is going on here is called speculation.”

          Stop the clowning. Trump doesn’t need clown’s defending him. He is doing fine, despite his own clowning.

        • mpainter
          Posted Jan 28, 2018 at 2:44 AM | Permalink

          Which, put up or shut up. Honest or not?

        • Don Monfort
          Posted Jan 28, 2018 at 11:28 AM | Permalink

          Innocent until proven guilty. That should burn your shorts.

        • mpainter
          Posted Jan 30, 2018 at 7:48 AM | Permalink

          And so monfort shuts up and investors watch in dismay as their $265 million goes down the tubes. CrowdStrike, Alperovitch, Henry Shawn will be seen as close confederates of the criminal Comey FBI, probably to be indicted themselves.

      • chris moffatt
        Posted Jan 25, 2018 at 8:32 PM | Permalink

        The fact that “fancy bear” has a recognizable thumbprint means that anyone can copy it and implicate “fancy” or any other “bear” they want. It’s the easiest thing in the world to drop a few cyrillic characters in your hacks for instance or mention “felix derzhinsky” – heck the CIA admits to doing this. Once a hack is unleashed it can be copied, reused and modified by anybody with the hacking skills; and that’s a lot of people around the world in and out of government.

  3. pbw
    Posted Oct 10, 2017 at 7:00 PM | Permalink

    “I’m surprised that they didn’t turn up in general searches.”

    No peculiarities of Google searches surprise me any more.

  4. AntonyIndia
    Posted Oct 10, 2017 at 9:20 PM | Permalink

    “In the next post in this story, I’ll follow the story of the C2 malware indicator (176.31.112[.]10]) discovered by root9B in their unwitting investigation of Nigerian bank scams.”
    What happened with this -same IP address- lead?

    Steve: that will be next episode. As I was working on that episode, I noticed the hard-to-find stories on TV5 Monde indicators towards Arabic language hackers that had never been adequately covered.
    .

    • AntonyIndia
      Posted Oct 14, 2017 at 12:02 AM | Permalink

      Other IP addresses found in the Farnborough /NATO hack in 2014-15

      46.19.138.66

      5.199.171.58

      66.172.12.133

      45.64.105.23

      176.31.96.178

    • AntonyIndia
      Posted Nov 7, 2017 at 1:02 AM | Permalink

      IF that next Nigerian scammer episode ever gets written, please consider this tool to authenticate e-mails and avoid phishing, existing and implemented since years: “DomainKeys Identified Mail” https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

  5. AntonyIndia
    Posted Oct 11, 2017 at 1:03 AM | Permalink

    The ~June 10 2015 changed attribution of the 2 months earlier TV5 hack from ISIS to “Russia” seems to originate from the US (FireEye etc).

    Does that sync with changed US-mil perceptions of foo/friend in the Syria-Irak theater?

  6. AntonyIndia
    Posted Oct 11, 2017 at 3:31 AM | Permalink

    FireEye managed yesterday to attribute a hack in the US to a non Russian nation: https://www.fireeye.com/blog/threat-research/2017/10/north-korean-actors-spear-phish-us-electric-companies.html
    Till recently it was same old “the Russians did it”; APT28 seemed to have no fear of FBI /congressional probes and targeted the…. US hospitality sector : https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html

  7. Steve McIntyre
    Posted Oct 11, 2017 at 9:20 AM | Permalink

    Thomas Rid in an influential article on DNC hack in July 2016 used CyberCaliphate in TV5 Monde incident as type case for APT28 using false flag to divert attention – a supposed precedent for Guccifer 2.

    yet a deception operation—a GRU false flag, in technical jargon—is still highly likely. Intelligence operatives and cybersecurity professionals long knew that such false flags were becoming more common. One noteworthy example was the sabotage of France’s TV5 Monde station on 9/10 April 2015, initially claimed by the mysterious “CyberCaliphate,” a group allegedly linked to ISIS. Then, in June, the French authorities suspected the same infamous APT 28 group behind the TV5 Monde breach, in preparation since January of that year. But the DNC deception is the most detailed and most significant case study so far.

    But the attribution of CyberCaliphate incident to APT28 is very flawed and ignores original attribution, complete with hashes and IP addresses, to jihadis in Iraq and Algeria.

  8. Posted Oct 11, 2017 at 1:02 PM | Permalink

    In a Brandonesque assessment of the attribution statement, when “compiled during office hours” features prominently, I’m surprised people haven’t actually died!

    Was it dastardly planning or just luck that cyber trails lead back to Iraq, which just happens to be in the same time zone as Moscow/St Petersburg? If the code had been compiled out of office hours, would that have precluded Russian involvement? Clearly what the need Russians need to do is reset the times of all their computers so office hours are now during the night and that’ll throw a big spanner in the attribution works! If they’re really really smart, they could even use a different time zone!

    • Steve McIntyre
      Posted Oct 11, 2017 at 1:26 PM | Permalink

      time zone information is used opportunistically. There’s pretty overwhelming evidence that Guccifer 2’s computer was in Eastern US time zone. Which is interpreted to mean that he was really in Moscow.

    • Steve McIntyre
      Posted Oct 11, 2017 at 1:31 PM | Permalink

      I took a look at their attribution diagram purely as a statistical exercise. It fits better with Ukrainian or E European office hours.

  9. Jaap Titulaer
    Posted Oct 11, 2017 at 1:53 PM | Permalink

    More information on the TV5 hack in English (based on the ANSSI presentation) is here:
    Lessons from TV5Monde 2015 Hack

    It gives the timelines, and while it ignores (or doesn’t explain) the attribution of the malware used between 2015-01-23 and 2015-03-17 (which is most fairly common tools and only has pointers to the Middle East) , it does give many other interesting details.

    This also allowed to identify a suspicious DLL (ConnectBack.DLL is an arbitrary name) on the active malicious session ran by rundll32.exe and C&C IP. This malicious DLL can then be analyzed to understand in depth what the malware is doing but also identify code similarities with other malwares.

    Unfortunately the picture does not show the IP address.

    Also (this is about March 2015, perhaps 2015-03-17):

    The attacker compromised another administrator machine (Codenamed: ANKOU) which contains the Remote Access Control (RAT) which was used for the sabotage. Prior to this, the attacker also dropped njRAT as a decoy on the system but didn’t run it — ANSSI isn’t sure why.

    Upto this time all malware (RAT’s) are those than can be attributed to Islamic hackers with IP adresses in the Middle East.
    But apparently this last DLL was found (or also found) and that one is the one that made ANSII conclude it was APT28.
    Perhaps that DLL is a version on Xagent? Or was it a more common generic backdoor and the attribution was based on the IP adress used?
    Both of these are not clear.

    Apparently that information was only in the secret report that ANSII did give to (a.o.) L’Express, which in turn asked Trend Micro for a reaction.

    L’Express approached Trend Micro with certain indicators of compromise which had been shared with 43 media organisations by the Agence nationale de la sécurité des systèmes d’information (ANSSI) in France, with a view to uncovering more about the attacker or the motivations behind the attack. These indicators very definitely evidence an infestation of Sednit (also known as Sofacy) malware, associated with the ongoing targeted attack campaigns by the Pawn Storm operators (also referred to as APT28).
    What they did not do was to definitively link the stolen information or compromised accounts from the April attack to this Pawn Storm compromise. Neither is it possible to state with certainty that the two are *not* related.

    So what we need to establish is exactly what these indicators where. And what was the IP address used for the C&C?
    It seems those details were given to no less than 43 media organizations, so one would expect it to be reported somewhere…

    • Jaap Titulaer
      Posted Oct 11, 2017 at 2:04 PM | Permalink

      French TV station apparently hacked by Russians, not ISIS sympathisers

      Greg Day, CTO of FireEye EMEA, told SCMagazineUK.com today that attribution is difficult, and never an absolute certainly, but said that in this case the firm was able to tie the attack to APT 28 by three key factors; the IP address range (used before by APT28) and the server and domain registrar, which were also used by the group in the past.

      “All of those findings indicate that this is tied to APT28,” said Day.

      Doesn’t this simply mean that ALL that they have is that IP address?

      • Jaap Titulaer
        Posted Oct 12, 2017 at 5:19 AM | Permalink

        France probes Russian lead in TV5Monde hacking: sources (Reuters, 2015-06-10)

        U.S. cybersecurity company FireEye, which has been assisting French authorities in some cases, said on Wednesday that it believed the attack came from a Russian group it suspects works with the Russian executive branch. Relations between Paris and Moscow have suffered over the crisis in Ukraine, leading France to halt delivery of two helicopter carriers built for Russia.

        Information about the TV5 attack was published on a website branded as part of the “Cyber Caliphate,” a reference to the Islamic State.
        But the site was hosted on the same block of Internet Protocol addresses and used the same domain name server as the group called APT28 by FireEye and Pawn Storm by Trend Micro, another large security company.

        So the indicators are more than just the IP of the C&C server (at this time I’m just assuming that the C2 IP is indeed part of the indicators in this case), it is (also) the IP address of the Cyber Caliphate site (+ the domain name server for that IP address).

        French authorities distributed a sample of malicious software from machines at the TV network that both FireEye and Trend Micro said originated with the Russian hacking group.

        OK so according to this source they did find software which is also used by APT28. Which then can only have been that DLL, as all other malware (the RAT’s) were variants of well known common tools, adapted by Islamic hackers.

        Trend Micro Vice President Rik Ferguson said it was possible that both the Russians and true Islamic State sympathizers had hacked the network, but the judicial source and FireEye discounted the possibility, citing other evidence.
        Code used in the attack had been typed on a Cyrillic keyboard at times of day corresponding to working hours in St Petersburg or Moscow, FireEye said.

        And there it is again: the allegation that code used in the attack actually contained Cyrillic script… That seems odd. It will not have been in the customized ‘Islamic’ RAT software, so apparently that was contained in that DLL. OR this is a mistake by the reporter and is actually referring to APT28 software in general, as found in earlier attacks.

        A DDL is a compiled binary executable, comments in the original code can’t be detected from that. So the only options are (debugging) texts still left in the DLL.
        An odd oversight, but it does happen. Some variants of APT28 software contain strings with the PDB (program debug) paths, these are mostly in English but at least one contained ‘/Новая папк/’ which translates to ‘/New Folder/’. Even rarer is to find binaries with other strings (let alone with Russian language texts).

        • Posted Oct 12, 2017 at 8:42 AM | Permalink

          What is odd is that the same “mistakes” keep popping up. Same IP address block. Same DNS server. Code containing cyrillic.

          These are all trivial things to fix if a state actor didn’t want to leave fingerprints they know are being used to identify them. What it suggests to me is that these IP blocks and DNS servers are essentially open for use by anyone with the know how and the piece of software with the cyrillic script is available for anyone to hook into their hacking software.

          Let’s assume this “APT28” group did it and Putin has direct links as has been claimed. The TV5 attack cost him political capital and delayed his hardware for what has been claimed to be a stunt. Um okay, maybe he thought it would be good for a laugh and mistakes happened. One might imagine that metaphorical or actual heads would roll as a result though. Then for the same mistakes to happen again?

        • Steve McIntyre
          Posted Oct 12, 2017 at 10:11 AM | Permalink

          Diagnosis of both the German Bundestag and DNC hacks similarly depend on similar supposed “mistakes”. An issue that troubles me (I’m working on a writeup) concerns the X-Tunnel software used in both Bundestag and DNC hacks. The Bundestag hack was linked to APT28 through an IP address associated with APT28 which was hard-coded in the text and recoverable – a “mistake”. Curiously, the X-Tunnel software was not part of previously known APT28 repertoire and uncommon in subsequent. The software is also very large and very noisy – uncharacteristic of APT28 techniques as described in surveys. More on this – it’s very much at the edge of my technical knowhow. Attribution of the Bundestag hack to Russia caused deterioration in their relations.

          Even more curiously and perhaps strangest of all, this blown software re-appeared in the DNC hack almost verbatim.

          As we’ve discussed, the diagnosis of Guccifer 2 commences with “Russian” metadata that did not arise organically through the copying/uploading of documents, but required intentional insertion of the contents of a “clean” Word document into a template which had been whiskered, then saving and making public the document with “Russian” whiskers.

          For a supposedly covert operation ordered by Putin himself, it’s ludicrous – a point that Jeffrey Carr has made.

          In all three cases, the main result was deterioration of relations between target country and Russia. Almost makes one wonder whether these blown softwares might have been used by someone with that objective in mind.

        • mpainter
          Posted Oct 12, 2017 at 9:41 AM | Permalink

          DaveJR, good point.

          If one examines this from the “who benefits” viewpoint, one finds no benefit accruing to any party. Indeed, this bears aspects of a teenage prank. I see no benefit to Russia even if there had been no repercussions.

          It is conceivable that this was a CIA operation designed to injure Russia. If so, it succeeded. Or a Ukrainian. Or some other malafactor with a grudge against Russia. Russia is one which got injured in this affair..

        • Steve McIntyre
          Posted Oct 12, 2017 at 10:14 AM | Permalink

          Alperovitch is a twitter follower of several Ukrainian hacking groups, but not (say) Wikileaks. His family came from “Russia”, but his name appears to be (from my inexperienced and quick look) from Ukraine/Belarus part of eastern Europe (based on Ellis Island landings in early 20th century.)

        • Steve McIntyre
          Posted Oct 12, 2017 at 9:46 AM | Permalink

          it’s hard to be sure when we’re trying to understand a very technical point through the prism of hurried newspaper reports. This article appears to be after the Trend Micro article. From the newspaper article, it sounds like they’re saying that APT28 continued to use software containing the Russian text artifact. Entirely possible. Also possible that misreported.

          What is entirely unclear is why they attributed the CyberCaliphate incident with the APT28 malware rather than the Arabic language malware which had been identified in original reports? If both malwares were present, the incident is far more consistent with CyberCaliphate precedents than APT28 precedents.

          I’m not saying that the FireEye diagnosis is “wrong”, only that there is a very plausible alternative and that the attributions failed to discuss this alternative.

        • Posted Oct 12, 2017 at 11:47 AM | Permalink

          While it’s conceivable that APT28 would leave the same or similar fingerprints, I think it’s inconceivable this group could possibly still be working for the Russian state, or indeed anywhere where the Russian state would have easy access to them.

        • Posted Oct 12, 2017 at 12:22 PM | Permalink

          Although I suppose it is conceivable that Putin is deliberately courting enemies to bolster support at home. That doesn’t seem like a very feasible scenario though.

        • Jaap Titulaer
          Posted Oct 12, 2017 at 1:50 PM | Permalink

          This post was lost in moderation, so I had to split it into two

          By the way I said:

          Even rarer is to find binaries with other strings (let alone with Russian language texts).

          That is usually true for malware. But some do contain strings.
          What is indeed odd is that updated (recompiled) versions of a know malware binary are continued to be used with the same strings. That would be fine for small and common strings, but what about those that are very easy recognizable… Wouldn’t that alarm every virus scanner?

          An example for this is the X-Tunnel which was found in the German Bundestag attack as well as at the DNC.
          Apart from “176.31.112.10” some strings are “is you live?” (…) and something with “Xtunnel” or “XAPS” in it (respectively the name of the tool and the latter the name of the project; the last one only seen when they forget to exclude the debug stuff)… There are other strings but most are rather common.

          Note that X-Tunnel is so ‘big’ because it uses Open-SSL which is included inside the executable, instead of depending on an external DLL.
          Also they use code obfuscation since July 2015 at the latest (see ESET Part 2 on Sednit). That also makes the binary a bit bigger. This is only done to the X-Tunnel code, not the included libraries (such as Open-SSL) and (oddly enough) also not to the strings.

          In the Bundestag attack it (X-Tunnel) was the only binary which can be linked to APT28 and also the only non open source one (see Netzpolitik article).

          For the DNC attack CS reported tools:
          APT29 COZY BEAR – SeaDaddy
          APT28 FANCY BEAR – X-Agent
          APT28 FANCY BEAR – X-Tunnel

          And CS said:

          At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other.

          CS does not list 176.31.112.10 among the IP addresses in that report (or at least the current version of it).
          It lists several others, and I see no overlap with the C&C lists for these tools by ESET.

          To be continued …

        • Jaap Titulaer
          Posted Oct 12, 2017 at 1:50 PM | Permalink

          … continuation

          But TIME reported:

          CrowdStrike also found the other group of hackers, Fancy Bear, was sending command and control instructions from a server with an Internet Protocol (IP) address of 176.31.112.10. This was the same IP address that was linked to command and control of an attack against the German parliament in 2015.

          And Thomas Rid said:

          One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers.

          If true that would be quite odd, because that IP address 176.31.112.10 was reported in May 2015 and has been BLOCKED since!
          For this see comment section by the hosting provider on the article by Netzpolitik linked above.

          Crookservers sagt:
          20. Juni 2015 um 02:25 Uhr

          We had received 1st abuse report about the IP 176.31.112.10 on 20th May 2015. IP 176.31.112.10 had been reported to be a Command & Control for APT-28.

          We immediately suspended the service on 20th May 2015. We had also requested our client information about the criminal activity and we never received a response. We’re ready to provide any information we have to law inforcement agencies.

          So obviously it can’t be used for C&C anymore after that date!

          Perhaps some reporters misunderstood CS? And that IP address was just hard-coded in the executable for X-Tunnel, but no longer used?
          Even so why would APT28, who only arrive at the DNC in April 2016, still have that IP address in it’s X-Tunnel binary, when it couldn’t be used anymore for a year?
          Just to ease detection? /sarc
          They go as far as using code obfuscation, which is only useful in case they often recompile & redo that. So they do that yet leave this by now very well known string “176.31.112.10” in their executable?

          Questions, questions.

        • Steve McIntyre
          Posted Oct 12, 2017 at 4:43 PM | Permalink

          The string “176.31.112.10” is very troubling from an analysis perspective for precisely the reasons that you state. Thomas Rid was first to report in twitter on July 8 saying that he located the string in hashes reported by Crowdstrike. I presume that Rid was given a copy of the malware to test? Or can it be located in public library from hash?

          It’s also odd that Crowdstrike didn’t report something so obvious. Almost like they were leaving it for someone to find independently.

        • mpainter
          Posted Oct 12, 2017 at 2:27 PM | Permalink

          Thanks Jaap Titulaer, this gets evermore tangled. Is it possible that those who utilize this malware are simply unaware of these quirky “fingerprints”?

          Sloppiness or deliberate miscues?

        • Jaap Titulaer
          Posted Oct 12, 2017 at 4:01 PM | Permalink

          I think we can exclude sloppiness. This is what they know. This is what they these people do, every day.
          If this X-Tunnel binary is really from the group associated with APT28, then they would not redeploy an outdated version ‘by accident’, surely?

          Of course one could assume that APT28/Fancy Bear/Sednit (etc) doesn’t care.
          That can work assuming they have a way that X-Tunnel knows where to get a good IP address for its C&C when the hard-coded one isn’t responding. That would still be very odd, because it is very easy for them to change the IP address to one that works and then simply recompile. In April 2016 it was almost a year ago that the old C2 IP stopped working in May 2015; surely even when they are lazy they will have recompiled at least once in the meantime ?!

          So I see three options (with a few variants 🙂 ):

          1. Re-use of an X-Tunnel binary by another group (not APT28)
          but that only works when that group knows how to use the binary by changing the C&C IP, say by overwriting in memory or by using startup parameters. Otherwise it is misdirection and we have option 2b below.

          2. Misdirection (by either APT28 or another group)
          2a. Misdirection by APT28 – unlikely but say they really want to be found, so they reuse an outdated binary in order to … ?
          2b. Misdirection by another group (not APT28), like say a state or non-state entity who likes to make people mad at Russia or to drive a wedge between them and the US.

          3. CrowdStrike lied (with two sub-options)
          3a. CS lied about the time of infection; this binary is really from APT28, but it was present at the DNC since May or June 2015, not since April 2016 as they (CS) claimed
          3b. CS lied. There was no hack by APT28 at all, instead they (CS) deployed this binary to make it look like it was.

          IMHO 2a is very unlikely, what would be their motive?

          Options 1 and 2b mean that there was a malware binary, but it wasn’t APT28 and hence unlikely to be ‘The Russians’ (as in Russian government).
          Option 3b also means that it wasn’t ‘The Russians’.

          Option 3a still means that CS has some explaining to do, because they were quite adamant that APT28 did not enter the DNC before April 2016. Also do we have any evidence for a leak or hack before April 2016? I guess it is possible, but at this moment I’m not buying it.

        • Steve McIntyre
          Posted Oct 12, 2017 at 4:47 PM | Permalink

          +1

          Another oddity is that X-Tunnel does not seem to be part of the usual APT28 repertoire, which (according to my novice understanding) used X-Agent/Chopstick for exfiltration. Also X-Tunnel appears to be re-written from Chinese malware.

        • Steve McIntyre
          Posted Oct 12, 2017 at 9:52 PM | Permalink

          In Dec 2014, PWC observed:

          Searching for other code using this function [Sofacy] we found that the code used in the Sofacy phishing page is in fact identical to that posted in a blog by a group of Kurdish hackers called H4KurD-TeaM [3] in 2009:
          http://zul-everything.blogspot.co.uk/2009/09/phishing-yahoo-special.html

          Seems an interesting provenance for code used by major Russian hacking group.

        • Posted Oct 12, 2017 at 5:27 PM | Permalink

          I think it’s worth pointing out that x-tunnel appears to do many things. While the IP address might be important for some functions, it seems likely others don’t require it.

          It still looks to me like it’s simply being repurposed by talented amateurs who simply do not care about hardcoded IP addresses or cyrillic characters, only that it carries out the functions they require.

        • mpainter
          Posted Oct 12, 2017 at 5:39 PM | Permalink

          DaveJR, so you think “sloppy amateurs”. CrowdStrike says its [sloppy] Russians.
          And again we are asked to believe that Russian intelligence is operated by clumsy goofballs.

        • Posted Oct 12, 2017 at 10:54 PM | Permalink

          Jaap, very nice analysis. You say:

          3. CrowdStrike lied (with two sub-options)
          3a. CS lied about the time of infection; this binary is really from APT28, but it was present at the DNC since May or June 2015, not since April 2016 as they (CS) claimed
          3b. CS lied. There was no hack by APT28 at all, instead they (CS) deployed this binary to make it look like it was.

          IMHO 2a is very unlikely, what would be their motive?

          If the Clinton campaign was aware of the Fusion GPS research that claimed Trump was compromised by Putin before June 10 there was a huge motive by the June 12 Wikileaks announcement to set up an active operation to blame the leaks on Russia/Trump rather than a pro-Bernie DNC leaker. There is also the potential that the Trump-Russia collusion intelligence was manufactured by Clinton request after June 10.

          I agree this is unlikely by the sheer degree of conspiracy required by Clinton-DNC-CS. But if Russia truly was present with Cozy Bear conducting a standard computer network exploitation (CNE) without intent on leaking all CS had to do was add Fancy Bear to create a plausible explanation for the crazy Guccifer 2.0 leaker. The fact that CS broadcasts that FB only ex-filtrated the Trump opposition research document and G2 displays it as “Doc1” the next day on his debut conveniently connects G2 to the hack. G2 shows unique knowledge that the WL announcement was regarding the DNC files, not the Clinton server as falsely reported by the media. But G2 shows no possession of DNC documents beyond Doc1 despite inaccurately waving many labeled such. Perhaps CS found a second network incursion but is was not FB but an insider, a leaker.

          If the Trump dossier is true that a presidential candidate colluded with a national adversarial state to run an active operation on his presumed opponent it’s the biggest scandal of US history. If the dossier is false and was part of an active operation by a presidential candidate to frame an opponent through a cyber avatar personality that would be an even bigger scandal due to the enhanced degree of conspiracy. If the later were the case it would defame America thus pulling the US IC in plausibly as conspirators after the fact to suppress that possibility. But there is precedent for that. The Nixon WH was cleared by the FBI investigation into Watergate burglary. Then a few reporters cracked the case but with the help of an anonymous insider, the deputy director of the FBI. His identity was kept secret until his death decades later, which obscured the fact that the FBI investigation had to be corrupt. (But not for love of Nixon.)

          Adding to the circumstantial evidence is Assange’s $20,000 reward for Seth Rich murder solution posted 3 weeks after the DNC doc release and the presence of Imran Awan and his team having access to the DNC network during 2016.

        • Posted Oct 12, 2017 at 11:54 PM | Permalink

          Steve McIntyre:

          In Dec 2014, PWC observed:

          Seems an interesting provenance for code used by major Russian hacking group.

          It’s important to note the code in question is just code used for the front-end of an effort, a web page. That code’s purpose is to get people to click on a malicious link. The link would direct them to a fake login page for Yahoo. If the person put in their account information, the hacker would be able to steal it.

          if you want to create a simple phishing page to bait people into clicking on links to fake pages to steal their password, there is little reason to write your own code. Tons of people have made phishing web pages already, and the code used is quite simple. Why not copy someone else’s work when creating your own front-end web page? It’s not like you’re going to come up with something better than what everyone else has already come up with.

    • Steve McIntyre
      Posted Oct 14, 2017 at 1:31 PM | Permalink

      thanks for this reference and for your insightful comments. very helpful

    • Steve McIntyre
      Posted Oct 14, 2017 at 1:41 PM | Permalink

      On a separate issue, ANSSI described the steps required to investigate an attack, including all the service logs.

      ANSSI describes they collected ~300GB of compressed logs for network logs (TACACS), Internal wiki logs (Apache logs), Firewall logs (ASA), Windows logs (Active Directory, Desktops & Servers) — in addition of ~13TB copy images of harddisk, memory (RAM) and embedded devices of the main target of interests.

      ANSSI rightly focuses on the importance of the logs collection but also on memory forensics part which is very important in such scenarios to keep a frozen state of the infected or machines of interested but easily allows to retrieve information such as the quick-wins described above.

      On March 31, 2015, about 10 days before the TV5 Monde attack, Cheryl Mills talked to Platte River Networks about the destruction of backup of the Clinton server (including server logs). Mills and Clinton have argued that they produced all the non-personal emails, but were never pressed on server logs. Comey whitewashed the situation, saying that there was no evidence that the Clinton server had been hacked. “No evidence” because all the server logs had been destroyed. Comey ignored the obstruction of justice.

      • Posted Oct 15, 2017 at 10:50 AM | Permalink

        While I am inclined to tweak you on your misrepresentation of what ANSSI actually said, I find this much more troubling:

        Comey whitewashed the situation, saying that there was no evidence that the Clinton server had been hacked. “No evidence” because all the server logs had been destroyed. Comey ignored the obstruction of justice.

        The FBI reported examining the server logs you claim had all been destroyed. Are you saying the FBI not only lied but fabricated specific details about the server logs? That seems a bit far-fetched.

        • Steve McIntyre
          Posted Oct 15, 2017 at 11:02 AM | Permalink

          We know that Platte River destroyed backups subsequent to their discussion with Cheryl Mills. Can you give me a link to the FBI statements that you cited. There are numerous pieces of hardware involved. If the server logs were not destroyed, I’ll correct any mistake.

        • Posted Oct 15, 2017 at 12:33 PM | Permalink

          Steve McIntyre:

          We know that Platte River destroyed backups subsequent to their discussion with Cheryl Mills. Can you give me a link to the FBI statements that you cited. There are numerous pieces of hardware involved. If the server logs were not destroyed, I’ll correct any mistake.

          “We” do not know anything of the sort. I’m not even sure what you’re talking about. I have seen no evidence Platte River Networks (PRN) deleted any “backup of the Clinton server.” Some time in March, 2015 a PRN employee deleted an e-mail account and data files which had been used to export e-mails so as to give them to Clinton’s staff (to prepare their response to the request for Clinton’s e-mails). Neither of those was a backup of a server.

          If what you say is true, I have seen nothing to indicate it. I certainly haven’t seen anything which would justify saying I know it is true. Quite frankly, I can’t imagine it would be true.

          As for the FBI having server logs for the Clinton server, it was widely reported back in March, 2016 that the guy who set up Clinton’s server had provided the logs to the FBI. As one example, here is an article by The New York Times. Server logs were then in the official July, 2016 FBI report on the investigation into Clinton’s e-mail server. Included in this report is a discussion of how a review of IIS logs were used to figure out an e-mail account on Clinton’s server had been broken into. That would have been impossible if the server logs had all been destroyed like you claim.

          I have no idea where you’re getting your ideas from, but the only person who “knows” any of this seems to be you.

        • Steve McIntyre
          Posted Oct 15, 2017 at 6:21 PM | Permalink

          Brandon, I think that you’d benefit from avoiding some of the extraneous editorializing.

          The New York Times article states that, according to anonymous sources, Pagliano “provided agents the security logs”. However, at the time, Pagliano had been interviewed by FBI once (Dec 22, 2015) and the FBI notes to that meeting (which I carefully reviewed) do not state anywhere that Pagliano had turned over server logs to them. My take is that the New York Times article was inaccurate on this point.

          Your second argument is:

          Included in this report is a discussion of how a review of IIS logs were used to figure out an e-mail account on Clinton’s server had been broken into. That would have been impossible if the server logs had all been destroyed like you claim.

          I’ve shown an excerpt from page 29 of the FBI report, which, as I read it, describes a review of Internet Information Services (IIS) weblogs, not server logs from the Clinton server. If I’ve misunderstood this, please clarify.

          A point that I hadn’t noticed and doesn’t seem to have been widely discussed: this paragraph of the FBI report states that an email account on the Clinton server was “compromise[d]” on (at least) one occasion.

          The FBI report directly states that they were not able to recover all of the server equipment and they lacked complete server logs for the relevant period.

          So, after review, I do not agree that either of your points invalidate my conclusion that there is evidence of obstruction of justice, though both points were relevant.

        • Posted Oct 15, 2017 at 12:44 PM | Permalink

          As a follow-up to my previous comment, I should point out it’s not just the idea expressed in this sentence:

          On March 31, 2015, about 10 days before the TV5 Monde attack, Cheryl Mills talked to Platte River Networks about the destruction of backup of the Clinton server (including server logs).

          Which I am confused by, The date confuses me as well. I can’t find any evidence Cheryl Mills talked to PRN on March 31. As far as I know, the last contact had been March 25. The PRN employee who deleted Clinton’s e-mails testified he had deleted those e-mails by March 31. That would make the claimed sequence of events: Cheryl Mills talked to PRN on the 25th, a PRN employee deleted Clinton’s e-mails, Mills then talked to PRN again after which PRN then deleted a backup of the Clinton server (including server logs). That seems implausible.

          Also, the phrase “were then in the official July, 2016 FBI report” in my last comment is obviously missing the word “used.”

          Steve: I mistakenly said March 31, when I should have said March 25. The events are descibed in CA post here. No need to hypothesize elaborate alternative chronology.

        • Steve McIntyre
          Posted Oct 15, 2017 at 1:45 PM | Permalink

          Brandon, I wrote dates from memory and got mixed up between 25th and 31st. My understanding of events described here https://climateaudit.org/2016/11/04/the-destruction-of-huma-abedins-emails-on-the-clinton-server-and-their-surprise-recovery/

          Your link to NYT article stands strongly against my claim about server logs. I’ll have to review my earlier post and see what my basis was and if inadequate, will correct.

          Steve: I;ve commented on this in a separate comment.

        • Posted Oct 15, 2017 at 3:42 PM | Permalink

          Steve McIntyre:

          Brandon, I wrote dates from memory and got mixed up between 25th and 31st. My understanding of events described here https://climateaudit.org/2016/11/04/the-destruction-of-huma-abedins-emails-on-the-clinton-server-and-their-surprise-recovery/

          That blog post seems to mostly refer to the deletion of e-mails from server backups, not the deletion of entire backups. It does say:

          The wiping and bleaching of the Clinton server and backups can be conclusively dated to late March 2015.

          Which may imply a conflation of deleting e-mails from backups (because those e-mails weren’t supposed to have been stored in the first place) and deleting backups as a whole. That’s the only thing I saw in the post which might conflate the two concepts though. I definitely didn’t see anything said about server logs being missing. It seems your current understanding may differ materially from your previous one.

          On the upside, that post’s references to and quotes from 302s made me review the documents released by the FBI on this matter. When I did, I found out there was in fact a conference call on the 31st in addition to the one on the 25th.

        • Steve McIntyre
          Posted Oct 15, 2017 at 6:32 PM | Permalink

          in making my comment, I was relying on memory and there is a risk of conflating email backups (which I documented closely in my post) and server logs (which I didn’t). Nonetheless, there are gaps in the server logs. I’m satisfied that my substantive point is right, though the precise timing would need to be crosschecked as I did with email backups.

        • Posted Oct 16, 2017 at 1:16 AM | Permalink

          Steve McIntyre:

          in making my comment, I was relying on memory and there is a risk of conflating email backups (which I documented closely in my post) and server logs (which I didn’t). Nonetheless, there are gaps in the server logs. I’m satisfied that my substantive point is right, though the precise timing would need to be crosschecked as I did with email backups.

          You explicitly stated all server logs had been destroyed so claimed there was “no evidence” Clinton’s server was hacked were something (left rhetorically undisclosed). You then implied this was a form of obstruction of justice, which James Comey whitewashed. However, the evidence does nothing to indicate any server logs were destroyed. I cannot imagine how you believe your “substantive point is right” given that. What, exactly, was your “substantive point” that remains true even if server logs were never destroyed?

          The New York Times article states that, according to anonymous sources, Pagliano “provided agents the security logs”. However, at the time, Pagliano had been interviewed by FBI once (Dec 22, 2015) and the FBI notes to that meeting (which I carefully reviewed) do not state anywhere that Pagliano had turned over server logs to them. My take is that the New York Times article was inaccurate on this point.

          As I stated, this story was widely reported at the time. Your claim would require not only the New York Times being wrong, but also the Washington Post, CNN and dozens of other organizations which made the same reporting. Your sole basis for claiming so many groups got this wrong seems to be the lack of FBI notes of an interview in which Pagliano turned over these logs.

          That is non-dispositive, however, as turning over the logs would not require an interview. I’ll note there is no record in the interview you cite of Pagaliano being given immunity. Clearly, the FBI notes don’t provide a full picture of what all happened during the investigation (hardly surprising as Pagliano would have talked to people other than FBI agents). There is no reason to think the FBI 302s would have shown a record of something like Pagliano having his lawyer go to the FBI and turn over files. That’s not what 302s are for.

          I’ve shown an excerpt from page 29 of the FBI report, which, as I read it, describes a review of Internet Information Services (IIS) weblogs, not server logs from the Clinton server. If I’ve misunderstood this, please clarify.

          As a note for clarity, I assume you mean “web logs” rather than “weblogs” as a weblog is a blog. As for IIS logs, I don’t understand what distinction you are trying to draw here. There is no single, special thing called a “server log.” Server logs are whatever logs a server creates. They can be created by the operating system, services installed on the server (such as IIS) or even created by something like a homebrew script an admin wrote.

          For a Microsoft Exchange server like this, IIS logs are what one would want to examine to look for signs of an intrusion. How confident one could be in saying no attack succeeded would depend on what kind of information the server was configured to log and how many of the entries that got logged were still available (as opposed to being deleted/lost for a variety of reasons, including to save space).

          So, after review, I do not agree that either of your points invalidate my conclusion that there is evidence of obstruction of justice, though both points were relevant.

          Could you clarify what server logs you think were destroyed? Could you clarify why you think the destruction of those logs should discredit claims there is “no evidence” Clinton’s server was hacked? Could you clarify how this supposed destruction of server logs shows there was obstruction of justice? You say you believe your substantive points remain valid, but I can’t see any basis for any of those three claims.

          A point that I hadn’t noticed and doesn’t seem to have been widely discussed: this paragraph of the FBI report states that an email account on the Clinton server was “compromise[d]” on (at least) one occasion.

          I find it strange you say this without noting I referred to that exact incident. If someone brings up an example and you then discuss that example, it seems appropriate to refer to what they said in some way.

        • Posted Oct 16, 2017 at 1:34 AM | Permalink

          As a quick note, I should point out I make no claim as to whether or not Pagliano actually did turn over server logs as reported. If one wishes to believe many organizations reported on this matter incorrectly, that would change nothing in my eyes. Pagliano set up a Microsoft Exchange server for Hilary Clinton. The type of logs one would expect to exist for an Exchange server are IIS logs. The FBI reports examining IIS logs and provides specific detail taken from them.

          Unless one wishes to believe the FBI lied then fabricated at least one specific example, the only conclusion is the FBI had server logs for Clinton’s server. Whether it got the logs from Pagliano as reported or obtained them in some other ways seems irrelevant. What matters is the server logs not only exist but were examined by the FBI.

          There might be some interesting questions to ask about what the IIS logs were configured to capture, how reliable that information would be in establishing if a hack was successful or if entries in the logs were ever lost/deleted (which could happen for a number of reasons). What there doesn’t appear to be is any reason to claim the logs were all destroyed, that such a destruction discredits claims there is “no evidence” the server was hacked or that such a destruction indicates people were guilty of a felony which Comey ignored.

        • MikeN
          Posted Oct 16, 2017 at 9:57 AM | Permalink

          ‘No evidence the server was hacked’ tends to get switched to ‘FBI said the server was not hacked.'(not here)
          There were intrusion attempts. At one point they shut down the server to stop an attack. I agree there is no solid evidence the server was hacked. However, I think her being the Secretary of State a prominent target, combined with what appears to be general incompetence by the IT team, is weak evidence she was hacked. I add to that the new discovery that e-mails from DNC are ramping up starting with Hillary’s first e-mail on April 19, though there is the possibility this is a result of a search for Hillary’s e-mail in the total archive. Also, having the server in Chappaqua under Secret Service guard is one thing, but having it or backups in a bathroom closet isn’t very secure for a high profile target. Marc Perkel wrote that she was using a private spam filter so third parties had access to her e-mail(I’m guessing the IT staff of Platte River did as well).

        • Posted Oct 16, 2017 at 4:23 PM | Permalink

          MikeN:

          There were intrusion attempts. At one point they shut down the server to stop an attack. I agree there is no solid evidence the server was hacked. However, I think her being the Secretary of State a prominent target, combined with what appears to be general incompetence by the IT team

          Based on what Pagaliano describes having done, I can’t say I see any indiciation of “general incompetence by the IT team.” Could you explain what gave you that impression of them?

          Marc Perkel wrote that she was using a private spam filter so third parties had access to her e-mail(I’m guessing the IT staff of Platte River did as well)

          You say this like it is surprising, but I don’t see why it would be. Companies like McAfree are trusted to provide anti-virus software used on computers for government employees all the time. Given that, why would it be remarkable for Clinton’s server to use McAfee’s spam filtering e-mail? The server wasn’t supposed to have confidential material on it, so what is the problem here supposed to be? The risk of third-party access seems commensurate with the sensitivity of the information that was supposed to be present.

          (Of course, confidential material being on the server would make that judgment wrong. However, confidential material should not have been on the server. I can’t fault the security assessment of a server based on people using the server for things they aren’t supposed to.)

        • MikeN
          Posted Oct 17, 2017 at 1:47 PM | Permalink

          You’re right Brandon, I am conflating two different things here. If it is OK for third parties to have access to her e-mail, then why does it matter if it was hacked by Russia or if she used State e-mail? That was a political argument she was denying, but not the technical argument you are doing here.

          The idea that I’ve turned off the server for some time to shut off hacking attempts, with no apparent followup is my first impression of incompetence. I’m not familiar with Pagliano’s technical qualifications, but I may have been thrown off by Clinton shenanigans- his employment at State was a political hire.

        • MikeN
          Posted Oct 17, 2017 at 6:57 PM | Permalink

          E-mails to and from the Secretary of State will presumably have classified or confidential material. The items which were not supposed to be there are the even higher security items that should not have gotten to her e-mail, private server or State Department server.

        • Posted Oct 17, 2017 at 7:53 PM | Permalink

          MikeN, I’m sorry, but your comments indicate you have too poor a grasp of this topic for it to be worth having a discussion. I don’t mind a lack of knowledge from people, but when they combine their ignorance with a certainty of their correctness, it’s a waste of time.

        • Posted Oct 17, 2017 at 9:54 PM | Permalink

          Brandon, I can’t believe you said that to MikeN. I read his comment as perfectly sensible (and polite, BTW).

          Former Bill Clinton aid Justin Cooper originally set up the personal Clinton server. He is the only one who did not take the 5th and gave congressional testimony. He is the one who would notice the unusual activity on the server and would pull the plug. After doing this on several occasions he suggested they hire professionals. That turned out to be Pagliano and PRN, who kept the server in their bathroom.

        • MikeN
          Posted Oct 18, 2017 at 12:25 AM | Permalink

          I said you are right, and you declared me ignorant. Fair enough.

        • Posted Oct 18, 2017 at 4:46 AM | Permalink

          Ron Graf:

          Former Bill Clinton aid Justin Cooper originally set up the personal Clinton server. He is the only one who did not take the 5th and gave congressional testimony. He is the one who would notice the unusual activity on the server and would pull the plug. After doing this on several occasions he suggested they hire professionals. That turned out to be Pagliano and PRN, who kept the server in their bathroom.

          You should go back over the facts of what happened. For instance, Pagliano had nothing to do with PRN except for when he helped transition the server he set up to their network.

          To summarize, Cooper had set up a server initially, then Pagliano was brought in to migrate things to a new server so the setup would be better. Pagliano and Cooper both managed the server for a time, with Pagliano having more responsibilities for it. After a few years, PRN was hired to take over and Pagliano helped with the transition. As for when Cooper “would pull the plug,” the record shows only that he rebooted the server twice, on the same day. That day was approximately 22 months after Pagilano was first brought in.

      • Don Monfort
        Posted Oct 18, 2017 at 1:10 AM | Permalink

        Brandoon likes you, Mike. Most people who did something similar he would call ignorant and disingenuous.

        • MikeN
          Posted Oct 18, 2017 at 2:11 PM | Permalink

          Pagliano was hired as a Schedule C appointee, very unusual for his position. Perhaps this was just to pay him a higher salary, but I interpreted it as he might not be very qualified. I also saw reports of Remote Desktop running and no VPN. I would need evidence of Pagliano’s credentials in security. Wikipedia says Cooper has no security clearance or expertise in computer security, but is silent on Pagliano. Also, the threat detection software that caught 5 intrusions in 2013, was not running for at least three months that year.

          This article is a little unclear on the details(VPN would still have ports open) but highlights what the incompetence.
          https://apnews.com/467ff78858bf4dde8db21677deeff101/only-ap-clinton-server-ran-software-risked-hacking

  10. HAS
    Posted Oct 11, 2017 at 3:08 PM | Permalink

    Slightly o/t but a story about Israeli intelligence hacking Kapersky in 2014 and uncovered Russian Intelligence hacking https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html

    • Steve McIntyre
      Posted Oct 11, 2017 at 3:13 PM | Permalink

      New York Times is hardly reliable on anything to do with Russia. read Jeffrey Carr or moonofalabama for a different take on this incident, which might well be propaganda against Kaspersky. (Haven’t parsed issue myself)

  11. AntonyIndia
    Posted Oct 12, 2017 at 11:21 PM | Permalink

    176.31.112.10 was already used in July 2014 in the Farnborough Airshow hack: page 13 of this PPT: https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf

    Those Russians keep reusing the same IP address since over 3 years: lack of funds?
    The Americans keep ignoring that IP address till after every attack: too much funds?

  12. Jaap Titulaer
    Posted Oct 13, 2017 at 1:00 PM | Permalink

    I can now confirm that the DNC version of X-Tunnel still had the defunct C&C IP address in the binary.

    See Invincea/Sophos – Tunnel of Gov: DNC Hack and the Russian XTunnel (2016-07-28) which leads to this detail page. This reports details for one of two X-Tunnel binaries reported by CS.

    There we see that this file had lot’s of strings, most of these are from the OpenSSL library (OpenSSL 1.0.1e 11 Feb 2013) which was statically linked into the binary.
    Here is a part of the list of strings:

    … 45.32.129.185, 130.255.184.196, iostream stream error, iostream, error in select, errno %d, How are you?, Cache-Control: max-age=0, Accept-Encoding: gzip,deflate,sdch, 176.31.112.10, RoInitialize …

    So the outdated C&C (176.31.112.10) is still there. CS reported that other IPs were used, one of which we see at the start of the snippet (45.32.129.185).
    We already know that the outdated C&C was hosted by a company called CrookServers.
    That company accepts or accepted bitcoins which is what all kinds of nefarious operators like.
    But of course they are just one of many.

    Who Is IP for 45.32.129.185 gives us the following
    United States AS20473 Choopa, LLC
    RegDate: 2015-02-17
    Note that Choopa also accepts bitcoin.

    (to be continued)

    • Jaap Titulaer
      Posted Oct 13, 2017 at 1:00 PM | Permalink

      Also ESET reports the changes to X-Tunnel during 2015 (on page 75 of the full report on Sednit/APT28 ):

      HTTP Persistent Connection (June 2015)
      In June 2015, a novel way to connect to the C&C server was introduced: an HTTP persistent
      connection [94].

      This request comes with the HTTP header Connection: keep-alive to enable the persistent connection.
      Another HTTP request header hardcoded in Xtunnel is Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4, which interestingly contains
      the language code ru-RU. This header may have been copied from a request made from a computer whose default language is Russian.

      Neither of these strings can be found in the DNC sample (a search for “keep-alive”, “Accept-Language” or “ru-RU” fails).
      And another change was

      Code Obfuscation (July 2015)
      In July 2015, Xtunnel binaries changed drastically from a syntactic point of view, due to the introduction
      of code obfuscation. This obfuscation was applied only to Xtunnel-specific code, while statically
      linked libraries were left untouched. The method employed is a mix of classic obfuscation techniques,
      like insertion of junk code and opaque predicates [95].
      Consequently, Xtunnel binaries are now about 2 MB in size, while the previous non-obfuscated versions
      were about 1 MB with most of that being the statically linked OpenSSL library. The obfuscated version
      is, of course, much harder to understand and, to illustrate that, the following Figures show the control
      flow graph (CFG) [96] of a small Xtunnel function, before and after obfuscation.

      The binary which according to CS was found at the DNC has a file size of about 1.8Mb according to VirusTotal, but just 1 Mb according to Invincea (see Invincea details page). So which of these it it?

      According to Security Week XTunnel Malware Specifically Built for DNC Hack: Report (2016-07-29) :

      The XTunnel malware that was used by Russian APT threat actor Fancy Bear to penetrate the Democrat National Committee (DNC) network was specifically designed to work against this target, Invincea researchers say.

      The researchers discovered that the Fancy Bear threat actor used the XTunnel malware for compromise purposes. After taking a closer look at the malware, Invincea discovered that the malware didn’t cluster with other known threats and says that it was likely a “purpose-built original piece of code” meant to target the DNC network specifically.

      Another interesting aspect of XTunnel is that its code isn’t obfuscated, as most modern malware employs this technique to make analysis challenging.

      Of course the above dates for the changes are approximate, but both are shortly after the Bundestag hack, after which the C&C server 176.31.112.10 was closed down.
      So based on these three pointers we have the following actual compile date for this binary:

      Presence of outdated IP “176.31.112.10” … before June 2015
      Absence of HTTP Persistent Connection ….. before June 2015
      Uncertain: Absence? of Code Obfuscation … before July 2015

      In case the code obfuscation was present then perhaps that was included before the HTTP persistent connection in which case the binary can still date from late May 2015 or early June 2015, as concluded earlier.

      • Jaap Titulaer
        Posted Oct 13, 2017 at 1:48 PM | Permalink

        Normally these binaries are all rather fresh. That makes sense because re-use of binaries eases detection, and APT28 is constantly tweaking it’s arsenal, certainly the newer tools like X-Tunnel.
        Below the dates & times reported for these tools when deployed together, in the only report that I could find that details an attack where they were used together.

        BitDefender – APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information

        Note that the identification between malware names and the file names in the table below is made based upon the details supplied in the appendices. These identifications are made by me and inserted as comments into the block quote after, comments indicated by “– [ xxx ]”.

        The table below shows the compilation date and the file creation time for each of the files involved in the attack.
        File Name Compilation Date Creation Time

        %allusersappdata%\svehost.exe 22/04/2015 11:49:54 14/04/2008 16:00 — [X-Tunnel – XAPS]

        %localappdata%\Microsoft Help\advstorshell.dll 30/04/2015 13:13:13 14/04/2008 16:00 — [Sedreco – EVILTOSS – ADVSTORESHELL]

        %allusersappdata%\Pr.dll 13/05/2015 22:05:57 14/04/2008 16:00 — [X-Agent – CHOPSTICK]

        Table 1
        The latest creation date is 13/05/2015, which hints at the date the attack happened. Given that it took almost an hour from the moment the first downloader got written to the disk to the arrival of the second stage downloader, this process was likely carried out manually by a human operator. An important observation is that all of the components, except one, had been compiled before the attack. “%allusersappdata%\Pr.dll” is the only file that was compiled 5 hours after the compromise. This suggests this file was specifically built for the target.

        This is relevant because CS said that the intrusion dates from April 2016 and Security Week (mentioned above) said that the binary for X-Tunnel was specifically built for the DNC hack.
        The compilation dates given on VirusTotal for these binaries are:
        For SHA256 Hash 4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 it is: 2016-04-25 10:58:38
        For SHA256 Hash 40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f it is: 2016-05-05 09:20:08

        Both are in 2016, yet the contents of these binaries dates from 2015, not 2016, as explained in previous posts!

        The compilation time is stored in the PE header; although not so common, those dates can be manipulated by editing the binary by using a tool like PE Explorer.

        Perhaps these are in fact recycled binaries, with a slight change to the PE header?
        If so, who did that?
        Note that such a change also happens to change the SHA hash computed for the binary, which is required otherwise the re-use would be obvious.

        Also this would seem to rule out option 3a given above.
        That leaves options 1, 2b and 3b; in all cases that means that somebody is faking it and it wasn’t ‘The Russians’.

        • mpainter
          Posted Oct 13, 2017 at 2:05 PM | Permalink

          Jaap, I submit another possibility:

          2b. Misdirection by another group (not APT28), like say a state or non-state entity who likes to make people mad at Russia or to drive a wedge between them and the US.

          PLUS… CrowdStrike was not deceived, but it was in their interest to propagate the “Fancy Bear” label.

          Admittedly this attributes motives to CrowdStrike. This attribution based on the assumption that CrowdStrike had professional competence and were not “sloppy” amateurs.

        • Jaap Titulaer
          Posted Oct 13, 2017 at 2:29 PM | Permalink

          mpainter: Yeah that would work. A variant of 2b.
          Or they were deceived at first, but then a techie found some ‘inconvenient truths’…
          Just imagine the panicked meetings between CS and the DNC, LOL!

        • Steve McIntyre
          Posted Oct 14, 2017 at 1:55 PM | Permalink

          That leaves options 1, 2b and 3b; in all cases that means that somebody is faking it and it wasn’t ‘The Russians’.

          yes. There’s something very weird about it all. I’m trying to write it all up, but finding it very difficult to finish everything.

          Another point on which I’d welcome your thoughts.

          Microsoft has excellent analysis of APT28 (who they call Strontium) and, among the characteristics that they ascribe to APT28 are: that they move on quickly from blown infrastructure; that their exfiltration is extremely covert, trying as much as possible to blend with common processes. The use of X-Tunnel for DNC Hack is exactly opposite: it was about as thoroughly blown as imaginable from the DNC hack. Also, Guarnieri pointed out in connection with the Bundestag hack, that it was noisy – it didn’t blend into background.

          In the numerous APT28 surveys prior to Bundestag hack, X-Tunnel wasn’t ever mentioned as part of APT28 repertoire (to my knowledge from my research.) It gets mentioned in subsequent surveys, but I wonder whether there are really two separate APTs at work.

        • Jaap Titulaer
          Posted Oct 14, 2017 at 4:25 PM | Permalink

          Talking about noisy, I found another funny thing.
          By the way XTunnel isn’t used that much, but has been used before by APT28, see also above.

          But first a bit of an intro.
          I’m drafting a list of all reported X-Tunnel variants (for which there are details published at sites like VirusTotal), to show the time when the last occurrence was of the use of that IP address (176.31.112.10).
          As expected the last occurrence of that APT28 C&C IP was in April 2015 (2015-04-22 08:49:54), before that C&C server was blocked permanently in May 2015, probably because of the complaint by the Germans after the Bundestag hack.
          Next binary has compilation date 2015-06-25 05:15:54 and uses a different IP address (obviously), so do all others after that date.
          Well all others except the DNC samples (…).

          For a few we also have samples listed at cynomix.invincea.com, which means that we can see the list of strings.
          I was looking for some string that could indicate the use of the HTTP persistent change (mentioned above), not proof just indication.
          Well I have finally found them in the DNC binaries, language settings which could be part of a HTTP header, it is just rather unlikely that they could be used to blend in & hide the communications as innocent HTTP chatter…
          They are (… hold it …):

          “az-AZ-Latn, uz-UZ-Latn, az-az-latn, uz-uz-latn,”

          LMAO, that means that the supported options are: Uzbeck (Uzbekistan) & Azeri (Azerbaijan).

          Way to go if you want to blend in when sending from Washington DC!
          Or perhaps they communicate a lot with Uzbekistan & Azerbaijan from DNC headquarters?

          😉

        • Steve McIntyre
          Posted Oct 14, 2017 at 7:23 PM | Permalink

          I’ll start a thread on the topic so that we can find these points more easily.

        • Steve McIntyre
          Posted Oct 14, 2017 at 7:50 PM | Permalink

          can you include some urls to document the interesting steps described here?

        • Steve McIntyre
          Posted Oct 15, 2017 at 1:14 PM | Permalink

          Next binary has compilation date 2015-06-25 05:15:54 and uses a different IP address (obviously), so do all others after that date.
          Well all others except the DNC samples (…

          where did you locate this?

        • Jaap Titulaer
          Posted Oct 14, 2017 at 4:56 PM | Permalink

          So we are looking for another X-Tunnel binary that was used in an actual APT28 hack, but not too late after May 2015 because the old C&C IP is still there.
          And it must be a 64-bit binary (I have found none so far), not a 32-bit binary as usual.

          From the contents of the DNC samples I assume we have to look for hacks in or near either Azerbaijan or Uzbekistan.
          Of course it could be a misdirection once again … but let’s assume for now that it isn’t.

          FireEye reports one that could fit (but then APT28 has been quite active in the Caucassus and other ex-USSR states to the South).
          See APT28: AT THE CENTER OF THE STORM, page 4.

