A Russian Spearphishing Domain Is Now Hosted in New York City

Central to the Mueller indictment is attribution to Russia of a spearphishing campaign from domains then located in Romania. It is therefore more than a little surprising that one of these spearphishing domains is not only still in operation in May 2018, but hosted in New York City.

The first article linking the DNC hack to APT28 spearphishing by SecureWorks (here) in June 2016. Secureworks had been tracking APT28 spearphishing for some time through their bitly links. They provided two examples linking respectively to the malicious domains: accounts-google[.com and googlesetting[.com. I’ve looked at both, but will discuss only the latter in this note. These domains were previously discussed at CA here.

The SecureWorks article showed the following syntax for the hyperlink to googlesetting[.com.

The string ZGlm… expresses the target email (difeitalia.canberra[@]gmail.com) in base64 (see https://www.base64decode.org for conversions). According to public IP records, on April 29, 2015 (the relevant date), googlesetting[.]com resolved to 37.221.165.244, an IP address in Romania.  The domain is associated with APT28 by, inter alia, its registrant: Andre Roy, email address ///,:  a registrant discussed at CA here. In early 2015, the domain also sometimes resolved to a US IP address (173.194.121.36).

The googlesetting[.]com domain had quite a few contemporary attestations, in particular, inquiries to phishtank by Ukrainian activists associated with Informnapalm. The earliest attestation that I’ve located occurred on 2014-07-23 in a phishing email to anna.prokaeva[@]gmail.com): see below. At the time, the domain similarly resolved to IP address 37.221.165.244 in Romania:

On 2018-05-26, a spearphishing email with IDENTICAL syntax to the 2014 spearphishing email was reported by Virus Total: see below.  The target (omaralshater[@]gmail.com). is, of course, different.


In late May 2018, the domain resolved to IP address  199.59.242.150, hosted by Bodis LLC in New York City: see here; here.

What does this mean? Dunno. But it sure seems odd to see the re-appearance in 2018 of a domain characteristic of the APT28 spearphishing campaign, this time in New York City.

Update (July 20): A commenter observed that Bodis LLC parks hundreds of thousands of unused domains, so the appearance of this domain in May 2018 doesn’t, in itself, mean anything. Thinking further on other possibilities, it seems possible that someone, in the course of re-investigating spearphishing events, might have done a search at VirusTotal or other anti-virus service on a string from a 2015 phishing attempt. If such a search was done in May 2018, Virus Total would only know the date of the inquiry, not the date of the phishing attempt. At the end of the day, there doesn’t seem to be anything here. I don’t wish to contribute to any additional inaccuracy on this murky topic and will consider deleting this post.


163 Comments

  1. Follow the Money
    Posted Jul 19, 2018 at 5:36 PM | Permalink | Reply

    The first article linking the DNC hack

    Mueller mashes up everything into a unitary conspiracy. The spearfishing was aimed at personal accounts of people with the “DNC”, Hillary’s campaign and others. As for the “Hacking into the DNC Network Mueller says very little to nothing at all:

    26b] …and captured data from the victim computers. The AMS panel collected thousands of keylog and screenshot results from the DCCC and DNC computers, such as a screenshot and keystroke capture of DCCC Employee 2 viewing the DCCC’s online banking information.

    That’s it. There is not one item of DNC network material specified as accessed. Instead under “Hacking into the DNC Network” Mueller mentions a DCCC victim. Meaning? Maybe Mueller and the FBI have the DCCC hardware and backup, but like Comey said, they never got the DNC items. The DNC allegations could all be guesswork and reliance on CrowdStrike reports.

    BTW, why would the GRU use a “Leased computer in Illnois?”

    • Follow the Money
      Posted Jul 19, 2018 at 7:00 PM | Permalink | Reply

      There are two other places where Mueller specifies “DNC” material accessed, but I mean to point out these show NO proof of independent investigation: “emails” which could be inferred from the WikiLeaks materials, and “opposition research” which is a different problem.

      28a] …The Conspirators compressed gigabytes of data from DNC computers, including opposition research.

      Is Mueller talking about the Trump opposition research released by Guccifer2? I don’t know of any other. But lots of authorities now say that document did not come from the DNC and more likely came from Podesta’s in box. This may be an attempt to force the DNC incident, whether leak or hack, into sisterhood with the DCCC and Podesta hacks.

      29]…the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees.

      This is very unspecific and no “Victim no. x” assignment is given. This statement is likely based on examination of the WikiLeaks material rather than Mueller examination of DNC hardware and sources. Similary the “opposition research” is “evidence” of a DNC hack based on G2’s statement that it came from an alleged DNC hack–Mueller is using the alleged GRU agent’s statement as evidence of sourcing.

      • Posted Jul 19, 2018 at 10:08 PM | Permalink | Reply

        FTM writes: “But lots of authorities now say that document did not come from the DNC and more likely came from Podesta’s in box.”

        According to Adam Carter’s June 3, 2018, update on G2-Space Game Over, the Trump oppo document came from this email to Podesta from Hillary’s research director Tony Karrk on 12/21/15 now in the Wikileaks archive. It was opened and copy and pasted into another document in Podesta’s emails authored by Warren Flood here. That email doc was forwarded on 12/21/2008 to Podesta from Sara Lanthan, through Kristin Sheehey, through Neera Tanden who apparantly got it from Warren Flood, campaign IT director for Joe Biden (newly elected VP at that time). The Flood document was opened and contents deleted and made a template for 3 of the 5 Guccifer 2.0 documents revealed on 6/15/2016. Doc1 had the Trump oppo content