          Kyrgyzstan Ministry of Foreign Affairs – OCTOBER 2014 THROUGH SEPTEMBER 2015

          AFAIK no samples of that one have been reported (and we can’t be sure that this is the correct one).

          Re-use of such a binary would fit options and 1, 2b and 3b.
          I do not see why a small state somewhere to the south of Russia would want to hack the DNC, so it wasn’t one of those victims.
          But it can be done by anyone who manages to get a copy of a binary used in an actual hack, it does not need to be any local group.

          As a reminder, those options are:
          1. Re-use of an X-Tunnel binary by another group (not APT28)
          2b. Misdirection by another group (not APT28), like say a state or non-state entity who likes to make people mad at Russia or to drive a wedge between them and the US.
          3b. CS lied. There was no hack by APT28 at all, instead they (CS) deployed this binary to make it look like it was.

          All options imply re-use of a binary, just slightly changed with a binary editor and PE editor, none of which requires access to the actual source code.
          And again in all cases that means that it wasn’t ‘The Russians’.
          And if option 3b is true, than there wasn’t even a hack by APT28 / Fancy Bear.

        • Steve McIntyre
          Posted Oct 14, 2017 at 5:08 PM | Permalink

          The obvious candidate is the Bundestag X-Tunnel version 5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d

          It is just over 1 MB in size (pre-obfuscation size) and contains text inclusions identical to DNC hack X-Tunnel, especially hard-coded C2 address 176.31.112[.]10.

          The introduction of an obfuscated version of X-Tunnel in July 2015 seems important for fingerprinting (I’ve been trying to parse this as well and very much appreciate the discussion.)

          One would presume that an authentic APT28 use in March-April 2016 would continue the most recent obfuscated version, rather than reverting to the blown June 2015 Bundestag version.

          But it would be easy enough for Crowdstrike to plant at the scene of the crime – like a police officer planting a gun to help a conviction along. Then Crowdstrike allows six weeks of operation of the system, conceals system logs from FBI etc.

        • Jaap Titulaer
          Posted Oct 14, 2017 at 5:51 PM | Permalink

          That won’t work I’m afraid, because the Bundestag one is a 32-bit binary, the DNC samples are 64-bit.
          We really need one which is 64-bit (you can check the cynomix pages for details and you will see).

          {ESET, MicroSoft – Bundestag 2015 – XTunnel}
          SHA1: 0450aaf8ed309ca6baf303837701b5b23aac6f05
          SHA256: 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
          Imphash: 98450bad338b909d70eec8c9da5384aa
          PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
          Compilation Timestamp: 2014-04-14 13:13:59
          hosts:”176.31.112.10:443″
          https:// cynomix.invincea.com/sample/0450aaf8ed309ca6baf303837701b5b23aac6f05
          part of strings:”176.31.112.10, error in select, errno %d, is you live?,”

          … one more, IP unknown, but also 32-bit

          {ESET – XTunnel}
          SHA-1: cdeea936331fcdd8158c876e9d23539f8976c305
          SHA-256 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
          Imphash 69ca97fb5d686988321bac50363255f0
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-04-22 08:49:54
          hosts:”176.31.112.10:443″
          https:// cynomix.invincea.com/sample/cdeea936331fcdd8158c876e9d23539f8976c305
          part of strings:” 176.31.112.10, error in select, errno %d, is you live?, Xtunnel.exe ” (at the end, not beginning)

          that is the last one with C&C IP 176.31.112.10
          then several more, like this one:

          {ESET – XTunnel}
          SHA1: 42dee38929a93dfd45c39045708c57da15d7586c
          SHA-256 a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d
          Imphash c9308860889a00e0be622217cda3b803
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-06-25 05:15:54
          TCP Communication 95.215.46.27:443
          (sample not available at invincea, so no strings information)

          all with other IP addresses (none 176.31.112.10), and all reported samples are also 32-bit
          and then:

          {CrowdStrike – DNC 2016 – XTunnel}
          SHA-1: f09780ba9eb7f7426f93126bc198292f5106424b
          SHA256: 4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976
          Imphash: 5b6222ff6b0354200f1a2d5ee56097b6
          Magic: PE32+ executable for MS Windows (GUI) Mono/.Net assembly
          Target Machine x64
          Compilation Timestamp 2016-04-25 10:58:38
          strings: 45.32.129.185, 130.255.184.196, 176.31.112.10
          active IP (acc. CS): 45.32.129.185
          https://cynomix.invincea.com/sample/f09780ba9eb7f7426f93126bc198292f5106424b
          also has strings: “az-AZ-Latn, uz-UZ-Latn, az-az-latn, uz-uz-latn,” Uzbeck / Azerbaijan

          {CrowdStrike – DNC 2016 – XTunnel}
          SHA1: 74c190cd0c42304720c686d50f8184ac3faddbe9
          SHA256: 40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f
          Imphash: 5b6222ff6b0354200f1a2d5ee56097b6
          Magic: PE32+ executable for MS Windows (GUI) Mono/.Net assembly
          Target Machine x64
          Compilation Timestamp 2016-05-05 09:20:08
          strings: 23.227.196.217, 130.255.184.196, 176.31.112.10
          active IP (acc. CS): 23.227.196.217
          https:// cynomix.invincea.com/sample/74c190cd0c42304720c686d50f8184ac3faddbe9
          also has strings: “az-AZ-Latn, uz-UZ-Latn, az-az-latn, uz-uz-latn,” Uzbeck / Azerbaijan

          Thereafter several more samples, none who have 176.31.112.10, and again all are 32-bit executables (or DLLs).

        • Steve McIntyre
          Posted Oct 15, 2017 at 12:21 PM | Permalink

          566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092 was reported by Alien Vault on May 11, 2015 https://otx.alienvault.com/indicator/file/566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092/
          perhaps related to root9B malware which mentioned IP address 176…

        • Don Monfort
          Posted Oct 15, 2017 at 12:01 AM | Permalink

          “But it would be easy enough for Crowdstrike to plant at the scene of the crime – like a police officer planting a gun to help a conviction along. Then Crowdstrike allows six weeks of operation of the system, conceals system logs from FBI etc.”

          Not sure this is technically feasible or likely, but since the NSA and FBI were aware of and obviously interested in the attacks on the DNC in real time, couldn’t the NSA monitoring detect any such Crowdstrike shenanigans? What would motivate Crowdstrike to take the risk? Just asking.

        • Jaap Titulaer
          Posted Oct 15, 2017 at 8:06 AM | Permalink

          Not sure this is technically feasible or likely, but since the NSA and FBI were aware of and obviously interested in the attacks on the DNC in real time, couldn’t the NSA monitoring detect any such Crowdstrike shenanigans? What would motivate Crowdstrike to take the risk? Just asking.

          Well this is just one of the options of course. But still a serious option (as there is more, will come back to that later).

          But how they could do it is easy. NSA monitors communications and external network traffic, it can’t monitor what goes on inside the DNC (unless they hacked the DNC, which is not allowed; and even then it is unlikely that they could notice).
          So yeah anyone can install anything without the NSA knowing.

          A bigger issue would be to fake traffic to & from the alleged C&C IP addresses. You will have emulate that in case you want to fool the NSA.

          What helps is that the traffic via X-Tunnel is encrypted via SSL. So you can only see the traffic, but you can’t read it.
          Even when you break SSL security you then have to break the security of the packets, which will be zipped & password protected and or zipped and encrypted.
          The whole point of using SSL is that the hackers want to be able to send encrypted data, which when send across normal HTTP looks very suspicious. When you communicate using HTTPS (HTTP using SSL) the traffic is always encrypted, so no alarms need to go off.
          SSL is already encrypted, but I doubt that the hackers would just trust the SSL encryption, so double encryption is more likely.

          Of course this also means that you can fake the traffic by sending encrypted data using SSL. In case you are afraid that the NSA will be able to decrypt all of that (in real time) then you may also decide to send some actual files.
          You can re-use a SSL certificate from an earlier intrusion; indeed in this case it seems that the same SSL certificate was used as was already used in the 2014/2015 hack of the Bundestag.

        • AntonyIndia
          Posted Oct 15, 2017 at 8:28 AM | Permalink

          As the DNC didn’t allow the FBI on their servers (privacy concerns/ hiding other info/ ?) that hack story and any pointing fingers from it should be discarded as potentially biased.
          Unless laws have changed and it is now allowed to accuse others based on concealed evidence by a private party.

        • Posted Oct 15, 2017 at 9:44 AM | Permalink

          Antony: “Unless laws have changed and it is now allowed to accuse others based on concealed evidence by a private party.”

          There are criminal law questions that I have not seen answered. For example, I know that the victim does not have a legal right to stop a criminal investigation. I would think once a crime is reported the police (FBI in this case) could gain a search warrant for the DNC computer server. There may be special laws to protect such a seizure just as there apparently is laws preventing the seizure of congressional communications.

          The USA congress president or congress can slap sanctions on foreign governments without due process, and in this case did. The question is if it is then legal to use the same private evidence to convict Trump of being part of that conspiracy. If the Steele memo regarding Carter Page’s alleged meeting to hire Romanian hackers came out at the time of the DNC hack I would think it would be highly suspicious if the DNC did not cooperate to prove their claim of being hacked. We are also relying on the Clinton campaign for the timing of their knowledge of the Steele memo information.

          Jaap, it seems like you are only seeing conflicts in Apt28. The FBI notice to the DNC had to be regarding Apt29 since Apt28 was alleged by CS to only have arrived in April.

          If Russia was behind everything, Apt29, Podesta, Apt28, DCleaks, G2 and leaking to WL, the G2 aspect behavior and documents can only point to a muddying of the water by making false false flags, the Russians dressing themselves up in Russian clown makeup. This would also fit with an MO of leaving false false flags in Apt28. All the easy explanations are eliminated.

        • Don Monfort
          Posted Oct 15, 2017 at 1:57 PM | Permalink

          Jaap, I believe you are underestimating the NSA’s cryptanalytic capabilities and their ability to peek into things. Also, the intelligence gathering crews of the DIA, CIA, FBI, XYZ etc. etc. work closely with the NSA. Signal intelligence and human intelligence. There are some very serious resources dedicated to tracking down and combating the hackers, especially the state actors. Here is the most informative and accurate account of what’s going on in the game that I have seen in public:

          http://foreignpolicy.com/2013/10/15/the-nsas-new-code-breakers/

          All of the above was in play as the NSA et al. monitored the hacking of the DNC systems. Trump’s people are in charge of the agencies in possession of all the information gathered. That information and the rationale for the “Russia done it” assessment have been explained to Trump, by his own appointees. He has discussed what he has learned with trusted advisers, other than the agency people. He has been persuaded that it was probably the Russians. I believe it is highly unlikely that anybody with access only to publicly available information can disprove or seriously dent the credibility of that conclusion. I would be happy to be proven wrong.

        • Jaap Titulaer
          Posted Oct 16, 2017 at 6:01 AM | Permalink

          Steve

          Next binary has compilation date 2015-06-25 05:15:54 and uses a different IP address (obviously), so do all others after that date.
          Well all others except the DNC samples (…

          where did you locate this?

          As I said I have been compiling a list of all reported hashes for X-Tunnel (taken from samples submitted by various security companies). That list will not be complete, it is just the set of those that have been published about. Then I collected details via Google’s VirusTotal and other sites (Invincea is handy because it is the only one that shows more details on readable strings).

          Then I sorted the samples based on the Compilation Timestamp.
          This shows that he last sample that uses the same C&C IP 176.31.112.10 which was also used in the Bundestag attack is 2015-04-22 08:49:54.
          The next sample has timestamp: 2015-06-25 05:15:54 and uses 95.215.46.27:443.
          All other samples reported with later compilation dates also use different IPs.
          Then come the two samples from the DNC, which still contain that C&C IP 176.31.112.10 (almost a year after the server had been disabled…).
          There after two more recent samples, neither of which references that old C&C IP.
          See below for the full list.

          The majority where reported by ESET in their reports (https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-full.pdf). ESET gives SHA1, first is same as Bundestag (reported also elsewhere).
          I could not find details for 3 hashes reported by Microsoft in their security bulletin 19 (on STRONTIUM, their name for APT28; Microsoft_Security_Intelligence_Report_Volume_19_A_Profile_Of_A_Persistent_Adversary_English.pdf).
          FireEye / Mandiant has not reported any on X-Tunnel (and they do not report X-Tunnel as part of APT28’s reportoire)
          Two are reported by CrowdStrike (DNC).
          A few recent ones are reported by Sophos.

          A note on the hashes: some use SHA1 other SHA256 as primary hash, but many reports and sites report both. Either can be used to uniquely identify the sample.
          The Imphash is a hash taken not over the entire binary but just over the Import section of the PE, this lists all external DLL used and also all function calls inside those DLLs in the order that they are called in the program . This helps in determining that two binary’s in fact contain the same code calling sequence, which indicates that they may contain the exact same code; this helps to match files even when the data section or compilation times differ (as any small difference there will also lead to a completely different file hash).

          Below the full list, sorted by compilation date & time as reported by the binary.
          Most of the details come from VirusTotal; most of those details have been automatically generated based upon the sample, some extra information was reported by (security companies) commmunity.
          I added a space to the Invincea URLs to prevent WordPress from blocking this post due to too many URLs.

          I added a note on Farnborough 2014 (cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf by RSA), because it mentions the C&C IP 176.31.112.10, yet does not say that X-Tunnel was used (I get the distinct impression that it wasn’t or if it was, it wasn’t detected). This is just to show how it fits in the timeline.

          Some of the hashes from MS not reported in VirusTotal, I list these first, but of course we have no compilation timestamps for them.
          { MicroSoft – XTunnel }
          64515c7ce8bcc656d54182675bd2d9ffceffe845
          { MicroSoft – XTunnel }
          3ec270193815fa2bd853ea251d93fdfffcbc40d6
          { MicroSoft – XTunnel }
          e5039bb420f9a3a23aaa9ee7392bd05dfee42540

          {ESET – XTunnel}
          SHA-1: db731119fca496064f8045061033a5976301770d
          SHA-256 60ee6fdca66444bdc2e4b00dc67a1b0fdee5a3cd9979815e0aab9ce6435262c6
          Imphash dea202f69c80c247fa9c7572ee57b275
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2013-03-29 06:44:45

          {ESET – XTunnel}
          SHA-1: e945de27ebfd1baf8e8d2a81f4fb0d4523d85d6a
          SHA-256 d2e947a39714478983764b270985d2529ff682ffec9ebac792158353caf90ed3
          Imphash e7c1c256e363c0d98a685c8ffc7b2851
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2013-04-29 05:20:03

          {ESET – XTunnel}
          SHA1: 067913b28840e926bf3b4bfac95291c9114d3787
          SHA-256 d2a6064429754571682f475b6b67f36526f1573d846182aab3516c2637fa1e81
          Imphash: 4f23b2d5fef256e4b009840a703caa10
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2013-05-07 10:31:08

          {ESET – XTunnel}
          SHA-1: 982d9241147aaacf795174a9dab0e645cf56b922
          SHA-256 c9ef265fc0a174f3033ff21b8f0274224eb7154dca97f15cba598952be2fbace
          Imphash c5e424f906a62f2082c9e653d8c2a7f9
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2013-08-23 03:38:08

          {ESET – XTunnel}
          SHA-1: 8f4f0edd5fb3737914180ff28ed0e9cca25bf4cc
          SHA-256 1289ee3d29967f491542c0bdeff6974aad6b37932e91ff9c746fb220d5edb407
          Imphash c5e424f906a62f2082c9e653d8c2a7f9
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2013-08-27 08:22:07

          {RSA – Farnborough Air Show 2014 – X-Agent/CHOPSTICK, Sedreco/EVILTOSS, CORESHELL }
          { does NOT mention XTunnel
          Network:
          microsofthelpcenter.info 87.236.215.13 HTTP/HTTPS Main C2
          driversupdate.info 46.19.138.66 HTTPS C2
          1oo7.net 5.199.171.58 HTTPS C2
          66.172.12.133 66.172.12.133 Coreshell C2
          45.64.105.23 45.64.105.23 Coreshell C2
          176.31.112.10 176.31.112.10 HTTPS C2 <<<<<<<<<<<<
          176.31.96.178 176.31.96.178 HTTPS C2
          }

          {ESET, MicroSoft – Bundestag 2015 – XTunnel}
          SHA1: 0450aaf8ed309ca6baf303837701b5b23aac6f05
          SHA256: 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
          Imphash: 98450bad338b909d70eec8c9da5384aa
          PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
          Compilation Timestamp: 2014-04-14 13:13:59
          hosts:"176.31.112.10:443″
          Debug Artifacts E:\PROJECT\XAPS_OBJECTIVE_DLL\Release\XAPS_OBJECTIVE.pdb << a debug version in the Release folder …
          https:// cynomix.invincea.com/sample/0450aaf8ed309ca6baf303837701b5b23aac6f05
          part of strings:"176.31.112.10, error in select, errno %d, is you live?,”

          {ESET, Microsft – XTunnel}
          SHA1: 1535d85bee8a9adb52e8179af20983fb0558ccb3
          SHA-256 8c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949
          Imphash 494c3573906251f108d7bb82c7312381
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-02-20 09:52:27
          Debug Artifacts C:\Users\User\Desktop\xaps_through_squid_default_proxy\Release\XAPS_OBJECTIVE.pdb

          {ESET – XTunnel}
          SHA-1: cdeea936331fcdd8158c876e9d23539f8976c305
          SHA-256 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
          Imphash 69ca97fb5d686988321bac50363255f0
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-04-22 08:49:54
          hosts:”176.31.112.10:443″
          https:// cynomix.invincea.com/sample/cdeea936331fcdd8158c876e9d23539f8976c305
          part of strings:” 176.31.112.10, error in select, errno %d, is you live?, Xtunnel.exe ” (at the end, not beginning)

          {ESET – XTunnel}
          SHA1: 42dee38929a93dfd45c39045708c57da15d7586c
          SHA-256 a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d
          Imphash c9308860889a00e0be622217cda3b803
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-06-25 05:15:54
          TCP Communication 95.215.46.27:443

          {ESET – XTunnel}
          SHA-1: c91b192f4cd47ba0c8e49be438d035790ff85e70
          SHA-256 1c8869abf756e77e1b6d7d0ad5ca8f1cdce1a111315c3703e212fb3db174a6d5
          Imphash a1fd475bfa2976cb5ea27a08b5399f6a
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-07-02 09:27:27
          TCP Communication 81.17.30.29:443

          {ESET – XTunnel}
          SHA-1: c637e01f50f5fbd2160b191f6371c5de2ac56de4
          SHA-256 c6a9db52a3855d980a7f383dbe2fb70300a12b7a3a4f0a995e2ebdef769eaaca
          Imphash 05c85741159b622ac9f05e445fe0af56
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-07-02 09:42:44
          TCP Communication 81.17.30.29:443

          {ESET – XTunnel}
          SHA-1: de3946b83411489797232560db838a802370ea71
          SHA-256 4dd8ab2471337a56b431433b7e8db2a659dc5d9dc5481b4209c4cddd07d6dc2b
          Imphash 05c85741159b622ac9f05e445fe0af56
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-08-13 12:30:45
          TCP Communication 131.72.136.165:443

          {ESET – XTunnel}
          SHA-1: 99b454262dc26b081600e844371982a49d334e5e
          SHA-256 a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3
          Imphash 0e722c4bc27f14c19844e2d34d9c6752
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-11-02 08:45:54
          TCP: ?

          {CrowdStrike – DNC – XTunnel}
          SHA-1: f09780ba9eb7f7426f93126bc198292f5106424b
          SHA256: 4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976
          Imphash: 5b6222ff6b0354200f1a2d5ee56097b6
          Magic: PE32+ executable for MS Windows (GUI) Mono/.Net assembly
          Target Machine x64
          Compilation Timestamp 2016-04-25 10:58:38
          strings: 45.32.129.185, 130.255.184.196, 176.31.112.10
          active(?): 45.32.129.185
          https:// cynomix.invincea.com/sample/f09780ba9eb7f7426f93126bc198292f5106424b
          also has strings: “az-AZ-Latn, uz-UZ-Latn, az-az-latn, uz-uz-latn,” Uzbeck / Azerbaijan

          {CrowdStrike – DNC – XTunnel}
          SHA1: 74c190cd0c42304720c686d50f8184ac3faddbe9
          SHA256: 40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f
          Imphash: 5b6222ff6b0354200f1a2d5ee56097b6
          Magic: PE32+ executable for MS Windows (GUI) Mono/.Net assembly
          Target Machine x64
          Compilation Timestamp 2016-05-05 09:20:08
          strings: 23.227.196.217, 130.255.184.196, 176.31.112.10
          active(?): 23.227.196.217
          https:// cynomix.invincea.com/sample/74c190cd0c42304720c686d50f8184ac3faddbe9
          also has strings: “az-AZ-Latn, uz-UZ-Latn, az-az-latn, uz-uz-latn,” Uzbeck / Azerbaijan

          {Sophos – XTunnel}
          SHA-1: 17d808f3db5daf4776e819cc9fa4dc0d6b78156b
          SHA-256 86356fa5be88673bcf6f75e9d80d5bfd1a4e8aa621c3565442997e7af3dbded6
          Imphash: e8955e221b471a3ec41a2be2d4dc730c
          PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2016-10-18 23:21:30
          hosts:”109.236.93.138:443″

          {Sophos – XTunnel}
          SHA-1: 97020924373f42800f03f441ef03a99893fb5def
          SHA-256: 97020924373f42800f03f441ef03a99893fb5def
          Imphash: 7424d37b785eb66c000f321f2ac9765b
          PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2016-12-07 23:56:57
          hosts:”185.61.148.54:443″

        • Steve McIntyre
          Posted Oct 18, 2017 at 5:13 PM | Permalink

          Jaap, another question/comment re 185.61.148.54:

          Crowdstrike https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ reported IP address 185.61.148.54 associated with X-Agent (SHA256-fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5). However, no such phrase listed in corresponding Invincea listing: https://cynomix.invincea.com/sample/0b3852ae641df8ada629e245747062f889b26659 .

          In your summary, you show 185.61.148.54 associated with Sophos X-Tunnel SHA1- 97020924373f42800f03f441ef03a99893fb5def (SHA256 – 53262019782e1ede6c8b3a4cdfdfffed1fc9abb99a0a39ff193c585450fac044 incorrect in your list) – association confirmed by https://www.hybrid-analysis.com/sample/53262019782e1ede6c8b3a4cdfdfffed1fc9abb99a0a39ff193c585450fac044?environmentId=100.

          Nor does 185.61.148.54 turn up in the Invincea listings for the two X-Tunnel versions in the DNC hack?

          Wonder where it came from in the Crowdstrike report?

        • Jaap Titulaer
          Posted Oct 16, 2017 at 9:36 AM | Permalink

          Correction to the above (as to which variants where found at the Bundestag in 2015):

          According to Netzpolitik the X-Tunnel variant at the Bundestag was the one with SHA256 hash 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a, which has compile time 2015-04-22 10:49:54.
          So it is then not (or also?) the earlier one referenced elsewhere with SHA256 hash 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092 compiled 2014-04-14 13:13:59.
          Unfortunately Invincea gives for both of these the tags: “bundestag, apt28, apt, malware, upload”, and both are possible because the hack probably started in 2014 (quite a while before it was detected).
          On the other hand these attacks tend to use the most recent build & updates do take place during infection.

          So either both were found at the Bundestag or just the last one. It doesn’t matter much because both used 176.31.112.10 which was hard-coded into both these variants.

        • Posted Oct 16, 2017 at 10:42 AM | Permalink

          There seem to be two anomalies: 1) reusing the C&C IP address 2) Compiled in 64-bit rather than 32.

          How anomalous are they? Would it be possible to check how frequently IPs had been reused in the past and how often 64-bit had been used? Or is actual data too limited?

          Do any APT28 IP addresses appear in XTunnel variants that aren’t attributed to APT28? How common are XTunnel 64-bit binaries not attributed to APT28? If 64-bit is really uncommon then finding out who uses it might point to other potential suspects.

        • AntonyIndia
          Posted Oct 17, 2017 at 1:42 AM | Permalink

          Jaap, I guess the Nigerian scammers should be included in your hash list above as “Root9b” came up with comparable data on May 10 2015.

        • Jaap Titulaer
          Posted Oct 20, 2017 at 8:40 AM | Permalink

          Steve,
          Sorry just saw this, I hadn’t gotten around to answer.

          Crowdstrike https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ reported IP address 185.61.148.54 associated with X-Agent (SHA256-fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5). However, no such phrase listed in corresponding Invincea listing: https://cynomix.invincea.com/sample/0b3852ae641df8ada629e245747062f889b26659 .

          In your summary, you show 185.61.148.54 associated with Sophos X-Tunnel SHA1- 97020924373f42800f03f441ef03a99893fb5def (SHA256 – 53262019782e1ede6c8b3a4cdfdfffed1fc9abb99a0a39ff193c585450fac044 incorrect in your list) – association confirmed by https://www.hybrid-analysis.com/sample/53262019782e1ede6c8b3a4cdfdfffed1fc9abb99a0a39ff193c585450fac044?environmentId=100.

          Nor does 185.61.148.54 turn up in the Invincea listings for the two X-Tunnel versions in the DNC hack?

          Wonder where it came from in the Crowdstrike report?

          CrowdStrike would have detected that because X-Agent used that IP address, you can see that with a network monitoring tool (or when malware is installed in a good sandbox).
          You can’t see any IP addresses by just looking at the binary of X-Agent, because X-Agent doesn’t store them as plain text. There is no need to store an IP address in plain text, you would store it as numbers or even encrypt it. Much better to hide it than to simply hardcode it as text. And we have seen before that C&C used by and X-Agent sample is also used by an X-Tunnel sample.

          Now this re-use of an IP address used in the DNC hack, hence very well known, several months after that hack is quite odd.

          This XTunnel sample (97020924373f42800f03f441ef03a99893fb5def) with compile time 2016-12-07 23:56:57 was reported to VirusTotal on 2016-12-11 20:57:38 UTC. File size 1.0 MB (1068032 bytes). Sample was loaded but ‘not shared’ on Payload Security, and it is unclear who reported it (perhaps Sophos).

          The strange thing about this one (and at least one other on VT, from October 2016, also reported by Sophos on their site) is that these postdate the DNC hack, yet seem to use the old XTunnel source, not the newer one. You can tell by the size (around 1 MB, most of that is the OpenSSL library) and the use of merely one (1) IP address.
          The two XTunnel binaries from the DNC have 3 IP addresses (1 used, 1 probably backup and the 3rd ‘176.31.112.10’).

          So we have an old source code style X-Tunnel sample postdating the DNC (new source code style) ones, and this old style one reuses the IP address (185.61.148.54) that was used by the X-Agent sample found at the DNC several months earlier…

          That seems rather odd to me.
          1) Why re-use a burned C&C IP? Burned by use in DNC hack no less.
          2) Why switch back to old source code base?
          3) So is this a live one, one really found in the wild, or is this a test sample? IDK

          As to 1: That IP would be blocked or server would have been removed after DNC hack. And if for some reason neither DNC, nor CS, nor FBI (etc) did complain to hosting provider, then the hackers may expect it to be monitored by FBI or NSA…
          Or could this be an example of brazen re-use perhaps after re-infection? In that case the server was complained against and taken offline. After a while the IP is re-issued to another and some hackers (APT28?) broke right back in to start using it (again)… I guess it is possible, but …

          As to 2: Going back to old source is odd, in case they were afraid of detection then fixing the new source works fine.
          Just remove the visible artifacts and I’m sure the new code is better than the old one. The code obfusciation prevents binary pattern match, so all you need to do is to strip strings (from OpenSSL) and hide a few of those obvious strings (and delete that ‘176.31.112.10’ nonsense) and you are invisible again.

          As to 3: Of course we could assume that APT28 switched back to old code base and for some reason decided to re-use a known C&C. But there are other options. One of them is that it was a test.
          The sites like VirusTotal are not just used to report actual samples, but also to test other samples. Either white hat or black hat. White hat use is for example simply to see if a simple variant is detected, and how well the competition handles it. Black hat tests are by hackers trying to see whether any of the scanners detect their newest creation as malware or not…

    • Posted Oct 13, 2017 at 1:39 PM | Permalink

      45.32.129.185 belongs to Vultr.com, a cloud based storage outfit.
      130.255.184.196 belongs to securefastserver.com, a hosting site.
      176.31.112.10 another hosting site, kimsufi.com.

      • Jaap Titulaer
        Posted Oct 13, 2017 at 1:43 PM | Permalink

        Yeah these C&C sites are either hijacked for this purposes (often not even noticed) or they are bought with BitCoins…

    • Steve McIntyre
      Posted Oct 14, 2017 at 1:23 PM | Permalink

      when 176.31.112.10 was identified as problematic in Guarnieri’s article on Bundestag https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/ , Crookservers promptly terminated service at 176.31.112.10, reporting the termination in a comment at Guarnieri’s article.

      • Posted Oct 15, 2017 at 10:01 AM | Permalink

        You say this as fact, based on nothing but a comment on a blog by someone claiming to be a representative of that site.

        • Steve McIntyre
          Posted Oct 15, 2017 at 10:20 AM | Permalink

          Fair enough. In such murky waters, it is best to be as precise as possible. A commennter at Gurnieri’s blog on June 20, 2015, who identified as Crookservers, stated that they had terminated service at 176.31.112.10. I might add that, as I recall, one of the computer security companies (I’ll look for URL) reported on June 24, 2015 that 176.31.112.10 was no longer active.

        • Jaap Titulaer
          Posted Oct 15, 2017 at 4:19 PM | Permalink

          A confirmation would be nice.

          We can also look it up, but WhoIs IP only gives the current use (or pay for a history on IP).
          But we can check Threatminer or Threatcrowd for free. That tells us enough IMHO.
          https://www.threatminer.org/host.php?q=176.31.112.10
          https://www.threatcrowd.org/ip.php?ip=176.31.112.10

          This tells us that IP address 176.31.112.10 was linked to 155-reverse.crookservers.net starting on (and ending on) 2015-04-20.
          IP number was last seen (associate with it) on 2015-04-20 00:00:00, the IP name (155-reverse.crookservers.net) was last seen 2015-06-05 07:31:43.
          So the story by CrookServers seems to check out: they took over the IP address on 2015-04-20, which also the last time it was seen active (after that no active IP was detected on that name, makes sense as they had shutdown that server).
          It can take quite a while for a blacklisted IP to get off that list.

          The IP address was taken back by the French ISP OVH SAS and has been re-issued to kimsufi.com, yet another hosting providor (for VM VSP or server ks393354.kimsufi.com) starting a few months later (October 2015).

          So unless you wan to claim that APT28 managed to take over the new server on that address sometime after October 2015 (we do not even know that & when a server was active on that address after that time) then the APT28 C&C server with IP 176.31.112.10 simply has been offline since 2015-04-20, exactly as that post by Crook Servers stated.

          Steve: I presume that you mean 2015-06-20.

        • Posted Oct 15, 2017 at 4:45 PM | Permalink

          Jaap Titulaer, I made that remark because I find it interesting how Steve McIntyre has repeated many things as fact based upon little evidence yet expresses great skepticism at official claims/reports. It wasn’t about whether or not the claim was correct – it was about the seemingly different degrees of skepticism.

          If I were going to discuss this “evidence” in a substantive manner, I would start by pointing out I’m not convinced that IP address was hard-coded in any program tied to the DNC attack. As far as I was able to tell, the source of that claim was a tweet posted by Thomas Rid. I can’t find any independent reference of anyone saying they found the IP address in the code, I haven’t found any reference to the IP address from CrowdStrike in reference to the attack, and I couldn’t find any mention of it within the government documents discussing Grizzly Steppe.

          Absent actual evidence this IP address was hard-coded into a program used (or at least claimed to have been used) in the DNC intrusion, I’m inclined to chalk this up to bad reporting where someone made a claim and it got repeated without being verified. It probably didn’t help Rid wrote an article promoting this claim with a link to his tweet as his proof. People reading his article might have assumed his link went to something which counts as evidence. Even so, I haven’t seen that many people report this so I’m not sure why the last post said:

          As I’ll discuss in a subsequent post, the C2 server 176.31.112[.]10 turns out to have a central role in establishing “Russian” responsibility for the DNC hack, a role which has thus far not been critically examined.

          This IP address hasn’t had “a central role in establishing” anything that I’ve seen in regard to the DNC hack. Until the last post mentioned it, I hadn’t even seen anyone cite it as evidence. I suspect this issue is being blown out of proportion.

        • Jaap Titulaer
          Posted Oct 16, 2017 at 6:57 AM | Permalink

          If I were going to discuss this “evidence” in a substantive manner, I would start by pointing out I’m not convinced that IP address was hard-coded in any program tied to the DNC attack. As far as I was able to tell, the source of that claim was a tweet posted by Thomas Rid. I can’t find any independent reference of anyone saying they found the IP address in the code,

          Sorry it is there. And I reported about it here, several times. I gave direct links to the evidence. See below.

          I haven’t found any reference to the IP address from CrowdStrike in reference to the attack,

          I have found one reference that claimed that CrowdStrike reported on it in it’s blog post, but I haven’t found any evidence to confirm that so far (I reviewed several older versions of that same blog post via the Way back Machine).

          and I couldn’t find any mention of it within the government documents discussing Grizzly Steppe.

          That report is very light on relevant details, IMHO. They mention lots of stuff which is more related to hacking in general than Russian hacking, and more about Russians hacking than about the DNC hack…

          But anyway, I did find evidence that indeed these binaries contained that IP address, hard coded in plain text.

          So once again:
          Here are the Invincea links to both samples found at the DNC. Invincea shows all strings longer than a few characters as found in the binaries.
          Invincea gives also a direct link to the entry at VirusTotal for the same sample.
          These samples are copies of the binaries found by CrowdStrike in one or more computers at the DNC. Copies of these samples were given to many security companies, and also submitted to sites like VirusTotal and Invincea.

          1st sample (ID-ed by SHA256 hash: 4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976)
          https://cynomix.invincea.com/sample/f09780ba9eb7f7426f93126bc198292f5106424b
          relevant snippet from strings found in binary:

          … , 45.32.129.185, 130.255.184.196, iostream stream error, iostream, error in select, errno %d, How are you?, Cache-Control: max-age=0, Accept-Encoding: gzip,deflate,sdch, 176.31.112.10, …

          2ns sample (ID-ed by SHA256 hash: 40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f
          https://cynomix.invincea.com/sample/74c190cd0c42304720c686d50f8184ac3faddbe9
          relevant snippet from strings found in binary:

          …, 23.227.196.217, 130.255.184.196, iostream stream error, iostream, error in select, errno %d, How are you?, Cache-Control: max-age=0, Accept-Encoding: gzip,deflate,sdch, 176.31.112.10, …

          And there they are, at the end of each of the snippets.

        • Jaap Titulaer
          Posted Oct 16, 2017 at 9:16 AM | Permalink

          Steve: I presume that you mean 2015-06-20.

          Yeah sorry, I’m a bit unclear. And when I saw the 20th as ‘last seen’ I assumed that it said 20-05 when in fact it says 20-04…
          Note that those free services have low resolution (as to ‘last seen’). Perhaps payed for IP history servers have more details.
          And one could of course always ask OVH SAS, the ISP that supplied rack space & network to the hosting providors (first Crookserver, now address is in use by kimsufi.com).

          Here is the text of that post again:

          Crookservers sagt:
          20. Juni 2015 um 02:25 Uhr

          We had received 1st abuse report about the IP 176.31.112.10 on 20th May 2015. IP 176.31.112.10 had been reported to be a Command & Control for APT-28.

          We immediately suspended the service on 20th May 2015. We had also requested our client information about the criminal activity and we never received a response. We’re ready to provide any information we have to law inforcement agencies.

          And from those ThreatMiner& ThreatCrowd pages we can see that:
          – IP address 176.31.112.10 was linked to 155-reverse.crookservers.net starting on (and ending on, ‘last seen’) 2015-04-20
          – that same IP address resurfaces again but now for a new server (ks393354.kimsufi.com) of another hosting company (but with hardware still in a building of ISP OVH SAS, certainly in their network) on 2015-10-07 00:00:00.

          Which basically tells us that sometime between 2015-04-20 and 2015-10-07 the original server at that IP address (the one being used as C&C for APT28) has been removed (at least take offline & wiped). Probably some time after 2015-04-20. Unfortunately we can’t tell exactly when based on this public data, because these free services have low dat resolution.

          The last known X-Tunnel variant that I know of was compiled 2015-04-22 08:49:54, so it must have been after that.
          And Crookservers claimed that this happened on 2015-05-20. In case we believe that, that would be the exact date.
          The next known variant of X-Tunnel has compile time 2015-06-25 05:15:54 and used a different IP address, as do all versions after that. Which indicates that it must be before that date.
          We can independantly of that be certain that the server was no longer usuable (for C&C) at least starting from 2015-10-07, based on ThreatMiner.

          So claimed by Crookservers the date that the C&C server stopped working is 2015-05-20.
          Based on malware variants it was between 2015-04-22 and 2015-06-25.
          Based on threat site data it was between 2015-04-20 and 2015-10-07.

        • Posted Oct 16, 2017 at 9:29 AM | Permalink

          Jaap, have you read the ThreatConnect article series on the DNC hack? They were largely used as the technical basis for MSM reporting of attribution before the US IC reports came out.

          In building upon Crowdstrike’s analysis, ThreatConnect researched and shared 20160614A: Russia-based groups compromise Democratic National Committee within the ThreatConnect Common Community. This incident includes the IP address 45.32.129[.]185 which Crowdstrike lists as a FANCY BEAR X-Tunnel implant Command and Control (C2) node.

          Using ThreatConnect’s Farsight passive DNS integration to review the resolution history for 45.32.129[.]185 we uncovered some additional domain resolutions. One of these domain resolutions is the suspicious domain misdepatrment[.]com (note the transposition of the “t” and the “r” in department).

          n reviewing the Domain Whois information, our DomainTools integration reveals that the domain was registered on March 22, 2016 by frank_merdeux@europe[.]com. https://www.threatconnect.com/blog/tapping-into-democratic-national-committee/

          How could the misdepatrment[.]com piece of the operation have been created by CS. The registration for that domain was March 22 and put into active use before the May 4 arrival of CS at the DNC? ThreatConnect says:

          On April 24th, 2016 the domain misdepatrment[.]com moved from the parking IP Address 5.135.183[.]154 to the FANCY BEAR Command and Control IP Address 45.32.129[.]185 where it remains resolved at of the time of this writing.

          This has to be describing a verifiable (non-spoofable) attack. Right?

          The article also links the Podesta attack to Apt28. The article was written prior to knowledge of the Podesta WL release.

          On June 16, 2016 Secureworks reported that a Russia-based group, operating on behalf of the Russian government, used a combination of bit.ly short links and a fake Google login page to target the Clinton Campaign between mid-March and mid-May 2016. The group, dubbed TG-4127 (aka APT28, Sofacy, Sednit, and Pawn Storm), also targeted DNC staff between mid-March and mid-April 2016. This timeline is consistent with the misdepatrment[.]com registration and resolution changes as well as CrowdStrike’s assessment of FANCY BEAR tactics, techniques, and procedures (TTP).

          We know the bit.ly short links and a fake Google login page was actually successful, creating the Podesta WL. Does it make sense that in the wake of a successful attack, when security would be called in and monitoring beefed up that one would expose their newest tools, misdepatrment[.]com, to be identified and shared by the cyber security community?

        • Steve McIntyre
          Posted Oct 16, 2017 at 2:46 PM | Permalink

          one of the oddities of the bitly campaign – which has never been discussed – is that it hacked many more hillaryclinton.com addresses than dnc.org addresses, but nothing was ever leaked from the hack of the hillaryclinton.com server. Why not?

        • Jaap Titulaer
          Posted Oct 16, 2017 at 10:37 AM | Permalink

          Ron,

          The malware binaries talk to IP numbers, they do not care about IP names, so the malware works regardless of the IP name.

          The IP name is however probably used for phishing attacks, so perhaps the date (‘April 24th, 2016’) indicates the first time that the domain could be / would be actively used to do a phishing attack (assuming that the other server was indeed just a parking spot).
          So it would indicate the start of a phishing campaign.

          Not sure why one would re-use the same server for a different purpose though. But apparently they did (45.32.129.185 is the other IP in one of the X-Tunnel binaries, CS said that traffic from the malware was to/from 45.32.129.185).

          How could the misdepatrment[.]com piece of the operation have been created by CS. The registration for that domain was March 22 and put into active use before the May 4 arrival of CS at the DNC? ThreatConnect says:

          On April 24th, 2016 the domain misdepatrment[.]com moved from the parking IP Address 5.135.183[.]154 to the FANCY BEAR Command and Control IP Address 45.32.129[.]185 where it remains resolved at of the time of this writing.

          https://www.threatminer.org/host.php?q=45.32.129.185
          Says that domain was first seen on 2016-06-14, so very shortly before that article by ThreatConnect.

          https://www.threatminer.org/domain.php?q=misdepatrment.com
          Says:

          Created 2016-03-22 14:12:23
          Updated 2016-05-22 02:20:47
          Expiration 2017-03-22 14:12:23

          So we see an update on May 22, not April 24. At least the last update was on that date.

          Of course it is unlikely that CS would register misdepatrment on 2016-03-22 when the first time that the DNC knows about WikiLeaks plans is June 12th (TV, Assange), or perhaps June 4th I think (WikiLeaks Insurance file names DNC for one of the collections).
          Unless of course the DNC knew about leaks much earlier (just not who) and asked CS for help (much earlier), but that seems rather far fetched to me.
          So that points against 3b, but still leaves options like 2b (misdirection, not by APT) wide open.

          Another option is simply that this site does belong to APT28 (or a similar crew) and CS would know about that (and indeed all related IP addresses). Option 3b assumes that the hack was faked, so it does not require an actual operational virus, just the binaries need to be there. No one can verify the network traffic (well except the NSA perhaps, they could at least store metadata, assuming they are allowed to actually do that inside the USA, without a FISA warrant against the DNC, and assuming that they really did; on the other hand the NSA could be monitoring the attack node 45.32.129.185, so that is a risk).

          All options assume that someone is re-using old binaries. And of course the IP address 45.32.129.185 for this secondary/fallback C&C can be simply changed manually in the binary. What we do know is that the IP address existed much earlier, e.g. on 2015-12-31 it was linked to ‘newtoro.com’. We can’t be sure it belongs to APT28.

          Does it make sense that in the wake of a successful attack, when security would be called in and monitoring beefed up that one would expose their newest tools, misdepatrment[.]com, to be identified and shared by the cyber security community?

          Uh no, good catch. That is a bit odd.
          Why would you expose your C&C IP address used in (secret) malware for a hack in May/June by also using it in a quite visible phishing attack campaign in March & April. I would expect that IP address to be blocked (from access to DNC network) just because of those emails.
          They (APT28) have sooo many servers to play with (many not even their own), so why didn’t they use a burner server, or a TOR exit node? Instead they use a C&C server?
          So no it does not make sense to me.

          The X-Tunnel version of 2016-04-25 10:58:38 uses IP’s 45.32.129.185, 130.255.184.196, 176.31.112.10
          The X-Tunnel version of 2016-05-05 09:20:08 switched to 23.227.196.217, 130.255.184.196, 176.31.112.10
          As I said earlier, the reason for the new version may very well be that DNC IT & CS started blocking 45.32.129.185. I assumed it was because they had detected the malware but by this reasoning it could also be because it had been involved in the phishing campaign…

        • Posted Oct 16, 2017 at 4:00 PM | Permalink

          Jaap Titulaer:

          I have found one reference that claimed that CrowdStrike reported on it in it’s blog post, but I haven’t found any evidence to confirm that so far (I reviewed several older versions of that same blog post via the Way back Machine).

          I have also seen claims Crowdstrike reported this IP address, but as best I can tell, those claims are false.

          Here are the Invincea links to both samples found at the DNC. Invincea shows all strings longer than a few characters as found in the binaries.
          Invincea gives also a direct link to the entry at VirusTotal for the same sample.
          These samples are copies of the binaries found by CrowdStrike in one or more computers at the DNC. Copies of these samples were given to many security companies, and also submitted to sites like VirusTotal and Invincea.

          It is wrong to say those links are “to both samples found at the DNC” as they are analyses of the samples, not the samples themselves. There are some other points I’d make, but it turns out they don’t really seem to matter (though Invincea tagging these malware as “cozybear” annoys me). I see now why I never saw evidence of that IP address being used. It is quite likely the IP address was never used. It was included in the binaries as stated, but that doesn’t mean it was actually used.

          CrowdStrike identifies command and control servers for those two malware samples as having been 45.32.129.185 and 23.227.196.217. Those are the first IP addresses listed in the two samples you excerpted. Each was followed by the same IP address, 130.255.184.196, which was likely configured as a fallback server. The address 176.31.112.10 comes later in the code, in a separate piece of code.

          Assuming Crowstrike told the truth about what IP address was used as the C&C server for these malware samples, the 176.31.112.10 would have no apparent role. Programs which go through many stages of development often have deprecated Code. Outdated parameters can easily show up in functions which aren’t being actively developed/used. If that’s the case here, it could well be irrelevant if the 176.31.112.10 server was still around. All it would mean is some old code didn’t get updated/deleted between versions.

          Is there any reason to think the inclusion of this IP address is anything more than that? If not, do people think it implausible deprecated code might exist in these binaries?

        • Posted Oct 16, 2017 at 4:49 PM | Permalink

          Steve McIntyre:

          one of the oddities of the bitly campaign – which has never been discussed – is that it hacked many more hillaryclinton.com addresses than dnc.org addresses, but nothing was ever leaked from the hack of the hillaryclinton.com server. Why not?

          First off, stealing someone’s password cannot fairly be described as a “hack of the [e-mail] server.” That’s not accurate at all. When John Podesta’s e-mail account was broken into, that wasn’t a “hack of the Google mail servers.”

          Second, do we actually know this? I know SecureWorks said 20 links sent to hillaryclinton.com addresses were clicked as opposed to four sent to DNC accounts, but clicking on a link to a fake web page asking you to reset your account doesn’t mean you’ve been hacked. I’m not even sure it tells us how many different people clicked links since there were multiple attempts against individual accounts, meaning one person could have clicked on multiple links.

          Do you have a reference indicating how many people’s accounts were broken into in this campaign? Even if material was released from DNC accounts and not hillaryclinton.com accounts (again, do we have a reference indicating that’s the case?), that could just mean the people who clicked on links sent to hillaryclinton.com accounts didn’t fall for it.

        • Jaap Titulaer
          Posted Oct 17, 2017 at 3:50 PM | Permalink

          You seem to accept now that that IP address 176.31.112.10 is really there in the DNC binaries and also that this old C&C IP address was no longer operational since sometime mid 2015.
          Good 🙂

          Is there any reason to think the inclusion of this IP address is anything more than that?

          Oh, yes 🙂
          How about provoking false attribution?
          The mere presence of 176.31.112.10 in the binary was the main part of the attribution. And it would have been conclusive had that IP address still been active at the time of the attack, but it wasn’t.

          Other elements that helped recognition were things like using a text with ‘XTunnel’ in the binary and ‘OpenSSL 1.0.1e’, that very outdated OpenSSL implementation that should have been updated (even just using 1.0.1g would have been enough to protect client and server from the Heartbleed bug).

          If not, do people think it implausible deprecated code might exist in these binaries?

          In general perhaps not, but in this case it is different.

          [1] The other new IP addresses are close to the old unusable IP address, so while updating that section of the code I find it rather unlikely that they will have just ‘missed’ it. Why leave it in?

          [2] That old IP address was mentioned a lot after the Bundestag attack. As a result it was, among others, included in a YARA signature which are used to detect malware. In this case in YARA signature “apt_sofacy_xtunnel”
          That is just one of the way how this signature get’s included into virus & malware scanners (by summer / fall 2015 at the latest; that above linked signature from github was placed there Feb 2016; the original was given in that Netzpolitik article dated 2015-06-19).
          So you have to be assuming two things:
          a) That the DNC had absolutely zero virus scanners active on its servers (granted that can be true …).
          AND
          b) that APT28 didn’t do any virus scanner recognition testing (which will include not just a YARA check, but also scanners from several from major security companies). That is something that these groups normally will do. These groups normally tweak until their malware is no longer recognized.

          Seems like bit of a stretch to me.

        • Posted Oct 17, 2017 at 7:50 PM | Permalink

          Jaap Titulaer:

          You seem to accept now that that IP address 176.31.112.10 is really there in the DNC binaries and also that this old C&C IP address was no longer operational since sometime mid 2015.
          Good 🙂

          Actually, no. I accept that IP address was present in the code Crowdstrike provided to some people/companies to examine. I believe in what I have evidence for. I initially hadn’t seen evidence that IP address was included in the code because I had only paid attention to the IP addresses stated to be used for something (like the C&C servers). It hadn’t occurred to me people might find IP addresses in the code which they didn’t identify a purpose for.

          Oh, yes 🙂
          How about provoking false attribution?
          The mere presence of 176.31.112.10 in the binary was the main part of the attribution. And it would have been conclusive had that IP address still been active at the time of the attack, but it wasn’t.

          This doesn’t answer the question I asked as what I asked is if there was any reason to think the IP address was part of anything other than deprecated code, not if there would have been any other reason it might be included in the code. That said, I don’t agree with your claim this IP address “was the main part of the attribution.” That IP address wasn’t even mentioned by Crowdstrike or a number of groups which made the attributiobn. You and Steve McIntyre seem to have overstated the significance of this issue.

          That is just one of the way how this signature get’s included into virus & malware scanners (by summer / fall 2015 at the latest; that above linked signature from github was placed there Feb 2016; the original was given in that Netzpolitik article dated 2015-06-19).
          So you have to be assuming two things:
          a) That the DNC had absolutely zero virus scanners active on its servers (granted that can be true …).

          This is complete nonsense. That a signature like this may get posted in some repositories in no way means we must assume any system which gets infected by it “had absolutely zero virus scanners active.” Rather than go into detail explaining why this claims is incredibly dumb, a source you referenced lists hwo various antivirus programs perform against this very malware. 1/3rd of the programs fail to detect it.

          There is way more wrong with what you said than that indicates, but if you’re going to fabricate things in such an obvious way, I don’t see any reason people should bother responding to you.

        • AntonyIndia
          Posted Oct 17, 2017 at 9:13 PM | Permalink

          Jaap +1
          Shows how weak anti malware was @ the DNC (and elsewhere) mid 2015.

        • Don Monfort
          Posted Oct 17, 2017 at 9:42 PM | Permalink

          Brandon is insisting on actual facts again. Dude is a stickler. Prefers a forensic analysis to a guessing game. Spoils all the fun.

        • Jaap Titulaer
          Posted Oct 18, 2017 at 11:26 AM | Permalink

          That said, I don’t agree with your claim this IP address “was the main part of the attribution.” That IP address wasn’t even mentioned by Crowdstrike or a number of groups which made the attributiobn. You and Steve McIntyre seem to have overstated the significance of this issue.

          Quick summary, details & links follow below:
          1] CrowdStrike (CS) did not explain in sufficient detail their attribution in their blog post [A].
          2] As to the ‘number of groups’, I have found only one security company (Fidelis) who explained their attribution in sufficient detail and they DO mention 176.31.112.10 specifically [B, F].
          3] A known expert (Thomas Rid) also did mention this IP address and said it was one ‘of the strongest pieces of evidence’.[C]
          4] A few sources (TIME, The Intercept) indicate that CS did also use an IP address associated with APT28 in their attribution, but if so it is not in their blog report. The TIME even mentioned 176.31.112.10 specifically.[D]
          5] Another security company (Mandiant) said ‘the malware and associated servers are consistent with those previously used by “APT 28 and APT 29’, but unfortunately they did not give details as to which server (IP address) they mean. [E]
          The only one I know of that was used before is 176.31.112.10.

          So I do not think that I have overstated the issue. Of course our information is extremely limited, which may lead to tunnel vision…

          [A]
          I do not see where CrowdStrike explains, in their report (actually: blog post ‘Bears in the Midst: Intrusion into the Democratic National Committee’ of 2016-06-15), how they determined that some of the malware was APT28’s XTunnel.
          I do see that they supply additional IOC’s (IP’s and hashes), but those are new hashes and AFAIK also all new C&C IP addresses.
          So those can’t have been used to determine it was APT28’s XTunnel.
          CS did not explain in that article how they determined that it was APT28’s XTunnel, as opposed to someone else’s XTunnel or another malware from another group merely cloaked to look like APT28’s XTunnel or a re-use of an old binary by another group (or etc.).
          If you have another source that explains on what basis CS attributed this, I would like to know.

          [B]
          CS supplied samples of this malware to a few other security groups. While the security companies seemed to agree with the attribution (those that I know of), they (except Fidelis) do not explain in sufficient details on what grounds they decided that this was probably APT28’s XTunnel. Fidelis did give much more details on the XTunnel attribution, more on that below.

          [C]
          Professor Thomas Rid was of course already quoted above (see comment-776105), he is reported to have said:

          One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers.

          [D]
          The TIME reported about this (see same post above), and seemed to indicate that they got their information from CrowdStrike, but I have not been able to find any report by CrowdStrike that confirms that.
          Perhaps they got this from Thomas Rid or from one of the security companies that DID explain the reasons behind their attribution?

          On the other hand we have this from an interview (Judy Woodruff speaks with Dmitri Alperovitch of CrowdStrike and Thomas Rid of King’s College, London.) http://www.pbs.org/newshour/bb/security-company-releases-new-evidence-russian-role-dnc-hack/

          THOMAS RID: Yes. You know, what I do is I look at specific cases and I drill down and I zoom into the details of the picture and look at that detail. So, we can often link specific cases like the one that Dmitri was just describing to another case because the tool set that they’re using is the same, really like the tool of the burglar that breaks into one building and uses the same or a comparable tool in another building.

          So, one thing that I’m, for instance, interested in and that I focused on is how they broke into the German parliament and that we can link that to the DNC and, indeed, we can also link those two cases. So, the evidence is really strong that we have at this point.

          The corresponding factor was XTunnel of course. And Dmitri Alperovitch of CrowdStrike did not disagree to Thomas Rid’s statements, so perhaps we can forgive TIME from getting the impression that CrowdStrike agrees.

          And later in that interview Thomas Rid says:

          You know, keep in mind: this has been going on for many years. This particular act, that we watched them for eight years, and over the past year, they made quite a lot of mistakes which revealed themselves.

          What mistakes did they make over the past year? Well one of them certainly is using too many of the same distinctive strings, even when this wasn’t needed.

          Oddly enough The Intercept (Here’s the Public Evidence Russia Hacked the DNC — It’s Not Enough, 2016-12-14) also seemed to read that (what TIME understood) somewhere in CrowdStike’s report:

          Malware found on the DNC computers was programmed to communicate with an IP address associated with APT 28/Fancy Bear.

          But when we look at the CS report, I can’t find any mention of that.
          Yet The Intercept seems adamant about this, as further down they say:

          Would these groups that “constantly [go] back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels” get caught because they precisely didn’t make sure not to use IP addresses they’d been associated before?

          [E]
          As to the security companies: I have not found comments by ThreatConnect on the XTunnel attribution. I understand FireEye/Mandiant agrees, but I again can’t find any comments by them on the XTunnel attribution (in fact FireEye does not even mention XTunnel in their reports under any alias).
          In an WaPo article (Cyber researchers confirm Russian government hack of Democratic National Committee, 2016-06-20) Mandiant did comment:

          Mandiant, a cyber-forensics firm owned by FireEye, based its analysis on five DNC malware samples. In a statement to The Washington Post, Mandiant researcher Marshall Heilman said that the malware and associated servers are consistent with those previously used by “APT 28 and APT 29,’’ which are Mandiant’s names for Fancy Bear and Cozy Bear, respectively.

          But it is unclear which previously used IP address they mean.

          [F]
          Fidelis Security said (in Findings from Analysis of DNC Intrusion Malware – 2016-06-20 https://www.fidelissecurity.com/threatgeek/2016/06/findings-analysis-dnc-intrusion-malware):

          c. For the X-Tunnel sample, which is malware associated with FANCY BEAR, our analysis confirmed three distinct features that are of note:
          i. A sample component in the code was named “Xtunnel_Http_Method.exe” as was reported by Microsoft and attributed by them to FANCY BEAR (or “Strontium” as they named the group) in their Security Intelligence Report Volume 19.
          ii. There was a copy of OpenSSL embedded in the code and it was version 1.0.1e from February 2013 which was reported on by Netzpolitik and attributed to the same attack group in 2015.
          iii. The Command and Control (C2) IPs were hardcoded into the provided sample which also matched the Netzpolotik reporting.
          iv. The arguments in the sample were also identical to the Netzpolitik reporting.

          The hardcoded C2 matches those in Netzpolitik reporting (i.e.: 176.31.112.10).

          And as I said above:

          The mere presence of 176.31.112.10 in the binary was the main part of the attribution. And it would have been conclusive had that IP address still been active at the time of the attack, but it wasn’t.

          Other elements that helped recognition were things like using a text with ‘XTunnel’ in the binary and ‘OpenSSL 1.0.1e’, that very outdated OpenSSL implementation that should have been updated (even just using 1.0.1g would have been enough to protect client and server from the Heartbleed bug).

          That’s three recognizable strings that easily could have been excluded from the DNC XTunnel variants, but weren’t. Indeed ‘quite a lot of mistakes’…

        • Steve McIntyre
          Posted Oct 18, 2017 at 12:33 PM | Permalink

          Jaap, a question/comment on Bundestag versions.

          In Guarnieri’s article, his X-Tunnel malware is identified as SHA-1 cdeea936331fcdd8158c876e9d23539f8976c305 – which you attributed in your list to the ESET survey. You associated SHA-1 0450aaf8ed309ca6baf303837701b5b23aac6f05 with Bundestag, but it doesn’t appear in the Guarnieri article. It appears in the root9B article (as well as in contemporary lists by Sophos, Alien Vault and later in Microsoft.) It has considerable overlap but is not the same.

          3835 out of 3878 phrases in the Invincea list match between the two versions. Both versions refer to 176.

          There’s an interesting transition in respect to phrases that we’ve been watching. The earlier version (“root9b” compiled 2014-04-14) has the phrase XAPS_OBJECTIVE linking back to earlier malware with that phrase. However, it’s the first version to exceed 1.0 MB in size, as it is the first to include the SSL cryptographic internally.

          The Guarnieri version (Bundestag – compiled 2015-04-22) SHA1- cdeea936331fcdd8158c876e9d23539f8976c305 , like the earlier version, contained the OpenSSL 1.0.1e 11 Feb 2013. It repeated 46 lines with the phrase “OpenSSL”, but added 4 and slightly changed 1:
          * “Blowfish part of OpenSSL 1.0.1e 11 Feb 2013”
          * “MD4 part of OpenSSL 1.0.1e 11 Feb 2013”
          * “OpenSSL ‘win32’ shared library method” changed to “NOpenSSL ‘win32’ shared library method”
          * “RIPE-MD160 part of OpenSSL 1.0.1e 11 Feb 2013”
          * “SHA part of OpenSSL 1.0.1e 11 Feb 2013”

          The phrases in the root9B version surrounding 176.31.112.10 are:
          [1] “CRYPTOGAMS by ”
          [2] “Montgomery Multiplication for x86”
          [3] “CRYPTOGAMS by ”
          [4] “GF(2^m) Multiplication for x86”
          [5] “CRYPTOGAMS by ”
          [6] “176.31.112.10”
          [7] “error in select”
          [8] “errno %d”
          [9] “is you live?”
          [10] “connect to %d”
          [11] “reconnect started”
          [12] “connect to local error %d – port %d”

          The phrases contiguous to 176.31.112.10 in Guarnieri version are:
          [1] “ctx->buf_off+i buf)”
          [2] “ctx->buf_len >= ctx->buf_off”
          [3] “ctx->tmp_len buf_off buf)”
          [5] “ctx->buf_len buf)”
          [6] “ctx->buf_off buf)”
          [7] “176.31.112.10”
          [8] “error in select”
          [9] “errno %d”
          [10] “is you live?”
          [11] “Xtunnel.exe”
          [12] “0 0.03080E0V0g0”
          [13] “2(2”
          [14] “2024282D2H2L2`2d2h2l2p2t2x2|2”

          I was only able to locate Invincea phrases for these two versions plus the two DNC hack versions. The DNC versions differ only in the substitution of one IP address for a previous IP address.

        • Steve McIntyre
          Posted Oct 18, 2017 at 1:14 PM | Permalink

          Jaap, something else possibly interesting about XTunnel. The version SHA1-0450aaf8ed309ca6baf303837701b5b23aac6f05 was compiled on April 4, 2014. As has been observed, it hard-coded a lot of software related to OpenSSL 1.0.1e 11 Feb 2013 – a version vulnerable to Heartbleed.

          The Heartbleed defect was discovered on April 3, 2014 (heartbleed.com) and was announced publicly on April 7, 2014.

          I don’t understand the purpose of X-Tunnel relative to X-Agent, but the programmers appeared to be aware of the defect and responded to it before the public announcement.

        • Jaap Titulaer
          Posted Oct 18, 2017 at 11:45 AM | Permalink

          This is complete nonsense. That a signature like this may get posted in some repositories in no way means we must assume any system which gets infected by it “had absolutely zero virus scanners active.”

          It was not just posted in ‘some repositories’, it was posted in the repositories that matter (samples in VirusTotal, rules in YARA), those are one of the main sources for AV vendors for new virus & malware definitions. Not to mention the publicity given to the Bundestag hack.

          ‘zero’ might be a bit of an exaggeration, but that is how many IT professionals would call it IMHO. I simply mean ‘as good as zero’.
          I did not feel the need to define that in great detail, as that gets boring and I thought it would be understood.

          But apparently not, so let me explain & define in some more detail.
          A few situations can lead to ‘as good as zero’ protection:
          – They may have had fit for purpose anti-virus & malware protection, but had disabled it, on the affected computers.
          – They may have had fit for purpose anti-virus & malware protection, but hadn’t updated their virus & malware definitions for many months, perhaps as long as a year, on the affected computers.
          – They may have had anti-virus & malware protection, but were using a product that is not fit for purpose, among others (but not limited to), because it too often fails in detecting known viruses or malware (such as failure to detect any significant set of historic samples such as those stored at VirusTotal).

          Disabling anti-virus & anti-malware products gives you no protection.
          Not updating the virus & malware definitions of fit for purpose anti-virus & anti-malware products gives you insufficient protection; you might as well have none.
          Using unfit anti-virus & anti-malware products gives you insufficient protection; you might as well have none.

          Please note that some people (even in IT) think it is OK to completely disable virus scanners on database or email servers. I disagree.
          And I do not mean just that all email should be scanned for viruses, that is usually done (and always in large organisations).
          I mean that the server itself should also scanned. The reason that a virus scanner gets disabled on a database server is because the scanners locks the database file, causing the database server to fail. Fit for purpose (server) virus scanner allow you to exclude database files. The rest of the server is scanned as usual. Similar for an email server such as MS Exchange. Certain special important files get excluded (and other additional measures are taken).

          Because Xtunnel was given so much publicity and because a good enough signature was defined for YARA, and samples distributed to some companies and then posted at VirusTotal, it is my expectation and experience that such a virus or malware would be included in the virus & malware detection of any of the fit for purpose anti-virus & malware protection products (certainly the top 20), by sometime in 2015.

          Hence my conclusion: they (the DNC) did not have a fit for purpose anti-virus & malware protection product, or they did have it but they had disabled it, or they did have it and had enabled it (most of the time) but they hadn’t updated the definitions for many months, on the computers affected by XTunnel.

          I hope this is detailed enough. And I do hope the above is not really new for most people.

          Rather than go into detail explaining why this claims is incredibly dumb, a source you referenced lists hwo various antivirus programs perform against this very malware. 1/3rd of the programs fail to detect it.

          Granted, several so-called ‘anti-virus’ products fail to detect this kind of malware or viruses even today.
          But then they do not belong to the set of anti-virus and malware security products that are fit for purpose, it is mostly the same set that fails all the time.

          Nor do they belong to the set which makes it to the top 10 or 20 during product selection by any larger organization, be it government, company or otherwise, simply because their detection rate is too low.

          Several can’t be used on database or email-servers because of how they operate and do not offer methods to be able to protect and/or scan properly in such a situation, which in turn leads to them being disabled on such servers. If that (usage on servers) is the intended purpose, then they are not fit for that purpose (they may still be fit for purpose for use on personal computers).

          For example Microsoft Defender detects the XTunnel variants that I’ve tried (and immediately removes any such binary).
          The majority of the products, and certainly all of the top products such as BitDefender, McAfee, Symantec, TrendMicro and Kaspersky, also detect them, according VirusTotal (& as expected).
          Microsoft Defender is now also available for servers (included in MS Server 2016 I think) but e.g. Microsoft Security Essentials is & was not supported by MS on servers. I also doubt that Microsoft Security Essentials would detect all (or even most) XTunnel variants.

          Now I’ve seen this more often (i.e. no or insufficient protection), or used to see this more often, on computer laptops used by individuals, but I haven’t seen this on server class computers at larger organizations for a very long time, certainly not as recent as 2016.
          In such organizations all computer servers have one of the top 20 products installed, enabled and sufficiently updated. The same applies for most if not all of the laptops used in such organizations.

          And I haven’t worked for any organization over the last decade (or so) that did not have such products installed (one of the top 10), enabled and updated on all their laptops as well. And who did not also either forbade outside laptops from connecting to their network, or did not allow them to do so if not sufficiently protected.

          So I can understand, but do not approve, when this happened on the laptop of some of the staff of the DNC and even more when this happened on laptops of people associated with the DNC. For example on the laptops of individuals or groups who had outsourced the management & maintenance of their computers to some lesser experienced IT service provider. Or on private laptops of some of these people. I would hope that such laptops would not be allowed to connect to the DNC network.

          But I do not really understand how this version of XTunnel could survive for even a few days, on computers with enabled, recently updated and fit for purpose anti-virus & anti-malware products. And certainly not if it was present on any of the DNC servers.
          Of course CrowdStrike did detect it immediately (as can be expected), but I currently also do not understand why they (CS) left that malware in place for so long (early May to 11 June). Many AV solutions would delete or quarantine such malware immediately.

        • Jaap Titulaer
          Posted Oct 18, 2017 at 1:13 PM | Permalink

          Hi Steve,

          In Guarnieri’s article, his X-Tunnel malware is identified as SHA-1 cdeea936331fcdd8158c876e9d23539f8976c305 – which you attributed in your list to the ESET survey. You associated SHA-1 0450aaf8ed309ca6baf303837701b5b23aac6f05 with Bundestag, but it doesn’t appear in the Guarnieri article. It appears in the root9B article (as well as in contemporary lists by Sophos, Alien Vault and later in Microsoft.) It has considerable overlap but is not the same.

          Yes you are correct, sorry.
          I’ve corrected that already in the very next post, see https://climateaudit.org/2017/10/10/part-2-the-tv5-monde-hack-and-apt28/#comment-776472

          I was laid astray by the Invincea tags, as those the ‘Bundestag’ tags linked to two different samples. But the second one (dated 2015-04-22 08:49:54) is the one reported by Guarnieri. Perhaps the older one is really from the Bundestag as well, but if so Guarnieri did not say so.

          Similarly, as Brandon pointed out, Invincea has Cozy Bear tags linked to both DNC samples instead of Fancy Bear…

          So the corrections to the list are:

          {ESET, MicroSoft – ? Bundestag 2015 ?, earlier version ? – XTunnel}
          SHA1: 0450aaf8ed309ca6baf303837701b5b23aac6f05
          SHA256: 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
          Imphash: 98450bad338b909d70eec8c9da5384aa
          PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
          Compilation Timestamp: 2014-04-14 13:13:59
          hosts:”176.31.112.10:443″
          Debug Artifacts E:\PROJECT\XAPS_OBJECTIVE_DLL\Release\XAPS_OBJECTIVE.pdb << a debug version in the Release folder …
          https:// cynomix.invincea.com/sample/0450aaf8ed309ca6baf303837701b5b23aac6f05
          part of strings:"176.31.112.10, error in select, errno %d, is you live?,”

          and

          {ESET, Guarnieri – Bundestag 2015 – XTunnel}
          SHA-1: cdeea936331fcdd8158c876e9d23539f8976c305
          SHA-256 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
          Imphash 69ca97fb5d686988321bac50363255f0
          PE32 executable for MS Windows (GUI) Intel 80386 32-bit
          Compilation Timestamp: 2015-04-22 08:49:54
          hosts:”176.31.112.10:443″
          https:// cynomix.invincea.com/sample/cdeea936331fcdd8158c876e9d23539f8976c305
          part of strings:” 176.31.112.10, error in select, errno %d, is you live?, Xtunnel.exe ” (at the end, not beginning)

          The Guarnieri version (Bundestag – compiled 2015-04-22) SHA1- cdeea936331fcdd8158c876e9d23539f8976c305 , like the earlier version, contained the OpenSSL 1.0.1e 11 Feb 2013. It repeated 46 lines with the phrase “OpenSSL”, but added 4 and slightly changed 1:

          Interesting, that normally indicates that they have enabled or used more of that OpenSSL library, so a more recent rebuild of that library (which usually is fairly simple, just header changes & then recompile and re-link to main program).
          I still do not understand why they did not then switched to using version 1.0.1g, which hasn’t the Heartbleed bug and which is otherwise a direct replacement (no changes required to the code of the main program that uses that library AFAIK).
          There were even then more modern versions of that library (none of which suffer Heartbleed), but perhaps those would require some changes to their main program. Perhaps.

        • Jaap Titulaer
          Posted Oct 18, 2017 at 1:47 PM | Permalink

          Jaap, something else possibly interesting about XTunnel. The version SHA1-0450aaf8ed309ca6baf303837701b5b23aac6f05 was compiled on April 4, 2014. As has been observed, it hard-coded a lot of software related to OpenSSL 1.0.1e 11 Feb 2013 – a version vulnerable to Heartbleed.

          The Heartbleed defect was discovered on April 3, 2014 (heartbleed.com) and was announced publicly on April 7, 2014.

          That explains why the version of April 4 2014 had it, assuming they didn’t know, but why the Bundestag version of April 22, 2015 still had it is a mystery to me.
          And their apparently continued use of 1.0.1e is odd, nowadays uncommon & unexplained (and hence included in the YARA signature for XTunnel).

          wiki: “Heartbleed may be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client.”
          So when the Bundestag hack went public people speculated that the C&C server could have suffered the same issue and could have been hacked (this is given as one explanation why the XAgent source code became into the possesion of (at least) ESET (and I understand some other person/hacker).

          I don’t understand the purpose of X-Tunnel relative to X-Agent, but the programmers appeared to be aware of the defect and responded to it before the public announcement.

          Well the APT28 programmers may not have known prior to 2014-04-04, but they most certainly will have known at least a few days later.
          Microsoft credits them with perhaps the largest collection or at least use of zero days, so it is indeed likely that they knew before the public knew, IDK.
          The fact that they still use the old library (a year later in 2015 Bundestag) does not so mean that they can exploit this Heartbleed bug, instead it means that their software that uses this version can be hacked …
          In order to exploit the Heartbleed bug you do not need that old library.

          Maybe they do not care that their client has issues, as long as their servers are OK.
          As far as I know their XTunnel client code simply ignores the server side SSL certificate, so they can use any kind of old certificate all the time. It is their XTunnel client software that makes the initial (hardcoded) connection to their C&C server, so they do not need to check that they are talking to the right server, they just need SSL in order to be able to talk across an encrypted line (HTTPS), without drawing too much attention. (all that based on the detailed description of XTunnel by ESET, see eset-sednit-part2.pdf or eset-sednit-full.pdf).

        • Steve McIntyre
          Posted Oct 19, 2017 at 11:26 AM | Permalink

          Another question: in the Virus Total reports on the malware, in the Details tab, there is a section on ExifTool which reports time in timezone format. All malware for Cozy and Fancy Bear has Exif timezone of +0100. However, I’ve seen reports which stated that it was compiled in Russian time zones. ??

        • Posted Oct 18, 2017 at 2:00 PM | Permalink

          Jaap: “Of course CrowdStrike did detect it immediately (as can be expected), but I currently also do not understand why they (CS) left that malware in place for so long (early May to 11 June).”

          So, you are not buying their “shoulder surfing” story. Confirming Steve’s claim in the first post on G2, I found no media articles that highlight that the malware lay detected, yet active, for over a month. This is direct contradiction to the DNC Chair’s public claim on June 14 that the virus was “immediately” removed.

          Jaap, do you have any insights as to whether the WL DNC dump would likely be the product of Apt28, Apt29 or internal leaker? What about the veracity of CS’s claim that the only exfiltration via Apt28 was the 237-page Trump opposition research doc?

        • AntonyIndia
          Posted Oct 18, 2017 at 9:58 PM | Permalink

          Jaap, MS Server 2016, which is Windows 10 with expensive bells and whistles does not have MS Defender activated standard, luckily – as I wouldn’t rely on just that. Separate anti-virus software should be run parallel to Server 2016, best a special server version.
          The version of MS Server prior was Server 2012 R2 – a renumbering every 4 years, so next should be 2020.

      • Posted Oct 16, 2017 at 6:56 PM | Permalink

        Steve: “one of the oddities of the bitly campaign – which has never been discussed – is that it hacked many more hillaryclinton.com addresses than dnc.org addresses, but nothing was ever leaked from the hack of the hillaryclinton.com server. Why not?”

        I was thinking the same thing when going back to read the June 16, 2016,Secureworks article cited by ThreatConnect’s June 17 article. Considering the high yield achieved at the DNC and the lax security at the Clinton campaign (who got compromised first) it seems there should be more than Podesta out of those 20 clickers who went and entered their password. Oddly, his name is not among the slew of top Hillary CTU researches found out of the 106 targeted email accounts.

        One explanation could be to all presentation to Assange as being separate from Apt28 attack, which is assumed to be Russian. In fact, has anyone ever heard Assange questioned on this point? How can he claim Russians were not involved considering the SecureWorks article displayed facts?

        • Posted Oct 16, 2017 at 7:09 PM | Permalink

          I meant: “One explanation could be to allow presentation…”

          Also, if the HillaryClinton.com Gmail attack was the same tools and MO as the DNC attack, and they were the source of the WL dumps, they would have to be disguised in some way to Assange to hide the bear prints, assuming Assange has an ounce of self-respect or honesty to his stated convictions.

          If the bear did disguise his paws on both email dumps to WL how does G2 fit in? G2 clearly had inside knowledge that the DNC was the subject of Assange’s cryptic interview of June 12. G2 also clearly undermines the legitimacy and impact of WL per se by maniacal and dishonest clowning and
          lack of contribution of any important docs.

          Who was doing HillaryClinton.com security? Anyone know?

        • Posted Oct 16, 2017 at 7:21 PM | Permalink

          Ron Graf:

          I was thinking the same thing when going back to read the June 16, 2016,Secureworks article cited by ThreatConnect’s June 17 article. Considering the high yield achieved at the DNC and the lax security at the Clinton campaign (who got compromised first) it seems there should be more than Podesta out of those 20 clickers who went and entered their password. Oddly, his name is not among the slew of top Hillary CTU researches found out of the 106 targeted email accounts.

          I thought Podesta had a personal Gmail account broken into, not one connected to Clinton’s server. Am I mistaken? As a follow-up, do we know who at the DNC or on Clinton’s server actually had their account broken into? Clicking a link to a fake web page asking you to reset your account doesn’t do anything on its own. At least some of the people who clicked the link would have not have been tricked into giving up their password.

        • Posted Oct 16, 2017 at 7:40 PM | Permalink

          Brandon, I would think that if they clicked on the prompted link many would comply since they would be provided the expected Gmail log-in screen and be directed to their account after entering their credentials. There is not much reason to click on the first prompt if you were suspicious. Anyway, I could not find the article I read that I think 7% of DNC staff that were presented with the phish went hook, line and sinker for it.

          BTW, I have a comment above you in moderation. One of the answers to my own questions in it is that the Clinton For America IT staff consisted of two employees from MIS Department Inc., (maybe on loan,) and two others here.

        • Posted Oct 16, 2017 at 8:14 PM | Permalink

          The #2 IT person on the DNC 2016 chart is the present VP of MIS Department Inc. and has worked there since 2011. His two co-workers and MIS were the two who cleared Podesta to click on the reset password link.

        • Posted Oct 16, 2017 at 8:37 PM | Permalink

          The domain name misdepatrment[.]com selected by Apt28 in the DNC hack indicates knowledge of the Hillary For America hack, where the #1 and #2 IT administrators were from MIS Department Inc. and the hacker knows foolishly told Podesta the phish was “legitimate.” Misdepatrment[.]com is a taunting inside joke. Question: who would make the joke? We can eliminate the current VP of MIS. The only CS would make up Misdepatrment[.]com was if they were aware of the Hillary For America hacks. He might do it to connect the two incidents. Would a state-sponsored hacker group create an evidence trail intentionally just to have a taunt?

        • Posted Oct 16, 2017 at 9:55 PM | Permalink

          Ron Graf:

          Brandon, I would think that if they clicked on the prompted link many would comply since they would be provided the expected Gmail log-in screen and be directed to their account after entering their credentials. There is not much reason to click on the first prompt if you were suspicious. Anyway, I could not find the article I read that I think 7% of DNC staff that were presented with the phish went hook, line and sinker for it.

          I can’t say I agree. Being suspicious of a link doesn’t mean a person won’t click on it. I’ve clicked on many malicious links out of cur4iosity. Besides which, a person might not get suspicious until they’re asked to give their password.

          The domain name misdepatrment[.]com selected by Apt28 in the DNC hack indicates knowledge of the Hillary For America hack,

          I have two questions. First, why do you think referencing MIS Department indicates any special knowledge when it was no secret the DNC was a client of MIS Department? Second, what hack are you even referring to when you say “Hilary for Clinton hack”?

        • Posted Oct 16, 2017 at 9:56 PM | Permalink

          Er, I have no idea how I typed “Hilary for Clinton” instead of “Hillary For America.” Maybe a Freudian slip? I suspect it’s a more accurate phrase.

        • Steve McIntyre
          Posted Oct 17, 2017 at 10:28 AM | Permalink

          🙂

        • Posted Oct 17, 2017 at 9:04 AM | Permalink

          A large number of local campaigns had their DCCC national party vetting research leaked to the local press helping their GOP opponents. It looks like the DCCC hack, Hillery for America (Podesta hack), and DNC hacks were exactly the same MO during March and April of 2016. If they were indeed all connected this shows an anti-Dem motive, not just an anti-Clinton one. Crazy Guccifer 2.0 was self-defeating when it came to trying to promote WL but seems to have been effective in local races. https://www.nytimes.com/2016/12/13/us/politics/house-democrats-hacking-dccc.html

        • AntonyIndia
          Posted Oct 17, 2017 at 10:19 PM | Permalink

          Brandon just got some crucial facts in front of him from Jaap (digital fingerprints) but didn’t like what they implied, so he rejected them. He also diminished the list of people to who he wants to respond to to 2 or 3.
          He sounds like a frustrated DHS member 😉

  13. Posted Oct 13, 2017 at 3:02 PM | Permalink

    Jaap, Dave or anyone, I read in the Equifax breach evaded detection for months only by keeping the ex-filtration data volume sufficiently low to emulate normal traffic. Is it plausible that the cf.z7 and ngp-van.z7 zip archives could have been ex-filtrated over the internet in whole without setting off alarms? If not, would this point toward a leak vs. hack?

    • mpainter
      Posted Oct 13, 2017 at 4:07 PM | Permalink

      Ron, I read a few weeks ago that it was suspected that an insider aided the breach. I regard this as one of those affairs that may never be brought to light. I think Equifax may have an interest in suppressing facts to curtail liabilities. Also, there are criminal liabilities for some of their management. So…?
      Also, I think it’s possible that the hack may have been by the U.S. IC. They are currently building a database on all U.S. citizens. The DHS likes this sort of stuff.

    • Jaap Titulaer
      Posted Oct 16, 2017 at 11:00 AM | Permalink

      Well they could have used their own file transfer protocol, which sends stuff in whatever size they need, at whatever time that seems best to keep hidden. They do not need to send the entire file in one go, they can always recombine the parts after arrival.

      So even zipping lot’s of documents, which creates one large zip file, does in itself not mean that they would have to send it in one big file transfer.
      Any file transfer is broken up into smaller parts, but then usually it is send in one steady stream. That means that switching to a steady stream of small packets is also not so smart, so they would have to sprinkle some random delays here and there.

      The size of the zipped files does not really prove anything IMHO.

  14. Don Monfort
    Posted Oct 13, 2017 at 3:03 PM | Permalink

    I am not capable of deciphering the discussion here. Not in my skill set. What is the consensus among you all, if there is one? Was it a hack, or a leak? Was it likely the Russians? Do you believe that your discussion here is getting at the truth? Is everyone aware that the government agencies, with thousands of skilled analysts, has access to the same information that you have and a lot more? Of course, the intel agencies could be incompetent and/or dishonest. Would anyone care to comment?

    • Posted Oct 14, 2017 at 6:59 PM | Permalink

      I think Steve has an ultra-proprietary moderation algorithm that includes a Monte Carlo component for anti-counter measures.

      Don, I did a little extra background research this week and found virtual unanimity in the past year’s published articles and books. They all say the Russians did it as an “active measures” operation. That said, Watergate was not broken by experts or by authorities but by hippie reporters too naive to trust the FBI’s investigation. They likely still might not have succeeded if not for a patient editor (Ben Bradley) and a sympathetic anonymous insider, FBI Deputy Director Mark Felt (aka Deep Throat).

      We must admit Steve likely took heat from everyone to be so naive as to question the authority of the IPCC Third Assessment’s most impressive graphic in 2001.

      If we can find enough forensic chinks in the armor of the establishment case on the DNC hack I think it could be used to build a case if evidence also appears from other places like the Seth Rich FBI file or Imran Awan Capitol Police investigation.

      Both Thomas Rid, Professor of Security Studies, King’s College London and Kevin Mandia, CEO of FireEye, Inc., testified before the US Senate Select Committee on Intelligence last March 30, concluding Apt28 has been increasing its volume and brazenness of operation. They assume DCLeaks and Guccifer 2.0 were creations by Apt28 to publish fruits of their exploits. Wikileaks is seen to be an unwitting accomplice, as would we if we put together a theory that would only make it on InfoWars. That is why I said we likely would need more than any forensics alone. This does not mean the establishment has the truth any more than it means that Watergate was not connected to the Whitehouse as the FBI concluded after their investigation.

      • Posted Oct 14, 2017 at 7:12 PM | Permalink

        When I say unanimity I am excluding Adam Carter’s g2 space. (Adam Carter is a pseudonym from a character in the BBC series Spooks) and Jimmyllama blog here.

        • mrmethane
          Posted Oct 14, 2017 at 9:03 PM | Permalink

          For our American friends, “Spooks” was renamed in the USA to “MI5” (or was it 6?) for compliance with that nation’s political correctness conventions of the day.

      • Steve McIntyre
        Posted Oct 14, 2017 at 7:56 PM | Permalink

        in climate threads, I tried very hard to keep politics out of the discussion and greylisted some words that are needed for present discussion.

        • Posted Oct 14, 2017 at 8:13 PM | Permalink

          Steve, I was tongue in cheek. But actually, we hate to bother you to release things. Perhaps you could delete some more moderation trips and publish the remaining ones. George Carlin had a point: how can we avoid the bad words if we don’t take a look at them?

        • Steve McIntyre
          Posted Oct 14, 2017 at 8:31 PM | Permalink

          I didn’t disclose all moderation words before, because I didn’t want people to circumvent. I’ve de-greylisted some words that were annoying in climate discussions: leftist, Obama, army (for some reason) and a few others. Hitler, Jews, Nazi remain greylisted though the latter word is being used for Ukraine. Work around it.

        • MikeN
          Posted Oct 15, 2017 at 12:51 PM | Permalink

          Are National Socialist and neo-National Socialist appropriate terms when talking about Ukraine?

        • Steve McIntyre
          Posted Oct 15, 2017 at 1:43 PM | Permalink

          The Socialist Nationalist Party of Ukraine (SNPU) adopted wolfsangel of Waffen SS and marched as brownshirts. Doesn’t seem unreasonable to label them as neo-Nazis.

          Racism was embedded in their party platform:

          Given the prospect of massive degradation of individuals and entire nations, we are the last hope of the white race, of Humanity as such. […]

          The original Nazis were not only anti-Semite, but racistly anti-Russian. Anti-Russian racism was part of SNPU platform:

          We must resolutely separate ourselves from our northeast neighbor, not only because he is aggressive or could take hold of us, but, first of all, because he brings in our lives, in the Psychology of our people, things that are different from European values.

          in contrast to the Ukrainian, psychology and traditions which were created over thousands of years, the Russians have not yet formed a nation, the vast majority of so-called Russian – yesterday Finno-Ugric tribes, peoples of the Urals and Siberia, nomadic Mongoloid origin, so the Russians as typical national nihilism, which is destructive to peoples with traditional culture.

          The brownshirt in the above image was military leader in the Maidan coup (top two images in panel below), later warmly congratulated by Victoria Nuland of the Obama admin, who made multiple trips to Ukraine to meet with leaders of the coup in the weeks prior to coup and was taped deciding who would be in the post-coup government and by John McCain who, like Nuland, had met with leaders of the coup in the weeks prior to the coup and encouraged Maidan demonstrators.

        • Don Monfort
          Posted Oct 15, 2017 at 2:25 PM | Permalink

          Steve, how many of those nasty neo-nasties are in the current democratically elected government of Ukraine? You avoid that question for some reason. The fact is that it was not a coup perpetrated by whatever you want to call them. Contrary to the KGB Putin story you are trying to promote, the great majority of the Ukrainian people are not rabid anti-Russian neo-N*zis. They elected in 2010, a Russian who can barely communicate in Ukrainian as their President. Do you think they just set him up, so they could depose him in a coup in 2014? Unbelievable.

        • Steve McIntyre
          Posted Oct 15, 2017 at 3:21 PM | Permalink

          Don, you ask:

          how many of those nasty neo-nasties are in the current democratically elected government of Ukraine? You avoid that question for some reason.

          Do you agree that it seems reasonable that the insignia and platform of the Socialist Nationalist Party Ukraine make it fair to call them neo-Nazi?

          Socialist Nationalist Party of Ukraine (SNPU)

        • mpainter
          Posted Oct 15, 2017 at 2:42 PM | Permalink

          Don, you suggest that his electoral support overthrew Yanukovitch.

          No, it was the losers of the 2010 election who engineered the Maidan (with the very considerable help of the Obama administration).

          That important fact eludes you every time. The usurper government then proceeded against his supporters. This occasioned the secession of the Crimea and the Donbass. It’s not so difficult to understand. The neo-n*zis were the strongarm of the insurrection, Nuland was the money bag.

        • Don Monfort
          Posted Oct 15, 2017 at 3:53 PM | Permalink

          I wouldn’t call anybody or any group neo-N*zi. Especially not based on some adopted insignia or words that they spouted. They would have to commit some atrocities on the scale of the originals to merit consideration for the label. Khmer Rouge would be candidates. But I agree with a lot of people who think it’s inappropriate to fling that label around willy nilly. I believe that we should reserve the brand N*zis, for the originals. They are the only folks who I can think of, who have properly earned it. There are still some OG N*zis lying around in nursing homes, if you feel you need to point them out.

          Describe the folks you are talking about by their actions and I will tell you if I agree with your description. That’s how I judge people. Mostly by what they actually do, along with consideration to what I think I know about their intentions.

          And you dodged my question again. No problem. We know the answer and why you are dodging.

          How would you characterize Putin? I am guessing you don’t think he is a neo-N*zi, or you would be happy to say so. How about neo-Stalinist KGB bred thug? Or maybe you prefer: Savior of oppressed Russians, everywhere.

        • Steve McIntyre
          Posted Oct 15, 2017 at 4:10 PM | Permalink

          And you dodged my question again. No problem. We know the answer and why you are dodging.

          Not dodging. Just trying to see what we agree on first. The pictures are not accidental.

        • Don Monfort
          Posted Oct 15, 2017 at 4:24 PM | Permalink

          Or, you could just answer the question. Or , you could comply with this request: Describe the folks you are talking about by their actions and I will tell you if I agree with your description. Or, you can play games.

          https://en.wikipedia.org/wiki/Svoboda_(political_party)

          They are not a significant power in the current government and those who were in the interim government resigned voluntarily.

          “Political Image
          Olexiy Haran, a political science professor at the Kyiv-Mohyla Academy, says “There is a lot of misunderstanding surrounding Svoboda” and that the party is not fascist, but radical.[92] Ihor Kolomoyskyi, president of the United Jewish Community of Ukraine, stated in 2010 that the party has clearly shifted from the far-right to the center.[93]
          Political scientist Andreas Umland predicted the party would continue to become more moderate over time, and that “there’s a belief that Svoboda will change, once in the Verkhovna Rada, and that they may become proper national democrats.”[44] Since then, the party has gained seats in parliament and has net over 10% of the national vote in the 2012 parliamentary elections. The US ambassador in Kiev, Geoffrey Pyatt, said in 2014 that he had been “positively impressed” by Svoboda’s evolution in opposition and by its behavior in parliament. “They have demonstrated their democratic bona fides,” the ambassador asserted.[80] Alexander J. Motyl argues that Svoboda’s brand of nationalism “has significantly diminished during, and possibly as a result of, the Euro Revolution.”[94]
          Membership was restricted to ethnic Ukrainians[30][35][35][./Svoboda_(political_party)#cite_note-svoabout-36 [27]], and for a period the party did not accept atheists or former members of the Communist Party. The party has been accused of recruiting skinheads and football hooligans.[“

        • Steve McIntyre
          Posted Oct 15, 2017 at 6:44 PM | Permalink

          Don, I’m trying to deal with five different topics. Not ignoring you. But Andriy Parubiy as a start. He’s co-founder of Socialist Nationalist Party of Ukraine, was military leader of the Maidan opposition. In charge of National Security in immediate post-coup government. continues to be leading figure in government, met earlier this year with Paul Ryan and others in US, Justin Trudeau in Canada.

        • Posted Oct 15, 2017 at 4:24 PM | Permalink

          Wikipedia says although SNPU’s name and symbol were N*azi inspired in their 1991 formation, they dwindled down to 1000 members by 2004 and then merged with another group to form In 2004 the All-Ukrainian Union “Svoboda”

          …with the arrival of Oleh Tyahnybok as party leader.[14] Tyahnybok made some efforts to moderate the party’s extremist image.[21] The party not only replaced its name, but also abandoned the Wolfsangel logo[8][14] with a three-fingered hand reminiscent of the ‘Tryzub’ pro-independence gesture of the late 1980s.[8] Svoboda also pushed neo-Nazi and other radical groups out of the party,[22] distancing itself from its neofascist past while retaining the support of extreme nationalists.[21]

          Putin has a pretty unsavory past as well. The choices around the globe are usually more like those in Syria than those in established democracies. Why don’t we give them time. I doubt Putin’s Russia is promoting centrist ideals.

          I agree Ukraine hacker are highly suspect, especially of exploiting the situation once the Russian flag got painted on the DNC hack/leak.

          Trial Theory:
          1) Ukrainian hacker phish Podesta gmail password and gain his emails to March 20 pw change.

          2) Ukrainians emulate Apt28 and hack DNC in while it was already exploited for a year by Russian Cozy Bear/Apt29.

          3) Ukrainian group registers DCLeaks.com under Romanian registrar and also contacts WL through a recruited DNC leaker poser, maybe Bernie sympathizer like Seth Rich.

          4) June 12, 2016, WL announces Hillary emails are coming out.

          5) DNC/Clinton/CS make sure media does not portray DNC files as leaks if they are what Assange was referring to. They make sure the attribution is Russian hack as CS eagerly accepts Russian planted whiskers on Apt28.

          6) Ukrainians create maniacal Guccifer 2.0 in Russian clown makeup, just as they had done with Apt28.

          7) Ukrainians supply Podesta emails to WL as Ukrainian non-state hacking group.

          Problems:
          1) Ukrainians likely favored Clinton as more anti-Russian.
          2) They had no reason to put Clinton/DNC fingerprints by planting Warren Flood’s name.
          3) They had no reason not to have G2 prove himself by showing DNC docs pre-release of WL.
          4) Russia already would have taken heat for their active hacking and trolls. Why risk the break in good relations with US and Clinton when Clinton would likely win anyway?

        • Steve McIntyre
          Posted Oct 15, 2017 at 6:46 PM | Permalink

          Tyahnybok was one of the opposition leaders who met with Victoria Nuland while the coup was being organized. He also appeared with McCain and, as I recall, Biden.

        • Don Monfort
          Posted Oct 15, 2017 at 8:12 PM | Permalink

          OK, that’s a start. What exactly is your point? Parubiy was appointed by the interim government Secretary of National Security and Defense Council of Ukraine on Feb 27, 2014 and resigned on August 7, 2014, reportedly because he disagreed with some government military policy. Do neo-N*zis respect civil authority and resign from powerful security positions over policy differences, or do they stage a coup and take power for themselves?

          Subsequently Parubiy was elected to parliament in a free election, and he is now the speaker of the parliament. He meets people. So what? Read the comment I left a few comments above. Svoboda is not a party anymore. Things change. No reasonable impartial observer of Ukrainian society and politics would try to make the case that Ukraine in general and the government in particular is dominated or strongly influenced by neo-N*zis. Nonsense.

          And it wasn’t a coup and that is all I have to say about it.

          The Austrians just gave two Austria first, nationalist, right of center parties 58% of the votes in parliament election. OMG! The N*zis are back in charge of Austria.

        • AntonyIndia
          Posted Oct 15, 2017 at 10:19 PM | Permalink

          Don, you know very well that Austrian Sebastian Kurz has very little to do with anything like an A.H.
          Austrians trying to dam the flood of illegal immigrants forced up on them by Brussels is quite natural. A good number of those trying to enter are young men of a certain intolerant religion. Eastern Europe seems to have more sense than most of Western Europe is this respect. Trump’s Mexico wall might do something similar.

          Elements in Ukraine are very different: violent against others living there since long time, who speak their language, mostly share most culture just not their ethnicity.

        • Don Monfort
          Posted Oct 15, 2017 at 10:25 PM | Permalink

          Whenever the sneaking suspicion comes over me that Canadians resent, disrespect and distrust the United States, I watch this:

          It makes me cry every time I see it.

        • Steve McIntyre
          Posted Oct 15, 2017 at 11:25 PM | Permalink

          no anthem disrespecting from hockey nation. BTW, Canada is very vulnerable to Trump’s whims in the NAFTA negotiations. My guess is that the only nation that will actually end up seriously damaged from Trump’s economic policy won’t be China or Mexico or Russia, but Canada.

          We also respect other anthems. Canadians of my generation know stirring Russian anthem from memorable 1972 Canada-Russia series. Russian players are known and respected in Canada.

        • Don Monfort
          Posted Oct 15, 2017 at 10:27 PM | Permalink

          That was sarcasm, Antony.

        • Don Monfort
          Posted Oct 16, 2017 at 1:41 AM | Permalink

          You have a dim view of Trump. But I assume you don’t think he is racist, if you guess that he is going to be rougher on Canada than those other lands. He has reasons other than economics to be harder on China, Russia, and Mexico. We still consider Canada to be an ally, except for the frenchies. There is a video of Montreal hockey fans booing the U.S. anthem, I believe during a game against the Boston Bruins. And a video of the Boston Bruins fans’ reaction when Montreal team visited, explosively cheering the Canadian anthem.

          I grew up in Detroit, but we didn’t have a car and didn’t get out of the ghetto much. Closest I came to Canada was getting a Canadian coin in change. once in a while. Hated that. The stores wouldn’t take them back. Never got to Canada while I was traveling the world fighting for truth, justice and the American way. We never got to invade Canada and felt no pressing need to spy on you all. I spent time in just about all of our allies’ countries except for Canada. Maybe you neighbors figure we are close enough, if you need help you’ll just holler.

        • MikeN
          Posted Oct 16, 2017 at 1:46 PM | Permalink

          Don, I don’t get the standard of naming groups by their actions. We should wait until they commit atrocities to label them Nazis? By that standard, the Nazi Party of 1930 isn’t Nazi either.

          My original question was actually the other way. I wasn’t asking if these parties are legitimately Nazi, but whether use of National Socialist to get around the filter was still accurate. I didn’t know that was the official name of the current Ukraine party.

        • Steve McIntyre
          Posted Oct 16, 2017 at 2:12 PM | Permalink

          they changed their name from Socialist Nationalist Party to Svoboda Party in 2004.

        • MikeN
          Posted Oct 16, 2017 at 1:48 PM | Permalink

          Don, I don’t get the standard of naming groups by their actions. We should wait until they commit atrocities to label them “National Socialist”? By that standard, the National Socialist Party of 1930 isn’t “National Socialist” either.

          My original question was actually the other way. I wasn’t asking if these parties are legitimately “National Socialist”, but whether use of National Socialist to get around the filter was still accurate. I didn’t know that was the official name of the current Ukraine party.

          Reposting to get around the filter. Use of National Socialist in quotes is a replacement for N**i

        • Don Monfort
          Posted Oct 16, 2017 at 2:14 PM | Permalink

          I didn’t propose any standard of naming groups by their actions, Mike. Groups name themselves. Those calling them by other names, are labeling/branding. I said I am among those many people who think applying the brand neo-N*azi willy nilly is not kosher. Maybe there is a group of clowns somewhere who actually put on costumes and call themselves neo-N*zis, or just plain N*zis. They are just posers.

  15. Don Monfort
    Posted Oct 13, 2017 at 3:06 PM | Permalink

    another try for a comment in moderation for no apparent reason

    I am not capable of deciphering the discussion here. Not in my skill set. What is the consensus among you all, if there is one? Was it likely the Russians? Do you believe that your discussion here is getting at the truth? Is everyone aware that the government agencies, with thousands of skilled analysts, has access to the same information that you have and a lot more? Of course, the intel agencies could be incompetent and/or dishonest. Would anyone care to comment?

    • Jaap Titulaer
      Posted Oct 14, 2017 at 5:28 PM | Permalink

      What is the consensus among you all, if there is one? Was it likely the Russians?

      IDK about a consensus, but my view is: Very unlikely the Russians.
      So either there was a hack, but it wasn’t the Russians, or there wasn’t a hack in the first place, it was just a smoke screen needed because Wiki Leaks was about to release some DNC emails which had been leaked (by someone at the DNC).

      Do you believe that your discussion here is getting at the truth?

      Babysteps. Who knows where the road might leads us?
      But I do think we are getting closer, yes.

      Of course there is a lot of basic information withheld, which complicates things.
      But what I can check doesn’t add up. And this is just one of many related matters where that is true.

      Is everyone aware that the government agencies, with thousands of skilled analysts, has access to the same information that you have and a lot more? Of course, the intel agencies could be incompetent and/or dishonest. Would anyone care to comment?

      Probably. But then there is no investigation into this at the moment, now is there?
      I mean AFAIK it is not exactly what Mueller (et al.) is looking into. Of course one can hope, but I don’t hold my breath.
      The DOJ and by extension the FBI has been recused & barred from looking into anything related as long as they (Mueller et al.) are busy.

      In 2016 the FBI was rebuffed when they asked to get a look at the DNC servers.
      So they have not seen any Trojan active in RAM of a computer, they have not been able to see the network traffic while it was active. (assuming there was any).
      And they apparently did not even get a disk image, so they also will not have been able to look into any OS logs (system, event, security), nor have they lifted the (alleged) malware binaries from the disks.
      So all they had to go on is a report, a set of pretty blue eyes & “Scout’s honor” 🙂

      After 2016 the Mueller investigation started. So unless he is really bipartisan, I doubt any serious investigation has been done since June 2016.
      Asking a few handpicked analysts to write that they agree without some politically inspired conclusion written up by their masters does not really convince me I’m afraid.
      You have to convince me with evidence. And there is a lot you can tell me without breaking any state secrets.

      • Don Monfort
        Posted Oct 14, 2017 at 11:29 PM | Permalink

        Thanks for the replies, gentlemen.

        Knowing that intelligence assessments are always in danger of being shaped by politics, until President-elect Trump stated on January 11, “I think it was Russia.”, I would not accept the attribution, by Obama’s hacks.

        Trump’s reluctant concession came a few days after his comprehensive briefing by the agency heads, including NSA and CYBERCOM chief, Adm. Mike Rogers. People who should know have made it known that Trump has confidence in Rogers, and Rogers’ explanation of the evidence and the rationale for the conclusion were convincing.

        Rogers has consistently indicated that he was less certain than the heads of the other agencies summarized by DNI Obama hack Clapper, who concluded there is “high confidence” that it was Russia. Rogers has stated his agency had “medium confidence”. The other agency heads (all Obama hacks) are gone and Rogers still serves. I am with Trump and Rogers on this one, until some more authoritative explanation comes along.

        I have a very good idea of what the capabilities of the NSA were 23 years ago and I am sure they have increased in scope and effectiveness considerably. See Snowden. And take a guess on what their budget is. Back in September of 2015, before Trump was hardly a gleam in our eye, the NSA informed the FBI who notified the DNC that their systems were being attacked by the Russians. DNC said “Huh?”. The attacks and the NSA-FBI notifications continued, until it became big news. The NSA-CYBERCOM didn’t come upon the attacks by examining the DNC servers. Well, maybe they had also hacked the DNC servers. Anyway, the point is that there are other ways to discover and track hacking attacks.

        Jaap, why would you think no serious investigation has been done since June, 2016? Trump’s people have been in charge of all the agencies long enough to review the Obama regime’s “investigation”. I know that they have not just accepted the product of the Obama hacks. And the intel agencies are not going to reveal details on exactly what they know and how they know it. They are prohibited from doing that. Period. Don’t expect to get any more than has already been told, unless Trump finds out something that indicates the original Russia conclusion is suspect and he decides to tweet it.

        Anyway, I admire the technical knowledge that most of you have and would be happy to be convinced that there is persuasive, or better yet conclusive evidence that it ain’t Russia what done it. Show me, and I’ll pass it on to interested parties. Thanks.

        • Jaap Titulaer
          Posted Oct 15, 2017 at 9:04 AM | Permalink

          Jaap, why would you think no serious investigation has been done since June, 2016? Trump’s people have been in charge of all the agencies long enough to review the Obama regime’s “investigation”. I know that they have not just accepted the product of the Obama hacks.

          The FBI departments and field offices can’t just investigate something like this without approval from higher up, all Obama appointees. And I’m pretty sure the then head of the DOJ, AG Lynch, would forbid it.
          Hence I said the issue is that during 2016 there was no real opportunity for a proper investigation. The FBI and DHS were not allowed access to the DNC servers.

          And after 2016, yet before the incoming administration had been able to replace all those Obama appointees, the new AG had to recuse himself and the independent investigator was appointed, which means that organizations like the FBI are not allowed to do their own separate investigations, unless ordered to do so by the special investigator.

          And I think the special investigator will believe the conclusions from the IC of late last year (I mean why not), so will not waste time on little details like who exactly hacked the DNC, were the Wiki Leaks DNC hacked or leaked etc.
          Unless of course there are reasons to revisit that. Say because other parts of the investigation (like the dossier) start to smell a bit.

          Also we know of several other related issues that should have been investigated and the right conclusions should already be known, yet the FBI did not make any public comment on that, despite the fact that such investigations should have been finished by early November 2016 at the latest.
          They claim that this was because of the ongoing investigation, but any ongoing investigation must be into other issues.
          And the allegations, though unproven, could therefore still be used during an election.

          (I had to split this post, next follows an example)

        • Jaap Titulaer
          Posted Oct 15, 2017 at 9:28 AM | Permalink

          I’m having issues getting the example to post. IDK why. Not even hanging in moderation, it isn’t even posted…

        • Steve McIntyre
          Posted Oct 15, 2017 at 10:13 AM | Permalink

          I’ve pulled some comments from moderation. Blog software sometimes misinterprets a sequence of posts with links. I’ll keep a close eye on it.

        • Jaap Titulaer
          Posted Oct 15, 2017 at 9:32 AM | Permalink

          One issue is the ‘communication between servers of the Alpha Bank and the Trump organization’.
          That whole story was fairly quickly dismissed in various articles, like the one by The Intercept, or the one on Errata Security (Debunking Trump’s “secret server”), yet the FBI refused to comment (because: ‘investigation still ongoing’).

          An Alpha Bank email server was doing look-ups to a former Trump Hotel email server address. That server was never owned by Trump Hotels, but was owned by a company hired by a company which was hired by Trump Hotels to send marketing emails. That server was in fact no longer in use for the Trump organization. It is still part of a group of servers that send marketing emails for hotels, but just from other chains.
          What the Alpha Bank server was sending are normal look-ups and queries which are done as course of exchanging emails.
          It was just a bit odd that the Alpha Bank server was still doing that (and so often) when the last emails send from that ‘Trump’ server must have been sent many months ago.
          But no secret communications.

          An deeper investigation by a professional Cyber unit would have made the matter even more clear. Sometime later another article detailed such an investigation.

          It appears that the Alpha Bank had two email servers. A short check revealed that one server was setup properly, but the other wasn’t.
          The issue was that the second server did not properly check and challenge the sender of any email. As a result it could be fooled. A sender could act as if the email came from another email-address and the badly setup server wouldn’t challenge that. This could be done by spammers using other one’s email addresses to hide behind or by a hacker wanting to create havoc or even implicate Trump.

          Now the FBI could come to the first conclusion fairly quickly, and to the second shortly thereafter. But they didn’t say anything.
          They didn’t say that the victim of the allegations was blamed without cause. Nor did they say that in fact all evidence made it quite clear that what happened was the result of someone spoofing the Alpha Bank servers.

        • Don Monfort
          Posted Oct 15, 2017 at 2:12 PM | Permalink

          Jaap, please see my reply to your comment above.

          http://foreignpolicy.com/2013/10/15/the-nsas-new-code-breakers/

          Same story here. The NSA, FBI et al. discovered what they determined to be Russian hacking of the DNC back in Summer of 2015. I am guessing they didn’t just pick Russia out of a hat. They continued to monitor the activity and repeatedly warned the DNC up until the time the DNC finally took action and the story became public. Do you not count that as an investigation?

          The investigation was done before Mueller ever became involved. Do you get the part about the NSA informing the FBI it was a Russian hack back in summer 2015? Of course, Mueller is going to rely on the investigation that has already been done and maybe review it for problems. That is what Trump has done and he is persuaded that it was probably Russia. What would you suggest be done to come to what might satisfy you as being a more reliable conclusion?

      • Posted Oct 14, 2017 at 11:56 PM | Permalink

        Jaap, thank you so much for your volunteered expertise here. In case you hadn’t seen my question to you earlier, considering the Guccifer 2.0 files may have come from a 7z backup, would it have been too noisy to have exfiltrated the 820MB cf.7z file? Were the 7z files likely created after exfiltration?

        Also WRT, 2a. you say:

        Misdirection by APT28 – unlikely but say they really want to be found, so they reuse an outdated binary in order to … ?

        …IMHO 2a is very unlikely, what would be their motive?

        According to several expert statement to the US Senate Committee on Intelligence of March 30, 2017, the Russians primary goals in an active measures were to cause a breakdown in trust in democratic institutions and to exploit division within societal fabric.

        • Political Messages – Designed to tarnish democratic leaders and undermine
        democratic institutions

        • Financial Propaganda – Created to weaken confidence in financial markets,
        capitalist economies and Western companies
        • Social Unrest – Crafted to amplify divisions amongst democratic populaces to
        undermine citizen trust and the fabric of society
        • Global Calamity – Pushed to incite fear of global demise such as nuclear war or
        catastrophic climate change -Clint Watts 3-30-17 statement

        According to Thomas Rid’s statement of 3-30-17, the Apt28 has grown in the use of unwitting agents to enhance effectiveness of active measures, citing WL and leveraging of social media. So, Adam Carter could be a Russian. For all we know we are fulfilling a pre-ordained role as unwitting accomplices to spread doubt. There is precedent for this in the climate debate with the “merchant’s of doubt” meme, believed or not by climate activists. Steve, has been accused of being a fossil fuel shill (I think in Mann’s Climategate emails).

        • Jaap Titulaer
          Posted Oct 15, 2017 at 9:48 AM | Permalink

          The Russians may indeed want to do that.
          My question simply was: why would they want to implicate themselves? Had they simply installed a properly updated version, they could still ensure detection, if that is what they really wanted.

          It may very well be that this is what Trump was briefed on late 2016. I.e. that there was evidence that the Russians were trolling both campaigns (e.g. that several pointers in the ‘dossier’ were to Russian fabrication).

          I think other secanrio’s are more likely, like a third party wanting to get the USA mad at Russia (& vice versa), that third party being say Ukraine, Iran or some Islamist group.

        • Steve McIntyre
          Posted Oct 15, 2017 at 10:36 AM | Permalink

          George Eliason was probably the first person to suggest that Ukrainians might be involved in the DNC incident. See here.

          Of the various details in the article, I was most struck by the fact that Alperovitch is a Twitter-follower of several very obscure Ukrainian hacker groups (I’ve confirmed this) with very strong anti-Russian animus and clearly having very superior hacking skills: they hacked Surkov, an important Russian. I didn’t get the impression that Alperovitch twitter-followed hackers in general; his interest in Ukraine appears specific.

  16. Don Monfort
    Posted Oct 13, 2017 at 3:22 PM | Permalink

    I have a comment stuck in moderation. No idea why.

    • Don Monfort
      Posted Oct 14, 2017 at 2:11 PM | Permalink

      I see my comment has been released from mod. Thanks, Steve. It won’t show up in recent comments, and I would be very interested in any responses. Comment is above.

      • Jaap Titulaer
        Posted Oct 14, 2017 at 5:29 PM | Permalink

        I responded, but now my response above is stuck in moderation! LOL 🙂

        No links, really, just text and block-quotes…

  17. Don Monfort
    Posted Oct 16, 2017 at 9:22 PM | Permalink

    I’ll check in from time to time and see if you folks are making any progress.

    Interesting reading. Might shed some light:

    http://foreignpolicy.com/2013/10/15/the-nsas-new-code-breakers/

    This is how the big boys do it.

  18. Steve McIntyre
    Posted Oct 17, 2017 at 10:25 AM | Permalink

    2017 twitter discussion by x0rz, Rid on TV5 Monde https://twitter.com/x0rz/status/874161397185347584

  19. MikeN
    Posted Oct 17, 2017 at 1:47 PM | Permalink

    Does political trigger the filter?

  20. barn E. rubble
    Posted Oct 17, 2017 at 10:42 PM | Permalink

    As fun (and interesting) as this thread and series has been to follow, I can’t help but think those ‘in the know’ have been following as well. Fortunately for me I’ve never been in a position to be in danger for knowing too much. Ask my wife. On the other hand, she knows everything.

    • Don Monfort
      Posted Oct 17, 2017 at 10:52 PM | Permalink

      Who are ‘those in the know’ and why do you think they are watching, barn?

      • Posted Oct 17, 2017 at 11:18 PM | Permalink

        “…why do you think they are watching, barn?”

        We are those meddling kids. Don, the fact that Russia does cyber attacks and active measures campaigns does not mean that every attack is the Russians. According to Alperovitch’s own account he made the conclusion Russians are in the DNC network in less than 10 seconds when he got a phone call at 6:30am on May 6, from his staff that they had installed Falcon (CS’s anti-malware) on the DNC server and found both Cozy Bear and Fancy Bear, the latter matching the signature of code used in the 2015 Bundestag attack.

        The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. https://www.reddit.com/r/geopolitics/comments/5bgwfj/culminating_analysis_of/

        • Don Monfort
          Posted Oct 18, 2017 at 12:15 AM | Permalink

          Ron, I don’t care what Alpobitch said. The NSA-FBI warned the DNC back in Sept 2015, that they were being attacked by Russian hackers. The NSA-FBI warned them more times subsequently that they were still being attacked, up to the time the DNC hack became public. Crowdstrike had nothing to do with any of that. The NSA-FBI was monitoring the hacking in real time and they knew where the hacking was coming from. Have you read the Economist article that I have left the link to a couple of times describing the signal intelligence, cryptanalysis capabilities etc. etc. of the NSA and CYBERCOM? Add to that the snooping of the black bag boys. What you people are discussing here is the info handed out by CrowdStrike and whatever tidbits the government has revealed. What use is that? Trump accepts that it was probably Russia. He has access to all the information. What is going on here is called speculation.

        • Posted Oct 18, 2017 at 12:37 AM | Permalink

          Don, I will excuse that you are unaware that my working theory to now assumes that the Cozy Bear in the DNC from summer 2015, to June 10 2016, was the Russians.

          My current theory is:

          2015-2016 – DNC – Apt29/Cozy Bear – Russian
          March 19, 2016 – Clinton For America/Podesta – Apt28/FB Google bitly links – Russian
          March-April 2016 – DCCC – Apt28/FB Google bitly links – Russian
          March-April 2016 – Colin Powell and various Dems and Reps – Apt28/FB Google bitly links – Russian
          Late April 2016 – DNC – Apt28/FB Google bitly links – Not Russian
          ~June 12, 2016 – DNC – leak to Wikileaks – Not Russian (bot possibly American recruited unwittingly)
          June 15, 2016 – Guccifer 2.0 – Not Russian
          ~July 2016 – DCLeaks.com (domain registered April 19) – Russians
          ~July-Aug – Podesta emails leaked to Wikileaks – Russian (through recruited American intermediary)

        • Don Monfort
          Posted Oct 18, 2017 at 1:02 AM | Permalink

          I appreciate your kindness, Ron. It is hard to keep up with who is responsible for which and what theories based on which alleged facts and obvious fictions, the back and the forth, the charges of dishonesty/stupidity, who is a neo-Nasty and who ain’t, who’s on first? yatta yatta yatta.

          That looks like a lot of theories, Ron.

          2015-2016 – DNC – Apt29/Cozy Bear – Russian

          June 12, 2016 – DNC – leak to Wikileaks – Not Russian (bot possibly American recruited unwittingly)

          Why do you think the wikileaks caper was not product of the Cozy Bear hack?

        • Don Monfort
          Posted Oct 18, 2017 at 1:07 AM | Permalink

          My comment is stuck in moderation, Ron. I’ll try just this part:

          Why do you think the wikileaks caper was not product of the Cozy Bear attack?

        • Posted Oct 18, 2017 at 1:13 AM | Permalink

          By June 15 the Russians saw they were going to be flagged for DNC WL, which would be considered serious active measures. The DCLeaks.com domain, being registered on April 19, shows some intention by that time for the later (July-onward) DCLeaks dumps, which were both Dem and GOP targeted, leaving only foreign suspects.

          I don’t see Assange accepting the DNC emails without an American insider (likely Seth Rich) taking claim as the source. Once the DNC emails are out and the DC leaks I see it possible the Russians saw the opportunity they could recruit an American to hand Assange the Podesta emails.

          Today I found an avenue for Seth Rich to plausibly have access to the Podesta emails. The MIS Department employees were working for both Hillary and DNC. If one of them shared Rich’s affection for Bernie, well… And the IT employees would also have to be aware of the system breach. Thus when CS declares extreme secrecy about the breach as they “shoulder surf” the hackers for a “short time” (a month) Seth Rich could easily have been a person in the know. The reason CS demanded secrecy was that the network for that month was wide open for an unattributed hack/leak by anyone having access, including Bernie supporters.

          The reason the DNC FB is highly suspect is that both the DCCC and Hillary for America organizations had been attacked a month earlier. CS was brought into both (I believe). But I know all three organizations shared The MIS Department as their IT vendor. And, the DNC switched off Google as their email/document platform in response. How could the DNC not have installed anti-malware before CS’s May 6 Falcon considering they were warned by the FBI repeatedly and MIS presumably? Why all the old code used in Apt28, as Jaap pointed out?

        • Posted Oct 18, 2017 at 9:04 AM | Permalink

          It seems the point you’re making, Don, is that the FBI/NSA knew the DNC was getting hacked. Are clever and powerful enough to know this but apparently not clever and powerful enough to stop it from happening. So either they are also incompetent, or, more likely IMO, they didn’t care enough to want to prevent it.

          Either way, tt therefore seems like a stretch to then assume they care enough to do a thorough attribution assessment when suspects had been fingered before the event had even taken place.

        • Don Monfort
          Posted Oct 18, 2017 at 11:23 AM | Permalink

          I don’t see much there but speculation, Ron. Part of your theory is that Cozy Bear was rummaging around in the DNC systems for a year, up until the DNC finally called in CrowdStrike. I don’t see any good reason to believe that they are not the most likely suspect in giving the hacked product of their rummaging to wiki.

        • Don Monfort
          Posted Oct 18, 2017 at 11:30 AM | Permalink

          Your lame suppositions are comical, Dave. The NSA-FBI repeatedly notified the DNC that they were being hacked. It is not within the authority of the NSA-FBI to stop traffic to and from the DNC systems. They continued to monitor the activity and continued to warn DNC. Maybe the DNC liked to get hacked. You have no clue about the competence of the vast majority of the people who work for the FBI and the NSA and the other intel and law enforcement agencies. You are just another smug clueless kibitzer.

        • MikeN
          Posted Oct 18, 2017 at 2:14 PM | Permalink

          Say what? You think Seth Rich pulled the e-mails while CrowdStrike was monitoring and they didn’t notice?

        • Don Monfort
          Posted Oct 18, 2017 at 3:18 PM | Permalink

          Mike, I think the basic rationale for Seth being the leaker is that he got rubbed out. Also, I heard there is some connection with the Dallas School Book Repository. My theory is that Seth was not involved, but got rubbed out as an example of what would happen to the real leaker, if he/she talked. Think about it. These people are very diabolical.

        • Posted Oct 18, 2017 at 5:42 PM | Permalink

          OK Don, ha ha. But yes, the fact that Rich was murdered, Assange offers a $20K reward and others claim Seth Rich involvement show he was either rubbed out or got so distraught from the prospect he drank his troubles away into the night, walking home ~2 miles in DC at 4am into a fatal mugging.

          Don says w/ sarc: “These people are very diabolical.”

          On the contrary, they are saving the free world. That justifies extremes, (just like climate activism). I’m certain the Ukranian neo-N@zis and the Putin thugs are equally convinced of their own purity.

          Some say Hillary is cold and has a temper but she was understanding enough to offer Rich, a huge Bernie supporter, a job in the Clinton For America campaign. He was considering the job, according to his family, when he was murdered.

          And while we are laughing at such nefarious, spy novel ideas. Most outwardly laughed at the Vince Foster murder theory. One notable exception was the last person to witness him alive, Linda Tripp, who Foster, walking out of the office handed his extra M&M candy from his lunch (because he was on a diet) and asked her for a pager and said he would be back in an hour. She did not see his depression that the Clintons would later refer to. She saw the Clinton assistants rifling though his files in their, the safe broken into, the park police ordered to stay in the hall, etc… So when Monica Lewinsky confided to her 5 years later about the sex in the oval office Tripp feared for the young girl’s life. She recorded Lewinsky on the phone about the affair, asked to keep the blue dress for her, and 7 months later compelled her to come forward to the Whitewater independent counsel Kenneth Starr.

          Don: “I don’t see much there but speculation”

          Granted, all profiling is speculation. I’m just organizing clues. If you see flaws in my logic or my regard for Sir Occam feel free to give it to me.

        • Don Monfort
          Posted Oct 19, 2017 at 12:02 AM | Permalink

          I see what you mean, Ron. If Foster was going to do suicide he would have taken his M&Ms to the park, for a last snack. Well, I gotta go. Back to the grassy knoll.

          Oh, this is interesting and sickening:

          http://www.dailymail.co.uk/news/article-3620742/Hillary-triggered-suicide-President-Bill-Clinton-s-counsel-Vince-Foster-attacked-humiliated-White-House-staff-one-week-death-FBI-agents-claim.html

          That girl is a real sweetheart.

          I will be watching you, Ron. I think you are on to something. Somebody needs to organize the clues. You should team up with Brandon on that. Dude is high strung and a pain in the buttocks, but he has good analytical skills. Enjoy.

        • Posted Oct 19, 2017 at 9:46 AM | Permalink

          Don, several people have come forward to make note of Hillary’s temper. Some of them not even waiting 24 years to dare so. If the incident did happen as described a reasonable reaction might be resignation, not suicide. The Foster death investigators I suppose you would label “grassy knoll truthers” suspect the note his briefcase, found by the Clinton staff a week after the death, was a resignation letter rather than a suicide note. It was ripped into 27 pieces. The missing 28th piece was the closing and signature. Although the note was in Foster’s handwriting there were no fingerprints (of anyone) on the note. Try imagining ripping a paper into pieces without leaving a fingerprint on any of them. But considering anything nefarious is just crazy talk. What am I saying. The Clintons are gentle, laid back souls of the utmost character. I guess my point was that even people on the White House staff, like Tripp, did not buy it.

        • Posted Oct 19, 2017 at 10:20 AM | Permalink

          Don, what is your explanations for Imran Awan leaving in a phone closet for the Capitol Police to find: a laptop with user name RepDWS, his ID and a note saying “attorney client privilege?” Why would Awan do such a thing to DWS when she is being so non-Islamophobic as to pay him the highest salary allowed, hire his friends and family and continue to keep him on the payroll for months after the authorities bar him from access to do his job?

        • Don Monfort
          Posted Oct 19, 2017 at 1:35 PM | Permalink

          Most people who commit suicide have what would seem to be more reasonable alternatives. I recall evidence that he was depressed. Maybe he believed what Hillary probably said, that he was a failed POS and he didn’t want to go back to being a hick town scheister.

          You failed to mention he was shot through the mouth with his own gun that was found in his own hand. I have not heard of any actual evidence that indicates anyone else shot him.

          We are interested in actual evidence more than we are interested in speculation and people’s feelings and suspicions. You hear of a lot suicides where the friends and loved ones say, nah he would’ve never done that. According to people I know, who are in the know, they are white collar criminals. Of course, when you have a lot of power, even white collar crimes can be very significant, bordering on treason.

          I have no idea why Swami Enron Awan left that laptop there. Not even sure he left it there. I just hope that creature DWS and her multi-million dollar crooked crew of IT flunkies all go to jail. One cell for all of them, to save money.

        • Posted Oct 19, 2017 at 4:27 PM | Permalink

          Don: “You failed to mention he was shot through the mouth with his own gun that was found in his own hand. I have not heard of any actual evidence that indicates anyone else shot him.”

          I did not know you were an expert on this. That’ll teach me to bring up an aside. 😉

        • Posted Oct 19, 2017 at 4:54 PM | Permalink

          For those who would like to know the facts and forensics of the Vince Foster investigation the notes of the Fisk-Star investigator Miguel Rodriguez is a good place. Here is a small quote from an interview of Rodriguez:

          Miguel Rodriguez:
          It’s ah, the result is being dictated by a lot higher, um, authority than I think people really understand or appreciate and certainly more than I ever appreciated. What with this whole notion ah, you know, of, of doing an honest investigation, um, you know, you know, it’s, it’s laughable.

          I knew what the result was going to be, because I was told what the result was going to be from the get-go. And then there’s all so much fluff, and a look-good job, it’s just, this is all, all so much nonsense and I knew the result before the investigation began.

          That’s why I left. I don’t do investigations like that – do investigations to justify results…

      • barn E. rubble
        Posted Oct 19, 2017 at 10:54 AM | Permalink

        RE:Don, “Who are ‘those in the know’ and why do you think they are watching, barn?”

        I believe this thread is about who ‘those in the know’ are or could be. A better question is, why wouldn’t they be watching?

        • mpainter
          Posted Oct 19, 2017 at 12:25 PM | Permalink

          Indeed, why wouldn’t they?

        • Don Monfort
          Posted Oct 19, 2017 at 1:42 PM | Permalink

          Well barn, you tell me who they are and I will think about why they wouldn’t be watching. Are they people interested in few facts and a lot of speculation? If they are smart, they can do their own speculation. If they are the people who I suspect you are talking about, they have far more information, facts and heads to think about it than you see here.

        • mpainter
          Posted Oct 19, 2017 at 2:16 PM | Permalink

          Don, it’s more of a question of :
          Do these people care what is being turned up by a thorough sifting of certain details?

          Do you say that they have no interest?
          But you have already confessed that this is beyond you.

        • Don Monfort
          Posted Oct 19, 2017 at 3:29 PM | Permalink

          I am not conversant in the technical aspects of the hacking game. Probably down around the level of your knowledge. What I am picking up here is that there are few facts known and very likely at the end of this discussion you all will still be just speculating.

          On the other hand, we have your Hero POTUS Trump reluctantly admitting that he believes the Russians probably done it. He has access to all the information that went into the intelligence and law enforcement assessments, he has his own technical and legal experts to advise him and you all got next to squat to go on. Do you seriously think that a few guys on a blog are going to come up with a more reliable assessment than your Hero and his gazillion dollar national security and law enforcement team? I know it’s hard for you, but use your head. On this one, you should probably just trust in the infallibility of your Hero. Or, he could be lying about believing it was the Russkis (3D chess). Well, you are back where you started until The Donald makes his next move. Carry on with whatever it is you are trying to do.

        • Don Monfort
          Posted Oct 19, 2017 at 3:31 PM | Permalink

          That should have been “too few facts known”. Carry on.

        • mpainter
          Posted Oct 19, 2017 at 3:43 PM | Permalink

          Don, if I understand you correctly, you say it’s true that you know little about this but that they should have no interest, anyway

        • Don Monfort
          Posted Oct 19, 2017 at 4:51 PM | Permalink

          You are not capable of understanding me correctly.

        • mpainter
          Posted Oct 19, 2017 at 5:28 PM | Permalink

          Don, your problem is that you are too easily understood.

        • Eric
          Posted Oct 19, 2017 at 6:09 PM | Permalink

          I think the point of this thread is that “to few facts are known” at least publicly but yet positive and politically charged attribution was made. Given this it is appropriate to examine what is known, and not known including classic elements of means and motive.

          that is all

        • Don Monfort
          Posted Oct 19, 2017 at 10:18 PM | Permalink

          The attribution that has substantial authority was made by the intelligence and law enforcement communities, who had the DNC server (and everything else on the planet) under surveillance, since Summer of 2015. They had alerted the DNC on several occasions that they were under attack by Russkis. We are all free to whine about lack of evidence, but they are not going to reveal the details of what they know and how they know it. It’s spy stuff. Shhhhhh!

          I left a link to a very authoritative 2013 Economist article describing the capabilities of the NSA, CYBERCOM et al. (It seems to have been studiously ignored.) Very likely the billion$ that have been spent since then have added to those intel capabilities.

          Oh, but the government agencies might lie. No problem. Try to prove it on a blog with a half dozen disorganized contentious kibitzers who can’t agree on what is a fact and what ain’t, and who have access to practically none of the information that the big boys know about.

          If you all want to get somewhere on this, put Brandon in charge for a while and follow his directions. He knows his doo doo and is a fastidious little character with a lot of time on his hands. He also seems to be more objective than the rest of this crew. You are also going to need a black bag man. Use painter. He is highly expendable.

        • Posted Oct 19, 2017 at 11:49 PM | Permalink

          Don: “…but they are not going to reveal the details of what they know and how they know it. It’s spy stuff. Shhhhhh!”

          Don, this is only comforting when you are sure everyone in every compartment are “the good guys” and that they, and everyone else, know what that means. There is a clear historical conflict between a free societies right to know against its right to security, real of hypothetical. J. Edgar Hoover, famously lost sight of the difference between his personal interests and those of America’s, although he was absolutely certain to his death that they were one and the same.

          Going back to your logic, if the US IC knew that it was not all the Russians they could not tell us that because to do so would also compromise their sources and methods, just like when Churchill allowed his merchant convoys to be sunk by U-boats rather than endanger Ultra. After all, the Russians certainly deserve blame and scorn. Why not keep it simple for the public?

        • Don Monfort
          Posted Oct 20, 2017 at 12:11 AM | Permalink

          It’s not my logic, Ron. It’s the rules of the trade. Don’t give anything away. If they do let something slip, most likely it is deliberate mis-information. Or wait, it might be a deliberate attempt to make you think it is deliberate mis-information.

        • AntonyIndia
          Posted Oct 20, 2017 at 1:00 AM | Permalink

          This Intelligence secrecy trump card can also be used against Don and Trump.

        • Posted Oct 20, 2017 at 9:00 AM | Permalink

          Don, I agree that it’s SOP to hide knowledge to hide sources and throw up misinformation to hide misinformation to hide possible information. That was my point. Theoretically, the US IC is there to serve and inform the commander-n-chief. Thus, what is their purpose when they are flooding the media with leaks about the president, especially if it is misinformation? This begs us to ask how useful is it to have cloak and dagger agencies leading a free society. This I believe is what motivated Truman’s Dec 1963 Washington Post letter and Eisenhower’s farewell address warning.

          Putin has voiced his belief that the US IC aims to undermine and destabilize his country. This gives him perfect rationalization to do the same, and we have every reason to believe that is his top goal. The reason for Putin and the US IC’s mutual belief that the other is out to destabilize is not coincidental; it’s what these agencies do naturally by their mere existence.

        • Don Monfort
          Posted Oct 20, 2017 at 12:55 PM | Permalink

          Ron, the DNI was ordered by Obama to review and report on Russian activities during the election. They followed orders. Obama could have ordered them to reveal specific evidence. Trump surely ordered a review of the evidence for the conclusions in the report by Obama’s DNI POS Clapper. I am pretty sure that if there was evidence it was Seth Rich or those pesky Canadians what done it, we would have heard about it.

          The cloak and dagger organizations do not lead our society. They follow lawful orders from the President. Congress has oversight powers. The Congress created the CIA and they could abolish it. If they don’t like what’s going on there, they could cut the CIA budget to $3 and 29 cents. Of course the POTUS would have to sign the bills. The CIA is subject to the laws of the land, just like everybody else.

          Under Obama the intel community was turned into a politicized cesspool. Every department of the executive branch, likewise. It is not the institutions that are leaking, it’s former Obama officials and some politically motivated a$$holes who remain on the job. Hopefully, they will be discovered and locked up in jail where they belong. I am sure that some of the leaks have come from idiots brought on board by Trump. Who knows why those fools are doing it. Jail them also.

          The motivations and activities of our intel services and Stalinist KGB Putin’s services are not all that similar. For example, our services serve the country. Putin’s services serve Stalinist KGB dictator Putin. And when you see Putin’s lips moving, it is very likely he is telling a lie. He knows that our problem is not with Russia. We want a stable Russia that is not led by a Stalinist KGB dictator who is trying to resurrect the Soviet Union of Evil Empire fame.

        • Posted Oct 20, 2017 at 2:58 PM | Permalink

          Don: “I am pretty sure that if there was evidence it was Seth Rich or those pesky Canadians what done it, we would have heard about it.”

          I can’t think of any historical examples that would lead one to that conclusion. In Watergate the break-in was planned and executed by US IC personnel (or their outside agents). When they got arrested in the act we did not see the US IC come out and say, “Hey! those are the guys that we recruited to overthrow Castro. Now they have tarnished our good name. Throw the book at them.” On the contrary, whoever planned it knew that the CIA would become an accessory in a coverup should it be needed. That’s why they were chosen. Nixon, indeed is on tape suggesting they use the CIA to persuade the FBI to stand down. The only reason we know anything about Watergate is an odd series of events:
          1) J.E. Hoover die and Gray was appointed, stepping over acting Deputy Director Felt, who was next in line.
          2) Bob Woodward happened to strike up a friendship and developed a mentor relationship with Felt before and as Woodward decided to become a reporter.
          3) Felt was left in charge of investigating Watergate (which surely would have been a whitewash, like the Clinton investigation.
          4) Felt was willing to go outside of all this due to his dislike of Nixon to take great risks to meet with Woodward late at night on the few occasions that Woodward would leave a red piece of cloth hanging on his balcony as a signal. Felt would only confirm information that Woodward got independently from another source, again out of fear.

          I am not aware of any person in the US IC ever prosecuted for misconduct short of being a double agent.

          Don says: “Under Obama the intel community was turned into a politicized cesspool.”

          What is going to stop Elizabeth Warren or Clinton or Sanders from returning it to a cesspool? Why not drain the whole mess while we have the president who could do it. If Trump allows the CIA’s JFK next week that will be a great sign in that direction.

        • Don Monfort
          Posted Oct 20, 2017 at 3:58 PM | Permalink

          Ron, I said:”Trump surely ordered a review of the evidence for the conclusions in the report by Obama’s DNI POS Clapper. I am pretty sure that if there was evidence it was Seth Rich or those pesky Canadians what done it, we would have heard about it.”

          Do you doubt that Trump would order a report to be released, if his agencies’ finding was that it was not Russia, or that there is a significant doubt? Can we try to have some reasonable level of reading comprehension around here.

          Why drag up your vague impressions of Watergate? “In Watergate the break-in was planned and executed by US IC personnel (or their outside agents).” Uh, huh. Then you can name the people involved and the intel agencies they were working for.

          Name a person acting for the intel community that wasn’t prosecuted for a crime you can prove that person committed. You don’t know about all the people who have been disciplined by the intel community.

          What do you mean by drain the whole mess? Is it to throw out the baby with the bathwater?

          Try to organize and support your thoughts a little better, Ron.

        • Posted Oct 20, 2017 at 6:38 PM | Permalink

          Don, I read and understood your point. But it assumes one believes the president is in command of all the US IC’s intel. And that would assume full employee loyalty to their elected commander, who you’ve acknowledged are undermining him, even at the risk of their careers (and freedom, if you believe they would be prosecuted.)

          Don says: “Then you can name the people involved and the intel agencies they were working for.”

          Will you really be ready to change your position if I document the CIA connections to the Watergate burglars? Or, are you just giving me a makework?

          Don says: “You don’t know about all the people who have been disciplined by the intel community.”

          If any of them have been jailed, or even suspended without pay, I think it would be unconstitutional to have them deprived of our judicial system.

          The “mess” is similar to the one is all government agencies except there is even more of a rationale to keep dirty laundry in house since national security is attached to everything. To keep from throwing out the baby I would propose moving any counter-espionage to the FBI, who is rightfully in charge of that anyway, move other intel gathering to NSA and other agencies. I would move the military assets of the CIA to the special forces and disband the letters C I A from our government and world lexicon except in historical reflection.

          With those with the record of highest integrity and non-partisanship I would start a new small agency charged with oversight of the US IC that would report to the Senate Select Committee on Intelligence. Devon Nunes on the Russia investigation looked like a dear in the headlights recusing himself. It just too spooky for a small senate staff to have the hot-seat of responsibility. The news this week that the Uranium One deal was approved while being secretly under investigation for corruption should never have happened and could be the inspiration for the formation of oversight within the US IC.

          With the re-alignment of the US IC, Trump could announce to the world that not only are we out of the business of nation building, we are out of the business of nation meddling. For if we don’t we cannot claim the moral high ground. If we don’t have Toronto behind us we can’t expect any other part of the world would be.

        • Posted Oct 21, 2017 at 11:05 AM | Permalink

          Don, I did a little Googling on Watergate’s CIA connections and found this.The five burglars sued Nixon’s campaign in 1977 for having tricked them all into thinking the burglary was part of a CIA operation. Nixon’s CRP settled and paid them $200K, (the same CRP that had paid them with a slush fund of donor’s cashier checks after their arrest to keep them quiet in 1972,).

          Often referred to as the “foot soldiers” of Watergate, the four men have testified that they believed they were working for a national security agency when they were recruited for the June 19, 1972, break-in at the Democratic National Committee headquarters here. All four said they had participated in CIA operations against the Castro government in Cuba, including the 1961 Bay of Pigs invasion.

          Researchers believe that Nixon used these men’s involvement in the plots to assassinate Fidel Castro, (and/or JFK,) to gain the cooperation of the CIA to help in the coverup. Nixon’s code for the nefarious secret is “the Bay of Pigs thing.”

          In giving instructions to Mr. Haldeman in the June 23 conversation to secure Mr. Helms’s cooperation in the Watergate cover‐up, the President told his aide to remind the C.I.A. chief that a vigorous investigation of the break‐in might “blow the whole Bay of Pigs thing, which we think would be very unfortunate—both for C.I.A. and for the country, at this time, and for American foreign policy.” http://www.nytimes.com/1976/03/12/archives/nixon-explains-his-taped-cryptic-remark-about-helms.html

          Here is a transcript of the Nixon-Haldeman excerpt:

          Nixon: When you get in these people when you…get these people in, say: “Look, the problem is that this will open the whole, the whole Bay of Pigs thing, and the President just feels that” ah, without going into the details… don’t, don’t lie to them to the extent to say there is no involvement, but just say this is sort of a comedy of errors, bizarre, without getting into it, “the President believes that it is going to open the whole Bay of Pigs thing up again. And, ah because these people are plugging for, for keeps and that they should call the FBI in and say that we wish for the country, don’t go any further into this case”, period!
          Haldeman: OK.
          Nixon: That’s the way to put it, do it straight (Unintelligible)
          http://watergate.info/1972/06/23/the-smoking-gun-tape.html

          Trump tweeted this morning that he will not block the release of the CIA’s JFK file whose historic deadline for release is next week. But, Trump added, that if Pompeo or other official made a clear case to him to continue to withhold them that he would. (What?) The press is expressing doubts that there will be a smoking gun connection to the CIA revealed. I would share their doubts that such would be reported since there is already a smoking gun in that the CIA apparently had a cut-out visit the Russian embassy in Mexico City weeks before the assassination under the name Lee Henry Oswald to create a pretext to block investigation after the assassination from opening a can of worms “that Russia thing.” The CIA did not count on J.E. Hoover getting a hold of copies of a audio and video surveillance of that “Oswald” visit and determining it was not Oswald, according to a memo from Hoover to Secret Service Chief Rowley on 11/23/63.

          …..The Central Intelligence Agency advised that on October 1, 1963, an extremely sensitive source had reported that an individual identified himself as Lee Oswald, who contacted the Soviet Embassy in Mexico City inquiring as to any messages. Special Agents of this Bureau, who have conversed with Oswald in Dallas, Texas, have observed photographs of the individual referred to above and have listened to his voice. These Special Agents are of the opinion that the above-referred-to-individual was not Lee Harvey Oswald. Memo from Hoover to James J. Rowley, Secret Service, 11/23/63; AR 249-50; cf. FBI #62-109060-1133, NARA #104-10419-10022.

        • Posted Oct 23, 2017 at 1:56 AM | Permalink

          Since we’ve taken a pause from SHA1, SHA2 and binary strings, the move American Made that came out last week is about a CIA pilot named Barry Seal (played by Tom Cruz). The movie has Seal being recruited in the late 1970s to run drugs for the CIA but actually Seal goes much further back. In fact he was recruited at the same time Lee Harvey Oswald was and by the same man, David Ferrie (played by Joe Pesci in the movie JFK,) who was their Civil Air Patrol leader when they were teens. There is a chance Barry Seal was the get-away pilot for a Dallas CIA team on the day of the assassination, as he is said to have claimed. After Seal’s death in 1995 the CIA stormed his house, according to his widow, to clean anything of importance. But they missed one picture that she kept in a hidden safe. It was picture of Seal with nine other men known to be part of Operation 40, the CIA plot to kill Castro. It was taken by a Mexico City nightclub photographer in January of 1960.

          There is some debate about some of the identities but it shows Barry Seal, Porter Goss, later to be Bush Sr’s CIA director, (looking away,) Tosh Plumlee, who admitted being in Dealey Plaza on Nov. 22, 1963, (cloaking his face partly with his jacket,) and Virgilio Gonzales, one of the five Watergate burglars.
          http://www.madcowprod.com/2017/09/17/american-made-lies-sex-videotape/

        • Don Monfort
          Posted Oct 23, 2017 at 3:31 PM | Permalink

          Nice work, Ron. I am sure that will all be corroborated when the JFK docs are released. The public outcry will certainly result in the CIA being disbanded. Your honorary G-man badge, plastic whistle and tin foil hat are in the mail.

        • Posted Oct 23, 2017 at 4:36 PM | Permalink

          Don, for somebody who honors our country with your service, you could do the country an even larger favor to educate yourself on the topics for which you ridicule.

        • Posted Oct 23, 2017 at 5:08 PM | Permalink

          The release of the files is guaranteed to improve support to uncover CIA involvement. The only questions are to what degree, how many of the suspects will be implicated and in what ways. For example, Plumlee claims that a small part of Op 40 colluded with the mob and he was sent to stop the hit but got to Dealey Plaza only in time to witness the event. E. Howard Hunt sued a conservative magazine for libel after they published witness claims he was in Dealey Plaza the day of the event. The jury found not only was the magazine not liable, the jury felt Hunt was guilty after the testimony of the star witness, Marita Lorenz. She was Fidel Castro’s mistress and mother of his child before being recruited by Hunt (aka Edwardo) to aid in an assassination plot. After it failed Hunt aided her in fleeing to Miami. She recounted the story of traveling to Dallas, Hunt and a trunk full of cash and rifles. She begged to return home to Miami the care for her baby and thus left a day before the event.

          Correcting in the caption that Porter Goss was G W Bush’s CIA director. Goss’s bio has the CIA stationing him in Mexico after his recruitment from Yale in 1960, so the files being released may shed more light on his role, which is likely just knowing the players. The highest officer thought to have been directly in control was David Atlee Phillips. E. Howard Hunt’s recorded deathbed confession to his sons of his involvement and that of Phillips I just saw and have not read about yet. St. John Hunt is the son who is talking openly.

        • Don Monfort
          Posted Oct 23, 2017 at 7:02 PM | Permalink

          That is a total crank lunatic conspiracy theory BS, Ron. Just because it’s elaborate, doesn’t mean there is anything to it. But you have your fun.

          I know about all the coverups and there is really only one of any historical importance. U.S.S. Liberty. I am pretty sure Edwardo didn’t have anything to do with that. It came directly from the top.

        • Don Monfort
          Posted Oct 23, 2017 at 7:06 PM | Permalink

          I’ll redact part of my comment to see if I can free it from moderation:

          That is total XXXXXXXXXXXXXXXXXXX BS, Ron. Just because it’s elaborate, doesn’t mean there is anything to it. But you have your fun.

          I know about all the coverups and there is really only one of any historical importance. U.S.S. Liberty. I am pretty sure Edwardo didn’t have anything to do with that. It came directly from the top.

        • Posted Oct 23, 2017 at 9:26 PM | Permalink

          Don, I just took the family to see American Made. Even though it’s only half true you should see it or read Daniel Hopsicker’s book, Barry and the Boys. It’s not anti-conservative nor anti-liberal, it’s anti-nation building, a historical lesson that should be learned in glorious detail. Future generations need to beware of the mistakes of the past, even if they were with good intentions. The cloak of national security should <b<never be used to spare embarrassment. The nation’s brand needs to be protected. Our pride and world leadership not only can survive the truth and transparency, they depends on it.

        • Don Monfort
          Posted Oct 23, 2017 at 10:11 PM | Permalink

          Was Joe Peschi in that flick? You seem to get a lot of your BS from Joe’s films.

          If I believed what you do, I would move to another country. Aren’t you scared to death the black helicopters are going to swoop in and gangster CIA ninjas slide down ropes to shut you up? One of those razor sharp star shaped throwing things, right between the eyes. Isn’t that what happens in the movies, Ron? You live an exciting life, in your head.

          The people who work for the CIA are Boy Scouts, Girl Scouts and Eagle Scouts. A lot of them come from the elite branches of the military. The cream of the crop, the top of the class. They are not gangsters. You need to find something to take your mind off this corrosive foolishness. Do you like model trains?

        • AntonyIndia
          Posted Oct 23, 2017 at 10:18 PM | Permalink

          From Boy Scouts to CIA: that explains a lot: http://dailycaller.com/2016/12/13/flashback-the-cias-top-7-intelligence-blunders/

        • Posted Oct 24, 2017 at 12:09 AM | Permalink

          Don, I greatly respect the service of our IC and military forces and have no problem encouraging people to serve, including my own children. I was a Boy Scout leader for 11 years and my wife continues to be Girl Scout leader for over 25 years and running. My issue is a desire to see our country live by the scout law.

          Do you think Trump should withhold the last JFK files? When would you have had them released? Have we ever had files released that we could see were being held for any other reason than for embarrassment? Waiting for perpetrators to die is not a good reason to withhold evidence.

        • Don Monfort
          Posted Oct 24, 2017 at 1:33 AM | Permalink

          It seems that Trump is going to release the JFK files. It was a long time ago and I don’t think it will be a big deal. People in the agencies take omerta very seriously, so they would prefer that nothing ever get’s released. But they don’t get to make the final determination.

          Non-entity has found a criticism of the CIA on a right wing web site. Usually, they love the CIA, but it’s the Russia thing now. The lefties usually want to destroy the CIA, but now they love the CIA and Comey. When Russia Russia Russia turns out to be a flop, they will go back to hating. Bunch of hypocritical clowns on both sides.

          Anyway, non-entity’s article says the CIA mistakes almost caused nuclear war…the Cuba thing…yatta yatta yatta. The CIA is the continuation of the OSS. We won WWII and the Cold War and as far as I know we have managed to avoid nuclear annihilation, while saving most of the planet from communist tyranny. We are the pre-eminent superpower and when we fail to kick a$$ properly, it has been due to weak political leadership and a lack of will to go the distance. We are a democracy. If the Soviet Union had gotten the bomb before us, they would very likely have ruled the world.

          When one criticizes the CIA, I say compared to what. Wasn’t it really Soviet intelligence that miscalculated in Cuba? They thought Kennedy was Obama. Wasn’t it the KGB-Soviet Union that went bankrupt and extinct? Now they are reduced to grabbing little pieces of land from their weak Slav neighbors. When we get our LNG business cranked up in Europe and flood the world market with American oil, we just might drive them bankrupt again.

        • Posted Oct 24, 2017 at 9:10 AM | Permalink

          Don, I have no disagreement with your point. The world is a dangerous place, and it always gets worse with American weakness. But strength needs to be is more effective when used in the open and with an abundance of restraint, realizing it is possible to make things worse, even with good intentions.

          An organization that has omerta as its official policy must be kept to be squeaky clean. That can only be done with the check of serious congressional oversight. And, there are no good reasons in time of peace to subvert any foreign government. It’s always counter-productive.

        • Posted Oct 24, 2017 at 10:04 AM | Permalink

          The fundamental problem is that secret operations are excused from the scrutiny of systems of open justice. The Nigerian Prince con, like all cons, are designed to entangle the victim by enticing them to temporarily compromise ethics in favor of a presented rationale. The subverting of the target to join the conspiracy then binds them to not exposing the nefarious actions, even after they become victimized, and even after they find it was a scam from the start. This same tool is the basis of recruitment of intelligence assets even when the rationale for temporary compromise is legitimate.

          I am frankly disappointing that Donald Trump Jr. said, “I love it” when the prospect of Clinton ill-gotten emails was dangled in front of him. Anyone in business or in politics needs to know better.

          As I demonstrated by showing J. E. Hoover covered up that a fake Oswald was used to create a Mexico City Cuban and Soviet embassy connection, even the highest officials can be subverted into joining a conspiracy. It only takes being silent for a moment, usually in a time of high duress, to permanently seal the deal.

          Having activities that must permanently remain sub rosa inherently subverts open democracy. This is the reason for FOIA and the congressional order 25 years ago to release the remaining JFK files.

  21. AntonyIndia
    Posted Oct 20, 2017 at 12:30 AM | Permalink

    MH17: Russia or Ukraine or ..
    About the BUK: https://off-guardian.org/2017/10/19/mh17-inquiry-series-2-episode-1-what-if-it-was-a-buk/

  22. Posted Oct 20, 2017 at 1:40 AM | Permalink

    Reblogged this on I Didn't Ask To Be a Blog.

  23. JD Ohio
    Posted Nov 1, 2017 at 10:57 AM | Permalink

    Hi Steve,

    In reading the NYTs, I came across a reference to these points made by Joy Reid. Her points were made as follows: “So what you’re talking about is a deal that nine members of CFIUS approved unanimously. None of them was Hillary Clinton. You have a donor who separately gave Hillary Clinton donations at a time when she was not Secretary of State. The two things cross in the night, they have no relation to each other. The members of CFIUS have been very clear Hillary Clinton had nothing to do with that approving that deal.” http://www.slate.com/blogs/the_slatest/2017/10/29/watch_msnbc_s_joy_reid_expertly_debunk_lies_around_uranium_clinton_story.html

    If you have the time and inclination what would your response, as one in the mining industry, be.

    JD

    • Steve McIntyre
      Posted Nov 1, 2017 at 12:55 PM | Permalink

      I think that recusal is more a matter of form than substance. It also depends whether the conflicted director is a lead dog or passive. If the resolution has landed on their laps and involves a leader, the other directors know the position of the leader and have to decide whether they want to pick a fight or not. Most people prefer to get along, particularly if they are dependent on the leader.

      If the transaction is wrong in some sense, I think that the conflicted director should take responsibility for not presenting the resolution to the board, rather than simply recusing. But that’s an ideal.

      I don;t see the CFIUS approval as being all that important to Uranium One or something that they would even lobby hard for. If it were a problem, in their shoes, I’d dividend the US properties to a Newco under original ownership. Once they were gone, CFIUS approval would not be needed. The Kazakh properties were the ones of interest.

      • Posted Nov 1, 2017 at 4:22 PM | Permalink

        “If the transaction is wrong in some sense, I think that the conflicted director should take responsibility for not presenting the resolution to the board, rather than simply recusing.”

        I would go further and suggest the receipt of generous gifts or lucrative contracts after a deal that was approved during a recusal should also be avoided to eliminate appearances of quid pro quo. Power is fungible and does not need to relate directly to the issue on the table. In other words indirect quid pro quos are easily constructed with the use of intermediaries.

        • Kan
          Posted Nov 4, 2017 at 9:12 PM | Permalink

          Ron, the old Democrat attack phrase – “appearance of impropriety” – was dispensed with early on in the Bill Clinton administration days.

    • Posted Nov 1, 2017 at 5:01 PM | Permalink

      All of the Clinton Foundation donations and speaking fees were in ethical conflict while Hillary was SoS and presumed future Presidential candidate.

      It’s hard to eliminate corruption and graft completely by law. When people leave the presidency stripping off the gold plating from fixtures and selling pardons we know what they are about. Starting a foundation or doing philanthropy after leaving the political scene is admirable, i.e. Jimmy Carter. But the Clintons should have waited until Hillary was done politically before setting it up. Instead, they did the reverse of Jimmy Carter’s example, they actually shut it down then.

    • Steve McIntyre
      Posted Nov 1, 2017 at 9:36 PM | Permalink

      I’ve just looked at the plea agreement of Vadim Mikerin, which has got in the news lately. That a Rosatom subsidiary was engaging in extortion in the US seems highly relevant to the CFIUS approval. It’s disquieting that this wasn’t brought to the attention of the committee making the decision. If that information was withheld from me as a member of the committee, I’d be pretty mad. It will be interesting to see how this plays out.

  24. jim2
    Posted Nov 3, 2017 at 9:20 PM | Permalink

    FYI: (from the article)

    Inside story: How Russians hacked the Democrats’ emails

    An investigation into the digital break-ins that disrupted the U.S. presidential contest has sketched out an anatomy of the hack that led to months of damaging disclosures about the Democratic Party’s nominee.
    The investigation helps explain how a Russian-linked intermediary could boast to a Trump policy adviser that the Kremlin had “thousands of emails” worth of dirt on Clinton.

    https://www.cnbc.com/2017/11/03/inside-story-how-russians-hacked-the-democrats-emails.html

    • Posted Nov 3, 2017 at 10:24 PM | Permalink

      My tweet on reading this story:

      >b;pclqipte?”it was at an April 26 meeting at a London hotel… A few days later… a serious breach at the DNC… It was 4 p.m. on Friday June 10″

    • mpainter
      Posted Nov 3, 2017 at 10:25 PM | Permalink

      What garbage

    • Steve McIntyre
      Posted Nov 4, 2017 at 11:36 AM | Permalink

      how a Russian-linked intermediary could boast to a Trump policy adviser that the Kremlin had “thousands of emails” worth of dirt on Clinton

      my take: whatever Mifsud was talking about (if story true) would have been the 33,000 deleted emails from Clinton server – then and later very much in the news. Retrospectively attributing prediction of DNC hack or Podesta emails in that incident is fake pattern spotting.

      • jim2
        Posted Nov 4, 2017 at 2:50 PM | Permalink

        If Secureworks has all these breadcrumbs, I have to wonder why they didn’t catch this sooner and alert the appropriate people?

      • Skiphil
        Posted Nov 15, 2017 at 6:48 PM | Permalink

        OT: Steve, have you seen that Penn State’s payouts to victims in the Sandusky scandal are now over $100 million? Article says that total financial costs to Penn State in the scandal are now 1/4 BILLION dollars! (I don’t know what all the other costs might be, although lawyers and investigators must add up, but another $150 million??? weird….).

        Just think of how much of Michael Mann’s “research” President Spanier et al. might have supported with those funds!

        http://www.nydailynews.com/newswires/sports/penn-state-payouts-sandusky-abuse-claims-top-100m-article-1.3624438

    • mpainter
      Posted Nov 4, 2017 at 3:17 PM | Permalink

      “damaging disclosures about the Democratic Party’s nominee.”
      ### ###

      Damaging disclosures about Hillary just won’t stop, will they? Dirty Dossier, Comey’s memos, Uranium One, DNC dirty deal, Lotsa damaging disclosures, tsk, tsk, they don’t seem to quit. Imagine if all these damaging disclosures had come out before the election, why she could’ve been beaten even worse. Darn those damaging disclosures!

      • Posted Nov 8, 2017 at 10:03 AM | Permalink

        Is Donna Brazile starting to confess that she fears Clinton killed Seth Rich? Newsweek is reporting some strange comments made by Brazile in her new book and recent interviews. She dedicates her book in part to “my DNC colleague and patriot, Seth Rich.” Patriot? Although Rich is pictured wearing clothing with the US flag patterns, it seems unlikely Brazile is referring to that. Newsweek goes on:

        Rich appears elsewhere in Brazile’s book, as the Post reported earlier in the weekend. She wrote that Rich’s murder haunted her and that she’d installed surveillance cameras at her home and would keep the blinds in her office window closed so she could not be seen by snipers, according to the Post.

        Brazile talked about Rich on ABC News’s This Week with George Stephanopoulos on Sunday. She told the host about her critics: “They don’t know what it was like to be over the DNC during this hacking. They don’t know what it’s like to bury a child. I did: Seth Rich.”

        Seth Rich is “haunting her?”

        Why is Brazile afraid of snipers and putting DNC hacking in the same sentence as burying Seth Rich? As we might recall, after Brazile flatly denied supplying questions in advance to Hillary before a debate she came forward unprompted months later to confess to the act, a Washington rarity.

        • Steve McIntyre
          Posted Nov 8, 2017 at 1:44 PM | Permalink

          she came forward unprompted months later to confess to the act, a Washington rarity.

          when she lied to Megyn Kelly, she prefaced her remarks by saying that she was a “Christian woman”, perhaps a rarity in Washington political classes notwithstanding public religiosity. IF so, she would have had regrets about her initial lie and sought to make it right.

          She’s going to be on Tucker Carlson tonight. I hope that he asks her why she was nervous.

        • mpainter
          Posted Nov 8, 2017 at 5:23 PM | Permalink

          Brazile screwed up. She could have sold the rights to _Hacked_ to the Clinton Foundation for, who knows? 20, 30, $million, Lord knows that it has the money. Now she has to settle for, maybe a measly $million or so.
          But maybe she has something else to sell. To the Clinton Foundation.

  25. mpainter
    Posted Nov 9, 2017 at 11:22 AM | Permalink

    More damaging disclosures?

    The DNC/Hillary campaign paid $10 million to Fusion GPS through Perkins, Coie. Steele reportedly received about one million. What was the other nine million used for?

    Reportedly, the House Committee on Intelligence seeks additional bank records from Fusion GPS which “could reveal if Fusion GPS had paid any reporters or media sources to plant stories”.

    What many don’t know is that it is perfectly legal for a news source to print or broadcast planted stories and receive a fee for doing so. Happens all the time. And now reporters and commentators have their own Twitter accounts a.d so they, too, can rake in some Clinton loot.

    • Don Monfort
      Posted Nov 9, 2017 at 3:40 PM | Permalink

      Don’t get your hopes up. P&C would have done a lot of legitimate and semi-legitimate legal work for the hag’s campaign and the DNC. And the only reporter I can think of off the top of my coconut who reported on Steele dossier info before the election was David Corn. Of course, that rascal’s bank account needs to be checked. Post election payoffs to reporters doesn’t seem too likely. Could have happened. I hope Fusion gets turned inside out. Happy hunting, painter. Did you see the reception Trump got in China, compared with the shabby treatment they gave Obama? OMG! Trump is colluding with Red China! Now they’ve got him.

    • mpainter
      Posted Nov 9, 2017 at 4:11 PM | Permalink

      A little math: 2,000 hours @ $500/hr = $ 1 million
      The House Committee on Intelligence is doing the hunting, not me. The quote is front Fox News

      • Don Monfort
        Posted Nov 9, 2017 at 4:42 PM | Permalink

        I might have more hope in you getting results than The House Committee on Intelligence. Are they still working that Ben Gazi thing?

        I think lawyers get paid a lot more for semi-legitimate work. And don’t forget it was a nationwide election. Lot’s of legal jobs and payoffs to be done. Still, I hope they all get locked up. But I have learned not to get too excited about the hyperbole I see on Fox and various right wing websites. That Hannity is a freak. Tweets about a new bombshell every day. Could have something to do with driving ratings. We may never know.

        • mpainter
          Posted Nov 11, 2017 at 11:49 AM | Permalink

          FWIW, I seldom pay any attention to news personalities. Show business/news combined, imo. Over 90% of news is waste, fluff stuck between the ads.

    • MikeN
      Posted Nov 13, 2017 at 1:41 PM | Permalink

      I think this is why Washington Free Beacon and Hillary campaign have been revealed as the payers of Fusion. The rest of the bank records will show something bigger.

      I don’t think it’s appropriate for Senators to be investigating political opponents and tactics.

      • mpainter
        Posted Nov 13, 2017 at 2:02 PM | Permalink

        Actually,Perkins,Coie revealed that they had engaged Fusion GPS on behalf of Hillary campaign. They had their reasons. My own preference is more light be put on this whole business, not less. The public should be informed, not kept in the dark.

  26. Posted Nov 11, 2017 at 11:02 AM | Permalink

    I came across this news blurb while reading Judicial Watch articles.

    http://www.worldtribune.com/report-cia-director-meets-senior-nsa-whistleblower-who-contends-dnc-hack-was-inside-job/

    “Binney says he conducted an independent analysis of the metadata from the emails with a focus on timestamps that he says indicate a download speed consistent with loading the files onto a thumb drive.

    “I was willing to meet Pompeo simply because it was clear to me the intelligence community wasn’t being honest here,” Binney said. “I am quite willing to help people who need the truth to find the truth and not simply have deceptive statements from the intelligence community.”

    Former DNC chair Donna Brazile’s revelation in her new book that she feared for her life after DNC staffer Seth Rich was murdered helped shed new light on Binney’s theory.”

    There’s those inconvenient timestamps and file transfer rates…

    • Steve McIntyre
      Posted Nov 11, 2017 at 3:49 PM | Permalink

      the problem with Binney’s argument is that the timestamps, in my opinion having looked very closely at topic, are from secondary copying by G2 AFTER exfiltration of the files, NOT speeds of exfiltration. So they don’t shed light on any substantive issue.

      • Posted Nov 11, 2017 at 10:17 PM | Permalink

        I am not disagreeing with you Steve. I read and agree with your analysis.

        My assumption, which admittedly is extremely weak, is that Binney got access to hard drives, accounts, VTOCs and records not in the public discussion.

        All of which assumes Binney credibility that may not exist, at all.

        However, any information is welcome so long as it’s accurate.

  27. AntonyIndia
    Posted Nov 13, 2017 at 12:12 AM | Permalink

    OBL figured out the power of USB keys around 2005, but the NSA is still dithering.
    But N.S.A. employees say that with thousands of employees pouring in and out of the gates, and the ability to store a library’s worth of data in a device that can fit on a key ring, it is impossible to prevent people from walking out with secrets. Yes! But after No: Lurking in the background of the Shadow Brokers investigation is American officials’ strong belief that it is a Russian operation. The pattern of dribbling out stolen documents over many months, they say, echoes the slow release of Democratic emails purloined by Russian hackers last year.
    Chose a scapegoat; lets pick Russia.

    • AntonyIndia
      Posted Nov 13, 2017 at 12:23 AM | Permalink

      The NSA still could find these cyber “Shadow brokers” breaches after over a year. Enter Crowdstrike: a few days and the DNC breach is solved. Two guys better than 20,000 others? Only when the attribution is to the designated scapegoat.

      • AntonyIndia
        Posted Nov 13, 2017 at 12:51 AM | Permalink

        could not find

      • AntonyIndia
        Posted Nov 14, 2017 at 1:03 AM | Permalink

        Wikileaks published a Vault 8 on Nov 9th containing a.o. CIA manipulation of (Russian) Kaspersky Labs certificates.

        A) If the NSA cannot defend its own data, the state of cyber defense in the US is bad. Time for an Ethernet (Internet) mark II?
        B) The CIA is still quite keen to pin false flags onto “Russia” .

        • mpainter
          Posted Nov 14, 2017 at 8:45 AM | Permalink

          I hope that Pompeo has the toughness needed to deal with the Bush/Obama/Clinton holdovers/Trump haters. These are committing felonies in an effort to undermine his authority. If he is reluctant to take effective measures he compounds the problem.

    • mpainter
      Posted Nov 13, 2017 at 12:59 AM | Permalink

      But not all of the NSA are lowlifes; there are those who find that the nefarious methods used by that organization are morally repugnant. No need to blame it on Russia. The scum that run our intelligence organizations fail to reckon with decent types who are repelled by what’s going on.

      • AntonyIndia
        Posted Nov 13, 2017 at 3:35 AM | Permalink

        No doubt the vast majority of those working for the NSA started out as decent guys. Only when you keep on working on domestic mass spyware or offensive weapons only you become complicit to the twisted policies of some guys at the top.
        Money is not everything: neither is (the illusion of) Power.

      • Posted Nov 13, 2017 at 10:20 AM | Permalink

        I agree with you, Anthony, that almost all working in the intelligence field are dedicated to do good. What gets them into trouble is when they assume the opposite about the people working in the FSB and GRU. How can mortal enemies both be in the service of the Lord? This is an age-old question. My answer is to reverse the destructive conundrum is trust building. If that is the case then making false flags, which lead to false accusations is the devils work, regardless of patriotism.

        • Don Monfort
          Posted Nov 13, 2017 at 11:17 AM | Permalink

          Good one, Ron. The old moral equivalence foolishness. You people are funny.

        • Posted Nov 13, 2017 at 12:22 PM | Permalink

          Aye, Ron:

          There are numerous examples through history.

          A relatively recent example would be America’s War between the states.
          Robert E. Lee is a sterling example with him being offered command of the Union armies, but chooses to side with Virginia; his home, his relations and his friends.

        • Posted Nov 13, 2017 at 12:52 PM | Permalink

          Don, the flaw with moral equivalence is the premise that there is no ultimate objective that is morally superior to another thus all actions must be judged on their immediate merits. My argument is different; I believe there are legitimate ultimate ends. However, I think it’s universally apparent they are easily clouded with pride, tribalism and self-interest. The virtue of the USA is derived from diversity and openness and the ideals of its founding that preserved liberty. The USA has flawed but is also a great distillery of ideas, a finder of common ends. The only universally agreed upon common ends I can see are the expansion of truth and trust. The justice system’s aim is to instill trust and civil discourse.

          Having a secret agency with the aim of securing and preserving a nation is understandable. The price of doing so with active measure is extreme. The reason: false flags, attacks and secrecy undermine the only agreed upon universal virtue of trustworthiness.

        • AntonyIndia
          Posted Nov 16, 2017 at 11:30 PM | Permalink

          Ron +1

      • mpainter
        Posted Nov 13, 2017 at 10:54 AM | Permalink

        I’m talking about inside the U.S., what’s being done against U.S. citizens on a wholesale basis. If the public were aware, there would be universal outrage directed against the IC. The worst offender is the DHS. Have you not heard about what’s been done against Trump?

        • mpainter
          Posted Nov 13, 2017 at 11:57 AM | Permalink

          There is no refuge anywhere. Without the critical faculties and the disposition to employ them, all so necessary to good judgment, intelligence types aren’t as smart as they like to think. The ones at the top are political appointees and after twenty eight years of Bush, Clinton, Bush, Obama see what you get.

        • Posted Nov 13, 2017 at 3:08 PM | Permalink

          mpainter, it’s not a matter of intelligence but a matter of blind spots.

          Also, there will always be refuge in sunshine as long as we individually preserve the collective claim of being a legitimate free society.

        • mpainter
          Posted Nov 13, 2017 at 7:01 PM | Permalink

          “Aways refuge in sunshine..”

          You forget that the IC operates in the perpetual dark. The solution is board oversight, not single heads, and board members must be held accountable for wrongdoing.

  28. johnvonderlin
    Posted Nov 18, 2017 at 3:44 PM | Permalink

    Hi Steve,
    I don’t care whether you post this or not. Having had great respect for your auditing, your insights and your blog demeanor in the past, I’m saddened by what I now read here. I typically go the the last comments of a posting and reel upthread at the many forums I monitor. In this thread the last hundred comments seem to be dominated by about six individuals who seem to be refugees from the InfoWars website. The anger, conspiratorial ideation, wild accusations, weakly supported allegations and blanket vitriol against individuals and various agencies of the American government is disturbing to me. Rarely do I find in their comments the key words that I believe skeptics should use, “I believe, I think, probably, maybe, it seems, apparently, etc.” You seem to be a man of measured belief and prose, your recent comment threads undermine that estimation in my opinion. Trading contemplating scientific considerations for angry political mud-wrestling is not something I’m willing to do. Thanks for the past. Good luck in the future.

    • mpainter
      Posted Jan 26, 2018 at 7:39 AM | Permalink

      The truth is emerging, but by bit. It now appears that Obama, the DoJ, the FBI conspired to obstruct justice in Hillary’s case and then proceeded to weaponize the DoJ and the IC against candidate trump in order to secure her election.

      Ironically, Mueller is investigating Trump for obstructing justice and so arms a future special counsel with the precedent of investigation of a president for this crime. Prison for Obama and his DoJ following.

      And that’s not all. Obama violated the same security law that Hillary did when he corresponded with her through her private server. Prison for both of them.

      There is much more to come and I am confident that it will be coming for years. Just imagine, we have yet to hear about Nellie Ohr and her ham radio escapade. It will all come out.

      • Frank
        Posted Jan 26, 2018 at 5:55 PM | Permalink

        Is there any substantial evidence that Obama (using a pseudonym) sent confidential information to HRC’s clintonmail.com email address? I doubt it. McCarthy at the NR link below has a story that makes little sense. Was this email turned over to the DoS with the rest of HRC’s work related email? Was it found by the FBI when searching the records of others at the DoS who might have received a copy? In both of those cases, the records would have been outside the control of WH and HRC and unlikely to have been suppressed. If Republicans had subpoenaed Obama’s (not HRC’s) records of emails with HRC over Benghazi, I suspect any president would have asserted executive privilege. In none of these situations would McCarthy have any way of knowing that Obama had written (or even received) classified information

        http://www.nationalreview.com/article/455696/hillary-clinton-barack-obama-emails-key-decision-not-indict-hillary

        If the DoJ and IC had been weaponized against the Trump campaign, the rumors about the Russia investigation spread by the DNC, GPS, and Steele (and shared with some Congressmen) would have been confirmed by “anonymous sources” the press could trust. This would have created an uproar BEFORE the election. The uproar actually occurred in January, when news of Trump’s briefing was leaked to the press and Buzzfeed followed up by publishing the Steele dossier, still without confirmation from any official source. I have seen one minor story from before the election that wasn’t picked up by any major news organizations. As best I can tell, the DOJ and IC properly refused to confirm their investigation into the Steele dossier until Comey informed Congress. If the Steele dossier (which had reached many) had been published on November 1, I doubt Trump would have won the election.

        • mpainter
          Posted Jan 26, 2018 at 6:59 PM | Permalink

          The truth emerges bit by bit and it will be seen that Obama is in the middle of this business. How can it be doubted?

          The Ohrs, Bruce and Nellie, know everything and they will talk and enter a witness protection program.

          And of course Obama corresponded with Hillary over her private server. They had lots to talk about, don’t you know?

          McCarthy makes good sense. He is one of the most astute commentators of this business.

          Is it your position that Obama never exchanged emails through her personal server? Is that what you believe, Frank?

        • Don Monfort
          Posted Jan 27, 2018 at 3:46 AM | Permalink

          You are wrong, Frank. The Steele so-called “dossier” is ludicrous. That is why the media did not run with it, until the desperation set in over Trump’s glorious victory. The Dem team, including Obama’s lackey intell sttoges didn’t think it was possible hillarity would lose. Why risk making fools of themselves over the ludicrous Steele “dossier”? And it is a well-known fact that Obama exchanged emails with hillarity through her homebrew server:

          https://www.politico.com/story/2016/09/hillary-clinton-emails-fbi-228607

          Try to catch up, Frank.

        • mpainter
          Posted Jan 27, 2018 at 9:32 AM | Permalink

          Frank also seems unaware that the FBI contacted David Corn of Mother Jones (James Baker, FBI General counsel) just prior to his October 31 article which revealed the dossier against Trump. My guess is that Baker vouched for the reliability of Steele, who had presented the dossier to Corn. Steele had been peddling the dossier all over, trying to sucker anyone he could, without success. Comey, who knew that the dossier was partisan invention, was trying to keep this peddling effort at arm’s length. But, in desperation he had Baker contact Corn in mid October. Baker would not have done so on his own initiative. Bottom line: Comey made a belated effort to get the dossier publicized before the election. So David Corn bought and Mother Jones published on October 31, thanks to Comey/Baker. It will all come out. The IG report will likely expound on this episode.
          Now Comey is Professor of Government Ethics at William and Mary College. hahahoho.

        • Frank
          Posted Jan 27, 2018 at 11:41 AM | Permalink

          mpainter: “Is it your position that Obama never exchanged emails through her personal server? Is that what you believe, Frank?”

          More strawmen from mpainter. Such tactics are unworthy of this website.

          “And of course Obama corresponded with Hillary over her private server. They had lots to talk about, don’t you know?”

          According to McCarthy, there were a total of about 20 emails – about one every three months. So no, they didn’t have “lots to talk about”, at least by email via an insecure server. Obama allegedly was somewhat of a techie for a politician, with a staff that provided him with a secure Blackberry for his use at anytime and access to secure communications every minute he was outside of the WH (both his office and home). There is no reason to assume that his communications were insecure. HRC was a neophyte, with secure email available only when she was in her office via a PC, a device she never learned how to use. (HRC’s paranoia and secrecy were additional complications.)

          McCarthy provides no evidence that Obama’s email security was sloppy. McCarthy merely cites (normal) concern among Obama’s staff when Obama denied knowing about HRC’s clintonmail.com email address, an address Obama had an opportunity to notice about 20 times between 3 and 7 years earlier. (I’m sure his technology didn’t force him to personally type that email address.) Perhaps Obama lied about not knowing, but that still doesn’t demonstrate that his personal email practices were insecure. When McCarthy can cite evidence showing that several of the passages Obama sent to HRC were latter classified (or one was highly classified), then I’ll pay attention.

          The Ohrs and others are further evidence that the Obama DOJ was filled with insiders with conflicts of interest – and conclusive evidence that Comey was wrong when he told Congress that the email investigation was carried out in a manner the FBI could be proud of.

          Rather than draining the swamp, Trump hired some of its bottom feeders (Manafort, Flynn, Bannon, Stone), NYC billionaires married to Marie Antoinettes, and family members naive enough to meet with Russians about HRC’s email and the Magnitsky act and then dissemble about it. Since Trump hasn’t disclosed his taxes or put his holding in a blind trust, as most recent presidents, he obviously cares less about conflicts of interest and an appearance of propriety than any recent president.

        • mpainter
          Posted Jan 27, 2018 at 12:04 PM | Permalink

          Frank says that Obama would never obstruct justice like Trump, no, not that sacred icon of purity and goodness. Well, I have a different view of the man.

          Obama’s main methods depended on deceit and subterfuge, Frank. This fact apparently escapes you. It will all come out. Grassley has just demanded from Hillary and John Podesta a comprehensive accounting touching on the Steele dossier. The trail leads to Obama’s White House. Lots and lots to come.

          We will eventually learn everything that Obama has to hide. Will Hillary make a deal with special counsel? Somebody surely will.

        • mpainter
          Posted Jan 27, 2018 at 7:40 PM | Permalink

          And if Obama pseudonymously discussed classified matters via Hillary’s insecure server just once, that is all it takes. Gross negligence is the formula. The courts will disallow any claims of privilege by Whitehouse staff. Obama knew he had transgressed in this matter. It will all come out. That is why there are so many panic-stricken democrats running around screeching their lungs out. It will be hugely entertaining, the next year or so. Sacred icon of purity and goodness gets sent to the septic tank.

        • Frank
          Posted Jan 30, 2018 at 5:57 PM | Permalink

          mpainter wrote: “…all of Trump’s enemies will go to jail. Yep, everyone, including Frank.:-)”

          The Russian media is full of praise for everything Trump and Putin do. They don’t publish anything that contradicts your cherished beliefs. Wouldn’t you rather live there?

        • mpainter
          Posted Jan 30, 2018 at 6:23 PM | Permalink

          Smile, be happy, live longer. Quit fretting about Russia. Putin won’t hurt you unless you piss him off. So don’t. 🙂

        • MrPete
          Posted Feb 6, 2018 at 11:21 PM | Permalink

          Frank,
          It’s actually quite simple. There is a completely separate and isolated communication system for classified information, separated by a literal air gap from normal email and Internet.

          If President Obama EVER used normal email or normal communication methods for classified information, that’s an issue. And, if he did so, he had to know that he was doing so. Same for HRC of course.

          So, if any of us ever see any evidence that anybody in the administration used normal email for classified info, that’s all the evidence needed.

      • Frank
        Posted Jan 28, 2018 at 3:46 AM | Permalink

        mpainter says: “Frank says that Obama would never obstruct justice… ”

        Another straw man.

        mpainter says: “Frank says that Obama would never obstruct justice like Trump, no, not that sacred icon of purity and goodness.”

        Didn’t say that either. (Next time, quote my words, then tell me why my words, not your strawmen, are wrong.)

        mpainter wrote: “Frank says that Obama would never obstruct justice like Trump”

        Didn’t say that either, but I agree that Obama would never obstruct justice as stupidly as Trump may have. I say “may” because we don’t know whether Trump knew about any crimes that may have been committed by those working for his campaign. Obama could count on the loyalty of Eric Holder, Loretta Lynch and others to side-track investigations; he didn’t need to get his hands dirty.

        Likewise, I doubt HRC or Podesta had any personal involvement with the Steele dossier. They are smart enough to have others handle such activities. An attorney at Cole Perkins handled the Fusion GPS contract. There is nothing illegal about paying for opposition research, though the possible mischaracterization of opposition research in a FISA court appear problematic. (The Steele Dossier is unlikely to be a Russian disinformation campaign, because it might have helped HRC get elected.) Perhaps the renewed investigation of the Clinton Foundation will bear fruit.

        • mpainter
          Posted Jan 28, 2018 at 4:21 AM | Permalink

          Frank, Obama publicly exonerated Hillary, claiming that the law did not apply to her case. A public lie. And you say that he did not get his hands dirty. Prison for Obama for public obstruction of justice. Someone will turn states evidence, Frank, don’t you know? Surely Obama was advised on the law. You had best return to your old position where you repeated Obama’s lie: Hillary had no intention therefore she is innocent.

        • mpainter
          Posted Jan 28, 2018 at 4:36 AM | Permalink

          No, Trump did not obstruct justice by firing criminal James Comey. It was his constitutional prerogative and you have run up your jolly Roger by trying out such nonsense on this blog. It won’t work. Frank.

        • mpainter
          Posted Jan 28, 2018 at 4:42 AM | Permalink

          Also prison for Obama for violations of security law. And no telling what else, once the special prosecutor gets going. There are scores of Obama types that he will methodically pick off, one by one, and of course they try to save their necks by telling everything. It will be havoc, a pyramid of skulls with Obama’s on top.

        • mpainter
          Posted Jan 28, 2018 at 4:44 AM | Permalink

          Now do you understand why the Democrats are running around screeching their lungs out?

        • Don Monfort
          Posted Jan 28, 2018 at 11:43 AM | Permalink

          You are counting your chickens, paint. You are bound to be disappointed. It takes evidence and squealers to put folks in jail. The Dems are good at hiding sheet destroying evidence and lying. Obama in particular will very likely skate. He enjoys the same Constitutional protections for his actions in office as does Trump. I predict that some relatively small fish will fry. Hopefully, a lot of left loon ‘civil service’ politicized hacks still in the govt. will be thrown out. That also won’t be easy. Trump 2020! MAGA!

        • Don Monfort
          Posted Jan 28, 2018 at 11:44 AM | Permalink

          PS: There is also jury nullification. Where you going to find a jury without at lease one left loon nullifier?

        • mpainter
          Posted Jan 28, 2018 at 11:59 AM | Permalink

          Moonfart sez everyone gets away with it. Moonfart does.

        • Don Monfort
          Posted Jan 28, 2018 at 12:56 PM | Permalink

          A right wing loon is just as dumb as a left wing loon. Trump 2020! MAGA! We will accept the votes of useful idiots. Thank you.

        • mpainter
          Posted Jan 28, 2018 at 2:25 PM | Permalink

          Don Monfort, supporter and booster of Ukrainian neo-natzis, calls me a right wing loon. This is about the ninth occasion on this thread that he has resorted to name calling or some other type of personal aspersion against me or somebody else here.
          Whenever I wish to win a debate with this juvenile, I deliberately nettle him. It works every time and he never wises up. Good entertainment, that montfort.

        • Don Monfort
          Posted Jan 28, 2018 at 2:30 PM | Permalink

          wingnut

        • mpainter
          Posted Jan 28, 2018 at 2:47 PM | Permalink

          And never will wise up.

        • Frank
          Posted Jan 28, 2018 at 6:04 PM | Permalink

          mpainter: “No, Trump did not obstruct justice by firing criminal James Comey. It was his constitutional prerogative and you have run up your jolly Roger by trying out such nonsense on this blog. It won’t work. Frank.”

          Mr. Trump was always free to fire Mr. Comey. In our system of checks and balances, it is Congress’s constitutional prerogative to impeach presidents for interfering with criminal investigations that involve the president – and thereby placing the president above the law. If Congress wants to call Mr. Trump’s action “obstruction of justice”, they are free to do so. They did so with Nixon (who believed he had authorized $1M of “humanitarian aid” for the families of the Watergate burglars) and Clinton (who certainly failed to tell the whole truth about Monica when under oath). If Mueller doesn’t uncover any serious evidence of collusion, then Trump IMO had the right to try to dissuade the FBI from wasting time on an investigation that was initiated by speculative opposition research funded by the DNC and lacking any basis in fact. Trump may have known that he was not personally involved in any form of collusion – but he was an idiot for interfering: He could never be sure what his associates had done!

          Our system of justice does not allow any potential defendant – even a president – to decide: what is “humanitarian assistance”, what is hush money, what is a non-monetary political campaign contribution from a hostile foreign government, what might be a quid pro quo deal to exempt certain Russians from the Magnitsky Act, or whether publicly asking the Russians to release HRC’s stolen email was “soliciting a valuable campaign contribution from a foreign government”. Whenever ANY President suggests that he is empowered to make such decisions himself – say by firing Mr. Mueller – then it is time for a new president. To some extent, it doesn’t matter whether Mueller’s team can be tarred with charges of partisan prejudice. Although that team will prosecute Trump’s associates, they are merely investigating the President and reporting their findings to Congress.

          In any case, this “left wing loon” will be happy to see Pence take over, if necessary. He is qualified, hasn’t made any major mistakes since being chosen, and optimistically could perform better domestically than anyone since Reagan and better in foreign affairs than anyone since Bush I.

        • mpainter
          Posted Jan 28, 2018 at 6:08 PM | Permalink

          Frank, yours is long-winded wishful thinking. Sorry, but that’s the truth.

        • Don Monfort
          Posted Jan 28, 2018 at 6:48 PM | Permalink

          We have ourselves another impeachment hallucination. Frank would like to go from hero to zero. We expect better from you, Frank. Trump 2020! Ivanka 2024! Dishrag Pence never!

        • Frank
          Posted Jan 28, 2018 at 9:18 PM | Permalink

          If Congress desires, they can subpoena Obama’s email to and from clintonmail.com. Obama can claim executive privilege and the case can move to the courts. If the email potentially contains evidence of criminal activity, the courts should eventually rule in favor of Congress. Then we might learn if anything Obama wrote violated rules about handling of confidential material, something we don’t currently know. At that point, we would still be stuck with the intent issue: Did Mr. Obama knowingly ignore the law? And the gross negligence problem: How many emails showed negligence? Should we prosecute gross negligence In the absence of intent, a private server and the destruction of government records requested by Congress. Should Congress proceed down this hopeless path?

          mpainter fantasizes that this could lead to the uncovering of a vast areas of wrongdoing that could put Obama and many of his associates in jail. I personally would like to know more about: What Obama was doing minute by minute when he failed to send help to our people in Benghazi while they were under attack. Were Tru-the-Vote and other Tea Party groups abused by other agencies besides the IRS? Were dozens of Americans mentioned in intelligence reports unmasked for political purposes? Why did the CIA issue a definitive and erroneous statement about protesters at our embassy less than 48 hours after a terrorist attack?

        • mpainter
          Posted Jan 28, 2018 at 11:25 PM | Permalink

          Well,well, well. Frank, having admitted that Obama was involved in the cover up of Hillary’s crimes now says Hillary was innocent after all. How many Franks are there, I wonder.

        • Frank
          Posted Jan 29, 2018 at 4:44 AM | Permalink

          Don wrote: “We have ourselves another impeachment hallucination. Frank would like to go from hero to zero. We expect better from you, Frank. Trump 2020! Ivanka 2024! Dishrag Pence never!”

          I thought you would approve of my preference for Pence over Obama, Bush II, or Clinton. The scariest thing for me about impeachment is the sense of betrayal that many Trump supporters like you will feel. Unfortunately, I don’t see anyway out of a number of tricky situations.

          1) If his family is threatened, I expect Trump to fire Mueller and/or pardon his family or Manafort. IMO, Trump will also likely fire Mueller if he tries to look into Trump’s finances. Will Sessions and Rosenstein refuse Trump’s orders? Manafort is facing the possibility of spending the rest of his life in prison unless he cooperates or is pardoned. It will be difficult for Congress to ignore one standard of justice for the president’s family and his criminal associate and a different standard for everyone else.

          2) In 2019, a Democratic House could impeach with even a flimsy partisan case – as the Republicans did in 1998 with Clinton. The Dems are united in their hatred of Trump and (unlike me), they don’t care about the “deplorables” who supported Trump. Those competing for leadership can’t afford to be rational about impeaching Trump. Trump’s response is certain to be ugly.

          3) Mueller is interviewing members of the WH staff relevant to a charge of obstruction of justice. Does Mueller think he has evidence showing that Trump knew about crimes that took place?

        • mpainter
          Posted Jan 29, 2018 at 1:35 PM | Permalink

          “…all of Trump’s enemies will go to jail”

          Yep, everyone, including Frank.:-)

  29. Posted Jan 22, 2018 at 7:52 AM | Permalink

    Hello there, Tidy write-up. Likely to matter with all your site with net ie, might check this? Firefox ‘s still this market boss and also a large component of other people will leave out your wonderful producing due to this challenge.. doctortipsbd

  30. AntonyIndia
    Posted Jan 25, 2018 at 10:49 PM | Permalink

    Dutch newspaper claims that Dutch AIVD had hacked into Cozy Bear since summer 2014 – including video access and saw ~ 10 Russians hack half Washington ever since. They shared this with US agencies but they were careless with this info. https://www.volkskrant.nl/media/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~a4561913/

    • AntonyIndia
      Posted Jan 26, 2018 at 9:02 PM | Permalink

      Russians – specially RU government – are being paid to hack into opponents sites, just like the CIA does, its their job.
      My conclusions: US cyber defence is weak. FBI etc. response to known intrusions is weak. The DNC’s and Hillary’s systems were so weak they basically invited anybody to enter, so many did. Trump & co had nothing to with this: everybody including the Russians were surprised that he won the elections.

    • AntonyIndia
      Posted Jan 27, 2018 at 1:50 AM | Permalink

      One reason why the Dutch could have pull this off (my speculation) is that their laws prevented them from tapping into fibre optic cables: only satellite Internet traffic was allowed to be trawled. As these Russian hackers used precisely satellite links to retrieve hacked data, the Dutch might have gotten lucky.
      The NSA and GCHQ were wading through their humongous fibre global “haystacks” meanwhile, easy to miss stuff.

      • Don Monfort
        Posted Jan 27, 2018 at 3:56 AM | Permalink

        But the NSA fingered the Russians as the hackers of the DNC in the summer of 2015 and continued to monitor and repeatedly warn the DNC up until the DNC revealed they had been had. You obviously are oblivious to the capabilities of the US intel apparatus. The NSA knows about satellite internet traffic. If the Dutch stumbled onto something, it was very likely after the NSA already knew about it.

        • AntonyIndia
          Posted Jan 27, 2018 at 5:52 AM | Permalink

          Obviously the NSA knows satellite traffic: the difference is that data returned from a satellite can be captured by many dishes, not only the intended ones. The Dutch story is that these Russians directed their hacked (and marked) data to remote but un-involved business companies in Europe known to use satellite up links only to snoop back these packets onto Russian dishes as well.

        • Don Monfort
          Posted Jan 27, 2018 at 2:00 PM | Permalink

          You said the NSA could easily “miss stuff” because they “were wading through their humongous fibre global “haystacks” “. Wrong. They don’t wade though stuff. They sweep it up and sift it with humongous computer power and many thousands of egghead hackers/data analysts. Capabilities far beyond the Dutch boys. It is possible that the Dutch stumbled onto something before NSA, but not likely.

        • AntonyIndia
          Posted Jan 27, 2018 at 9:31 PM | Permalink

          The Russian trick was to use neutral IP addresses to ex filtrate data; even they could only recognize these packets just because their (phishing e-mail entry) target installed software gave each an innocent looking inner mark. Also a Dutch Ministry was targeted before by Cozy Bear, so the Dutch cyber guys had some extra experience with APT-28.
          Massive NSA hardware only follows known programmed patterns.

          The Dutch newspaper writes casually as if hacking the DNC apart from Foggy Bottom and the White House etc. was interfering with the US elections. Not in my view. Cozy Bear was inside Washington ever since 2014; the CIA hacked the German parliament in 2015, including Merkel’s mobile phone. Standard unrestricted spook business on both sides.

        • AntonyIndia
          Posted Jan 27, 2018 at 11:56 PM | Permalink

          Correction: the CIA targeted Merkel’s phone number at least since 2002, with president G.W. Bush approval apparently. http://www.spiegel.de/international/germany/cover-story-how-nsa-spied-on-merkel-cell-phone-from-berlin-embassy-a-930205-2.html
          The Russians were playing catch up…

        • Don Monfort
          Posted Jan 28, 2018 at 2:20 AM | Permalink

          very dumb:”Massive NSA hardware only follows known programmed patterns.”

          http://foreignpolicy.com/2013/10/15/the-nsas-new-code-breakers/

        • AntonyIndia
          Posted Jan 28, 2018 at 3:30 AM | Permalink

          Even machine learning and AI are human programmed = with flaws.

          Unless the NSA system has morphed into autonomous HAL 9000 offspring https://en.wikipedia.org/wiki/HAL_9000

        • Don Monfort
          Posted Jan 28, 2018 at 11:25 AM | Permalink

          This is why you are a non-entity. The NASA hardware and software systems are a very big very expensive very sophisticated tools. Like a very big hammer and very sharp chisel. And then they got a lot of highly skilled very creative sculptors. Then they have there little helpers in several other agencies. You underestimate their art. You should get somebody to read that foreign policy article to you.

        • mpainter
          Posted Jan 28, 2018 at 11:48 AM | Permalink

          Moonfart sez: “very big,very expensive, very sophisticated..very sharp…very big…highly skilled…longer stronger…thicker quicker…slicker [thumps chest]”

          As for the publication Foreign Policy, it is not a credible journal of anything. See my comment below (Trump orders his “aides to smear…”)

        • Don Monfort
          Posted Jan 28, 2018 at 12:58 PM | Permalink

          http://foreignpolicy.com/2013/10/15/the-nsas-new-code-breakers/

          Can you point out anything they got wrong in this piece, little emotionally overwrought dude?

        • mpainter
          Posted Jan 28, 2018 at 1:22 PM | Permalink

          The NSA brags and Moonfart slurps. Myself, I would build a scaffold a quarter of a mile long and start hanging intelligence types. Nothing in the world poses such a threat to our freedoms and liberties as does this evil all-powerful intelligence apparatus operating in the perpetual dark, unaccountable, unchecked, the ultimate force of an evil empire with absolute power. Nothing the U.S. faces in the world justifies this evil force. And you applaud this maignancy. So much for you.

        • Don Monfort
          Posted Jan 28, 2018 at 2:29 PM | Permalink

          nutcase

        • AntonyIndia
          Posted Jan 29, 2018 at 12:05 AM | Permalink

          Don, good to hear that the NSA & co are infallible and see and hear everything. To do all US taxpayers plus all other Internet connected people in the US and abroad a favor president Trump should cut the NSA & co budgets to maintaining levels. Like what he is planning for climate research which is equally sure it knows everything about “global climates”, taper their funding – the goal is reached.

    • JDD Ohio
      Posted Jan 27, 2018 at 7:09 PM | Permalink

      What is puzzling to me, is that if the Dutch knew about it, it seems like the Americans would have been informed much earlier than January of 2018. Does anyone have any ideas that would explain the delay?

      • AntonyIndia
        Posted Jan 27, 2018 at 10:19 PM | Permalink

        The Dutch (not part of the 5 eyes) informed the NSA liaison in the US embassy in The Hague already in 2014. Plenty of cooperation follows; the Dutch might have gotten some info regarding flight MH17 in return.
        My view: The security mess on the DNC’s servers is not fully the US government cyber agencies domain; it is also a political mine field. “Russia, Russia” was just a convenient excuse for the Clinton fan club to plaster over her unexpected loss and mask the mess inside the DNC.

        • AntonyIndia
          Posted Jan 28, 2018 at 3:06 AM | Permalink

          As till when the Dutch were inside Cozy Bear: they write cryptically “between 1 and 2 1/2 years”. In 2016 the Dutch execs talked personally with Clapper and Rodgers.

    • AntonyIndia
      Posted Feb 4, 2018 at 7:45 AM | Permalink

      The leading Dutch journalist in this story told that the mini Dutch “nsa” is till now legally confined to hacking, unlike big brother NSA which can trawl and store all fibre data. He also repeated that the Americans and Brits hack even more than the Russian government. He does not believe that Trump’s election victory is due to Russian hacking. The DNC hack was just routine stuff for Moscow (no need for any Trump prompting).
      His newspaper Volkskrant is a la NYT/Guardian quite anti Trump as president.

      • mpainter
        Posted Feb 4, 2018 at 12:06 PM | Permalink

        For DNC hacking by Russia, we have only the word of a politically corrupt U.S. IC and CrowdStrike. I need better than that. I don’t claim that the Russkies did not or would not, just that my skepticism will not allow me to swallow this claim without convincing evidence. There are too many actors who would have a motivation to do this, including our friends and allies.

  31. Posted Jan 26, 2018 at 5:47 PM | Permalink

    https://www.motherjones.com/kevin-drum/2018/01/new-report-says-dutch-have-absolute-proof-russia-was-behind-2016-election-hacking/

  32. mpainter
    Posted Jan 26, 2018 at 8:04 PM | Permalink

    Now the news is that State Department employees are “lawyering up”. They complain of being unappreciated.
    My take: there are lots of liabilities in the DoS, some criminal. ha ha ho ho. The handwriting is on the wall and they are frightened. Some will no doubt turn states evidence.

    Recall Obama’s month long sojourn in Tahiti last spring? Tahiti is a French protectorate which means they devise their own civil laws and procedures. What an opportunity for an secret transfer of funds. Pretty dumb, because he will not outsmart Trump.

    • mpainter
      Posted Jan 28, 2018 at 5:16 AM | Permalink

      And, irony of ironies, Steele claimed a Russian source for his dossier and now everyone tied to this affair can be FISA’d.
      For collaboration with foreign interference in a presidential election: a UK intelligence type working with Russian intelligence sources to overthrow the trump candidate. AND then used against the duly elected President of the United States.

      Obama has Tahiti for asylum, where he made arrangements last spring for this eventuality. The U.S. has an extradition treaty with France but “political refugees” are excluded. Obama knows exactly what’s coming.

  33. mpainter
    Posted Jan 27, 2018 at 6:14 AM | Permalink

    The top echelon of the FBI has criminal liabilities and they are fighting desperately against Trump. It just released their files on Ailes. This is an unprecedented occurrence, the FBI has never before done such a thing. It is going to get very ugly. They have challenged Congress and Trump both. Desperados run the FBI.

    • mpainter
      Posted Jan 27, 2018 at 6:26 AM | Permalink

      See the latest article on the FBI by Politico. Implied threat against Trump administration. The destruction of the Democratic party is imminent. Obama, Clinton, others are going to prison. Fox has started their series “Scandalous” and will do the next on Obama. Thus the release of the Ailes files. The Democrats are desperate. Interesting times.

      • mpainter
        Posted Jan 27, 2018 at 11:02 AM | Permalink

        Today’s Guardian : “Trump’s Attack Against the FBI is an Attack Against the Constitution”. Screechy despair from the doomed Democrats, through their UK connections. Interesting times. I predict lots more of this sort of screeching. It is an index of the fright that grips these Desperados.

      • Gerald Browning
        Posted Jan 27, 2018 at 11:26 PM | Permalink

        mpainter,

        And Fox news is not biased? Give me a break. The Dutch have shown that the Russians were the hackers (the Bears).
        You make many claims, but no hard evidence. This is not the first time. Your credibility is worthless.

        Jerry

        • Don Monfort
          Posted Jan 28, 2018 at 2:39 AM | Permalink

          Jerry, little painter is on the emotionally overwrought fringe. Sensible Trump supporters will stipulate that it was the Russians what done the DNC. It doesn’t matter. Trump had nothing to do with it.

          However, the real story is that the DNC and Hillary paid the Russians to make up the phony dossier to use against Trump and it seems likely that high level DOJ and FBI officials used that crap to get FISA court approval to spy on Trump and campaign associates. That looks like some bad sheet, Jerry.

          Trump is not attacking the FBI. The FBI will be around another hundred years. We want to weed out the cabal of felonious left-wing political hacks who have been trying to overturn an election. We can’t have that sheet in our country.

        • mpainter
          Posted Jan 28, 2018 at 3:20 AM | Permalink

          Jerry, you choose to believe an unsourced and and unverified (and unverifiable) report on Dutch cyber intelligence. They do not believe it in the Netherlands. There is a plebiscite on cyber security in that country, you see. The voters will vote against the proposed NSA affiliations that is being peddled to them by their government.

          Now, what were you saying about credibility? Look up the definition of “credulous”.

        • mpainter
          Posted Jan 28, 2018 at 3:55 PM | Permalink

          That has occurred to me

      • mpainter
        Posted Jan 28, 2018 at 4:11 AM | Permalink

        Now comes Foreign Policy, another Democratic stalwart, claiming that Trump “ordered his aides” to smear Comey, Baker, and McCabe. Comey and McCabe will probably be charged with obstruction of justice in connection with the Hillary fix and Baker is the one who contacted David Corn of Mother Jones in October, 2016, regarding the Steele dossier in the FBI effort to smear Trump before the election.

        It is obvious that the last ditch of the Democrats is their friendly media, and it is very friendly, indeed. When these hard core FBI democrats are called to account, the MSM will resound with shrieks. When Obama and Hillary get indicted, there will be a wave of suicides amongst journalists, no doubt. Interesting times.

        • Gerald Browning
          Posted Jan 28, 2018 at 1:16 PM | Permalink

          mpainter.

          The war monger at work. Let us see what Muller comes up with. You must be an evangelical from Alabama. 🙂

          Jerry

        • mpainter
          Posted Jan 28, 2018 at 1:42 PM | Permalink

          Mueller has fat chance against Trump. Trump is smarter. Mueller has the authority to charge Trump with obstruction of justice on any pretence, however flimsy the pretense.

          Trump, as a criminal defendant, can claim as a defense a political prosecution and thus has the power to subpoena any and all records that he chooses from any individual, including personal correspondence, bank records, foreign and domestic, etc., etc. It would be a shortcut to achieving his goals. Withholding or deleting such records would be grounds for dismissal, but would Trump ask for a dismissal? So, be careful what you wish for.

          Trump: “I will answer any and all questions under oath”.

        • Don Monfort
          Posted Jan 28, 2018 at 2:27 PM | Permalink

          As usual, you flaunt your ignorance and wildly exaggerate. Criminal defendants do not have the absolute power to subpoena that you just made up in your little mind.

        • mpainter
          Posted Jan 28, 2018 at 3:07 PM | Permalink

          Never said absolute. You would be surprised at the investigative powers accorded to a criminal defendant.

        • Marion
          Posted Jan 28, 2018 at 3:36 PM | Permalink

          The Steele dossier is an utter embarrassment – unbelievable that such a document could have been used to set up a Special Counsel yet such seems to be the case.

          But Guys, what of Liz Crokin’s idea that Mueller and Trump are actually working together in a bait and switch operation – fantastic if true!!! And also seems to have been hinted at in the QAnon intel drops – what exciting times we live in!!!

        • mpainter
          Posted Jan 28, 2018 at 3:57 PM | Permalink

          That has occurred to me. Trump is capable of such a maneuver.

        • mpainter
          Posted Jan 28, 2018 at 4:03 PM | Permalink

          We know that Mueller interviewed for FBI Director, with Trump. So they were in touch before Mueller became special counsel. It is a definite possibility, but a shot in the dark.

        • Don Monfort
          Posted Jan 28, 2018 at 5:18 PM | Permalink

          “…the power to subpoena any and all records that he chooses from any individual…”

          That would be absolute subpoena power. The ravings of a wingnut. Try to calm down.

        • mpainter
          Posted Jan 28, 2018 at 5:40 PM | Permalink

          For example, those individuals associated with the Atlantic Council. Alperovitch, for example. Takes imagination but you realize that everything is known about such a group. Trump will have all the resources of intercepts, etc. Then from Alperovitch to others in CrowdStrike. This sort of thing can be repeated as often as needed. One big clustef*ck is the swamp. It will be easy. As I said, you need imagination to visualize it but, yeah, I know, you have none, poor, dull fellow that you are. With your Johnny one note Putin fixation. Tsk, tsk.

        • mpainter
          Posted Jan 28, 2018 at 5:56 PM | Permalink

          The possibilities are vast. Trump is not the unimaginative type and he will find ways to mine the whole swamp and more. Do not underestimate Trump. He will have an insuperable advantage as a criminal defendant.

        • Don Monfort
          Posted Jan 28, 2018 at 6:33 PM | Permalink

          What you have is not imagination. Clinically, it’s called hallucination. Stop the clowning. You are worse than clueless.

          Trump is not going to be a criminal defendant. That is just a left wing nut and right wing nut hallucination. The worst that Mueller can do is concoct a phony political case for unindictable obstruction. I suspect he is inclined to do that, but might consider that his own place in history would be better served by playing it straight and simply announcing no crimes have been done. But I know this will sail way above your little pointy conspiratorial head. Put on your tin foil hat and think about it. Or, not.

        • mpainter
          Posted Jan 28, 2018 at 6:40 PM | Permalink

          Dear Don, you forgot to mention Putin, and what a#!+! KGB ®¢¿! Stalinist #&¥! evil thinking !$&## he is. It must have slipped your mind, though I’ll admit that seems most unlikely.

        • Don Monfort
          Posted Jan 28, 2018 at 6:50 PM | Permalink

          clown Putin apologist

    • mpainter
      Posted Jan 27, 2018 at 7:53 AM | Permalink

      The “smoking out” phase is over. Jeff Sessions in a speech yesterday pledged to “de-politicize” the DoJ. He also welcomed outside criticism of the DoJ. Finally, the recumbent Sessions has bestirred himself.
      He also announced the appointment of a new General counsel at the FBI. The Obama holdovers will not accept their fate quietly, but kicks against their fate won’t help. IG report is due in a month or so.

  34. mpainter
    Posted Jan 28, 2018 at 3:44 PM | Permalink

    We shall get to the bottom of the FBI “secret society”.
    This was likely an informal grouping convened for the purpose of discussion and decisions on tactics, etc. This one has the media screeching full volume but Johnson says that there is an informant.

    Trey Howdy calls for Strzok and Page to testify before the House. Here is the crunch..will they take the fifth?

    • mpainter
      Posted Jan 28, 2018 at 6:30 PM | Permalink

      My hunch is that they will give testimony and not lie and face dismissal, prison, etc. Strzok and Page are hostage to the situation. They are in the position that many are in. Bruce and Nellie Ohr, for example. They will be dismissed if they refuse to testify. Their best hope would seem to be cooperation. The awful “obstruction of justice” hangs over the head of all, and they are dependent on their jobs for support.

      Their will be lots of plea bargaining, I imagine, and the trail leads to the Whitehouse. Screeches galore.

  35. Marion
    Posted Jan 29, 2018 at 12:29 AM | Permalink

    Draining the swamp was always going to be an impossible task – but it’s starting to happen!! WOW!!

    Inevitably it will take time but can’t wait till the Clintons face justice and the Clinton Foundation taken to task for the theft of the Haitian funds.

    The Cabal finally seems to be falling.

  36. mpainter
    Posted Jan 29, 2018 at 10:41 AM | Permalink

    The matter of the Ohrs, Bruce and Nellie, intrigues me. Bruce no doubt was interviewed by the DoJ IG in December. He would have cooperated because he has no choice. This man was high in the Obama DoJ, as Associate Deputy Attorney General. He knows a lot. Nellie, the Russian specialist with her ham radio, must have communicated with some source in her help in preparation of the Steele dossier. I imagine that the IG has a good idea of what Nellie was up to. Bruce Ohr would not have refused to answer any question.

    Did Nellie communicate with Russian sources with her ham radio? I’ll bet she did.

    Now Feinstein threatens to mob Trump’s State of the Union address with illegal aliens. Screeches and shrieks galore.

    • mpainter
      Posted Feb 3, 2018 at 12:49 PM | Permalink

      The FISA memo revealed nothing about Nellie’s use of her HAM radio. It only referred to her role “to assist in the cultivation of opposition research”

      If sources were derived from Russian intelligence, then the Democrats, the FBI, and the IC have conspired with foreign intelligence to overthrow the presidential election process. That is criminal. It is treason. Is this what Trump meant when he uttered the word “treason”? We needed to know whom Nellie communicated with on her radio.

  37. mpainter
    Posted Jan 29, 2018 at 10:49 AM | Permalink

    The destruction of the Democratic party is imminent. If Feinstein carries out her threat to mob Trump’s address with illegal aliens, she deserves expulsion from the Senate. The Democrats are in an absolute panic and they have lost their heads; probably because they see doom inexorably stalking them. They are in a room without doors or windows and the walls are closing in. Thus the Democratic party implodes.

  38. mpainter
    Posted Jan 29, 2018 at 1:23 PM | Permalink

    More screeches and shrieks are on the way. The House Intelligence Committee votes today on whether to release the FISA memo. Could be released tomorrow.

    Andrew McCabe just stepped down, effective today. Director Wray was shown the memo yesterday, on Capitol Hill. McCabe resigned this morning. Apparently McCabe admitted the truth of the memo and saw the need to go.

    I predict that the screeching will be somewhat muted by the release of the memo. There is a rumor that it puts Rosenstein in the crosshairs. We shall see.

  39. Marion
    Posted Jan 30, 2018 at 1:33 PM | Permalink

    I expect both Strzok and Page will both plead 5th. Perhaps too dangerous to do otherwise. (Clinton Body Count comes to mind)

    Nellie Ohr’s HAM radio is rather intriguing though. Ironic that so far the only Russian collusion has been from the Democrats.

    But of course we can’t expect the ‘Mockingbird Media’ to cover any of this (great terminology from Hagmann lol!!)

  40. Marion
    Posted Jan 30, 2018 at 1:45 PM | Permalink

    I suspect that Nellie Ohr was the main author of the ‘Dossier’ though – with Christopher Steele simply providing a veneer of “Intelligence” .

    Though one wonders how anyone could possibly describe such a document as “Intelligence” and how any judge could issue a FISA warrant based on such. So much corruption. Trump certainly faces a mammoth task.

    One urgent priority though must be to clear the Soros rigged fractional voting counters. No wonder he thinks that 2018 will bring a landslide for the Dems!!

    • barn E. rubble
      Posted Jan 30, 2018 at 3:12 PM | Permalink

      I’m not sure if this was posted already upthread but for those of us having a problem following the players/conspiracies/and just following orders, this program sheet may help.

      https://pbs.twimg.com/media/DUuw4vZUQAUPRyn.jpg:large

      • Marion
        Posted Jan 30, 2018 at 4:16 PM | Permalink

        Yep – fascinating document – would like to see Rod Rosenstein on there too and then those players involved in the Uranium One scandal identified.

        Seems to me that the false charges of ‘Russian collusion’ against Trump was a distraction from the real charges of Russian collusion that could be levied against Clinton, Obama and co.

        • barn E. rubble
          Posted Jan 30, 2018 at 5:53 PM | Permalink

          RE: Marion, “Yep – fascinating document – would like to see Rod Rosenstein on there too . . .”

          Ross Mc. has a very nice summary and is quite clear it is ‘opinion’ not proven fact. However he does make sense and does connect most of the dots . . .

          https://www.rossmckitrick.com/uploads/4/8/0/8/4808045/nunesmemo.pdf

  41. mpainter
    Posted Jan 30, 2018 at 5:12 PM | Permalink

    More Screechy headlines: second Trump dossier, this one written by Cody Shearer, a journalist, haha. No doubt this will be known as the dirtier dossier.
    Next comes the dirtiest dossier, haha. Screeches galore. Maybe they will have a contest and award prizes. Hollywood can institute another awards ceremony and pass out little golden cudgels.

  42. Frank
    Posted Jan 30, 2018 at 5:15 PM | Permalink

    Don wrote about mpainter: “You just keep making crap up and ignoring the facts. Ukraine did not invade Russia. I never claimed that Crowdstrike and Alperovitch are reliable and honest. Admiral Rodgers is reliable and honest. That is why he is Trump’s Director of NSA. And your “feeling” that Ukrainian fingerprints are all over the DNC hack is a very foolish feeling. If the Ukrainians are against Trump why would they expose the DNC emails? Try to come up with a coherent and logical story. That is all the time I have for your foolishness. Just be very happy and grateful that Trump won. You don’t need to make up a lot of dumb crap to defend him.

    Don, haven’t you noticed the parallels between mpainter and the Donald. Both believe that “the truth” is whatever they need or want it to be on any given day, even if they read it at some fringe website. Admiral Rodgers proved the Russians hacked the DNC, followed later by Putin tells me they didn’t. I taped my conversations with Mr. Comey; maybe not. Mexico will pay for the wall … I’ll agree to a deal on DACA if it includes money for a wall. Re-tweeting fake anti-Muslim videos from a British hate group. Perhaps both exaggerate for political effect, something that makes a scientist like me uncomfortable. There may be some merit – as well as risk – in making our enemies feel uncertain about what our president might do, but I don’t think it helps with friendly foreign leaders or Congress.

    Don wrote: “Don’t let the trumped up impeachment drumbeat get to you, Frank. It’s left loon fantasy. Seven more years! The worst that Mueller can do is concoct a phony political case for unindictable obstruction.”

    Senator Graham said on one of last Sunday’s talk shows that firing Mr. Mueller would be the end of Trump’s presidency. Graham may be a RHINO, but he isn’t a left loon.

    • mpainter
      Posted Jan 30, 2018 at 6:02 PM | Permalink

      Frank says “…parallels between mpainter and the Donald…”

      ###

      I deny that I am the Real Donald Trump.

      mpainter

    • mpainter
      Posted Jan 30, 2018 at 7:00 PM | Permalink

      Brace yourself Frank, it’s going to get a lot worse. There are only stagnant pools left of the swamp. The bellows, croaks and hisses only reveal the distress of the swamp crawlers. Have you ever seen how a harpoon works? Bloody, but effective.

  43. mpainter
    Posted Jan 30, 2018 at 6:09 PM | Permalink

    There’s more to come in House and Senate investigations. By the time it all comes out, Mueller & Goons will be wishing that they were doing something else. Weissman is in the crosshairs. He will go, and all his work will have to be reviewed. Trump and the Republicans have this in hand, no sweat.

    • Frank
      Posted Jan 31, 2018 at 2:44 PM | Permalink

      Getting defendants to cooperate was Weissman’s specialty. That doesn’t make him a “goon”. If he departs, the confessions of Flynn and others aren’t going to disappear as evidence.

      IMO, however, Weissman’s public praise for Acting AG Sally Yates should have disqualified him from this investigation. The DoJ is supposed to work under the direction of the president and help him implement policies to protect us from terrorists. Based on the campaign, Sally Yates judged that the president was motivated by anti-Muslim prejudice, refused to implement his new policy, and encouraged others in the DoJ to do the same. Outside attorneys challenging the new policy have the responsibility for presenting evidence of Trump’s prejudice to the courts. It was the job of the DoJ and Yates to advise and defend the president, not judge him. Yes, the president didn’t consult with the DoJ before deciding on the new policy and that policy was so poorly devised it needed to be withdrawn and revised within months. IMO, the policy is probably hurts us more than helps us. Those were reasonable grounds for quietly resigning. However, the Supreme Court has shown no sign of wanting to interfere with the president’s constitutional responsibility to protect the country through immigration policy – meaning Sally Yates was grossly wrong in her assessment of the fundamental issues. Anyone who felt an urge to publicly support her was equally wrong.

      • mpainter
        Posted Jan 31, 2018 at 3:23 PM | Permalink

        Mueller made a tactical error by recruiting Trump hating goons for his team. It is all too obvious and he is discredited right from the start. Republican Congress is not fooled.

        So what does the swamp gain? More fodder for the screeching democratic press that no one takes seriously, except for trump haters.

        The whole swamp is motivated by malice toward Trump, a consuming, incandescent malice that robs them of intelligence. The Democrats looked like death row at the sofu address. Mueller can’t save them.

      • mpainter
        Posted Feb 1, 2018 at 9:57 PM | Permalink

        And yes, Weissman is a goon. It’s well documented, Frank. Books have been written about DoJ goons. They need to be corrected. In a correctional institution.

  44. mpainter
    Posted Jan 30, 2018 at 6:28 PM | Permalink

    And, there will be a special counsel appointed to investigate the special counsel. But don’t let Rosenstein handle it; he’ll appoint James Comey.:-)

    • mpainter
      Posted Jan 30, 2018 at 11:35 PM | Permalink

      And now Rosenstein maneuvers to make himself the darling of the MSM by appealing to Trump to suppress the memo because it would “set a dangerous precedent”.
      Making sure, of course, that the WaPo has the story before he sees Trump to deliver the appeal.

      The WH announced that the DoJ had no role in the decision. May that wretched Sessions rot.

      • Frank
        Posted Jan 31, 2018 at 2:56 PM | Permalink

        I didn’t like it when Diane Feinstein’s committee issued a biased report about the effectiveness of enhanced interrogation, which the CIA and Republicans objected to. I don’t think the Republicans should be politicizing this investigation in a similar manner. Hopefully a compromise statement agreeable to all or one summarizing both areas of agreement and disagreement can be devised.

        • Don Monfort
          Posted Jan 31, 2018 at 5:52 PM | Permalink

          You don’t yet know if the Republicans have politicized the investigation in a similar manner. Get back to us after you have read the report. And there is not going to be any compromise. The dims report will come out following the same procedure as the majority report. Trey Gowdy is a prosecutorial impresario, he doesn’t BS and he has nailed those suckers. The dims are running scared. They looked pathetic sitting on their hands being schooled by The Donald last evening. Trump rules!

        • Frank
          Posted Feb 1, 2018 at 5:54 PM | Permalink

          Don: You are correct that I don’t yet know if the Republicans have politicized their report. However, I do know that the FBI claims there are errors of omission, some of which they may not be publicly correctable because the omitted information is confidential. I personally am very frustrated that they haven’t been able to release anything telling us how the Steele dossier was used to obtain FISA warrants. Did the tell the judge that Steele was being paid by the DNC? If they didn’t, admit that they made a mistake and move on. Either the FBI does have some legitimate reasons for holding back on this material or they are incredibly stupid. The truth will emerge sometime.

          The really interesting question was whether or when the told Trump that Steele was being paid by the DNC when he informed Trump of the dossier’s existence.

          Gowdy is a sharp dude. He has criticized the DoJ for holding back information on how the Steele dossier was used. FWIW, he has also expressed confidence that the Mueller will produce reliable information.

        • Don Monfort
          Posted Feb 1, 2018 at 6:23 PM | Permalink

          My guess is that the reflexive bureaucratic institutional response of the FBI/DOJ will continue to be a defensive with a claim that the operation was done more or less by the book. Maybe some mistakes were made, but nothing was nefarious. Of course, that is possible. They don’t want names named, because the alleged culprits are their co-workers and pals. The blue wall syndrome. My opinion is that if they used the Steele BS in any warrant application they should be disposed of with as much prejudice as possible. They are either complete idiots or traitors.

          I believe Trump found out the DNC and hillarity funded the Steele crap when the rest of us found out. Haven’s seen any credible report on when the FBI/DOJ and other intel agencies knew. That will be very interesting to find out.

          Meanwhile, the dims are in the deep doo doo and it is likely to get deeper tomorrow.

          In desperation they have turned to this callow youth:

          The current bearer of the Kennedy Crown. The clown has the crown, but he doesn’t have the family jewels that Jack had. And that’s no silver tongue in his mouth. It’s just the spoon.

          Let’s take this up again tomorrow, Frank. Should be fun. Trump rules! Yuuger and yuuger. Atlanta Fed forecasting 5.4% first quarter GDP growth. Wow! MAGA!

        • mpainter
          Posted Feb 1, 2018 at 7:03 PM | Permalink

          No silver spoon in his mouth but a trickle of saliva at the corner, as duly reported in the media. Easy to spot.

          Thank you, Democrats.

        • mpainter
          Posted Feb 1, 2018 at 7:54 PM | Permalink

          Trey Gowdy has just announced his retirement from Congress. He finds the partisanship distasteful and seeks fulfillment outside of politics, naming the justice area.

          Many of his colleagues do not share his view of Mueller. Mueller has loaded his team with democrats and leaks every development to the media. He is too obvious, but Gowdy lacks the stomach for partisanship.

        • Frank
          Posted Feb 2, 2018 at 12:47 PM | Permalink

          Don: The Steele dossier has always been described as paid opposition political research – even back in the Mother Jones article before the election. The details of that funding – from the DNC through Fusion GPS, rather than privately through some rich Democrat contributor – don’t appear to have been known until late summer 2017. So Trump could have been have been tweeting about paid opposition political research since January. Mr. Comey had an ethical obligation to inform Trump and eventually Congress and the public about the DNC funding when he first discussed the FBI’s investigation.

          The fact that the money came from the DNC (which hired an established organization with a reputation to preserve) should have made us take the research more seriously than if it had been paid for by a private donor and carried out by someone with little to lose. But it certainly looks far worse politically.

        • Frank
          Posted Feb 2, 2018 at 1:08 PM | Permalink

          mpainter wrote: “Many of [Trey Gowdy’s] colleagues do not share his view of Mueller. Mueller has loaded his team with democrats and leaks every development to the media. He is too obvious, but Gowdy lacks the stomach for partisanship.”

          Mueller has worked most recently in New York and DC, where the vast majority of attorneys capable of working on his investigation as Democrats. Qualified Republicans would not have been eager to join his team, and those from red states wouldn’t want to move to DC for a temporary position. The composition of his team reflects this reality. If the investigation were being run out of Houston, there would be more Republicans on it.

          Every investigation in every jurisdiction leaks. That is why you see videos of dozens of arrests on the nightly news every month. Other leaks are meant to signal to defendants that your last chance to cooperate before indictment is about to end.

          Gowdy has been one of the Republican’s most effective interrogators of witnesses from the Obama administration. He was extremely critical of Comey’s email decision. However, having worked as the US Attorney for South Carolina, he objects to the idea being spread by the WH and other Republicans that the DoJ as a whole is too politically biased to do their job.

        • mpainter
          Posted Feb 2, 2018 at 1:17 PM | Permalink

          Frank, new angle: Tom Fitton today characterized it as DNC $ was used by the DOJ and FBI to secure illegal FISA warrants. This is even more serious, a sort of political racketeering. Lots of legal questions, criminal and otherwise. There is no doubt that the salacious parts of the dossier were fabricated. This trail leads to the Obama Whitehouse through Bruce Ohr. As do many other trails.

          Mueller will not be a party to any frame up of Trump, now. He will be thinking of himself. Soon there will be no democratic party left.

        • mpainter
          Posted Feb 2, 2018 at 2:25 PM | Permalink

          Upon reflection, it seems obvious that Gowdy is destined for the next Supreme Court opening, which should be soon.

          Naturally Gowdy knows this and makes public remarks appropriate for such a nomination.
          Bottom line, Gowdy’s remarks on Mueller, etc. are not necessarily representing his real beliefs. All of his colleagues will understand the reason for this posturing.

          In the meantime, Chairman Gowdy, with his powerful discretion of subpoena, will be working hammer and tongs on the scandals within the Obama/Hillary crowd.

          As for the democratic Mueller goons, they must be desperate. Also, Rosenstein renewed the FISA warrant in April, 2017, when it was known to be flawed.

        • Don Monfort
          Posted Feb 2, 2018 at 4:32 PM | Permalink

          Gowdy obviously going to the Supreme Court? You got a reflection? [*]

        • mpainter
          Posted Feb 2, 2018 at 8:11 PM | Permalink

          And Frank, it’s no good trying to explain away Mueller’s goons. The DoJ does not breed honest types, if Ohr, Lynch, Rosenstein, Holder, Comey, Strzok, Page, Baker, Priestap, McCabe, Sally hoosit, and others are what come up on the dipstick. A disgusting cluster of Obama swamp crawlers.

        • Don Monfort
          Posted Feb 2, 2018 at 9:24 PM | Permalink

          I currently suspect that Priestap is a good guy. There was no negative mention of a bad action by Priestap in the memo. He was said to have described the corroboration of the dossier as being in its “infancy” at the time of the initial FISA application. Also, Comey testified to Congress that they had not been notified of the dossier because Priestap suggested that it was too sensitive to be revealed during the election. I suspect that he was more concerned about Democrats leaking the story than Republicans, who would have had not motivation to sink Trump-excepting the never Trumpers, who he might have also been concerned about. What do you think, genius? Maybe Priestap is working for the Ukrops? Let’s lock him with the others, just for general principle.

        • mpainter
          Posted Feb 2, 2018 at 10:12 PM | Permalink

          Strzok reported to Priestap, who did not say “no corroboration/verification, then no FISA application”. Instead, he approved. Comey approved. Rosenstein approved. None said “what verification?”. [*]

        • Don Monfort
          Posted Feb 2, 2018 at 11:06 PM | Permalink

          Show some evidence that Priestap approved of any FISA application. He didn’t sign any, according to the memo. The only mention of Prietstap in the memo indicates that he told the truth about The Steele dossier. Nothing negative about Priestap in the memo. D[*]

        • mpainter
          Posted Feb 2, 2018 at 11:51 PM | Permalink

          Prove that Priestap was unaware of his subordinates work. If he knew and submitted it to McCabe, that is his approval. [*]

        • Don Monfort
          Posted Feb 3, 2018 at 12:06 AM | Permalink

          Well, Strozk and his girlfriend apparently met with Andy in his office. Andy is Priestap’s boss. There was a cabal of Trump haters at the top of the FBI and DOJ. Priestap was not necessarily one of them. I currently suspect that he wasn’t. I have not seen any accusation of wrongdoing against Priestap.

          [*]

        • Frank
          Posted Feb 3, 2018 at 3:38 PM | Permalink

          mpainter: Trey Gowdy might make an excellent Supreme Court Justice, but getting him approved would be a big fight. Running as a Republican in South Carolina, he must have a vocal record on the right-to-life. He hasn’t clerked for a Supreme Court or other influential justice, so he doesn’t have practical experience with constitutional law. Gorsuch had a less public record as a conservative and more expertise on constitutional law. He would make a great AG.

    • mpainter
      Posted Jan 31, 2018 at 6:31 PM | Permalink

      And the “da ngerous precedent”? Is Rosenstein thinking of himself? We have Bruce Ohr; who else in the DoJ have liabilities when everything is put in the light?
      Rosenstein was involved in the Uranium One whitewash, was he not? In fact, Rosenstein is a holdover that shares liabilities from the Obama era. There are many in the DoJ that will be discomfited by the light of day. Piss on Sessions for allowing these worms to gnaw away.

  45. mpainter
    Posted Feb 1, 2018 at 7:56 AM | Permalink

    The latest screech from the NYT:
    Hope Hicks “considered” obstructing justice by blah blah. Pure invention.

    Mueller is going out with a whimper. Some say that the FISA memo will obviate the basis of Mueller’s work. The Russian “interference” will be exposed as a deep state sham, a fabrication.

    The congressional investigations will continue. The memo (to be released soon) is just the beginning of a series of colossal rockets to be exploded in the camp of Mueller, deep state, democrats.

    We are witness to the destruction of the Democratic party. Guess what famous icon of purity and goodness is responsible. By the time Obama reaches the slammer, the exploded and scattered Democrats will be reviling his memory.

    • mpainter
      Posted Feb 1, 2018 at 10:50 AM | Permalink

      And democrats like Maxine Waters of California is giving a big boost to the dismantling of her party.
      It’s just been reported that she demands that a “parental advisory” be issued on each occasion Trump is shown on TV. Children need to be protected, she said. The woman is deranged by hate and fright.
      Thus the Democrats remove themselves further and further from mainstream America.

    • mpainter
      Posted Feb 1, 2018 at 10:56 AM | Permalink

      Of course, Obama may never reach the slammer because he might slip off to Tahiti before he’s nabbed for obstruction of justice. And criminal violations of security law. And whatnot.

      • Don Monfort
        Posted Feb 1, 2018 at 6:34 PM | Permalink

        Obama is more likely to take refuge with his pal Putinksi, a la the lesser traitor Snowden. After all, Obama did let Soviet KGB dictator Putinksi run wild. He even let Soviet KGB dictator Putinski help negotiate the the farce that gave the Iranians the assured path to the bomb and the big cash payoff. Yet there are some misguided Americans, who think they have to defend Putinski, for Trump’s sake. How dumb is that.

        • AntonyIndia
          Posted Feb 1, 2018 at 8:59 PM | Permalink

          If Snowden is a traitor in your view I wonder what Clapper is, or Comey?

        • Don Monfort
          Posted Feb 2, 2018 at 2:12 AM | Permalink

          [*] Of course we would prefer to have better relations with Russia, but that #$@^*ng Putinski is a Soviet KGB dictator and he will not behave like a civilized human being. [*]:


          [*]start at 11:00: “Russia is not our friend.”

          Now say that Nicky doesn’t know the policy.[*]

        • Don Monfort
          Posted Feb 2, 2018 at 2:14 AM | Permalink

          corrections: “blaming” and “Nikki”
          not that the pathetic one will notice

        • Don Monfort
          Posted Feb 2, 2018 at 2:21 AM | Permalink

          I am not sure about Comey. He may just be a misguided delusional bumbling idiot. But Obama stooge lying Clapper is definitely a traitor. I would be perfectly happy if Comey is nailed by the memo. I don’t like that big crybaby.

        • Don Monfort
          Posted Feb 2, 2018 at 2:36 AM | Permalink

          Frank question: “The really interesting question was whether or when the told Trump that Steele was being paid by the DNC when he informed Trump of the dossier’s existence.”

          I’ll expand on my reply above. I am almost certain that they didn’t tell Trump that the DNC and HRC had funded Steele. The Donald would not have kept that to himself. That story didn’t come out until October, 2017. The blockbuster question is: When did the FBI, CIA, DNI et al know and was the source of the funding and the impetus for the so-called dossier revealed to the FISA court?

        • mpainter
          Posted Feb 2, 2018 at 2:41 AM | Permalink

          Who is confused? Of course Russia is not our friend. And Trump wants to improve relations with Russia. One of his goals.

          [*]

        • AntonyIndia
          Posted Feb 6, 2018 at 9:58 PM | Permalink

          CIA head Brennan had his outfit spy on a US Congressional inquiry in his service’s torture program. In 2014 he apologized to Congress and got away with just that!!!

  46. mpainter
    Posted Feb 2, 2018 at 8:39 AM | Permalink

    Screeches reach a crescendo. Has turned into comedy

    NYT: Trump has defied the FBI ; Trump will lose

    WaPo, CNN, others screeching their socks off

    Trump tweets: democrats have politicized the DoJ

    Now comes the first of a barrage of colossal rockets to explode amongst the dems. IG report due in March. Much more to come.

    The most powerful committee chairman is Gowdy of House Government Oversight. He has complete discretion of subpoena. He can issue a score or more at once, on his own discretion (no other chair has such power of sole discretion). The fun begins.

    • Don Monfort
      Posted Feb 2, 2018 at 12:46 PM | Permalink

      [*]

      https://fas.org/sgp/crs/misc/R44247.pdf

      • Frank
        Posted Feb 3, 2018 at 2:32 PM | Permalink

        Don and mpainter: As I read page 8 of the document Don linked on the powers of committee chairs, Trey Gowdy has the power to issue subpoenas on his own, but he is not the only chair with this power.

        Of course, subpoenas are often challenged, ignored or delayed. I believe a vote of the whole House or Senate is required to undertake legal proceedings to enforce a subpoena and months (to years) to resolve a case. In very contentious situations, the serious negotiating about what information will be delivered only occurs after the House or Senate vote to enforce the subpoena (contempt of Congress?). That could take us into 2019, potentially giving the Democrats the power to stop any enforcement action.

        I suspect that all this maneuvering will merely set the stage for Mueller’s report on Russian interference with our election and the IGs report on the email investigation. The most serious charge – the FBI or IC tried to influence the presidential election – is a joke. Despite all of the rumors spread by Democrats, no news organization reported that someone currently working for these organization confirmed the existence of an investigation into Steele’s allegations. If none of Steele’s novel revelations are ever confirmed, we were within one “anonymous source in the FBI confirmed the existence of an investigation …” away from the biggest, and possibly most successful, dirty trick in our election history.

        • mpainter
          Posted Feb 3, 2018 at 3:34 PM | Permalink

          Frank, one of only three chairs with that power, right. A new law provides expedited subpoena rulings and court imposed sanctions on those defying subpoena. Government personnel can no longer defy subpoena. The Republican Congress is armed to the teeth. Contempt of congress now carry court imposed fines and these cannot be paid by government funds. See Wikipedia.

          Gowdy, other committees are involved. Senate too. Never before has congress teamed with executive in such an investigation. Absolutely unprecedented. The swamp will be slaughtered in State, IC, DoJ, wherever. Much more to come. FISA memo only tip of the iceberg. Trump claimed treason on January 11. He knows what happened. Obama orchestrated treason? He was the motive force behind it all. There is no question that the Page FISA was contrived illegally. It will all come out. If Sessions or Wray do not cooperate fully, Congress will act. All Trump Republican critics now overawed by Trump’s success.

          Another player: Tom Fitton and Judicial Watch. Fitton is very close to Trump, is very effective. He is point man in a lot of the investigation. The democrats will be scattered. We witness their deaththroes on tv. Their defenders dwindle. Poor Democrats.

        • mpainter
          Posted Feb 3, 2018 at 3:45 PM | Permalink

          Judicial Watch has just sued the DoJ for all documents related to the Page FISA. Most inclusive and comprehensive demand for all related material. We shall see if DoJ, FBI prepared to cooperate with investigation. This matter is a test of sessions, Wray, and where they come down.

        • Frank
          Posted Feb 3, 2018 at 3:53 PM | Permalink

          mpainter wrote: “Contempt of congress now carry court imposed fines and these cannot be paid by government funds.”

          It took more than six months for a subpoena to deliver information about the use of the Steele dossier in the FISA warrant for the Russia investigation. Perhaps the rules are tougher now, but a subpoena can always be challenged and will always require House or Senate approval before going to court.

        • mpainter
          Posted Feb 3, 2018 at 4:55 PM | Permalink

          Non sequitur Frank. I refer you to my previous comment.

  47. mpainter
    Posted Feb 2, 2018 at 10:21 AM | Permalink

    Meanwhile, in the UK, Theresa May is under the gun. I think that the FISA memo will implicate her government in the Steele dossier matter. If so, May will be popped out of 10 Downing like a cork from a bottle.

    Trump’s power grows day by day. Leadership depends on the man. Projected first quarter growth of 5.4%!! This will have a profound effect on the leaders of the world. Adios, climate scientists, alarmism,and such garbage.

    • mpainter
      Posted Feb 2, 2018 at 3:06 PM | Permalink

      Note the date of the Page FISA: October 21, over three weeks after the FBI learned of the last trove of Hillary emails. This Page surveillance is the “insurance”. The Weiner affair panicked them into the Page FISA, hoping to get some dirt on Trump. It did not pan out, but they maintained the fiction, renewing the (flawed and illegal) FISA every ninety days. This surveillance supported the fiction of Russia Russia Russia and the investigation of Trump by the FBI (which Comey lied to Trump about). Rosenstein renewed the FISA last April. It will all come out.

      Mueller has no basis for an investigation. There is no evidence of Trump collusion with Russia, no reason for suspicion.

    • Frank
      Posted Feb 3, 2018 at 6:02 PM | Permalink

      mpainter fantasizes: “Meanwhile, in the UK, Theresa May is under the gun. I think that the FISA memo will implicate her government in the Steele dossier matter. If so, May will be popped out of 10 Downing like a cork from a bottle.”

      Ms. May is “under the gun” because she lost a gamble calling an early election and now needs to shepherd a coalition government through the reality of Brexit. Polls for the last year have the Conservatives and Labor in a dead heat, despite the presence of Jeremy Corbyn at the head of Labor. The UKIP is polling 3%.

      Steele last worked directly for the UK government in 2009.

      After Trump’s exchange of Tweets with PM May at the end of November 2017, the UK was united behind May in her battle of words against Trump. Even Nigel Farage said:

      “Put your hands up, say ‘I got this wrong,’ and, frankly, try to move on,” Mr. Farage advised Mr. Trump”.

      After Brexit, the Brits need a trade deal with the US. Our masterful negotiator is so unpopular in Britain he is apparently is unwilling to visit and face the demonstrations.

      https://www.bloomberg.com/news/features/2018-01-24/inside-the-dysfunctional-relationship-of-donald-trump-and-theresa-may

      More fantasies from mpainter: “Trump’s power grows day by day. Leadership depends on the man. Projected first quarter growth of 5.4%!!”

      The WSJ’s 1/1/2018 survey of economists is calling for about 2.5% GDP growth throughout 2018. Some investment banks are calling for less, especially in 2019.

      http://projects.wsj.com/econforecast/#ind=gdp&r=28&e=1515602395757

      • mpainter
        Posted Feb 3, 2018 at 6:47 PM | Permalink

        No question the May government is part of this. Upon Steele’s exposure a year ago, he fled to a safe house and the head of British Intelligence abruptly resigned while the government invoked law to suppress publication of this. None of this worked and the goofball May is left holding the bag. I suspect Trump of secretly undermining her. I do not expect her to last much longer.

      • Don Monfort
        Posted Feb 3, 2018 at 8:13 PM | Permalink

        [*] Frank:

        https://www.reuters.com/article/usa-economy-atlantafed/update-1-u-s-economy-on-track-to-grow-5-4-pct-in-q1-atlanta-fed-idUSL2N1PR1EG

        GDP growth very,very likely to exceed 3% this year. My prediction 3.4%. Last quarter 2017 growth will be adjusted up to around 3%. We are on a roll. Even the [*] will benefit.

      • mpainter
        Posted Feb 3, 2018 at 8:30 PM | Permalink

        Frank: “Atlanta Fed GDP Model Forecasts 5.4% growth first quarter”.

        Go argue with the Atlanta Fed, Frank. Call it a fantasizer.

      • mpainter
        Posted Feb 3, 2018 at 8:38 PM | Permalink

        What Trump haters will never recognize is that Trump is a president of surpassing ability with the most acute judgment in government. He will go from success to success, outsmarting his opponents at every turn.

      • Marion
        Posted Feb 5, 2018 at 11:29 AM | Permalink

        One of the mistakes many make is assuming that politicians are divided left and right, representing the voters of their respective countries – far from being the case. Rather all parties seem to have been infiltrated by those representing global special interests, many with meteoric career rises promising much but delivering nothing but pro-globalist policies – true of Blair, Brown, Cameron, Obama, Merkel, Gillard and yes Theresa May. So whichever party one votes for the resulting policies appear to be virtually identical. (Climate Change nonsense being one of them and thank god for those such as Steve McIntyre in his search for the truth – Trump is not the only one who has had to bear the brunt of many slings and arrows hurled in his direction!!) )

        Both Cameron and May could have had huge majorities in Parliament but seem to have deliberately opted for policies that would result in coalitions. May’s manifesto was so bad even true blues were having trouble supporting it, if Labour under Corbyn hadn’t been in such an utter mess it could well have swung their way. By doing so they were able to hide behind the fig leaf of coalition to follow unpopular globalist policies

        Which is why Trump won the election in the US – for the first time in a long time it seemed there was someone who was prepared to represent the people rather than global vested interests.

        This was an amazing speech telling it as it is – if only we had a Trump in the UK!!

        • Marion
          Posted Feb 5, 2018 at 11:41 AM | Permalink

          Sorry this was the similar but better speech I meant to link to –

        • mpainter
          Posted Feb 5, 2018 at 1:00 PM | Permalink

          Right, Marion and I suspect May, smooth-face Dave and those types have fostered anti-Trump sentiment in the UK. And that Trump knows this, of course. They have connections to the Clinton’s and Obama, no doubt, and all will be exposed.

          Thanks for your views on this.

        • Marion
          Posted Feb 5, 2018 at 1:37 PM | Permalink

          Unfortunately the media – especially the BBC and the Guardian along with May, Bercow, Khan etc. Somewhat exasperated with UK politics – our main hope is James Rhees-Mogg who’s kept down in the back benches.

          Many of the public are simply unaware – media has kept them fed on a ‘celebrity’ diet – ‘bread and circuses’ come to mind.

          And yet we voted for BREXIT despite the overwhelming majority of the media, political establishment, business community, educational establishments, religious groups, monied interests pushing for REMAIN so perhaps my fellow citizens are more aware than I give them credit for.

          Many of us have turned to the internet for our news and are following US politics with great interest – President Trump bears the hopes of so many in the world on his shoulders!! A great man indeed!

  48. Marion
    Posted Feb 2, 2018 at 1:12 PM | Permalink

    At last – the memo!!

    https://www.scribd.com/document/370598711/House-Intelligence-Committee-Report-On-FISA-Abuses

    • Don Monfort
      Posted Feb 2, 2018 at 4:35 PM | Permalink

      Desantis sums it up well:

      • mpainter
        Posted Feb 2, 2018 at 8:20 PM | Permalink

        Desantis missed. The whole key to understanding this is the “insurance” that Strzok mentioned. It was not bias, but a deliberate political move against Trump. That is not the same thing as mere bias. It is corruption, but Desantis didn’t really make that explicit. He kept saying bias. Bias is no fault. Prosecutors are supposed to show bias in the courtroom, etc.

        _corruption___ Somebody needs to explain that to Desantis.

        • mpainter
          Posted Feb 2, 2018 at 9:06 PM | Permalink

          Trump went further. He called it treason. He might be right.

        • Don Monfort
          Posted Feb 2, 2018 at 9:13 PM | Permalink

          You missed it. What Desantis described with great articulation and clarity was the corruption. Bias was the motivation. Maybe you think the miscreants were paid by the Ukrainians. [*]

      • mpainter
        Posted Feb 2, 2018 at 9:43 PM | Permalink

        [*] Desantis uses the word bias or biases three occasions, or “conflicts”. Not once does he use the word corruption. Strzok reported to Priestap, who is eat up with Russia Russia Russia. Like you. [*]

        Trump says treason on January 11. There is much more to come. Involving British Intelligence. This is collaborating with foreign intelligence to use the authority of the FBI to overthrow a presidential election.
        The stakes are enormous.

  49. mpainter
    Posted Feb 3, 2018 at 3:47 AM | Permalink

    Wray has decided to be a problem. Trump and Congress together need to work on a form of administration for the FBI with a board with executive authority, instead of a sole director. The FBI and the DoJ have been stonewalling Congress for a year. An act of congress is needed. I suggest a board with staggered terms. Something needs to be done.

  50. mpainter
    Posted Feb 3, 2018 at 6:01 PM | Permalink

    Congressman Gosar, R Arizona, has publicly declared Comey, McCabe, Yates, and Rosenstein to be ___traitors___ and demands criminal proceedings against them for treason. So the screeches and shrieks of the Democrats are to be trumped and over bid by the pronouncements of Republicans. Can’t beat __treason__ for attention getting. It’s the Ace of Trumps.

    • mpainter
      Posted Feb 3, 2018 at 7:34 PM | Permalink

      When Trump used the word __treason__ during his January 11 interview, I doubt that he did so unadvisedly. Lord knows that he has enough attorneys working for him. This means that this business is all but settled. The democrats cannot outscreech that. This is the Ace of Trumps, stark, simple, deadly. Washington, D.C. is now become a killing field for the Republicans.

    • Frank
      Posted Feb 7, 2018 at 3:33 PM | Permalink

      I’m reading Scott Adams’ book: “Winning Bigly. Persuasion in a World Where Facts Don’t Matter”. He (the creator of Dilbert) has been blogging about Trump’s powers of persuasion since he first announced his candidacy. He is a big advocate of the idea that everyone perceives reality differently and makes decisions on the basis of emotions, not facts (hence the title). It is distressing that parts of ClimateAudit are becoming fact-free zones, but Nic just had a wonderful post.

      p140: When asked about the Pope’s recent comments about morality of capitalism, Trump replied that ISIS was coming to get the Pope and had plans to take over the Vatican. A great answer that made everyone totally forget the question – unless one is looking for a president with a philosophy of governing that can answer this question.

  51. mpainter
    Posted Feb 3, 2018 at 6:26 PM | Permalink

    The chairman of the committee is one of only three committee chairmen in the House with the authority to issue subpoenas without a committee vote or consultation with the ranking member.[4]

    From Wikipedia. When I researched this question while Darrell Issa was chairman, it was given that he had sole discretion, alone of House chairman. Things change, and I am dated on this information. Issaquah used his power so freely that Harvey Frank called him a thug.

    Your link does not download for me. Please copy relevant text, please and thank you.

    • mpainter
      Posted Feb 3, 2018 at 6:57 PM | Permalink

      To clarify, the excerpt is from the article on the House Committee on Government Oversight and Reform.

      Darrell Issa is reportedly the wealthiest man in Congress, a self made man. He was reelected by a close margin in his San Diego district. He is one who should benefit from the slaughter of the Democrats. Of Lebanese descent, he is a good man and well regarded in Washington.

      The Republican Congress is loaded for bear and primed. It knows that Trump will lead it to heights that has never experienced. Trump’s leadership is now established and welcomed among Republicans. Except for McCain, Flake, a few more. There are 24 democratic senators facing reelection this fall. Whoops!

  52. mpainter
    Posted Feb 4, 2018 at 5:58 AM | Permalink

    Trump specifically named Strzok in his charge of __treason__ made in his January 11 interview. The implications are clear, however. Those who signed off and or approved the illegally contrived Page FISA are complicit in this act of treason. This includes Comey, McCabe, Yates, Rosenstein, others.

    I believe that this is something that Trump and the Republicans intend to pursue with vigor, when the time is ripe. Trump has intentionally foreshadowed what will be exploded upon the Democrats in the months ahead.

    Midterm elections in nine months. In the meantime, committees in the House and Senate (I count six, altogether) diligently dig into the reeking pile that was the Obama administration. Poor Democrats.

    • mpainter
      Posted Feb 4, 2018 at 6:16 AM | Permalink

      Include Priestap who oversaw the activities of Strzok and participated in manufacturing the “intelligence” that was used to frame Trump and the Republicans with charges of collusion. Also General Counsel Baker, others. The big question now is when Rosenstein will exit.

      What is clear now is that Mueller and his DoJ goons have been neutralized. Mueller will never risk a frame up of Trump at this point.

      The DoJ Office of the Inspector General is said to have over 400 personnel. Their investigation commenced a year ago. Poor Democrats.

  53. Frank
    Posted Feb 4, 2018 at 6:39 PM | Permalink

    Nunes Memo was Nothing But Hot Air.

    Judges normally discard evidence obtained by means of an illegal search. OK, let’s discard that evidence. Or let’s suppose the FBI had been more candid with the FISA court and the judge had refused to allow Page to be wire-tapped. What would be different today? NOTHING! The FBI learned nothing from this source.

    Steele appear to be fanatically opposed to Trump. What’s new here? Sources and informants are OFTEN highly biased. That is why we don’t disseminate raw intelligence, and have professional analysts and investigations.

    What would be different if McCabe, Ohr, and Strzok had recused themselves from this investigation – as they should have? NOTHING! We received intelligence for a respected source who apparently uncovered the FIFA bribery scandal. There was a serious need for an investigation – whether or not the DNC funded Steele.

    Steele and leading Democrats desperately tried to bring the unconfirmed allegations in the Steele Dossier to the attention of the American people. Only Mother Jones and Yahoo News published stories based on the Steele allegations before the election, so the vast majority of Americans voted without having heard anything about the Dossier. What would have happened if the media had reported on those allegations? Trump probably wouldn’t be president. Let’s PRAISE the media for not spreading these unconfirmed rumors. The Cosmic-Ping-Pong-Pizzeria-sex-ring mentality that infects both right wind and left wing websites and social media fortunately hasn’t totally taken over the real media.

    Why didn’t TV and newspapers spread the Yahoo News and Mother Jones stories? No anonymous source currently working for the FBI would confirm the existence of an investigation into Steele’s allegations. If just one of those Trump-haters in the intelligence community had told the truth – an investigation was underway – Trump probably wouldn’t be President today. This is why the FBI normally declines to comment on investigations – it may turn out there was nothing to investigate. At the moment, the Steele Dossier appears to be a total fabrication that almost became the biggest dirty trick in US election history. We can thank the FBI and MSM that it didn’t.

    The FBI got a lot of inconsequential things wrong and one big thing right. They kept their mouths shut before the election! (Even the Obama WH did.) Those mistakes hurt the FBI, not Trump.

    Even the Obama administration kept quiet until January.

    I suspect Mueller finished investigating the Steele Dossier several months ago. However, he was asked to investigate all aspects of Russian interference in our election. The best way to do that was through vulnerable insiders like Flynn, Manafort and Papadopolous. Steele, McCabe, Ohr, and the Carter FISA warrant have nothing to do with these investigations. Strzok was dismissed.

    The excitement might already be over – if Trump Jr., Kushner, and Manafort hadn’t met with the Russians. If the Steele Dossier was correct about collusion, that meeting would never have occurred. You can’t blame that meeting on any of Nunes’ villains: Steele, the DNC, McCabe, Ohr, Strzok, or any other so-called swamp creature. And if The Donald knew about this meeting, then obstruction of justice comes into play. If someone like Trey Gowdy were running the FBI, the DoJ or the Mueller investigation, I think we’d still be right where we are today.

    • mpainter
      Posted Feb 4, 2018 at 8:03 PM | Permalink

      Frank, you seem unaware that McCabe testified before congress that no FISA would have been granted without the Steele dossier.
      That being the case, it is difficult to see how the FBI presented the dossier to the court as verified and reliable. Because it was not verified.

      As McCarthy explains at National Review, the FISA judge is interested in the verity of the evidence (the dossier), which means the reliability of Steele’s source. The FBI reportedly did not even know who Steele’s sources were.

      So it’s hard to understand how the FISA judge was convinced. But, it will al come out. Judicial Watch has just sued for all relevant documents, information, etc. pertaining to the Page FISA matter. They will get it, so hold tight, all questions will be answered.

      • mpainter
        Posted Feb 4, 2018 at 8:17 PM | Permalink

        Or rather __TREASON__ 🙂

        • Frank
          Posted Feb 7, 2018 at 5:10 PM | Permalink

          mpainter wrote about Trump’s accusations of treason. It would be treasonous for a candidate to make a deal with a hostile foreign power to get himself elected. It would also be treasonous to fail to properly investigate the possibility that such a deal had been made. Most of all, it would be treason to wrongly prosecute a sitting president on trumped up charges. It happens elsewhere in the world all the time.

          However, in our system of checks and balances, presidents are never prosecuted. No one in the judicial system has the power to commit treason by trying and convicting a president. That power belongs to our elected representatives.

          President Trump’s use of the term “treason” displays his authoritarian tendencies. It is “treason” to oppose him.

      • Frank
        Posted Feb 5, 2018 at 2:47 AM | Permalink

        Frank wrote: “Judges normally discard evidence obtained by means of an illegal search. OK, let’s discard that evidence. Or let’s suppose the FBI had been more candid with the FISA court and the judge had refused to allow Page to be wire-tapped. What would be different today? NOTHING!

        mpainter wrote: “you seem unaware that McCabe testified before congress that no FISA would have been granted without the Steele dossier. That being the case, it is difficult to see how the FBI presented the dossier to the court as verified and reliable. Because it was not verified.”

        The FISA warrant for Carter Page was only a tiny portion of the investigation into the Steele dossier. Whether the FBI should have been more candid presenting evidence to the FISA judge turns out to be irrelevant – it didn’t harm Trump in any way.

        IIRC, Bannon arranged funding for the author of “Clinton Cash”. If information from that book may have been used to obtain warrants for investigating the Clinton Foundation. If no one told the judge issuing the warrant about Bannon’s involvement with the book, would you complain?

    • mpainter
      Posted Feb 4, 2018 at 8:16 PM | Permalink

      And, no, it’s not hot air. It’s treason, according to Trump (see his January 11 interview). I assume that Trump knows some things that have been kept secret for now.

      There is another requirement for a FISA : the court must be shown that Page was engaged in criminal activities as defined per federal statute. This is the second condition that must be satisfied for a FISA. What did the FBI say to the court in this regard? It will all come out.

    • mpainter
      Posted Feb 4, 2018 at 8:33 PM | Permalink

      And, no, it’s not hot air. It’s about a politically corrupt FBI, DOJ and CIA. It is about the Obama administration and the culpability of Obama. And Trump says that it is about __treason__.

    • Don Monfort
      Posted Feb 5, 2018 at 12:58 AM | Permalink

      [** OK, I just wasted too much time in a first to clean up this food fight. This blog is NOT a political food fight blog. Clean it up immediately. No more warnings. We don’t have time to monitor you, so the next step will be to block postings. Mod]

      • Frank
        Posted Feb 5, 2018 at 2:56 AM | Permalink

        Don: I’ll wait patiently for your response. This “rock” occasionally can incorporate new facts into his worldview. For the record, I don’t watch CNN or have the slightest idea of what the liberal media is saying right now. I did read the full text of the Nunes memo.

  54. mpainter
    Posted Feb 5, 2018 at 2:01 AM | Permalink

    And I’ve just learned something very interesting from Michael Mukasey. By the terms of Rosenstein’s letter, Mueller is not conducting a criminal investigation.

    Nope. He is conducting a national security investigation. Hahahoho. He is to determine if there were any “links” or “coordination” between members of Trump’s campaign staff and Russia. Well, “link” or “coordination” are not crimes. But, if he finds any crimes, he can have at. But the main justification for the investigation initiated by Comey was to determine if national security was jeopardized (and Mueller simply took over). The idea that Trump or anyone could “obstruct justice” when there was no criminal investigation is ludicrous. Trump knows this. So does Mueller, Rosenstein, and damn few others. The “collusion” clamor is nothing but fodder for the lowing herd. No crime, no “obstruction of justice”

    What’s going on? Trump is playing on this “obstruction of justice” b.s. purposefully. He uses it as a distraction while he and Congress and Judicial Watch and the DoJ IG do the real investigation. At the end, Mueller will give Trump a clean bill and the tables will be turned on the Democrats and the swamp. Journalists will be committing suicide. Interesting times.

    • Marion
      Posted Feb 5, 2018 at 8:22 AM | Permalink

      Yep very interesting – Mueller seems to be a distraction whilst the facts come out and the Dems and Mockingbird Media dig their own graves

      Nor is the BBC over here any better than Mockingbird Media – its reporting on all this has been an absolute disgrace. Biased in the extreme.

      In case anyone missed it here is the Dems ‘memo’ supposedly refuting the Nunes memo!!!

      http://msnbcmedia.msn.com/i/TODAY/z_Creative/inline-headers/FINAL%20DRAFT%20–%20Dear%20Colleague%20on%20Nunes%20Memo.pdf

      • Don Monfort
        Posted Feb 5, 2018 at 1:24 PM | Permalink

        That’s [*] Jerry Nadler’s BS concoction, shredded here:

        http://www.nationalreview.com/article/456093/jerrold-nadler-memo-rebuttal-weak-unpersuasive

        There will be another [*] memo from [*] intel committee.

        [*]
        [Clean it up, Don. Mod.]

        • Marion
          Posted Feb 5, 2018 at 2:04 PM | Permalink

          Thanks for this – truly excellent article – if only all media reporting was up to this sort of standard.

          Lets hope all Republican Representatives read it (and the Dems come to that – they can’t all be Schiff, Schumer and Pelosi types!)

          As you say – it totally shreds the Dems memo. 😉

    • mpainter
      Posted Feb 5, 2018 at 11:08 AM | Permalink

      By the terms of the Rosenstein letter, Mueller is to investigate any matter that rises “directly” from his investigation. We know that Trump’s legal team is in touch with Mueller, we know that the two legal teams have met at least once.

      It seems that if Trump provides Mueller with details on wrongdoing in the FBI or the DOJ, then Mueller must pursue that, by the terms of the letter. Things may not be as they seem, as presented in the media (no surprise there). If Trump has “captured” the Mueller investigation, I would not be surprised. Nor would I be surprised if that was the original intention.

      Trump is a very subtle man, a profound dissembler, and a most dangerous opponent for the Democrats. I believe that he will utterly destroy them.

    • Tom t
      Posted Feb 6, 2018 at 12:37 PM | Permalink

      Too bad that isn’t legal

      Ҥ 600.1 Grounds for appointing a Special Counsel.

      The Attorney General, or in cases in which the Attorney General is recused, the Acting Attorney General, will appoint a Special Counsel when he or she determines that criminal investigation of a person or matter is warranted and –

      (a) That investigation or prosecution of that person or matter by a United States Attorney’s Office or litigating Division of the Department of Justice would present a conflict of interest for the Department or other extraordinary circumstances; and

      (b) That under the circumstances, it would be in the public interest to appoint an outside Special Counsel to assume responsibility for the matter.”

      Criminal investigations only. Rossenstein has 0 respect of the law. He gave Mueller and illegal general warrant.

      • mpainter
        Posted Feb 6, 2018 at 2:31 PM | Permalink

        Then, is this not DOJ protocol, and is this not the basis of Manafort’s civil suit against Rosenstein and Mueller?

      • Frank
        Posted Feb 6, 2018 at 4:06 PM | Permalink

        Tom: Collusion with an enemy could involve bribery, treason, or merely non-monetary campaign contributions. These are potential criminal charges, enough to justify a special counsel. From one perspective, I would have been better if Rosenstein had mentioned the criminal charges that could be associated with the term “collusion”, but that would have caused an unnecessary uproar. I suspect Mueller will need to discuss all of these in his report.

        • mpainter
          Posted Feb 6, 2018 at 4:45 PM | Permalink

          I don’t think that speculation is any legal basis for a special counsel, Frank.

        • Don Monfort
          Posted Feb 6, 2018 at 7:06 PM | Permalink

          Frank is correct. You fellas must have missed this:

          “The Attorney General, or in cases in which the Attorney General is recused, the Acting Attorney General, will appoint a Special Counsel when he or she determines that criminal investigation of a person or matter is warranted and –”

          The Assistant Attorney General acting because the Attorney General recused himself, appointed a Special Counsel, when he determined that a criminal investigation was warranted, period. Proof of the crime is not a pre-requisite. That is what the investigation is about.

          Speculation is not the legal basis. The legal basis is that the AG, or next in line in case of AG recusal, has the authority to “determine” that a criminal investigation be done by a Special Counsel.
          [** OK, I just wasted too much time in a first to clean up this food fight. This blog is NOT a political food fight blog. Clean it up immediately. No more warnings. We don’t have time to monitor you, so the next step will be to block postings. Mod]

        • mpainter
          Posted Feb 6, 2018 at 7:35 PM | Permalink

          You’ve got to have a crime, otherwise it’s a fishing expedition. No crime, no legal basis for an investigation. DoJ cannot assign itself unreasonable powers. Manafort’s suit will provide court decision on this principle.

        • mpainter
          Posted Feb 6, 2018 at 7:53 PM | Permalink

          Trump will have an interest in Manafort’s suit. It would not surprise me if they have their heads together on this.

          It is a civil suit that addresses a civil matter (DOJ special counsel protocol), yet involving criminal jurisdiction. Most unusual. The suit basically challenges Rosenstein’s authority to put Mueller on a fishing expedition.

        • MrPete
          Posted Mar 1, 2018 at 8:49 AM | Permalink

          Frank is not correct. This is not complicated. There must be a known *crime* to be investigated. Not proven, but a crime must be the basis of the investigation. Not investigation in search of some unknown crime.

          If it were the latter, I guarantee almost any adult in the USA can be examined with a fine toothed comb and some kind of crime can be either discovered or invented in the course of the investigation. That is literally what often happens with special counsels — they “get” someone for lying to the FBI… a crime that would not have existed if the investigation had not taken place.

        • Don Monfort
          Posted Mar 1, 2018 at 2:42 PM | Permalink

          Mr. Pete has not read the DOJ regulation governing appointment of a Special Counsel:

          § 600.1 Grounds for appointing a Special Counsel.
          The Attorney General, or in cases in which the Attorney General is recused, the Acting Attorney General, will appoint a Special Counsel when he or she determines that criminal investigation of a person or matter is warranted and –

          (a) That investigation or prosecution of that person or matter by a United States Attorney’s Office or litigating Division of the Department of Justice would present a conflict of interest for the Department or other extraordinary circumstances; and

          (b) That under the circumstances, it would be in the public interest to appoint an outside Special Counsel to assume responsibility for the matter.

        • mpainter
          Posted Mar 1, 2018 at 6:24 PM | Permalink

          Don still does not understand that you need to have a crime in order to have a criminal investigation and that Rosenstein can’t invent a crime in order to justify a special counsel.

        • Don Monfort
          Posted Mar 1, 2018 at 7:54 PM | Permalink

          OMG painty, are you saying that Rosey invented a crime to justify appointing a special counsel? What crime did Rosey invent? What are you going to do about it? Probably just keep repeating talking points you picked up from Infowars.

          Read the regulation and tell us who has the discretion to determine that a criminal investigation of a person or matter is warranted. Do you think a person or a matter is necessarily a crime? Try to use your head.

          Here is Rosey’s letter appointing the Special Counsel:

          http://i2.cdn.turner.com/cnn/2017/images/05/17/special.counsel.pdf

          He does not allege any crime. The investigation is for the purpose of determining if a crime has been committed and who done it. Use your head.

        • Don Monfort
          Posted Mar 1, 2018 at 8:03 PM | Permalink

          I will help you some more so you can stop embarrassing yourself and we don’t go back and forth on this crap forever:

          https://www.justice.gov/opa/pr/appointment-special-counsel

          “In my capacity as acting Attorney General, I determined that it is in the public interest for me to exercise my authority and appoint a Special Counsel to assume responsibility for this matter,” said Deputy Attorney General Rosenstein. “My decision is not a finding that crimes have been committed or that any prosecution is warranted. I have made no such determination. What I have determined is that based upon the unique circumstances, the public interest requires me to place this investigation under the authority of a person who exercises a degree of independence from the normal chain of command.”

          You should apologize to the readers for your stubborn ignorance.

        • mpainter
          Posted Mar 2, 2018 at 12:09 AM | Permalink

          See what I mean?

        • MrPete
          Posted Mar 2, 2018 at 12:45 AM | Permalink

          Don, there’s one thing you simply have a hard time seeing.

          The law you keep quoting requires, as its first parameter, a “criminal investigation.” There must be an alleged crime. Period.

          What DAG Rosenstein wrote, as you nicely quoted, was that he was placing “this matter” or “this investigation” under a Special Counsel. Note how carefully he worded his statement.

          He doesn’t call it a “criminal investigation.” Because it is not a criminal investigation. Pick your dictionary. A criminal investigation is an investigation into a crime. There MUST be an alleged crime.

          In this case there IS no alleged crime. Never in US history has there been a special prosecutor investigating… looking for a crime.

          That’s the very definition of a fishing expedition. And in reality it is illegal.

        • mpainter
          Posted Mar 2, 2018 at 1:51 AM | Permalink

          Mr. Pete, that is not even a law. It is a DoJ protocol formulated by Janet Reno. No U.S. court will uphold the issue of Mueller’s goons.

        • mpainter
          Posted Mar 2, 2018 at 1:57 AM | Permalink

          And, indeed, it is a counterintelligence investigation initiated by Priestap handed over to Mueller by Rosenstein. It started with the move to “get Flynn” over a year ago.

        • mpainter
          Posted Mar 2, 2018 at 2:07 AM | Permalink

          Senator Grassley responded to Comey’s tweet thus: “There is no such thing as a DoJ that is independent of constitutional authority and oversight”. Rosenstein has taken all upon his independent authority.

        • mpainter
          Posted Mar 2, 2018 at 2:25 AM | Permalink

          Indeed, it is a constitutional issue as to whether Sessions can rightfully absolve himself (recuse) from his appointment as AG, confirmed by the Senate,, on a particular issue. Deputy Attorney General is not a constitutional authority.

          Manafort’s suit against Rosenstein will address all these issues. There’s lots more to come.

        • Don Monfort
          Posted Mar 2, 2018 at 4:11 AM | Permalink

          You two are hilarious. According to you [] there can’t be Special Counsel investigation. Yet there is. What you [] cannot grok is that the regulation says it is up to the discretion of the AG, or acting AG, to decide if something needs to be investigated by a Special Counsel. It does not say that there has to be a crime as a predicate. The investigation is to determine if there has been a crime and who done it.

          You are ignoring the reality. The Special Counsel named Mueller has been investigating the Most Powerful Man in the World for some time and ain’t no one stopped it. Do you [] think Trump would have put up with this dark cloud hanging over his head for so long if it is so obviously baseless and illegal, as you [] think it is? The investigation will continue, until Mueller gets tired and closes it down. Period. Get over it.

          [Don. First, time to settle down again. No need to call people names.
          Second, nobody’s saying it “can’t” exist as in “impossible.” Obviously it does exist. However, allowing something to exist is not evidence that it is appropriate, legal or constitutional. The previous administration did a whole host of inappropriate, illegal, and unconstitutional things. Only a few of them were actually considered worth fighting over.
          Third, you’re imagining that the President would immediately put a halt to something dumb if baseless and illegal. There are many reasons why he would allow it. Among others, he has a track record of giving plenty of room for his opponents to hang themselves.

        • Don Monfort
          Posted Mar 2, 2018 at 4:13 AM | Permalink

          OK, I will help you one more time. Stop watching Hannity and Infowars.

        • mpainter
          Posted Mar 2, 2018 at 4:36 AM | Permalink

          And he never will understand because he doanwanna understand.

        • Posted Mar 2, 2018 at 9:01 AM | Permalink

          Don, the special counsel law is not the only law. When Grassley refers to the Constitution he is likely meaning the 4th Amendment protecting individuals from unreasonable search. Warrants must have probable cause that a crime has been committed. Also, the 14th Amendment gives equal protection of the law and prevents specific targeting application to deprive life and liberty.

        • Don Monfort
          Posted Mar 2, 2018 at 1:08 PM | Permalink

          Ron, if you believe that the Special Counsel investigation of the Trump campaign and whatever else it is they are looking at is unconstitutional or lacking in a lawful basis, you should let Trump and his legal team know that they do not have to co-operate with that investigation.

          Trump is actually saying he will testify under oath. Up to now, The Most Powerful Man in the World and his legal team have co-operated with the investigation and have not challenged the legality of the investigation in any court in the land. Do you think they are not aware of what you and painty and petey know about the law? Maybe they are not watching Hannity and Infowars. Likewise, all those dudes who have pleaded guilty to Mueller’s charges must have some very poor legal teams.

          As for painty’s stupid reference to Grassleys comment, the DOJ starts investigations every day without getting advance approval from the Congress. The Congress is very well aware of the Mueller investigation that started in May 2017. Has the Congress done anything to stop it? The Congress is well aware of the DOJ’s Special Counsel policy that has been in force since 1999. Plenty of time for the Congress to supersede the regulation by passing a statute. Congress has done nothing. You all should get on them.

          You guys sound like your understanding of the law is on the level of so-called sovereign citizens:

        • Posted Mar 2, 2018 at 3:31 PM | Permalink

          Don, one of the things that still makes America great it that we don’t mind assuming experts have no more insight than a well informed layperson. I can’t tell you how many times I found success by ignoring expert advice. Just because the President, who is the target of the investigation, does not dissolve it does not mean what Rosenstein and Mueller are doing is legal or proper. It would only take a dozen establishment senators to stand up to end it — or an AG that suddenly realized he’s lost his man parts and wants them back.

        • Don Monfort
          Posted Mar 2, 2018 at 4:30 PM | Permalink

          You don’t know what you are talking about, Ron. Tell us how twelve Senators could end the Mueller investigation. You just made that up. We already have an AG who was very helpful to getting Trump elected and he could end it. He hasn’t and he won’t. We have a Deputy AG, who named the Special Counsel to continue an investigation that was already well under way. He could end it and he won’t. They are both Trump appointees. They serve at his discretion. They manage the DOJ largely at their discretion. The Special Counsel was appointed at Rosey’s discretion, because Sessions recused himself at his discretion.

          Trump and his legal geniuses have not challenged the legality of the investigation. Where do you get off making up BS? Conducting an investigation does not violate the Constitution. The authorities do not need a warrant or to prove probable cause as a predicate to conducting an investigation. You are conflating legal principles that you do not understand. Stop the foolishness.

          Trump should also stop the foolishness. Undermining his own Justice Department is not good:

          https://www.nationalreview.com/2018/03/jeff-sessions-president-trump-tweet-attacks-unwarranted/

        • mpainter
          Posted Mar 2, 2018 at 4:49 PM | Permalink

          It’s not his Justice Department. That’s the whole problem.

        • Don Monfort
          Posted Mar 2, 2018 at 7:48 PM | Permalink

          Oh, you want The Big Orange Fella to literally own the DOJ. Maybe he should have put somebody in charge who would be subservient and loyal like Obama’s stooges, Holder and Lynch. Trump is in charge of the DOJ. If he is not satisfied with the people he put in charge, he should get rid of them and pick somebody else. Write him a note reminding him of his power and stop whining.

        • mpainter
          Posted Mar 2, 2018 at 7:52 PM | Permalink

          Vacuous blowhard.

        • Posted Mar 2, 2018 at 7:54 PM | Permalink

          Don, you know very well that holding an office or position is not the same as holding power. Subversion is an aim not limited to the intelligence profession work. BTW, it’s not coincidental that a corrupt regime (eventually dictatorship) always has come first from control and expansion of its IC, secret police. I’m not saying the US is on the brink but only illustrating a spectrum of effect.

          Laws and constitutions are simply ideals that can be strayed from as far as individuals will allow themselves to be coerced into acquiescence, silence and conformance.

        • Don Monfort
          Posted Mar 2, 2018 at 8:53 PM | Permalink

          whatever

    • mpainter
      Posted Feb 12, 2018 at 6:42 AM | Permalink

      Another consideration:
      If the investigation is one of “national security” (counterintelligence), then it was originally in the hands of Bill Priestap, head of FBI Counterintelligence. To assign this counterintelligence investigation to a special counsel is to take it put of the hands of the very suspect Priestap. This move would certainly have the approval of Trump. Is this Mueller vs Trump fracas a ruse? Big advantage for Trump to have the MSM to idolize and uphold Mueller if Mueller is his choice. I consider Trump capable of such subtleties.

  55. Marion
    Posted Feb 5, 2018 at 8:27 AM | Permalink

    And this is what many of the progressives think – this guy is by no means a Trump supporter – quite the opposite – but one on the left who is willing to call a spade a spade…

    Jimmy Dore….

    • Marion
      Posted Feb 5, 2018 at 10:14 AM | Permalink

      Frank et al,

      This is one of the best summaries of the whole situation I’ve come across – from ex federal prosecutor Joe de Genova – he explains it very well –

      And this is the 99 page FISC memo of April 2017 referred to – i.e. the Court’s comments on what the court describes as “the 2016 Certification Submissions”

      https://www.scribd.com/document/349261099/2016-Cert-FISC-Memo-Opin-Order-Apr-2017-4

    • mpainter
      Posted Feb 5, 2018 at 10:46 AM | Permalink

      Thanks, Marion. Excellent, most lucid and cogent. This guy gave the whole scope of this business.

      Mainstream media accepted $ from Fusion GPS to spread their lies. The WaPo, NYT, who else, have civil liabilities out the yingyang. They will screech until they have lost all credibility. Interesting times.

      • mpainter
        Posted Feb 5, 2018 at 11:14 AM | Permalink

        And where did the Fusion GPS money come from? From Hillary and the Democrats, via Perkins, Coie. Washington D.C. has become a killing field for the Republicans.

  56. mpainter
    Posted Feb 5, 2018 at 6:33 PM | Permalink

    Boom! One shoe hits the floor and the MSM took the bait and castigated Trump for his use of the word “treason”. This will be played out until the time is right for the other shoe to drop hahahoho

    __TREASON__

  57. Tom t
    Posted Feb 6, 2018 at 12:50 PM | Permalink

    I think that now there should be a renewed focus on the attribution of the DNC hacking.

    #1 In the 11th hour of the Obama administration Obama violated all procedure on intelligence assessments we have had since the WMD debacle and hand picked 3 analysists one each from the FBI, CIA, NSA.

    #2 The analysts with no access to the servers “relied” on CrowdStrikes analysis. In other words they rubber stamped the analysis the DNC bought and paid for. This is exactly what was done with the Steele Dossier.

    #3 The CrowdStrike attribution has two Key legs. First, the hacking of Ukrainian artillery. This was used to link Malware they “found” with GRU. We found out a month later the hacking never happened. Second, the hacking of La Monde by Cyber Caliphate. CrowdStrike relies on the analysis of a second company FireEye which has a minority opinion that Cyber Caliphate is actually FSB. Most private and public experts agree that Cyber Caliphate is a branch of ISIS. James Comey testified to congress in 2015 that Cyber Caliphate is ISIS.

    #4 This contradiction of the IC’s official stance on Cyber Caliphate makes me believe that the hand picked 3 analysts didn’t even read CrowdStrikes analysis.

    • mpainter
      Posted Feb 6, 2018 at 1:44 PM | Permalink

      Also, it is surmised that CrowdStrike is one of the two private contractors who were allowed unfettered access to the FSA intercept data base. I have no doubt that CrowdStrike is part of this whole illegal and criminal racket contrived by the Democrats. It will all come out. Also, I have no doubt that Trump knows all of this, down to the last detail.

    • Don Monfort
      Posted Feb 6, 2018 at 6:49 PM | Permalink

      They did not rely on Crowdstrike. The NSA had notified the DNC via the FBI in summer of 2015 that they were under attack by Russkis. Hello! The hacking was being monitored in real time and the FBI continued to warn the DNC up to the time the hack was revealed in the newspaper. The NSA doesn’t need any help from Crowdstrike and they would not rely on Crowdstrike.

      • Don Monfort
        Posted Feb 6, 2018 at 6:51 PM | Permalink

        [** OK, I just wasted too much time in a first to clean up this food fight. This blog is NOT a political food fight blog. Clean it up immediately. No more warnings. We don’t have time to monitor you, so the next step will be to block postings. Mod]

      • Tom t
        Posted Feb 13, 2018 at 12:57 PM | Permalink

        Comey said differently

        ” FBI Director James Comey acknowledged Tuesday that his agency failed to get access to Democratic National Committee servers and the smartphone of Hillary Clinton’s campaign chairman allegedly hacked by Russia in the 2016 presidential race.

        Thousands of emails from the servers and Chairman John Podesta’s device were stolen, then made public during the race, which Clinton lost to Republican presidential nominee Donald Trump.

        But the FBI’s repeated requests for access to the devices were denied. So the agency instead had to rely on the findings of a “highly respected private company,” Comey said.”

        They 100% relied on CrowdStrike.

        The IC did with CrowdStrike exactly what they did with the Steele dossier. They rubber-stamped it without even bothering to look at it. How else do you explain the contradiction over Cyber Caliphate?

        • Don Monfort
          Posted Feb 16, 2018 at 1:42 AM | Permalink

          Comey never said they relied on Crowdstrike to make the determination that the hacking was Russkis. You made that up. The information on the devices was not necessary. NSA already had it. The FBI assessment relied mostly on the NSA, who had been monitoring in real time the DNC hack traffic to and from for a long time. The NSA through the FBI had told the DNC they were being hacked by Russkis. This is really not that hard to understand.

        • AntonyIndia
          Posted Feb 16, 2018 at 6:15 AM | Permalink

          Because cyber security @ popular target DNC was low many people / groups hacked the place with ease. Why wouldn’t Cozy Bear do its normal job, just like the NSA or CIA?
          Same for HRC’s closet server & other obvious targets. Nice to show off for beginning hacks.

          That most of Wikileaks’ Democratic material was copied after Crowdstrike came “into full action” makes the whole circus even more hilari-ous.

          US Deep State saw a good opportunity to settle a bill with Wikileaks (called Snowden), imply old foes Russia and tackle Trump too as bonus. The Dutch AIVD had given them a perfect window into Cozy Bear activities, plus they had the Steele fig leaf from sympathetic Democrats.

        • Tom T
          Posted Feb 16, 2018 at 6:56 PM | Permalink

          “Comey never said they relied on Crowdstrike”

          “rely on the findings of a “highly respected private company,” Comey said.”

          Zip it! I dont take kindly to people who lie to my face!

        • Don Monfort
          Posted Feb 17, 2018 at 2:28 AM | Permalink

          This would be easier if you knew how to read, or you stopped pretending to not know how to read.

          You misquoted me: “Comey never said they relied on Crowdstrike”

          I said:”Comey never said they relied on Crowdstrike to make the determination that the hacking was Russkis.”

          Your other quote is also not useful: “rely on the findings of a “highly respected private company,” Comey said.”

          The only part of that quote that is actually Comey speaking is “highly respected private company,”. The context for that is Comey testified that the FBI relied on Crowdstrike for a copy of the relevant info from the DNC servers. He did not say that the determination that the Russkis did the hacking was based on that info. Find that quote and I will give you a cookie.

          I already told you that the NSA and FBI had determined the Russkis were hacking the DNC from the previous year. The NSA had monitored the whole thing in real time. The ins and the outs. Try to catch up. OK, now just keep repeating your lame misinformation. Here, I will help you. The FBI and the NSA, CIA etc. relied on Crowdstrike. Now you can stop the foolishness. I hope you are happy. End of story.

  58. Marion
    Posted Feb 6, 2018 at 9:30 PM | Permalink

    Carter Page testimony to House of Representatives Nov’17

    https://intelligence.house.gov/uploadedfiles/carter_page_hpsci_hearing_transcript_nov_2_2017.pdf

  59. mpainter
    Posted Feb 7, 2018 at 8:44 AM | Permalink

    The latest:

    Page to Strzok, September 2, 2016:

    “Potus wants to know about everything we’re doing”

    Boom!

    __Treason__ says Trump…what does Trump know?

    • mpainter
      Posted Feb 7, 2018 at 11:18 AM | Permalink

      Louis Gohmert, U.S.House of Representatives:

      “What did Obama know and when did he know it?”

      Boom!

      __Treason__ said Trump

      There can be little doubt that Trump has something substantial to hang on that word.

  60. mpainter
    Posted Feb 7, 2018 at 12:44 PM | Permalink

    Now we see foreign source »» Sidney Blumenthal (close Clinton confidant) » » » Winer of U.S. DoS » » » Steele » » » FBI.

    So who is the foreign source? Circumstances fit the Ukraine. Boom!

    __Treason__ says Trump. And he knows what he is talking about.

    • mpainter
      Posted Feb 7, 2018 at 12:55 PM | Permalink

      The Ukraine. They no doubt colluded with Alperovitch and CrowdStrike on the DNC “hacking” (so-called). And Guciffer 2. And Priestap, head of the FBI Counterintelligence.

      It will come out, and there can be little doubt that Trump knows the details.

      __Treason__ said Trump, and that means a foreign state and that means foreign intelligence. The Ukraine.

      Boom! What did Obama know and when did he know it?

    • mpainter
      Posted Feb 7, 2018 at 1:46 PM | Permalink

      The Ukraine. Vice President Joe Biden got a lucrative position for his troubled son, who now gets to stick his thumb into a Ukraine pie. What else did Biden get?
      And what did Obama get? The genesis of the Maidan coup will eventually be revealed. Regime change for a fee.
      Sidney Blumenthal was an official of the Clinton Foundation when these events transpired.

      Boom! Scandalous!

      __Treason__ said Trump. He never would have uttered such a word if he did not have something to put behind it.

    • mpainter
      Posted Feb 7, 2018 at 9:07 PM | Permalink

      Correction, I omitted Cody Shearer, who received the Steele memo from the “foreign sub-source” and passed it to Sidney Blumenthal who passed it to Jonathan Winer of the State Department who gave it to Steele. Steele stated in his court brief that he received two documents this way, I think.

      Jonathan Winer is a Kerry man, having spent ten years with Senator Kerry as his top assistant. So now Kerry is involved in this. Would Winer have acted on his own initiative? Or was he carrying out Kerry’s instructions? Boom!

      _Treason__ said Trump. And the details emerge, bit by bit.

      • mpainter
        Posted Feb 11, 2018 at 4:51 AM | Permalink

        Correction, it was the Grassley letter that gave the “two documents this way”.

  61. mpainter
    Posted Feb 7, 2018 at 5:03 PM | Permalink

    It’s been reported that Hillary and the Democrats funneled $12 million through Perkins,Coie. How much of that was paid out to journalists, media, etc. For planting stories. The House Committee on Intelligence has the bank records of Fusion GPS and they know, but they have not told.

    All broadcasts, cable transmissions, internet is through the airways and this is controlled and regulated by the FCC, the Federal Communications Commission. This regulatory body issues the licences that all the media must have to broadcast or otherwise transmit their programming through the airways (cable and telephone transmission is via microwave towers).

    This is not freedom of the press. This is a transmissive facility regulated by the FCC. The news media uses these facilities only through their licenses. If a news company has accepted money to plant false stories designed to further __Treasonable__ activities, then these media outlets are complicit in the __Treason__.

    Boom!

    • Frank
      Posted Feb 12, 2018 at 2:10 PM | Permalink

      mpainter asked: “How much of that [$12M] was paid out to journalists, media, etc. For planting stories?”

      Right now Fusion GPS has admitted paying three journalists for “performing research”. We don’t know their names, so no one can say whether anything these journalists published had anything to do with the either candidate. At best, this was a serious mistake.

      There are a number of non-profit tax-deductable organizations (Pro-Publica and ClimateWire) who research environmental topics and provide their stories FOR FREE to various publications including the NYT. Scientific American gets the majority of its environmental and climate stories from Pro-Publica and ClimateWire (including perhaps a dozen stories about a well in Pavilion, WY allegedly contaminated by fracking and the ongoing investigation. The last story covered criticism of the investigation that found no connection.)

      So activists like Tom Steyer are paying for stories appear in Scientific American unchanged and even in the NYT! (The NYT adds a co-author, but I don’t know if the story is modified.

      • mpainter
        Posted Feb 12, 2018 at 6:11 PM | Permalink

        Frank, according to NYT article P,C was paid $12.4 million in 2016 by DNC and Clinton campaign altogether. That is the $ that I am interested in. There can be no doubt that there were $millions laundered through P,C.
        I expect this to be pierced after lengthy court battles.

        • Frank
          Posted Feb 15, 2018 at 5:58 AM | Permalink

          Great. $12.4 M went in to Fusion GPS. Some it went to Steele. Some of it went to pay three journalists for “research”. When we know what happened to the rest, the maybe we will learn if any of it was used to plant any stories in the press. If you read my comment, you will see that environmental activists have been paying for “research” that is given free to the MSM. This scam has been going on since the Internet began decimating the revenue of the MSM.

        • mpainter
          Posted Feb 15, 2018 at 9:25 AM | Permalink

          Nope, only one $ million was paid Fusion GPS, according to Perkins, Coie. That leaves 11.4 $ million. Figure one million for legal fees ($500 x 2,000 hours = $ 1 million) and that means ten $ million for?
          The Clinton Foundation needs looking into, as well. How much money did it funnel through attorneys? It will all come out. Trump will see to it.

  62. John Bills
    Posted Feb 10, 2018 at 5:42 PM | Permalink

    mpainter, if it is your goal to make me dislike Trump you are succeeding

    • mpainter
      Posted Feb 10, 2018 at 5:58 PM | Permalink

      Your sole contribution (but hardly that) to the discussion. Snark and run?

  63. mpainter
    Posted Feb 11, 2018 at 3:47 AM | Permalink

    who is Sabina Menschel? She is the wife of Bill Priestap, Assistant Director of FBI Counterintelligence (meaning that he heads the FBI Counterintelligence Division).

    And what does she do? She runs, as President and CEO, Nardello & Co., a worldwide intelligence and investigative service.
    From their website:

    Nardello & Co., a recognized leader in the global investigative sector.

    With offices in New York, London, Washington DC, Atlanta, Hong Kong, Tokyo, Milan and Dubai, Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including the FCPA/UK Bribery Act and other corruption-related investigations, civil and white collar criminal litigation support, asset tracing, strategic intelligence and political risk assessment, computer forensics and reputational due diligence.

    Our competitive advantage is our legal DNA and a multi-disciplinary team comprised of former US federal prosecutors, US and international lawyers, former general counsels of multinational corporations, former law enforcement personnel and intelligence operatives, licensed investigators, research analysts, former journalists, financial crime specialists, forensic accountants and computer forensic specialists.

    Another dubious husband/wife combination in the FBI (as in McCabe & wife).

    So this is the sort of thing that’s been going on in the Comey FBI. So far, there has been very little mention of Priestap in the media. I predict that will change.

    • mpainter
      Posted Feb 11, 2018 at 4:37 AM | Permalink

      Evermore curious: Sabina Menschel joined Nardello & Co in 2015, the same year that James Comey named her hubby as head of FBI Counterintelligence. Sabina has some very interesting family connections, according to reports on the web. Background of much wealth and a connected family. This Priestap/Menschel family affair is a window on part of the swamp.

      Correction, she is COO (chief operating officer) of Nardello & Co., not CEO. She was promoted to her present position. Her company is essentially a gumshoe grown large (“gumshoe” is an old expression for a private eye, meaning a sleuthing who snuck around in soft soled shoes (gum rubber)).

      One curious aspect is that Sabina was promoted to president and COO two months ago, on December 7, 2017.
      This seems risky because when the special counsel is authorized by the DoJ to investigate the FBI, he will surely delve into this family affair. He will want to know whether FBI Counterintelligence found its way into the work of Nardello & Co. As a gumshoe, this company cannot take too much light and survive. Their clients will surely flee to darker corners.

  64. AntonyIndia
    Posted Feb 14, 2018 at 12:55 AM | Permalink

    About this Cold War heating up in Syria:

    ~200 Russian mercenaries killed by US B-52’s etc close to the Syria oil fields? http://dailycaller.com/2018/02/13/the-us-military-is-now-fighting-russian-mercenaries-in-syria/

    Is US Mil Deep State completely out of any US presidents hand? Or was Trump convinced by the Nethan-yahoo’s who irrationally fear Iran/Russia over one billion+ Sunnis?

    • Frank
      Posted Feb 15, 2018 at 5:48 AM | Permalink

      The US had negotiated regions in Syria where the rebels still supported by the US – including those who took Raqqa from ISIS – would not be attacked by Assad’s forces (including his Russian, Iranian, and Hezbollah allies) in return for the rebels not attacking Assad’s forces. That allowed both sides to focus on getting rid of ISIS and Al Qaeda. Now that ISIS holds no major population centers, Assad decided to see if he could get away with violating the agreement. Someone, presumably Trump, approved the counterattack. One Russian newspaper report that 13 Russian civilians (potentially mercenaries) were killed along with about 100 Syrians.

      • mpainter
        Posted Feb 16, 2018 at 6:03 AM | Permalink

        Indeed, has Putin lost his marbles? The Russians were mercenaries under contract to the government. Reported 80+ killed, 200+ wounded with wounded evacuated to hospitals in Russia. The U.S. used glide bombs and apaches, poor mercenaries. Baffling.

        • Don Monfort
          Posted Feb 17, 2018 at 2:40 AM | Permalink

          That was Obama’s foolish and costly policy, Frank. The Trump rules of engagement allow battlefield commanders to make those decisions, in cases of real or perceived threats. It’s called “When in doubt, light ’em up.”

          This one compels painter to get on the right side, for a change. Has the Stalinist KGB dictator Putinski lost his marbles? No water carrying, today. Reality: it’s just typical Soviet style double dealing treachery.

        • Frank
          Posted Feb 17, 2018 at 4:33 AM | Permalink

          80 killed according to whom? My figure of 13 came from the WSJ citing a major Russian newspaper. The majority of those killed were Syrian. With all of the fake news running around – including an entire organization in Leningrad set up to influence the US election and create distrust of our government and dissention – sources are critical. (Or are you perhaps part of that group?).

        • mpainter
          Posted Feb 17, 2018 at 5:31 AM | Permalink

          Frank, see recent reports by Reuters, Bloomberg. Russia reportedly has over 2,000 mercenaries in Syria, under contract. Putin has screwed up and now this is known.

        • mpainter
          Posted Feb 17, 2018 at 7:08 AM | Permalink

          And Frank, “(Or are you perhaps a part of that group?)”
          ####

          You are joking, right?

  65. Frank
    Posted Feb 17, 2018 at 4:52 AM | Permalink

    Don: I know that Trump has correctly delegated many battlefield decisions to local commanders. However, any responsible field commander would not have chosen to knowingly attack a target with a large number of Russians without getting approval from Washington or without been fully briefed ahead of time on how to handle this situation. Such incidents have started wars. Trump may wish to be irresponsibly detached from such decisions, but his SoD likely is not that reckless.

    Obama did not understand or trust the military and feared they were trying to drag him into bigger commitments.

    • mpainter
      Posted Feb 17, 2018 at 5:55 AM | Permalink

      Frank, rules of engagement give commanders on the spot complete discretion. Putin obviously meant to test U.S. resolve.

      Positive benefits already from that engagement:Now Erdogan has stopped threatening to attack Manbij, Russia says Iran should leave Syria when the civil war is over. Putin is coming around. Assad has been shown a reality.

      Another secret: it was a Russian missile that downed the Israeli F16 last week, fired from Hmeimim airbase.
      Another mistake by Putin because Israeli response took out the southern half of the “integrated air defense system” installed by Russia (the S-400 system). This was another test by Putin, as he had previously refrained from using the long range S40N6 missile against Israeli jets but now Israel has taken out half of that system.The limits of Russian power in Syria has been starkly exposed these lasts two weeks.

      • mpainter
        Posted Feb 17, 2018 at 9:29 AM | Permalink

        Also, just in “Russia will stand by Israel if it is attacked by Iran”, Russian diplomat. Putin will swing in line as Trump’s plan pays out. Assad has no option in Iran, he is stymied, Hezbollah will be destroyed while Assad sits on his hands. He now is made to understand that he depends entirely on Putin.

        • Don Monfort
          Posted Feb 17, 2018 at 7:16 PM | Permalink

          Yes, lying deceitful treacherous Stalinist KGB Dictator Putinski will stand by Israel if it is attacked by his Iranian accomplices. We would be interested in knowing who is going to destroy Hezbollah. Oh wait, Trump is going to use the Jedi mind trick on Iran and they are going to do it. What a plan.

      • mpainter
        Posted Feb 18, 2018 at 7:32 AM | Permalink

        Putin’s reliance on mercenaries in Syria has blown up in his face and it will prove an acute embarrassment for him domestically, as he has kept this reliance hidden from the public. He faces re-election one month from now. The last several months has shown that Russia is in a tenuous position in Syria. Putin no doubt knows this. Assad will realize that he is in the most difficult position yet as Israel and Trump continue to apply the heat. Trump’s methods seem to be working.Interesting times.

        • Posted Feb 18, 2018 at 12:12 PM | Permalink

          According to Reuters the Russian commander in Syria was given 20 minutes warning by US forces. That commander is quoted as saying the time was too short to turn the mercenary column around but he did not say whether he had tried to or contacted them. One would think an intentional probing of American forces would have been a sensitive enough operation for Putin to be monitoring and calling the shots in real time. If that was the case then it seems like Putin wanted a definitive answer on what would happen and got it.

          Does anyone see how Syria will re-form into a state?

        • mpainter
          Posted Feb 18, 2018 at 1:22 PM | Permalink

          The Kurds want a federal arrangement with a Kurdish State. They will probably get it. Assad will have to bargain if he is to remain in power. __IF__

          Latest report: Syrian army is to enter Afrin Monday for the sake of the Kurds, as per agreement between the Kurds and Assad. They will drive Turkey out of Syria, I imagine. Trump and Putin will have given their input, probably as guarantors. So things are happening.

          Possibly the Russian mercenaries reported to a Syrian chief. Their tanks were Syrian equipment (old t55’s and 72’s). Anyway, poor mercenaries, they faced A130 gunships, Apaches, glide bombs and got slaughtered. Putin will pay a price for that mistake.

        • Don Monfort
          Posted Feb 18, 2018 at 4:03 PM | Permalink

          Putin is not relying on mercenaries in Syria, anymore than he relied on mercenaries in Georgia, Chechnya, Crimea, Donbass and elsewhere. Everybody knows there are regular Russian military units, including ground forces, operating in Syria. As in Donbass and Crimea, if Putin wanted to employ ground forces with some facade of deniability, he would simply order them to take off their shoulder patches and do whatever dirty deeds they were ordered to do. If there are any “mercenaries”, they would be Spetsnaz types nominally separated from regular service, but not really. We have done the same thing.

          Putin’s interference has been quite successful from his Neo-Soviet Stalinist KGB dictator perspective. Assad was saved and Putinski holds his strings. Russia’s naval base on the Med was saved. The Russian drones who vote for Putinski like this. He will be re-elected in a landslide. Putinski has been a very successful Stalinist KGB dictator. He holds onto power with relative ease. Others do the dirty work and the dying. Putinski gets richer.

      • Frank
        Posted Feb 18, 2018 at 5:18 PM | Permalink

        There seem to be two stories about the fighting around Khusham. Official Russian sources say that perhaps 10 Russian mercenaries were killed. Western reporters in Russia report that several plane loads of Russian casualties were flown to Russian hospitals and that a 550 man unit (mostly or all Russian) was attacked and that up to 300 were killed and wounded.

        The SDF force with American advisors says they were “attacked” by a column of tanks and artillery. Whether “attack” meant anything more serious than closing within 3 miles (serious enough), isn’t clear. AFAIK, we haven’t acknowledged knowing that such large Russian forces existed in Syria or that we knew the composition of the force we were attacking. (Whose flag or markings did they use?) We just followed the standard procedures for informing the Russians of our air attacks.

        I’ll repeat my skepticism that Sec Def Mattis would be willing to have anything to do with a system that would allow US forces to knowingly make such a devastating attack Russian or Turkish (or possibly even Iranian) units simply because they felt threatened, but were not under fire. I suspect such probing would be dealt with by first by attempting to discourage further approach with a show of force or a limited response far short of killing or wounding half of the force. I’m sure our forces are always allowed to return fire (while making an attempt to minimize civilian casualties). One summary of Trump’s new policy says:

        “outside of areas of active hostilities there must still be “near certainty” of no civilian harm but only “reasonable certainty” that the target is present. And the important requirement that lethal force only be used against individuals who pose an imminent threat to U.S. persons has been eliminated and replaced with broad authority for conducting strikes on a country-specific basis.”

        This isn’t what mpainter called “complete discretion on how to respond”. An advancing armored column 3 miles away would represent an imminent threat that could have been attack under Obama.

        https://www.justsecurity.org/52343/reasonable-certainty-vs-near-certainty-military-targeting-what-law-requires/

        • mpainter
          Posted Feb 18, 2018 at 6:37 PM | Permalink

          Frank, it’s quite simple: the administration formulates the rules of engagement and allows the local commander discretion in applying those rules. I’m sure that you can understand if you really try to.

          Also, you should try to better inform yourself: you don’t seem to be aware that The mercenaries opened fire with artillery. The coalition responded to this attack.

    • mpainter
      Posted Feb 17, 2018 at 6:12 AM | Permalink

      And Frank, your poor mouthing of Trump only makes you look foolish. I predict that he will achieve his aims in the mideast and the ayatollahs eventually toppled. Europe’s coming around, Macron makes threatening noises at Assad, Iran, Trump will succeed. Obama was a none-too-bright rabbit, the puppet of incompetents.

    • Don Monfort
      Posted Feb 17, 2018 at 7:02 PM | Permalink

      “However, any responsible field commander would not have chosen to knowingly attack a target with a large number of Russians without getting approval from Washington or without been fully briefed ahead of time on how to handle this situation. Such incidents have started wars. Trump may wish to be irresponsibly detached from such decisions, but his SoD likely is not that reckless.”

      Wrong. I know the rules of engagement. You are just guessing. Can you give an example of killing a Russian or two starting a war, other than a made up scenario so the Russkis could attack a weaker neighbor? We killed them in Korea, Vietnam, Laos, Afghanistan and other places. Oh wait, maybe you are talking about the recent war started over Turkey shooting down a Russian Su-24. Putinski is not stupid or suicidal, Frank. He will tolerate a lot of Russians being killed. You don’t know how the game is played.

      • Frank
        Posted Feb 18, 2018 at 5:44 PM | Permalink

        Don wrote: “Can you give an example of killing a Russian or two starting a war, other than a made up scenario so the Russkis could attack a weaker neighbor?

        The Chinese and Russians fought an undisclosed war on the border of Manchuria and Siberian in 1969 that began with skirmish this Khusham.

        https://en.wikipedia.org/wiki/Sino-Soviet_border_conflict

        Border skirmishes between Russian and Japan in the late 1930’s in a similar area resulted in an undeclared war with 50,000 casualties.

        https://en.wikipedia.org/wiki/Soviet–Japanese_border_conflicts

        The Mexican-American War started with a skirmish between small forces in disputed territory north of the Rio Grande and south of the Nueces.

        The Marco Polo Bridge Incident began WWII between China and Japan.

        Less relevant, an explosion on the Maine in Havana began the Spanish American War.

        AFAIK, neither government these conflicts was looking intending to initiate war on the scale it was fought. Other wars were begun with intentional surprise attacks: Korea, WWII (Poland, Russia, Pearl Harbor).

      • Frank
        Posted Feb 18, 2018 at 6:01 PM | Permalink

        Don wrote: “Putinski is not stupid or suicidal, Frank. He will tolerate a lot of Russians being killed. You don’t know how the game is played.”

        Putin’s hold on power will weaken if he looks weak. An election is coming next month. Anything but a landslide will be a big disappointment. Thus, official Russian sources are denying that more than a handful of Russians were killed. If the Russian people learned that more than half of a 550 man Russian force lacking air defenses was slaughtered by US air power (IF this version of the story is correct), Putin might respond by launching a few cruise missiles at Krusham.

        • Don Monfort
          Posted Feb 18, 2018 at 6:29 PM | Permalink

          You don’t know how the game is played, Frank.

          I said: “Can you give an example of killing a Russian or two starting a war, other than a made up scenario so the Russkis could attack a weaker neighbor?”

          No, you can’t. You can call skirmishes between Russians and Chinese in 1969 a war, but it was not a war. I gave you many examples of us killing Russians, in recent times. You have just seen another example. When does the war start, Frank?

          We aren’t talking about the Mexican War or Japan aggression against China back in the old days, Frank. Mexico and China did not have thousands of deliverable nuclear weapons. We are talking about the era of MAD. Try to catch up, Frank.

          This is how it goes, Frank:

          https://www.bloomberg.com/view/articles/2018-02-16/russia-attacked-u-s-troops-in-syria

          You are clueless, Frank. Putin is on notice. He won’t be sending any cruise missiles our way. That is just plain foolishness. You should know better. No more Obama weak sister BS. The rules of engagement have changed. Our strategic policy has changed.

        • AntonyIndia
          Posted Feb 19, 2018 at 12:13 AM | Permalink

          The present antagony between the US and Russia was and is a two way street: http://thehill.com/policy/defense/261940-former-defense-secretary-us-shares-blame-for-poor-relations-with-russia
          Meanwhile, Chinese president Xi and his party are the ones laughing their heads off with best reasons….

        • Don Monfort
          Posted Feb 19, 2018 at 1:15 AM | Permalink

          Nice one, non-entity. It’s our fault, because as Bill Clinton’s Sec. of Def. in the mid 90s, old Bill Perry was all for the expansion of NATO. Guy is a clown. At the time, it was conceivable that even Russia could have joined, or been closely associated with NATO. Russia was in a democratic interlude and was not ruled by a treacherous Stalinist KGB dictator.

          NATO is not and has never been a threat to Russia. The problem that we and other democratic countries have with Russia is that it is once again being ruled by a treacherous Stalinist KGB dictator, who is trying to re-assemble the Soviet Union by hook or by crook.

        • AntonyIndia
          Posted Feb 19, 2018 at 3:54 AM | Permalink

          “NATO is not and has never been a threat to Russia”
          The US can have their Monroe doctrine for over 2 centuries and 2 continents but Russia should not protect even a few ice free harbours like on the Crimea, Baltic or Mediterranean. Stalin is gone; Putin can’t fill his dirty boots.
          Siberia is hugely vulnerable to Chinese influence; the Caucasus is a smoking Wahhabi rubble pile thanks to the KSA (and CIA?!).
          Try sometimes to look through the eyes of a Russian patriot Don once in a while, you will survive, I guarantee you. To ease the transition start watching “Masha and the Bear” on Youtube 😀

        • Posted Feb 19, 2018 at 10:35 AM | Permalink

          Anthony, are you saying that if you had a choice of the USA or Russia to be your country’s neighbor it would make no difference to you? If you do in fact find one more attractive why is that? Are you simply prejudiced or are there objective reasons one can cite about the two country’s ideals of governance and the foreign policy that flowed from them?

        • Don Monfort
          Posted Feb 19, 2018 at 2:21 PM | Permalink

          We had fairly cordial relations with the Soviet Union in the latter years of the Gorbachev era. We had a very cordial relationship with democratic Russia in the 90s, when Yelstin was head of state.

          As was the reality during most of the history of the Soviet Union, we have problems when a treacherous aggressive Stalinist KGB dictator is running the show in Russkiville. It makes our weak-kneed European allies who can’t stand up to Russia fearful and we have to help them. Then there are many weak-kneed Euro non-entities who actually resent us for being powerful. Go figure.

          The patriotic Russians are the ones who want to live in a peaceful democracy.

        • AntonyIndia
          Posted Feb 23, 2018 at 12:48 AM | Permalink

          Ron, I am saying that for neighbour I would prefer a Putin ruled Russia over a Xi ruled China. If I would be Canadian I might prefer a HRC + Deep State ruled US slightly over a Putin ruled Russia as neighbour. The gap is lessening though: secret courts, 24/7/365 all citizens surveillance, mafia like untouchable MNCs, etc. The zillions of US lawyers have protected the 1% well at the cost of the 99%: like Judas it was about the money.

          Both Canada and Russia have plenty of oil so the US could be free of Wahhabi blackmail but the profits will be less….

        • Posted Feb 24, 2018 at 12:06 AM | Permalink

          Antony, I mostly agree. BTW, remember, the reason you are hearing such dirty laundry about the US is that we are in the middle of a pretty heated domestic dispute. And we don’t don’t drape the windows. I’m sure Putin would like to believe he is the cause but in reality he is just the convenient bad guy because almost all agree he is one, though I don’t know if he feeds hungry dogs his rivals (and former friends) yet.

          China is a greater geopolitical threat but Russia is more threatening to more neighbors. N. Korea wins the prize of the current worst threat for nuclear exchange. Out of Russia, China and N. K. which do you predict has the best chance of shaking or replacing the leadership toward democratic reforms and civil liberty?

        • AntonyIndia
          Posted Feb 24, 2018 at 2:19 AM | Permalink

          Russia as there the State apparatus is less tight than in China or N. Korea.
          No CIA “spring” interference please like in the Irak, Libya, Syria or Ukraine please! A Russia with that kind of civil war would be a super gift to Xi – China. I am sure he can find some old maps to support claims on whole Siberia for a start. Wasn’t Genghis Khan actually Chinese 😉

  66. mpainter
    Posted Feb 17, 2018 at 6:31 AM | Permalink

    Syria has been a very interesting place the past several months. On December 31, a mortar attack damaged seven Russian jets at Hmeimim. This base is surrounded by alawites, far from rebel controlled territory. This was probably an Israeli operation carried out by Alawites! Also, a Russian jet was brought down by a shoulder fired missile for the first time. Just one, because Israel only wanted to make a point (these weapons had not previously been in the hands of the rebels). Bottom line: Putin is mated. So Putin has seen the moving finger writing on the wall. He will cooperate with Trump in Syria. Some people win and Trump’s a winner. Obama & Co were losers.

    • mpainter
      Posted Feb 17, 2018 at 6:47 AM | Permalink

      Also, Assad has started using Chlorine gas again. I predict that will stop, as Macron has declared that a “red line”. Big results for Trump on the way, will be realized by November. The EU will join Trump in his demands against the ayatollahs.

      • mpainter
        Posted Feb 23, 2018 at 10:03 PM | Permalink

        No reports of Chlorine gas for ten days, Assad has taken note of world reaction. So he has abandoned chlorine gas for now. I predict that he will try it again.

  67. mpainter
    Posted Feb 17, 2018 at 6:05 PM | Permalink

    From Mueller’s indictment:
    “U.S. law also bars any agent of a foreign entity from trying to influence us elections without first registering with the Attorney General.”

    Did Christopher Steele register with the Attorney General? Because he peddled to the media unverified and salacious material on candidate Trump with the expressed intention of preventing Trump’s election.

    Mueller interviewed Steele in October. There needs to be some answers to this question.

    • mpainter
      Posted Feb 19, 2018 at 2:21 AM | Permalink

      Legal blog Law & Crime says no, Steele did not register with DoJ. The article examines the novel approach in Mueller’s indictment and claims that this forms the basis for indicting Steele, Fusion GPS, the DNC, and Hillary for the same crime. A firestorm brewing? Because I find it very implausible that Mueller did not carefully consider the implications of his indictment of a bunch of unreachable foreigners.

    • Frank
      Posted Feb 19, 2018 at 5:17 PM | Permalink

      FWIW, Fusion GPS, the DNC and its law firm are not “foreign entities”. Mr. Steele is a foreigner who was hired and paid by US entities. He was hired for his expertise and contacts in Russia, originally to research Trump’s business activities in Russia. I’m not aware of any crimes he committed by coming here and talking with the press, but the FBI stopped using him as a source when he did so.

      Those indicted by Mueller were hired and paid for by Russians. Read the indictment.

      https://apps.npr.org/documents/document.html?id=4380489-Justice-Department-s-Internet-Research-Agency

      • Don Monfort
        Posted Feb 19, 2018 at 6:55 PM | Permalink

        Let’s see if we understand you, Frank. If the Russian trolls had been hired and paid by U.S. entity Trump, they would have violated no law, if they had just stuck to trying to influence the election without resorting to stealing identities etc.? In other words, a U.S. entity could hire a billion foreigners to troll our elections, or make up phony dossiers to pass out to the press and no foul? Is that about right, Frank?

      • mpainter
        Posted Feb 19, 2018 at 7:15 PM | Permalink

        Frank, go argue with David Abrahms, legal commentator at Law & Crime. Add Perkins, Coie.

        • mpainter
          Posted Feb 19, 2018 at 7:34 PM | Permalink

          Correction, that should be Dan Abrams

  68. Don Monfort
    Posted Feb 18, 2018 at 8:08 PM | Permalink

    Now this is very funny:

    https://www.radiosvoboda.org/a/26903778.html

    Use the translator. This describes the same Russki operation that did the election meddling in the recent Mueller indictment. Address and picture of the HQ building included.

    You can bet big money that Mueller didn’t have to do much investigating to discover this huge sinister criminal-spy organization. His info surely came from the NSA, CIA etc., who have undoubtedly been monitoring this operation from it’s beginning. Probably half the workers were on the CIA payroll, as well as Putinksi’s. Double dippers.

    I wonder how long it will take the mainstream media to discover this story. I will help myself: They will avoid it like the plague.

    Now, why would the U.S. intel community allow this thing to go on for years and not go after those dirty Russkis. Mostly because it was insignificant and they can’t arrest the perps, anyway. The indictment is a joke. A sham.

    • Posted Feb 19, 2018 at 12:58 AM | Permalink

      Don, I agree that anyone with some degree of intelligence should realize that the Russian trolls are not likely influential, a drop in the bucket. The reality is that the only significance of the “Ministry of Truth” could have on the west is the opposite of its goal in the hundred times blow-back effect upon its exposure. This was a lesson learned in the 20th century. The Shah of Iran Coup was a success until its monumental blow-back finally led to the horrific Iranian Islamic revolution 26 years later. Anything Nixon’s campaign could possibly have gained from bugging a few phones at the DNC headquarters in the Watergate were dwarfed by the cost of being exposed. But I guess the temptation is too great for some, especially if they get away with it for a while. It looks like Hillary and company could be in that camp.

      The reason the Russian troll op was not exposed earlier (officially) is that it was being saved for the right opportunity. Mueller needed to produce something. But if there are no collusion indictments and the expected IG report in March exposes the Steele dossier even more as a Hillary op, and one that was embraced by the US IC, it will be interesting how CNN and MSNBC play it.

      • Don Monfort
        Posted Feb 19, 2018 at 1:42 AM | Permalink

        This Mueller Russia Russia Russia indictment is looking more and more like a cartoon case:

        http://www.moonofalabama.org/2018/02/mueller-indictement-the-russian-influence-is-a-commercial-marketing-scheme.html

        Even the partisan hack anti-Trump Bezos the Clown WaPo realizes something goofey is going on:

        https://www.washingtonpost.com/?utm_term=.7f6c699ff170

        Not one day of courtroom time will ever be spent on prosecuting this case. It’s a non-starter.

        • Posted Feb 19, 2018 at 10:26 AM | Permalink

          The guy is a real sweetheart.

          “The Americans are very emotional people, they see what they want to see. I have great respect for them. I am not at all upset that I am on this list [Mueller indictments]. If they want to see the devil, let them,” RIA quoted Prigozhin as saying.

        • AntonyIndia
          Posted Feb 20, 2018 at 4:23 AM | Permalink

          IF this case ever finished in trial, can Russian, Chinese, French / Xxxxx courts also convict named US/UK hackers in abstention?
          Makes working for the NSA that much less attractive.

        • Don Monfort
          Posted Feb 20, 2018 at 4:44 AM | Permalink

          It’s called trial in absentia. Google it. We don’t do that. Other countries with less or no respect for human rights do whatever they want. My guess is you are not from around here.

        • mpainter
          Posted Feb 20, 2018 at 9:58 AM | Permalink

          I am a U.S. person and one of the rights I cherish is to be secure and inviolable in my person, including a right to privacy. A corrupt intelligence community has threatened that right. The IC has no checks, no oversight as has recently been proven. There must be board oversight of these monstrosities with board members liable for abuses.

        • Don Monfort
          Posted Feb 20, 2018 at 1:35 PM | Permalink

          The IC has a lot of checks and oversight. Everybody who works in the agencies is responsible for their own behavior and they are obligated by their oath to follow the rules, do the right thing and report inappropriate behavior of their co-workers, including their bosses. There are internal checks on the behavior of personnel in the agencies. There is IG oversight. There is Congressional oversight by both House and Senate committees. But hey, abuses still happen.

          So, we get a board with it’s members liable for the abuses of the folks they are overseeing. Who would be crazy enough to serve on that board? They would have to be suffering under a God delusion, that they could see all and know all.

        • mpainter
          Posted Feb 20, 2018 at 1:59 PM | Permalink

          Easy enough. If things are hidden or withheld from the board, it has no liabilities. However, the board will be responsible for diligent oversight and any failings in this duty must be sanctioned.
          Those who answer to the board will face criminal penalties for hiding any matter that falls within the purview of the board.
          Priestap would never have happened under such oversight. The present system of unaccountable chiefs is a threat to our society.

        • Posted Feb 20, 2018 at 2:50 PM | Permalink

          The 1947 National Security Act set up the CIA and National Security Council to bring the IC into Truman’s WH control. The problem with the National Security Act is that it did not build in enough oversight. Congressional committees are not powerful or resourced enough for that job. Congress needs its own office of inspector general just to watch the IC.

        • mpainter
          Posted Feb 20, 2018 at 3:37 PM | Permalink

          The U.S. intelligence apparatus is a relict of the cold war, no longer justified and occupies itself in spying on various and sundry, including our friends and allies. Our political system has failed us in allowing this incubus to thrive in our midst.

        • Don Monfort
          Posted Feb 20, 2018 at 3:40 PM | Permalink

          OK, if misdeeds are hidden no problem. But if offenses aren’t hidden, then the board has to be sanctioned. Lock ’em up? So, we will need a board to decide if the initial board has to be sanctioned. Of course, the board that needs to sanction the initial board will need a board to make sure they do their job, or they will have to be sanctioned. How many boards are we up to now?

          On the surface this seems like a very hairbrained scheme, but it could be a very cushy job for the board members as long as the miscreants stay hidden. We certainly know that the miscreants have an incentive to keep their mouths shut. Why would the board members want any misdeeds to be revealed creating potential liabilities for themselves? How much would these board members get paid? I would accept a position on the board with the ultimate authority to decide on what’s hidden and what ain’t, if the money was right.

        • mpainter
          Posted Feb 20, 2018 at 5:19 PM | Permalink

          A collateral issue also touching on corruption of the intelligence community is the case of General Michael Flynn, who left his position as the head of Defense Intelligence to start his own business as a __intelligence__consultant__. I feel no sympathy toward Flynn.

          Additional issue is the Obama IC chiefs who have plunged into the politics of the nation. Away with such types. They also spied on members of Congress. Punishment is their due and I pray that they receive it.

        • Don Monfort
          Posted Feb 20, 2018 at 6:19 PM | Permalink

          Now, you got it. We don’t need a board. Just pray.

        • Posted Feb 20, 2018 at 7:08 PM | Permalink

          How many boards do we need?

          How many watchers to watch the watchmen was a central question facing the founders.

          If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself. –Alexander Hamilton

          Don, the founders settled on the number three. If you have one branch (board) that becomes corrupted your have the other two to support each other in the battle to correct it. We have the three branches and three layers, federal, state and local, all to be watched by the people themselves and be reported on by a free press. The fly in the stew is national secrets. But my answer is to repeat the model we already use. Executive investigates citizens, congress investigates the executive and judicial controls the adjudication and final verdict.

        • mpainter
          Posted Feb 20, 2018 at 7:25 PM | Permalink

          It’s clear to me that vesting in one person the complete, autonomous power of the FBI, or the CIA, or the NSA invites corruption. Some people do not understand that circumstances breed corruption.

        • Posted Feb 20, 2018 at 7:49 PM | Permalink

          I predict that Gen. Flynn will be allowed to withdraw his guilty plea. And if that happens I predict the case against him will be dropped. I suspect it will be found that Mueller’s team failed to disclose exculpatory evidence to the defense.

          Regarding Priestap, the whole 7th floor had to be involved and in the know. The problem was that Obama and the White House was too, as well as the Lynch and Yates at DoJ. Let’s say Priestap had anxiety about what was being done, who would he complain to? Devin Nunes?

        • mpainter
          Posted Feb 20, 2018 at 8:11 PM | Permalink

          Yes, and that would be prosecutorial malfeasance and that should mean the end of Mueller, if Rosenstein is worth a hoot. If Rosenstein does not remove Mueller, it would justify his removal, or Sessions removal, imo. Interesting times.

        • Don Monfort
          Posted Feb 20, 2018 at 10:18 PM | Permalink

          Yep, vesting in one person the complete, autonomous power of the FBI, or the CIA, or the NSA would obviously invite corruption. We are smarter than that. There is no one person with complete, autonomous power over any of those agencies. There is no group of people with that power. Somebody is hallucinating, again.

          Priestap is the only one of the suspect crew who has not been fired, demoted or “resigned”. He either had a lessor role or nothing to do with any nefarious plot, and/or he is remorseful and has been very usefully co-operating with the IG. I suspect that all the goons who still remain on the payroll are co-operating to some extent. Pointing fingers at each other and playing cya. The IG report will be very entertaining.

        • franktoo
          Posted Feb 21, 2018 at 1:18 PM | Permalink

          Ron, Don, Painty:

          The Supreme Court has never ruled on whether exculpatory evidence needs to be turned over to defendants during plea bargaining, only before trial. Lower courts are split. After all, Flynn doesn’t need to see that evidence to know whether he is guilty or innocent. He only needs that evidence to defend himself at trial. However, the judge involved has chosen to apply a strict standard in this case.

          https://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?referer=https://duckduckgo.com/&httpsredir=1&article=4913&context=flr

          I gather Mueller has ALREADY learned whatever cooperation Flynn provided about collusion with Russia. Mueller will report that information to Congress no matter what Flynn choses to do. Muller no longer needs Flynn’s cooperation, he’s given up his leverage. (:))

          Now Mueller can charge Flynn with the other crimes he likely committed: failing to register as a paid foreign lobbyist, not reporting $45,000 paid by the Russians for speaking, incorrect security disclosures and violations, etc. Then we can hear Strzok’s testimony impeached by his texts and Flynn’s testimony impeached by VP Pence! And possibly by his own guilty plea. Will Flynn’s attorneys even be able to let him take the stand on his own behalf? (Perhaps he won’t withdraw his plea.)

          Don’t forget that the suspect crew at the FBI turned down the chance to anonymously confirm the existence of an investigation into the Steele Dossier before the election and produce widespread publicity that would likely have defeated Trump. Even after the election, the possibility of a President-elect aided by Russians might have prompted “faithless electors” in the Electoral College. The Steele dossier was mostly ignored by the press until January. Instead your suspect crew announced the re-opening of the email investigation.

        • mpainter
          Posted Feb 21, 2018 at 1:39 PM | Permalink

          Franchisee, all that matters is Sullivan’s ruling. There will be no appeal. Prosecutorial malfeasance is ample grounds for dismissing Mueller and replacing him with someone who is honest _and_ unconflicted, who can then have at Flynn, Manafort and whomever with some credibility.
          Don’t forget the DOJ IG.

        • Don Monfort
          Posted Feb 21, 2018 at 2:40 PM | Permalink

          This is a plausible analysis of Flynn’s predicament by a sharp legal mind who doesn’t grind political axes:

          http://thehill.com/opinion/judiciary/374738-evidence-withheld-in-flynn-case-brady-motion-makes-one-wonder

          My reading of all the info is that Mueller’s case is not in any danger as long as he follows Judge Sullivan’s order and turns over all his evidence for review. If he has not revealed possible exculpatory evidence to Flynn’s lawyers prior to Sullivan’s order, so what. My guess is that Flynn will not withdraw his plea.

          We don’t know that the suspect crew at the FBI and DOJ did not leak on the Steele dossier. I am not going to spend time looking for it but I believe I have seen significant evidence in the Strozk-Page texts that they were routinely yakking with the left loon press. Somebody with inside knowledge talked to Issikof, Corn and who knows how many others in the media who did not choose to do stories on the obviously phony Steele dossier. Does anybody seriously believe the left loon press herd would not have run wild with dirt on Trump, if it had appeared to have any credibility?

        • Posted Feb 21, 2018 at 2:43 PM | Permalink

          Don, I did not claim that the US IC was controlled by a single person. Unfortunately corruption has a ways of infecting cliques too by organizational groupthink.

        • Don Monfort
          Posted Feb 21, 2018 at 3:31 PM | Permalink

          I know you didn’t say it, Ron. You know better. It was painter.

        • franktoo
          Posted Feb 21, 2018 at 4:54 PM | Permalink

          Don wrote: “Does anybody seriously believe the left loon press herd would not have run wild with dirt on Trump, if it had appeared to have any credibility?”

          The “left loon press” would have gladly printed ANY negative story about Trump regardless of its plausibility – if they could confirm some of the information. No reporter or editor needed to personally believe most of the Dossier to print the story. They needed Steele’s Russian sources to confirm the information Steele had passed on, but that was impractical. Lacking that confirmation, they needed an official to assert that the FBI took that material seriously enough to investigate: “A high-level source in the IC told the XYZ paper that evidence of collusion between the Trump campaign and Putin’s inner circle had been received from a reliable British source. The FBI is vigorously investigating these allegations…”

          Mother Jones and Yahoo News apparently were the only ones willing to print something based on Steele’s word alone. Given that Steele was paid by the DNC, that could demonstrate a “reckless disregard” for the truth.

          Everyone had that story, except for the high-level source, in October 2016 (courtesy of the DNC and Steele), but waited until January 2017 to print the story. Why? Some anonymous source in the outgoing Obama administration presumably confirmed that the FBI took the dossier seriously enough to investigate it and disclose that investigation to the President-Elect. (It probably wasn’t Comey, since the first stories concerned only the plan for the meeting, but admitted not knowing exactly what Trump was told.)

          Ron wrote: “Obviously, most reporters who were given full copies of the dossier thought it was junk after reading it. (They get handed junk all the time.) … But once Trump took the oath of office they could brief him on the dossier setting up a pretext to leak it the press presented as an intelligence document”

          However, the story broke before Trump was inaugurated. And the first CNN story admitted that they didn’t know what Comey actually told Trump about the investigation – CNN just knew that a briefing had just taken place.

        • Don Monfort
          Posted Feb 21, 2018 at 7:03 PM | Permalink

          Read the Issikoff and Corn articles, Frank. OK, I’ll help you:

          Issikoff:”U.S. intelligence officials are seeking to determine whether an American businessman identified by Donald Trump as one of his foreign policy advisers has opened up private communications with senior Russian officials — including talks about the possible lifting of economic sanctions if the Republican nominee becomes president, according to multiple sources who have been briefed on the issue.”

          Corn:”On Sunday, Senate Minority Leader Harry Reid upped the ante. He sent Comey a fiery letter saying the FBI chief may have broken the law and pointed to a potentially greater controversy: “In my communications with you and other top officials in the national security community, it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government…The public has a right to know this information.”

          There is more in each article claiming some sort of confirmation from multiple government sources.

        • franktoo
          Posted Feb 22, 2018 at 3:39 AM | Permalink

          Don: “Read the Issikoff and Corn articles, Frank. OK, I’ll help you:”

          Read both stories long ago when the WSJ started complaining about pre-election Steele stories. They are shockingly similar to what I (and you?) heard only in January, yet none of the major networks and newspapers published a word about this. Ask yourself why.

          Reid sent a letter to Comey complaining that the FBI was holding back information that the American people needed to know before the election. Leading Democrats tried to get leading Republicans to issue a joint statement about the problem. Steele gave interviews to the press, almost certainly including the NYT, WaPo and reporters for the major networks. (This caused the FBI to cut off contact with him.) What went wrong (actually right)? Based on my limited experience (All the President’s Men, the Plame scandal, (:))), the MSM won’t print a major story without two sources. A guy like Steele can’t go around creating fairytales (if indeed they were fairytales) and get the press to publish unless another credible source backs his story. AFAIK, Mother Jones and Yahoo News were the only ones to do so (and dodged issues of confirmation), but the rest of the press didn’t follow. The big story was the re-opening of the email investigation, not Steele.

          Am I rIght about the timing? Or am I nuts? It seems to me that Trump (and even the WSJ) are trying to re-write history that I thought I was following closely. I certainly didn’t miss the stories that exploded in January and that were clearly known by the press in October. Why didn’t I know? If I didn’t know, could most Americans have known?

        • Don Monfort
          Posted Feb 22, 2018 at 11:29 AM | Permalink

          I already told you why the mainstream dummies didn’t jump on it initially, Frank. The Steele dossier is not credible. You can bet that many wanted to run with it, but senior editors and legal departments put the kibosh on it.

          I am not sure what you are talking about Trump trying to rewrite history. His main complaint is that government agencies in cahoots with the D party, FBI, DOJ, CIA etc.) used that phony dossier to try to destroy him and his associates, his political allies, his family, his pets, etc. etc. And that is exactly what they have attempted to do. And the press has been extremely complicit.

          I am sure the left loon media partisan hacks are very remorseful over not taking full advantage of the chance to destroy Trump, before the election. They had convinced themselves he could not win. Fools. I think I’ll go to youtube and watch, for the hundredth time, the videos of the shell-shocked tearful clowns disintegrating on election night.

      • mpainter
        Posted Feb 21, 2018 at 1:50 PM | Permalink

        “Some credibility” meaning an investigation untainted by partisanship. Of course the Trump haters will howl incessantly and spew bloody froth, but Republican Congress will close ranks on Mueller’s demise.

        • Posted Feb 21, 2018 at 2:53 PM | Permalink

          “Don’t forget that the suspect crew at the FBI turned down the chance to anonymously confirm the existence of an investigation into the Steele Dossier before the election and produce widespread publicity that would likely have defeated Trump.”

          Obviously, most reporters who were given full copies of the dossier thought it was junk after reading it. (They get handed junk all the time.) Leaking that the Trump campaign was under surveillance was not a viable option by the plotters. But once Trump took the oath of office they could brief him on the dossier setting up a pretext to leak it the press presented as an intelligence document. The dossier was so bad it needed to laundered twice, once by Steele and the McCabe crew to get the FISA and again by Comey to get it into the MSM.

  69. mpainter
    Posted Feb 21, 2018 at 5:31 PM | Permalink

    It matters not what Flynn does or might have done. If Sullivan finds that Mueller withheld exculpatory evidence, then Mueller has committed an illegal act. This is all that is needed.

    Trump has just tweeted a new complaint about Sessions. I am sure that he bitterly regrets appointing him as AG. Does Trump see an opportunity opening? Interesting times.

    • franktoo
      Posted Feb 22, 2018 at 5:04 AM | Permalink

      mpainter wrote: “Trump has just tweeted a new complaint about Sessions. I am sure that he bitterly regrets appointing him as AG.”

      I’m sure Trump has regrets. He deserves a loyal protector like Eric Holder (Marc Rich, Fast&Furious, IRS), Loretta Lynch (email), Sally Yates, Alberto Gonzales, Janet Reno (foreign contributions), and John Mitchell (Watergate). Someone like Andrew McCabe, who didn’t recuse himself when his wife received $0.5M campaign donations from Podesta. Like Bruce Ohr, whose wife was paid by Fusion GPS, and a Republican version of Strzok, who constantly texts praise of Trump while investigating his campaign. People who will go easy on Trump’s associates, like the FBI appears to have done with Clinton and her associates. Based on precedent, Trump deserves such loyalty.

      Hypocrites like you don’t care about Swamp Creatures; you just want Swamp Creatures who are on YOUR side.

      Americans deserve people like Sessions and Rosenstein, who have correctly placed the investigation outside of Trump’s control and in the hands of someone who will have credibility when he clears Trump of major wrongdoing and judges the Steele Dossier implausible. (Or not, as the case may be.) Someone who has forcefully and quickly gained the cooperation of most of the major figures likely to have known about collusion.

      So why is Trump complaining about Mueller? Oh yes, his son, son-in-law, and indicted campaign manager did meet with some Russians to discuss HRC’s email and the Magnitsky Act. That arguably was collusion, but not necessary criminal. To be honest, the fact that the meeting was held in Trump Tower suggests the absence of any criminal intent. Which leaves the final problem, was Trump thinking about this meeting when he fired Comey?

      • mpainter
        Posted Feb 22, 2018 at 7:28 AM | Permalink

        Frankskew: add Comey and Mueller, both Obama appointees from Bushco. There was a reason.

        • Frank
          Posted Feb 22, 2018 at 10:52 AM | Permalink

          Mueller was not appointed by Obama, but his term was extended by two years by Obama. Mueller was a Bush and Trump/Rosenstein appointee. Comey was an Obama appointee, probably because Obama wanted someone non-partisan and Comey had resisted the Bush WH about unconstitutional domestic surveillance as deputy AG. With Holder and Lynch supervising Comey, Obama thought he would be safe from investigation. I’ll bet he was shocked when Comey announced that the AG and WH don’t know what I’m about to say about indicting HRC at this press conference.

          I refuse to add Mueller and Comey to the above list of Swamp Creatures simply because they show no systematic bias for or against the administrations they served. Any mistakes or poor judgments they made were “honest” mistakes. There were many during the email investigation, but not always benefiting the same party. The IG’s report should be interesting.

          Wray is being idiotic resisting Congressional Oversight. The truth is going to come out about all the mistakes that have been made, so there is no point in resisting. The FISA warrant and the Nunes memo didn’t need to be suppressed. Trump has almost all new people at the DoJ and FBI. Tell him to stop whining and let them do their jobs

        • mpainter
          Posted Feb 22, 2018 at 12:23 PM | Permalink

          Honest mistakes? Comey bet on Hillary and lost. A big mistake. Honestly.

        • mpainter
          Posted Feb 22, 2018 at 1:00 PM | Permalink

          Curious how these two Bushco stalwarts wound up running the FBI for Obama. All those “honest mistakes”, tsk, tsk. Or maybe it was no accident. Maybe there was nothing honest in the deal.

        • Posted Feb 22, 2018 at 2:26 PM | Permalink

          Frank is correct in that we don’t want to replace Obama with a Nixon. I think this was the appeal for many Americans of bringing in an outsider as president. I was not for Trump in the primary but the wisdom of my fellow conservatives is showing through in hindsight. Having an outsider invited every insider to use their influence inappropriately to thwart him, and thus exposing themselves in the longer-run. Ironically, Trump was absolutely correct when he claimed he alone could fix Washington [aka the swamp]. Trump in 10 years could be a dictator (if he had the media in his pocket like the Dems). But thankfully term limits prevent that.

        • Don Monfort
          Posted Feb 22, 2018 at 3:50 PM | Permalink

          You seem to be proposing that Trump wants to be a dictator, Ron. Why would you go there? And please tell us what makes you think Trump, if he wanted to, would be so foolish as to think that he could become dictator. Do you think he is not aware of our Constitution, our history? We don’t have dictators here, Ron. You must be joking.

          PS:dictators are not troubled by term limits

        • Posted Feb 23, 2018 at 10:11 AM | Permalink

          Don, regarding Trump becoming a dictator, I should have qualified my opinion that history shows that almost any alpha personality is capable of becoming a dictator if checks and balances are removed or become eroded over time. FDR was getting close, for example, which is why term limits were enacted. Gorbachev was the exception and perhaps not an alpha personality. It also helped to received adulation of the world for not cracking down. Reagan had something to do with playing on his conscience as well.

        • Posted Feb 23, 2018 at 10:21 AM | Permalink

          Don, I remember you pointing to Gen. McMaster’s acknowledgement of Russian meddling as persuasive. Apparently, Trump is viewing McMaster as being somewhere toward Rosenstein swamp loyalty scale.

          After U.S. Special Counsel Robert Mueller charged 13 Russians, a Russian propaganda arm and two other firms on Feb. 16 with tampering in the election to boost Trump, McMaster said the evidence of Moscow’s meddling was “incontrovertible.

          Trump publicly chastised McMaster in a Twitter post, saying McMaster “forgot to say that the results of the 2016 election were not impacted by the Russians.” -Newsmax

          The Russian trolls I think everyone agrees were insignificant, albeit unacceptable. The Wikileaks remains unproven.

        • Don Monfort
          Posted Feb 23, 2018 at 12:46 PM | Permalink

          That’s an interesting theory, Ron. It may actually have some validity, if restricted to shady third world s#!thole countries of Africa, Latin America etc. But I gave it a little thought and could not think of an example of an alpha personality becoming a dictator in any first world country that had a history and tradition of adhering to democracy. I am not a big fan of Roosevelt’s politics, but I see no reason to believe he was close to becoming a dictator.

          I never said anything about Gen. McMaster. I said that Trump is relying on Adm. Rogers NSA-CYBERCOM “moderately confident” assessment that Russia was behind the hacks.

          I am sure that the wikileaks did affect the election. And I am moderately confident that it was the Russkis. First thing those @#$%$$#@%$ers have ever done that I appreciate.

          I am worried about your memory lapses and other apparent cognitive issues, Ron:)

        • Posted Feb 23, 2018 at 7:34 PM | Permalink

          Don, yes it was Adm. Mike Rodgers of CYBERCOM and NSA. Your still sharp. 🙂

          Still I would interchange Trump’s feelings and position with Rogers and McMaster, Pompeo and definitely Wray. They all trust the swamp more than they do Trump. That makes us about as far from danger of a dictatorship than our country has ever been (at the moment). Trump deserves more respect by his subordinates and would have it but for it being dangerous to be close to an enemy of the press and the swamp. People guard their careers.

          Regarding first-world countries with a tradition of democracy, that’s not a very large or particularly old club. And, our country (and world) is changing fast. I couldn’t imagine that ideas about socialism would be so mainstream in America 30 years ago looking forward. Most students are no longer taught about the great American experiment. Instead large numbers are getting indoctrinated to look sympathetically at communism and told white people stole the country from the peaceful indigenous people by giving them diseased blankets as gifts. Think about the demographics that will be counted on to preserve democracy in America 50 years forward.

          Trump might work out as a miracle if he can facilitate the reform of dynamics that created the swamp, including the US IC. Sorry, I am not putting down the people in the IC. All of us are born with potential to develop vices and virtues. It’s our job to hone the culture and the establishments so they can in turn hone the virtues of our children’s nature (without coercion).

        • Posted Feb 23, 2018 at 7:45 PM | Permalink

          The press proclaiming Trump as a dictator is doublespeak. A thinking person knows dictators use the treasury to bribe the masses for popularity to be used to cleans opposition parties and institutional checks. (Hugo Chavez was laughably transparent at this.) Then once power is consolidated they promise the current suffering and despair is just medicine — Utopia is only 100 year away.

      • mpainter
        Posted Feb 22, 2018 at 7:33 AM | Permalink

        If Trump is to properly drain the swamp, he needs people at DOJ who support that objective. Trying to portray Trump as another Obama will not work. Frankskew.

      • Don Monfort
        Posted Feb 22, 2018 at 11:35 AM | Permalink

        Frank has been mesmerized by the BS “collusion” meme.

        • Frank
          Posted Feb 24, 2018 at 6:01 AM | Permalink

          Don: One of us apparently has been mesmerized. I’ve been reading Scott Adams book about Trump’s masterful campaign, subtitled “Persuasion in a World Where Facts Don’t Matter”. One of his points concerns confirmation bias and the inability of humans to retain and recall information that conflicts with their deeply held beliefs: Cognitive dissonance. I’m sure you are aware of the meeting between Trump Jr., Kushner, Manafort, Russia’s chief lobbyist for the Magnitsky Act and an ex-KGB agent. Trump Jr. was told the meeting would discuss “official documents and information that would incriminate Hillary and her dealings with Russia and would be very useful to your father.” You aren’t stupid enough to believe the cover story that they discussed allowing Americans to again adopt Russian orphans. You must be aware that the existence of this meeting was kept secret for six months after the Russia investigation became public. What word would you use to describe that meeting?

          Why do you think Kushner still doesn’t have a security clearance?

          The problem of cognitive dissonance makes it difficult for people to a retain information that disagrees with their deeply held beliefs. mpainter, for example, knows that Comey has hurt Trump badly – and therefore must be a Trump-hating Swamp Creature. mpainter seems incapable of remembering that Comey re-opened the email investigation a few weeks before the election. Nor of recognizing that Comey could have badly damaged Trump’s chances by publicly or anonymously announcing the Russia investigation before the election.

        • mpainter
          Posted Feb 24, 2018 at 7:37 AM | Permalink

          Frank holds forth on “cognitive dissonance” while repeatedly proclaiming that Comey is guilty of nothing more than “honest mistakes”. When I agree that Comey made big mistakes, he gets exercised, haha ho ho.

        • Don Monfort
          Posted Feb 24, 2018 at 2:29 PM | Permalink

          Ah, Kushner still does not have a security clearance? That has Russia Russia Russia “collusion” written all over it. That meeting in Trump tower. Hmmmm!

          Someone told Trump Jr. that they had dirt on the old hag and he agrees to meet with them. They didn’t have any dirt, Kushner got bored and left, the conversation shifted to orphans, was soon over and blah blah blah. This is the heart of the “collusion” meme. Frank is hooked on it.

          Tell me what I am supposed to believe happened in that Trump Tower meeting, Frank. Is that meeting the “collusion”? There is no beef there, Frank. It is not illegal, or even unethical to meet with Russians, to talk about the old hag, or orphans. Period. Stop with the Adam Schiffless BS, Frank. We expect better from you.

        • Frank
          Posted Feb 24, 2018 at 5:57 PM | Permalink

          Don wrote: “Tell me what I am supposed to believe happened in that Trump Tower meeting,”

          Don, you need to figure it out for yourself, before dismissing the idea of collusion. Or, have you rejected the idea because it is incompatible with your belief in Trump?

          Don: “It is not illegal, or even unethical to meet with Russians, to talk about the old hag, or orphans.”

          Of course, but it is illegal to discuss circumventing the Magnitsky Act in return for dirt on the old hag. And someone, presumably the Russians, delivered the dirt on the old hag’s campaign manager, John Podesta, in October. So we potentially have half of quid pro quo. Right?

          And it was illegal for Kushner to fail to inform the FBI about this meeting when applying for a security clearance. And it is suspicious to have lied to reporters about this subject and kept it secret for the first six months of the Russia investigation. Doesn’t secrecy suggest collusion (or idiocy) to you?

          Kushner failed to report his meeting with the Russians to those researching his security clearance until April. Two months after submitting this info and the FBI’s investigation of it, the NYT has the story, prompting Trump Jr. to publicly release his email and go public with the dubious story we have today: The Russians supposedly arranged a meeting to discuss dirt on HRC and allegedly had none to offer (when we know they had Podesta). I’d guess that the failure to issue a security clearance means the FBI isn’t satisfied with the story. Can they refuse a clearance without a polygraph?

        • Don Monfort
          Posted Feb 24, 2018 at 6:49 PM | Permalink

          Oh, we potentially have half of a quid pro quo. That is really stupid. You are talking foolishness, Frank. What we are looking for is evidence of a quid pro quo. A quid pro quo requires both a quid and a pro, not suggestions of maybe this and maybe that, along with your guesses and suspicions. Where is the freaking evidence, Frank?

        • Don Monfort
          Posted Feb 24, 2018 at 6:49 PM | Permalink

          Oh, we potentially have half of a quid pro quo. That is really stupid. You are talking foolishness, Frank. What we are looking for is evidence of a quid pro quo. A quid pro quo requires both a quid and a pro, not suggestions of maybe this and maybe that, along with your guesses and suspicions. Where is the freaking evidence, Frank?

      • Frank
        Posted Feb 23, 2018 at 2:45 PM | Permalink

        mpainter wrote the following nonsense: “Comey bet on Hillary and lost. A big mistake.”

        The hypothesis that Comey consistently acted in favor of HRC is refuted by the facts.

        Comey publicly announced re-opening the email investigation 2 weeks before the election. HRC and other observers show that this is when the polls swung in Trump’s direction. (Yes, I know the material was discovered much earlier. The idea that Comey was pressured by fear of leaks from his staff or investigators, like Strzok, now appears to be a bad joke. Threats of leaks sounds like a good cover story to appease what they thought would be an angry President Hillary Clinton. We’ll have to wait for the IG’s report.)

        To ensure he won his bet, your hypothesis would be that Comey maneuvered AG Lynch out of the way and did everything he could to obscure HRC’s wrong doing when testifying in front of Congress. Did this testimony help HRC? (Trey Gowdy is a sharp dude and Comey did nothing to filibuster, misdirect or obscure this line of questioning: the best case for prosecuting anyone made.)

        Many (including Senator Graham and likely the forth IG’s report) have criticized Comey for disclosing so many of Clintons mistakes, when no charges were brought. They assert that the FBI doesn’t publicly smear ordinary citizens after an investigation produces no charges and that HRC shouldn’t have been treated any differently. AG Lynch might have adopted this position. Comey chose transparency and candidly disclosed what the FBI had learned, presumably so interested voters would be better informed about the allegations.

        • mpainter
          Posted Feb 23, 2018 at 3:38 PM | Permalink

          Strzok is talking, no surprise. He will be a prime witness in the government case against Comey, who has clammed up and tweets no more.

        • mpainter
          Posted Feb 23, 2018 at 3:44 PM | Permalink

          The exculpatory evidence is from the DOJ IG. This will show that McCabe proceeded against Flynn for reasons of animus and designed a trap for him. The charges against Flynn will be dismissed. Mueller and the FBI will be excoriated by Sullivan and … sproing! Adios Mueller.

        • Don Monfort
          Posted Feb 23, 2018 at 4:28 PM | Permalink

          You could say that Comey wasn’t entirely in the tank for the old hag, but he is ultimately responsible for the pathetic pseudo-investigation into the email crimes. A real investigation would have revealed multiple prosecutable offenses. Period.

          Comey sees himself as a boy scout and defender of whatever it is he thinks he is defending. If he thinks he was defending the integrity of the DOJ and FBI, he is delusional. Much of what he did was done to keep his job. When that hag Lynch told him to call it a matter instead of an investigation, he went along like a little chump. When his underlings softened the story he was going to tell about hillary’s crimes, he went along. By having the “independent” FBI take responsibility for the non-prosecution, he tried to create the illusion that it was an impartial non-political decision letting the DOJ, Obama, hillary somewhat off the hook for what was an obvious partisan fix.

          Comey eventually informed the Congress about the Weiner email story, because he had testified that he would notify them if something else came up. He had to tell them or risk them finding out from the NYPD or some conscientious FBI guy, or the IG. What he did for hillary was to not conduct a proper investigation of the new emails, just as he had done in the main case. He put Strozk on it to do a biased go-through-the-motions cursory search. That was done very fast to be able to exonerate old hag, before the vote. Later we found out there were classified emails there that could have led to more problems for old hilly and her toadies.

          Bottom line is that Comey bent over backwards to let old hilly slide and went after Trump as if he were the devil.

        • Don Monfort
          Posted Feb 23, 2018 at 4:35 PM | Permalink

          “The exculpatory evidence is from the DOJ IG.” What is it? Got a link? Or another hallucination?

  70. Don Monfort
    Posted Feb 21, 2018 at 7:18 PM | Permalink

    Wishful thinking. Mueller will complete his so-called investigation and it will end in a whimper.

    Sessions is not the only dud that Trump has appointed. Hopefully, he has learned something from his early mistakes.

  71. mpainter
    Posted Feb 21, 2018 at 9:26 PM | Permalink

    Article in today’s Washington Times utterly condemning of the FBI. Great reeking stench, that organization. Do away with single Directors. Wray is doing the same cover-up type stuff that his predecessors did (Comey and Mueller). Board control with criminal penalties for the FBI, other IC, is only remedy. Wray is an ass who only compounds their problems. Another Trump mistake at the DOJ. Wise up, Trump.

  72. mpainter
    Posted Feb 23, 2018 at 5:44 PM | Permalink

    Judicial Watch has filed a FOI suit against the Department of State demanding information on the Samantha Power “unmaskings” (260!of them), one per day in the last months of Obama!). Strange that congress has not subpoenaed this information.

  73. Frank
    Posted Feb 24, 2018 at 6:33 AM | Permalink

    Ron Graf wrote: “The Russian trolls I think everyone agrees were insignificant, albeit unacceptable.”

    I’ll disagree. I don’t think there is enough evidence to know what effect they had. The idea that our election could have been manipulated by the Russians arouses strong emotions, making it difficult for both Trump-haters and -supporters to see the situation clearly. Ron: How many pages did the trolls create? How many people saw them? How persuasive were they? If you don’t know, what is the basis for your statement?

    Before ridiculing some of mpainter’s claims, I have checked some see if I have missed something. Checking has led me to a swamp of lunatic fringe web sites. The most startling post I came across was entitled: “Trey Gowdy Just Announced Undisputable Evidence Found During The Clinton Compound Raid”. It was dated June 2017. As best I can tell, there hasn’t been a raid on the Clintons and the results of such a raid would certainly not be announced by Mr. Gowdy. Was this the product of Russian trolls???

    Anyone want to guess how may websites have published this title word for word? How many Youtube videos? Would you believe that one video (Hot News) has 82,000 views? Others with thousands of views. How many times has this been forwards through social media? Or paraphrased and not found by my exact quote search?

    If this is one of perhaps thousands of stories produced by the Russian trolls, perhaps they could have had an impact. I certainly wouldn’t have thought so two years ago. Perhaps paranoia has set in.

    • mpainter
      Posted Feb 24, 2018 at 8:31 AM | Permalink

      Here Frank waxes hot against the “lunatic fringe” while above he cites truths from Dilbert. Curious fellow, that Frank.

    • Posted Feb 25, 2018 at 12:38 PM | Permalink

      Frank, the Rosenstein press release indicting the Russian troll masters had some interesting facts that you are not considering.

      1) Most of the Russian financed ads were after the election.

      2) Almost all of the ad money was spent outside of the critical battlegrounds of PA, MI and WI.

      3) Rosenstein, (who signed a Page FISA extension and appointed Mueller,) emphasized that there was not a single US cut-out involved in the troll campaign.

      4) He also declared the (the all Dem) Mueller investigation concluded the Russian aim was not to elect Trump but to so domestic division and discord into the country and political process.

      5) Point 4 is backed up by the support of the Trolls for Bernie Sanders in the primary as well as organizing anti-Trump rallies after the election.

      Although the Dem MSM savored Mueller indictments they missed that they provide strong circumstantial evidence against Trump collusion and in favor of meddling for the sake of destabilizing America. There is no doubt that the inexperienced Trump campaign would have been a target of dangles by agents but there is no evidence they bit (like Schiff did). Manafort is surely being offered a “get out of jail free card” if he will attest to any collusion at Trump Tower.

      There is strong circumstantial evidence that Clinton bit on a Russian dangle in the Steele dossier and facilitated the US IC’s compromise as well. Natalia V’s close ties with Fusion GPS and her meeting with them before and after the Trump tower meeting strongly suggests that Russia was setting up both Trump and Hillary.

      • Don Monfort
        Posted Feb 25, 2018 at 4:42 PM | Permalink

        Don’t hit Frank too hard with facts, Ron. He prefers the meme. Let’s just pretend that the Trump Tower meeting was the “collusion”. Donald Jr. and Kushner et al. met in their own building with a gaggle of people they didn’t know from Adam and discussed a plot to somehow pay off the Russkis to do whatever. So, all these rich billionaires and scions living the good life with their own jets and helicopters risked it all to win a freaking election, so they could work without pay to what end? Make more billions? The Russia Russia Russia meme is ludicrous BS.

      • Don Monfort
        Posted Feb 25, 2018 at 4:42 PM | Permalink

        Don’t hit Frank too hard with facts, Ron. He prefers the meme. Let’s just pretend that the Trump Tower meeting was the “collusion”. Donald Jr. and Kushner et al. met in their own building with a gaggle of people they didn’t know from Adam and discussed a plot to somehow pay off the Russkis to do whatever. So, all these rich billionaires and scions living the good life with their own jets and helicopters risked it all to win a freaking election, so they could work without pay to what end? Make more billions? The Russia Russia Russia meme is ludicrous BS.

      • Frank
        Posted Feb 25, 2018 at 5:59 PM | Permalink

        Ron: Thanks for the reply. You didn’t provide a source for your statements. When I did my own search, I found a video and transcript of Rosenstein’s press conference that differs substantially from items 1) 2) and 4) in your comment:

        https://www.realclearpolitics.com/video/2018/02/16/watch_live_deputy_ag_rod_rosenstein_announcement.html

        “There’s no ALLEGATION IN THE INDICTMENT of any effect on the outcome of the election.”

        “The defendants allegedly conducted what they called information warfare against the United States, with the stated goal of spreading distrust towards the candidates and the political system in general.”

        Of course, spreading distrust about the political system in general would favor outsiders like Trump and Sanders.

        “AFTER THE ELECTION, the defendants allegedly staged rallies to support the president-elect, while simultaneously staging rallies to protest his election. For example, the defendants organized one rally to support the president-elect and another rally to oppose him, both in New York, on the same day.”

        As best I can tell, Rosenstein said nothing about whether or not this effort mostly favored Trump. Since it started in 2014 and continued after the election, there were perhaps six months when the main focus may have been on electing Trump. Even if it were true, Mr. Rosenstein won’t want to anger Trump by making this statement, and he dodged this question.

        So who is providing you with a misleading summary of what was said? You don’t strike me as someone who is easily duped, but it is getting extremely hard to separate fact from fiction and spin these day. (Ignore Don and feel free to criticize my mistakes. I’d like to know the truth even if it challenges my biases.)

      • Frank
        Posted Feb 25, 2018 at 6:37 PM | Permalink

        Mueller’s team is not all Democrat: three are independents, and the most powerful member is Republican. Given the fact that many attorneys are Democrats, that even more attorneys in NYC and DC (the locales Mueller could easily recruit) are Democrats, and that Democrats would be more likely to accept an offer to join the special counsel’s team, it is not surprising that there so many Democrats. Ken Starr’s team was also mostly Democrats.

        Technically, Mueller may not have been allowed to ask about party affiliation when hiring. If so, the hiring process could have been unbiased.

        If Mueller uncovers wrongdoing by President Trump, his team will not prosecute. They will present a report to the House, and the Judiciary Committee will serve as a Grand Jury. The Chairman and Ranking-Member coordinate the preparation of charges and function as prosecution and defense. The President is somewhat protected from any bias in Mueller’s team.

        Mueller’s main objective with some of the other [Republican] defendants is to gain their cooperation, so that he can accurately report on whether President Trump colluded with the Russians. These campaign insiders are the only ones who can tell us what happened. Rat, and you’ll get a good deal. Otherwise …

      • Posted Feb 25, 2018 at 7:16 PM | Permalink

        Frank, here is an article by Byron York who actually dug a little deeper than simply reprinting the press release. I had to dig for it so I don’t blame you. If you are a Dem it’s very hard to find all the facts to the MSM narrative.

        About 25 percent of the ads were never seen by anyone, Facebook said. And of the total ads, “The vast majority…didn’t specifically reference the U.S. presidential election, voting or a particular candidate.”

        Looking at key states, the total spent on ads targeting Wisconsin was $1,979, according to Senate Intelligence Committee chairman Richard Burr. Ad spending in Michigan was $823. In Pennsylvania, it was $300.

        That is not the stuff of rigging elections.

        Regarding Mueller, he walks like a duck, quacks like a duck but claims he’s a penguin. Rosenstein reportedly brought Mueller to Trump to be FBI director and when Trump refused appointed him special counsel to investigate Trump. I didn’t make that up but don’t feel like searching for it. Maybe Don or Painter can do it for me. Anyway, with Schiff, Feinstein and all of CNN threatening to scream obstruction (again) if Trump fires Rosenstein one can hardly say Rosenstein is a WH puppet.

        • Don Monfort
          Posted Feb 26, 2018 at 1:38 AM | Permalink

          Frank is splitting hairs in defense of the ludicrous Russia Russia Russia meme. Another Adam Schiffless. Pathetic. DOJ IG Horowitz, The Destroyer of Moronic Memes, report coming out in the next few weeks. Let’s see how they spin that one.

        • Frank
          Posted Feb 26, 2018 at 3:46 AM | Permalink

          Thanks for the article. It helped me differentiate between the ads paid for by the Russians, as compared with the free activity on social media and on web pages.

          I found some campaign spending figures that disagreed with York’s, but I think that, on a total dollar basis, the Russia effort was puny. However, if dollars bought votes, HRC would have won. And webpages are a totally different phenomena that ads.

          I guess I am concerned about the effectiveness pro-Putin propaganda and the alliance between the alt-Right and Russia. Russian attempts to tear down our institutions and create distrust in our government is much more effective combined with Trump’s MAGA. America is already great (though it can be greater). When in the past was America greater, Mr. Trump? Under LBJ? Nixon? Ford? Carter? Bush 1? Clinton 1? Bush 2?

          I’m not a Dem, but it is still difficult to find reliable news these days. Fox News can’t afford to have any conservatives who aren’t 100% behind Trump. If Trump turns on him, the network faces financial ruin and they both know it. (See Megan Kelly.) In the primary, Trump’s outrageous behavior sucked all of the attention from his opponents. With today’s war between Trump and the Democrats, there is no room for centrists or conservative opponents of Trump. I occasionally come across a paper copy of the WaPo and feel like vomiting. Don’t those liberal elites know their non-stop ranting counterproductive and is going to get Trump re-elected?

        • Posted Feb 26, 2018 at 10:22 AM | Permalink

          Frank, you are correct about MAGA. It’s natural to look back nostalgically and there were many things less than great about the US at all times. I think the gist of MAGA is the change from the traditional consensus that America’s ideals are great. And thus we can be a leader rightly (but of course not without mistakes).

          There are liberals at Fox, Chris Wallace, Shepard Smith, Jessica Tarlov, Doug Schoen, Juan Williams, Heraldo. Of Course Fox is a conservative dominated network, but it wouldn’t work if they didn’t present both sides. Megyn Kelly left on her own. She was offered gobs more money by Fox but wanted more family time.

        • Don Monfort
          Posted Feb 26, 2018 at 11:53 AM | Permalink

          What alliance between the alt-right and Russia, Frank? That’s WaPo huffpo BS. You may vomit when you read that crap but it obviously sticks in your head.

          Trump’s outrageous behavior that differentiated him from the gaggle of impotent also-rans was his addressing of the real concerns of voters and offering real solutions. Having the guts to stand up to the left loon national fake media mob didn’t hurt him either. Trump is going to get re-elected in 2020, because he is delivering the goods.

        • Frank
          Posted Feb 27, 2018 at 4:20 AM | Permalink

          Ron, I believe you’ll find that the centrists you cited are complaining that the war between Trump and the Dems is removing all the attention from anyone with a nuanced position. The excitement, ratings and money are dominated by the WAR. When was the last time you heard one speaker praise AND criticize Trump (for different actions) in one show?

  74. mpainter
    Posted Feb 24, 2018 at 7:57 AM | Permalink

    The Bushco twins, Mueller and Comey, like Democrats, just love them. Comey loaded the seventh floor with them, Mueller selected an all-democrats team as special counselor. It is often a matter of asking the right questions, if one seeks to make sense of things.

    Question: Why do these two Bushco stalwarts load up on democrats and exclude Republicans?

    Question: Why would Obama choose these two Bushco stalwarts to run his FBI?

    Question: What does Holder-Lynch have to do with Mueller-Comey?

    Puzzling, is it not?

    • Frank
      Posted Feb 25, 2018 at 6:47 PM | Permalink

      mpainter: It is not puzzling. Obama didn’t pick Mueller, Bush did.

      Obama was on the Senate Judiciary Committee that investigated AG Gonzales. There he learned that deputy AG Comey had stood up to Gonzales (then WH counsel) over the constitutionality of domestic surveillance programs while his boss, AG Ashcroft, was in the hospital. Both Comey and Mueller informed a surprised Bush that they would resign if the AG was bypassed while re-authorizing existing programs. I suspect that this is what brought Mr. Comey to Obama’s attention. When Gonzales became AG, Comey left for private practice.

      • Don Monfort
        Posted Feb 26, 2018 at 1:52 AM | Permalink

        You don’t even get the basic facts right, Frunk. Obama did pick Mueller. His term as FBI head had expired and Obama kept him on. And Obama didn’t learn anything as a rookie clowning on the Senate Judiciary Comm. He first learns about everything in the newspapers.

      • Don Monfort
        Posted Feb 26, 2018 at 1:52 AM | Permalink

        You don’t even get the basic facts right, Frunk. Obama did pick Mueller. His term as FBI head had expired and Obama kept him on. And Obama didn’t learn anything as a rookie clowning on the Senate Judiciary Comm. He first learns about everything in the newspapers.

        • Frank
          Posted Feb 27, 2018 at 3:56 AM | Permalink

          Don: Sorry I omitted his re-appointment by Obama for an additional 2 years after his 10 year term.

          Comey and Mueller kept their confrontation with Bush and Gonzales over domestic surveillance out of the news. This was in 2004, an election year. WH Counsel Gonzales had hidden from Bush the seriousness of the opposition in the DoJ to his plans to re-authorize an expiring program without AG Ashcroft’s signature while the AG was in the hospital. Bush heard about the seriousness of the dispute and called in Comey – as it turns out with resignation letter ready iin his pocket. Bush asked if anyone else agreed with Comey and was shocked to learn FBI Director Mueller might also resign (and others). Bush immediately called in Mueller. Bush ordered Comey and Gonzales to find a mutually agreeable compromise. The press heard none of this story, and Comey quietly left the dAG job when Gonzales was soon promoted to AG.

          When the Senate was investigating other dubious conduct by AG Gonzales several years later, Mueller was being questioned under oath when he revealed the previously unknown confrontation. Later Comey testified. Very likely, this was one story Obama learned about first in person, not from the press. Under attack on many fronts, AG Gonzales soon resigned.

    • mpainter
      Posted Feb 26, 2018 at 3:27 AM | Permalink

      Bush says that Bill Clinton is like a brother, said this several times, said this last summer on TV. Bush endorsed Hillary during the campaign. Does his best to cut down Trump. Why ? What’s this close affinity between Bush and the Clintons? Puzzling.

      Does Bush likewise have some affinity for Obama?

      Obama retained Bushco Robert Gates as Secretary of Defense. Gates longtime Bushco stalwart. Way back. Why did Obama not name his own Democratic supporter to this important position in his administration? Why did he keep the Bushco Gates? Puzzling. Why the Bushco twins, Mueller and Comey to run his FBI? The answers to these questions will explain why Trump was targeted by the IC, the FBI, the unmasking, and the desperate coup d’etat attempted against him.

      • mpainter
        Posted Feb 26, 2018 at 3:38 AM | Permalink

        When Trump tweeted last year that Obama had him “wiretapped”, the MSN heaped ridicule and scorn on him. We now know what Trump knew a year ago. Last month Trump used the word _Treason_. What does Trump know that we have yet to learn? A political firestorm is coming. The Democrats and the Bushco Republicans will be consumed. Everything will be revealed.

        • mpainter
          Posted Feb 26, 2018 at 3:53 AM | Permalink

          John McCain and Mitt Romney, the two past Republican presidential candidates. Both of them poured disdain on Trump, showed him much antipathy during the campaign, as did Bush. Why? Why do these three hate and fear Trump? How big is Bushco?

          Bushco was started over forty years ago, when the senior Bush was Director of the CIA. Bushco is vast.

        • Posted Feb 26, 2018 at 10:06 AM | Permalink

          Painter, I disagree there is a vast coordination against Trump or any outsider, though I agree that it’s implausible that Bush got the CIA director job without any prior IC connections. Perhaps the reason for Romney and McCain’s curious disdain for Trump is that they themselves are natural targets of information ops by the IC. For example, we got a rare glimpse of tradecraft witnessing McCain’s selction by Steele (HRC) to be given the dossier. How many other secret documents to these important people get privileged to see that they can never discuss?

          Coming back to Russia’s 2016 op, they succeeded beyond their intention. I mean the point was for the dossier to remain sub rosa to infect Hillary and allow her to influence a growing circle from the 7th floor to the GOP establishment. They made it salacious and unpublishable (they thought) to prevent ever a daylight investigation, which would be the only way the op gets exposed. Now Russia (Putin) will suffer public supported blowback. Russia failed in the end.

        • mpainter
          Posted Feb 26, 2018 at 10:37 AM | Permalink

          “vast coordination” is your phrase not mine so you disagree with something that I never stated.

      • Frank
        Posted Feb 27, 2018 at 5:46 AM | Permalink

        Get your facts right Painter! Neither President Bush endorsed Hillary OR Trump. Laura Bush did. A family member claims to know HW intended to vote for Hillary. A large segment of the Bush foreign policy establishment endorsed Hillary because they know an alliance of democracies requires mutual trust and respect. Trump’s unpredictability, unilateralism, trade sanctions on South Korea in the midst of threats to attack North Korea, etc. scares the he11 out of the foreign policy establishment of both parties (and probably Trump’s own administration. This strategy works well for autocrats like Putin, but is dubious (though satisfying for the impatient) for the USA.

        https://www.washingtonpost.com/news/the-fix/wp/2016/06/30/heres-the-growing-list-of-big-name-republicans-supporting-hillary-clinton/

        Bush II kept this father at a distance while he was President. He picked his father’s rival, Rumsfeld, as his SoD and offered no position to Gates at first. Gates believed the secretary of Homeland Security was a beaucratic monstrosity and backed out of taking that job when offered in 2004. After six years on the outside and happy as President of Texas A&M, he took the job as SoD because the nation was losing a war and he was asked to help. (He used to go running with ROTC students who were now fighting and dying in Iraq.) The Dems on Congressional oversight comittees were so impressed with Gates performance, that they urged Obama to keep Gates for continuity until he identified a successor he could trust and promote. Having worked personally with two Bushes, Reagan and Carter, Gates knew a lot about how to work with Presidents on national security issues. I recommend both of his books. He is the kind of author who praises SoS George Schultz as Reagan’s most effective cabinet member before explaining the root causes of their disagreements (Gates reported on the USSR as it was at the time, Schultz as he hoped it would and did evolve), before discussing how Schultz tried to have Gates fired.

        • mpainter
          Posted Feb 27, 2018 at 7:26 AM | Permalink

          Yes, a sneak endorsement by Bush. He had it put out in September that he intended to vote for Hillary. You call that no endorsement? I call it an endorsement.
          Concerning Robert Gates, he is Bushco, like I said. The reason Obama kept him as Secretary of Defense was Bush and he made a deal on the rake-off from Kellogg, Brown & Root, the corrupt Houston based defense contractor. Long time corrupt, starting with LBJ; see Brown & Root. Does Gates smell sweet to you Frank? Strange that you would spill so much ink defending him.

          I note that you confess your error above, having denied that Obama appointed Mueller his FBI Director. You apologized to Don when you should have apologized to me. But, don’t worry, I don’t need one.

          My point stands: Why the affinity between Bushco and the Clintons? And Bushco and Obama? There is a reason and other will come out.

        • Frank
          Posted Mar 3, 2018 at 3:13 AM | Permalink

          A rumor that HW intended to vote for Hillary is not and endorsement. An endorsement is a PUBLIC announcement encouraging others to vote for the candidate being endorsed.

        • Frank
          Posted Mar 3, 2018 at 4:09 AM | Permalink

          Mpainter: Yes, I do think Bob Gates is probably the most extraordinary public servant of his generation. Middle class family, non-elite university, and rose from entry-level job in the CIA to director, kept Dems from cutting off funds for Iraq, avoiding a second Vietnam. Fired Sec of Army over Walter Reed hospital and Sec of Air Force over insecure handling of nuclear weapons.

        • mpainter
          Posted Mar 3, 2018 at 1:42 PM | Permalink

          Poor Frank. It was public notification of Bushco that Trump was their enemy. Bushco has got the message. By the way, Frank, Bush is allied to the Clintons. In case you didn’t notice. And Obama, not as obviously but they are in it together in this never Trump intrigue.

      • mpainter
        Posted Mar 3, 2018 at 12:50 PM | Permalink

        In other words, why did Obama cede control of the Defense Department to Bushco, by retaining Gates? And why did Obama cede control of the FBI to Bushco via Mueller and Comey? That gave Bushco control of the FBI for sixteen long years. The political corruption of the FBI did not just “happen”.

        • Don Monfort
          Posted Mar 3, 2018 at 2:25 PM | Permalink

          You need to calm down. Put on your tin foil hat and watch this, to the end, if your attention span can be stretched that long:

        • mpainter
          Posted Mar 3, 2018 at 5:40 PM | Permalink

          Good verse, lousy song. Can’t stand to listen to it. It should be replaced by Souza’s Stars and Stripes Forever. Imo.

        • Don Monfort
          Posted Mar 3, 2018 at 7:06 PM | Permalink

          We’ll get right on that.

        • mpainter
          Posted Mar 3, 2018 at 7:54 PM | Permalink

          Then let the golden-comb rooster tweet it out for the sly Fox.

  75. John Bills
    Posted Feb 25, 2018 at 4:08 PM | Permalink

    Seeing to what lengths Mueller goes to find evidence of meddling and collusion some might find it scary to know what realy happened.

  76. Posted Feb 25, 2018 at 8:03 PM | Permalink

    Looking back at the question of who was behind the election hacking, (which coincidentally is the topic of this post,) I am now leaning toward totally accepting the Russians were the sole perps. If Russia was actively trying to play both campaigns against each other it makes sense that Guccifer 2.0 was Russian. The timing is well after the Trump Tower meeting and the handing of the fake kompromat to Steele. G2 played the perfect clown, appearing to be pro-Trump Russian to Dems while appearing to be a Hillary dirty trickster to GOP and to Julian Assange, who was made to believe (I he is honest) that his source was a leaker. That many of the trolls were Bernie Sanders supporters makes it plausible that one may have befriended Rich online and presented him assistance in leaking the DNC, if Rich was involved. That would explain why he would need to be silenced. At the same time it would look bad for Clinton for the body count to be adding to in the eyes of her non-fans. It even caused the implication to pass through Donna Brazile’s and into her book.

    Hillary would never have put Warren Flood’s name in the G2 document meta-data. That looks like Russian mischief to have eyes looking at him. Also, the Fancy Bear’s use of MSDepartment misspelled as their domain name smacks as another racial slight. That is an all minority business who were Hillary and DNC’s contractor for network setup and security. They suffered huge embarrassment at ignoring the FBI warnings, thinking it was a crank and telling Podesta that his phishing screen was a “legitimate” email rather than illegitimate, the later event was included in Wikileaks emails, rubbing their faces in it.

    • Posted Feb 25, 2018 at 8:21 PM | Permalink

      If Guccifer 2.0 was Russian he could have been playing a critical role to support the Steele dossier claims, cementing suspicions into beliefs and encouraging Clinton and Steele to go all in, alert the FBI and media. Without the WL and G2 Clinton’s suspicions might have remained unacted on. The seventh floor believed the dossier because Clinton and Steele believed it. If there was no Trump collusion or Hillary collusion then they and we were all duped. Good play Vlad!

      • AntonyIndia
        Posted Mar 4, 2018 at 4:21 AM | Permalink

        Vlad has the advantage of having waaay less money available for secret (cyber) services than the US, so his club of hackers and management is “small” making leaks less frequent. Remember Chelsea Manning being 1 of ~100,000 people having access to that ocean of sensitive data? US leaks balance this scale a bit.

        Still a lot of hardware and software backdoors and errors remain left in popular US IT products and they will stay in NSA/CIA hands as long as they think this is to their advantage. Vlad & Xi looove that mentality while Microsoft, Apple, Intel etc. hate it.

  77. mpainter
    Posted Feb 26, 2018 at 11:10 AM | Permalink

    Phantasmagoria:

    Mueller interviews Trump and wraps up his investigation by indicting Trump for lying to the FBI but it is a sealed indictment because the proof purportedly comes from classified information. With this sealed indictment Mueller erodes Trump’s popular support because it provides the basis for endless stream of fake news. Mueller proceeds to defy all comers and Rosenstein refuses to do anything and the wretched Sessions can’t. The democrats combine with thirty never Trump Republicans in the House to impeach Trump. Mueller plays the game out until 2020 and the Senate trial is unresolved at election time.

    • Posted Feb 26, 2018 at 3:10 PM | Permalink

      Trump and his attorney, Ty Cobb, I’m sure have the same dream. That’s why they will stall the Mueller interview until the IG report comes out, hoping it will blast Comey’s 7th floor. That would provide a basis to publicly call on Mueller to end the investigation, especially if judge Sullivan throws out the Flynn indictment.

      The only fly in the stew is if Papadopoulos brought a specific offer the Russians to the Trump campaign, which seems extremely unlikely. (If he had brought any message from Trump the other way the Trump indictment would have happened long ago.) But if a clear offer was dangled that would be cause to further investigate the response. I have never heard anyone speculate on what Trump could have been persuaded to give Putin. Syria? the Black Sea? Ukraine? dissolution of NATO? higher oil market? pleas to congress to repeal Magnitsky Act?

      When Putin was asked if he tried to help Trump he answered with a straight face that it would make no difference to Russia who was president of the US. Even a dictator can be truthful once in a while.

      • Don Monfort
        Posted Feb 26, 2018 at 4:57 PM | Permalink

        Papadoofalous is a non-entity footnote in this story. The FBI basically ignored that clown and did not interview him or otherwise investigate his connection to the alleged “collusion” until January, 2017. This former never-Trumper thoroughly destroys the Adam Schiffless memo and details the FISA warrant abuse:

        https://www.nationalreview.com/2018/02/schiff-memo-russia-investigation-harms-democrats-more-than-helps-them/

        • Posted Feb 26, 2018 at 11:47 PM | Permalink

          Don, thanks for the very detailed article dissecting Schiff’s Dem memo. It’s hard to know if the Dems are intentionally muddying the water or really don’t see what happened, that not only was Hillary compromised, the dossier was a dangle that was swallowed by the whole of the US IC. And, because of the Obama politicization of the pretty much every federal agency there was no effective resistance to the infection of DoJ, DoS and the WH. But, it went further. Almost the entire Dem party and their (our) media swallowed as well. This leaves our country now in the dilemma of having to admit the establishment was fooled. Or, they can slowly get revealed as idiots as they desperately make more and more outrageous rationalizations and Russia Russia accusations. The real rationalization, of course, is that the damage to their credibility will damage the cause. And nothing is more important than the cause. We will survive it and emerge stronger for it. Thanks Vlad — and wipe that grin off your face.

        • Frank
          Posted Feb 27, 2018 at 6:38 AM | Permalink

          Ron, The Steele Dossier isn’t likely to be a Russian dangle. First, it helps Hillary and Putin hates her. Second, the Steele has several sources and the Russians can’t be sure who all of them are. They can manipulate Steele that effectively. I think Steele saw a chance to ensure that the Americans made what he saw as the right choice and took it. He combined rumor you could hear anywhere with other fake or unreliable info and sold the package.

        • Posted Feb 27, 2018 at 10:23 AM | Permalink

          Frank, if Putin had gotten wind of Steele’s inquiries from even a single one of his sources he would have focused his IC to find everyone Steele was talking to. If Putin at this time is holding the Podesta and DNC time sensitive assets wondering how to play them he would be extremely interested Steele. Looking at the timing of the approaches of Natalia V to Trump Campaign and Guccifer 2.0 it’s pretty clear, even if Mueller had not just confirmed the Russian active measures campaign’s motive to undermine integrity.

        • Posted Feb 27, 2018 at 10:24 AM | Permalink

          You’re missing a trick, Frank. Suppose she won and it “came out” she helped discredit her opponent using fake information obtained from the Russians. That isn’t help, it’s passing her the rope.

        • Frank
          Posted Feb 28, 2018 at 2:10 AM | Permalink

          DaveJR has an interesting hypothesis. Putin dangles tales information and uses it to discredit President Hillary when she wins. First, if you are like most Americans, you didn’t hear about The Steele Dossier before January 2017. So falling for Putin putative dangle did not change the outcome. If Trump believed your hypothesis, he would be very angry at Putin for attempting to sabotaging Trump’s candidacy. So Trump does not believe the dangle hypothesis.

          However. If there had been nationwide publicity before the election and HRC won, she could claim she had nothing to do with publicizing the Dossier (others did the dirty work), that everyone believed Trump’s candidacy was doomed (which is true), and that the Access Hollywood video doomed it, not Steele. In desperation, she could claim what you believe to be the truth, that Steele had fallen for Putin’s trap. Steele WAS paid to expose the truth about Trump’s business in Russia, not make up phony stories or be fooled.

          I personally prefer the simplest scenario: Putin would not directly harm the candidate who openly praised him and promoted isolationist policies that would help Russia.

        • Frank
          Posted Feb 28, 2018 at 2:43 AM | Permalink

          If Putin’s goons had gotten wind of Steele’s activities and wanted to feed Steele a false story of collaboration, they would have created a more plausible story: One main contact between Russia and Trump, not a half dozen people Trump hired as advisors and whom Trump barely knew. Steele claimed Trump had been cultivated for many years. The only Steele uncovered who had known Trump for years was his attorney, Cohen, who has family in Russia. OK, Cohen makes a plausible go between. So why does Steele learn Cohen met with Russians on his summer trip to Italy, rather than in August in Prague, when he has an alibi. The Russians would have concocted and fed Steele a much more effective story than Steele got from his sources.

          Everyone knows that the Russians use honey traps, compile dossiers on major figures and try to subvert influential people. Steele could hear those stories about Trump from a hundred sources. He added true facts about some of Trumps advisor and rumors about them. The result was sensational, but did not paint a consistent picture of a realistic plot.

        • Posted Feb 28, 2018 at 10:15 AM | Permalink

          “Everyone knows that the Russians use honey traps…”

          Personal bias leads to the ability to be easily fooled when we are presented with an expected picture. Magicians famously rely on this phenomenon to create illusions, so also do intelligence agencies.

      • Frank
        Posted Feb 27, 2018 at 6:24 AM | Permalink

        Trump’s attorneys are unlikely to let Trump be interviewed by Muellers team – he could say almost anything that comes to mind and that often isn’t the truth. Mueller has no way to compell Trump to agree to answer questions on Mueller’s terms. That means Trump sacrifices his chance to tell his side of the story in the report Mueller writes and sends to Congress. Nixon didn’t talk to his special prosecutor, nor I think did Clinton. Special prosecutors usually don’t indict presidents (Nixon was named an “unindicted co-conspirator”). Clinton settled after he left office without being indicted.

        Nevertheless, Trump should not be indicted for perjury because his self deception prevents him from recognizing truth as something that does not change. Did Putin interfere in our election? Steal emails? Is Mexico going to pay for a wall? Obama not a natural born citizen? When suing for slander because an author underestimated Trump’s wealth, Trump TESTIFIED (in a deposition) his net worth varied with his mood.

        • mpainter
          Posted Feb 27, 2018 at 7:30 AM | Permalink

          What a load of garbage

        • Don Monfort
          Posted Feb 27, 2018 at 2:36 PM | Permalink

          Frank is a delusional nevertrumper. It’s eating him up that he is looking at seven more years of Trump Rule. Keep us entertained, Frank.

        • Frank
          Posted Feb 28, 2018 at 1:24 AM | Permalink

          Thanks for the name calling. When those who disagree resort to name calling they have no facts to reply with. For info on Trump as a witness, especially testifying that his net worth varies with his mood, see the NR link below. (I didn’t make it up.)

          https://www.nationalreview.com/2016/02/donald-trump-tim-obrien-courtroom-story/

        • Frank
          Posted Feb 28, 2018 at 1:29 AM | Permalink

          Or see this analysis of the possibility of Trump answering Mueller’s questions in person under oath.

          https://www.nationalreview.com/2016/02/donald-trump-tim-obrien-courtroom-story/

        • Don Monfort
          Posted Feb 28, 2018 at 4:03 AM | Permalink

          I tried facts with you, Frank. But you are a Trump hater. You got the sickness. How are you going to survive the next seven Trump years?

        • mpainter
          Posted Feb 28, 2018 at 5:47 AM | Permalink

          A professional realty appraisal valued of a piece of property of mine at $265 k. A realtor recommended that I ask $390 k. It sold for $338 K, two months after the appraisal at $265 k. When I reported this to the licensed realty appraiser, he shrugged and said that he sometimes felt pessimistic. Poor, Frank, your understanding is that of a child.

        • Posted Feb 28, 2018 at 10:07 AM | Permalink

          “…understanding of a child.” We all have bias. Points that get wide press and fit in with our opinions get picked like cherries while we give high scrutiny to those ideas that don’t fit our views. Trump’s comment to me was a witty way of making the point of how subjective it would to try to value his real estate empire. To Huff Po or NYT the comment is as a brazen lie because everyone knows their own net worth.

        • Frank
          Posted Mar 1, 2018 at 4:21 AM | Permalink

          Maintenance and Ron correclly points out that assessments of Trump’s wealth have a subjective component. Nevertheless Trump sued the author of a book for libel because he underestimated Trump’s wealth, hurting his reputation as the best deal maker. It was Trump’s job to prove that even the most conservative estimates of his wealth were much higher than reported with reckless disregard for the truth.

  78. mpainter
    Posted Feb 28, 2018 at 2:45 PM | Permalink

    Trump blasted Sessions again and Trump is right. It looks like Sessions has pulled a stall. The DOJ IG has been nearly fourteen months without issuing a report on their findings. Sessions needs to demand a preliminary report. Turning the FISA abuse investigation over to the DOJ IG will stall any report for another year. Sessions knows this. His motives are suspect.

    • mpainter
      Posted Feb 28, 2018 at 2:49 PM | Permalink

      It should be kept in mind that Trump has an expert legal team to advise him on such issues as well as friends in congress who understand these things very well. In other words, Trump has expert opinion behind such tweets.

    • Don Monfort
      Posted Feb 28, 2018 at 3:34 PM | Permalink

      The IG report is soon to be released. The Big Orange Fella should have kept his mouth shut, at least until it comes out. He appointed Sessions AG. Didn’t his team of brilliant legal advisers tell him that Sessions would be obligated to recuse himself from things related to the Trump campaign? How is it “disgraceful” for the AG to refer to the IG an internal investigation? That is what the IG is for. Trump is stepping on his own dick. He should stfu, or fire Sessions.

      Horowitz is no Obama stooge.

      • mpainter
        Posted Feb 28, 2018 at 4:11 PM | Permalink

        Sessions waved the Constitution while thumping his chest. If Trump doesn’t fire him now, he will look really dumb. __really dumb__.

        • Don Monfort
          Posted Feb 28, 2018 at 8:29 PM | Permalink

          He already looks really really dumb. You are suggesting he goes for really really dumber and dumber. If he fires Sessions, Rosenstein is in charge. Are you so dim as to think that the Senate is going to approve somebody else? You get zero Dims and about 47 Repub votes to confirm anybody that the Big Orange Fella will nominate.

          This is entirely Trump’s doing. He nominated Sessions and had a chance to withdraw the nomination anytime up to the time Sessions was approved, after testifying to the Senate and telling them exactly how he would operate. Sessions actually has integrity and some credibility. If anyone on Trump’s legal team is advising him to keep attacking his own AG, or not telling him to STFU, then they need to go. Start with partisan hack, Jay Sekulow.

          Trump and his sycophant fanboys need to wake up to the fact that POTUS works for the people. He is not running a sole proprietorship, or a freaking TV show.

        • mpainter
          Posted Feb 28, 2018 at 9:25 PM | Permalink

          The drool churns to froth. As if Trump would name Rosenstein as Acting Attorney General. Amusing

        • Don Monfort
          Posted Feb 28, 2018 at 10:09 PM | Permalink

          Who do you think runs the DOJ if there is no AG? I will have to help you. It’s the Deputy AG. Do you know who appointed Rosenstein Deputy AG? How many people do you want the Big Orange Fella to fire? You will have a janitor running the DOJ. I know you are an overwrought fanboy, but let’s not have a complete circus, at least until after the mid-terms.

        • Posted Feb 28, 2018 at 10:36 PM | Permalink

          I guess Trump never thought that after winning the presidency and a year into his term he would be up to his neck in alligators. But he’s a fighter. Sessions is up to his neck and he is simply holed up in his office with the door locked. Rosenstein already is the acting AG. I see the worst news of the day being Hope Hicks being compelled to leave the WH team. She was reportedly seen in tears today. Could be she wants to live free of fear of being targeted by the Dem-MSM state.

        • Don Monfort
          Posted Feb 28, 2018 at 11:08 PM | Permalink

          Et tu, Ron? Sessions is running the DOJ. He is only recused in matters related to the 2016 Presidential election campaign. Deputy AG Rosenstein is in charge of that. Both Sessions and Rosey were appointed by Trump. If he doesn’t have the guts to face the consequences and fire them, then he should just STFU and let the process roll on.

          Undermining his own AG is not going to do Trump any good. It’s not going to do anything good for the country. Undermining the DOJ IG is also counterproductive and stupid. Horowitz is the guy who is revealing all the dirt inside the FBI and DOJ.

        • Frank
          Posted Mar 1, 2018 at 3:57 AM | Permalink

          Don wrote that Trump works for the American people. Perhaps he should. However, Mr. Trump has (with one exception) never worked for anyone but himself. Trump as public servant? The one exception was the public company he founded to invest in casinos. He sold properties he personally owned to this company (self-dealing) with the approval of the BoD he handpicked, the company went bankrupt and his shareholders lost $0.90 on the dollar.

          Does Trump tweet early in the morning for the benefit of Americans or his ego? Was Trump thinking about ordinary Americans when the tax bill was being passed. How come the middle class tax breaks phase out in a few years, but the ones that mostly benefit the wealthy are permanent. (We desperately needed a competitive corporate tax rate, but it should have been paid for by closing loopholes used by those benefitting most from the lower corporate tax rate. All Trump wanted from tax reform was ANY legislative victory.).

          Mr. Trump thrives on controversy; it has kept his name in the limelight for decades. The American people don’t need to lose faith in the FBI, Trump needs them to do so for political reasons. MAGA means replacing leadership with better leaders, not tearing down those HE has appointed.

          Trump has done an excellent job of appealing to those who feel that the political elites of both parties have neglected them. He has given them a voice, but so far done little to help them IMO.

        • Don Monfort
          Posted Mar 1, 2018 at 2:49 PM | Permalink

          I am sure that POTUS Commander in Chief and Most Powerful Man in the World is worried that a non-entity anonymous little nevertrumper on an obscure blog thinks he hasn’t done anything to help the folks. Seven more years, Frankie. Eat your heart out. The Donald has his obvious flaws, but the people knew that. He delivers. But you can blame the failure of Atlantic City on him, if it makes you feel better.

        • Posted Mar 1, 2018 at 3:40 PM | Permalink

          Frank, there is a grain of truth in many of your points about Trump’s imperfections. I worried too until after I saw how badly our institutions have gone off the rails. The media that slept while it happened continue to be determined to keep blind to their own culpability. Trump is really our country’s only hope to start back toward integrity. Trump tweets because he believes the press are not honest. For the most part I have to agree. Example: Gen. Kelly eliminates overextend interim security clearances for everyone to reform Bush-Obama abuse, (as Mr. Pete informs us) but the media report “Jared Cushner loses security clearance.”

        • Frank
          Posted Mar 5, 2018 at 1:13 PM | Permalink

          It might help to remember that the executive branch (such as the AG and dAG) exists to implement the laws Congress has passed, not Trump’s latest tweet. Given the current 51-49 split in the Senate, Trump has little ability to successfully replace someone like Sessions with a “yes man”, say like Nunes (or Lynch or Yates in the previous administration). That is reality, though Trump may choose to ignore it and fire Sessions. With his reply, Sessions appears to have decided to ignore tweets and do what he feels is required under the law.

          Other presidents (esp Obama) have bent the executive branch to reflect their will, rather than Congress’s. The liberal permanent bureaucracy made this easier. That is why so many of Obama’s orders were and are being overturned in court. With only a 40% approval rating, a Special Counsel, and the current Senate, Trump does not have the same clout Obama did. (For an example of a Prez without clout, see W’s last two years.)

        • Don Monfort
          Posted Mar 5, 2018 at 1:37 PM | Permalink

          Obama clout left the Dims in a shambles. Trump rules! Oh, but the polls. Trump would be re-elected today, and he will be re-elected in 2020. Get over it, Frank. Seven more years.

        • Frank
          Posted Mar 5, 2018 at 2:04 PM | Permalink

          Mr Trump may not care about the opinion of “an anonymous never-Trumper” expressed on this blog. However, I wrote in the name of my favorite politician rather than choosing from the insane collection of candidate I was offered in 2016. My vote in 2020 isn’t predetermined and there are relatively few such votes available to be earned by PERFORMANCE. Unfortunately, the preferred strategy today (popularized by Rove) is to rev up your base, and not appeal to the center. Mr. Trump’s divisive and intellectually insulting strategies for appealing to his base are a significant handicap.

        • mpainter
          Posted Mar 5, 2018 at 3:53 PM | Permalink

          Sekulow is a partisan hack and you are not? Tsk, tsk, how I misjudged you.

        • Don Monfort
          Posted Mar 5, 2018 at 5:37 PM | Permalink

          We get it that you don’t like Trump’s style, Frank. He won without the left loons and the allegedly conservative Country Club GOP snobs and he will do it again.

          You really are clueless. Trump did fine in the middle:

          https://ropercenter.cornell.edu/polls/us-elections/how-groups-voted/groups-voted-2016/

          He even won 10% of liberals, but they must have been racist libs. Actually, looking at exit poll numbers it’s difficult to make a case that he won. How is it possible? I will help you. He convincingly won independents. And exit polls miss this: It was a guilty pleasure for a lot of nominally Democrat black, hispanic, union members and self-identified moderates and liberals to vote for the Big Orange Fella. They wouldn’t share their secret with some stranger approaching them with a clipboard out in the street. Somebody might overhear. What if their Trump hating friends and family found out?

          Your understanding of the political process is rudimentary, Frank.

        • Don Monfort
          Posted Mar 5, 2018 at 5:44 PM | Permalink

          You aren’t qualified to judge me, painty. Your command of facts, logic and honest discourse is deficient.

        • mpainter
          Posted Mar 6, 2018 at 2:08 AM | Permalink

          Vacuous blowhard ineffectual role-playing cipher cog far removed from nexus.

        • Don Monfort
          Posted Mar 6, 2018 at 12:58 PM | Permalink

          Hmmm, The Donald’s divisive and intellectually insulting strategies for appealing to his base have curiously forced that fat boy with the nuke missiles to come to the negotiating table. Frank was wondering why there haven’t been any fat boy nuke tests and missile launchings lately. Trump’s crushing sanctions and credible threat of a military solution are having an effect. Frank will call it bullying.

        • Fra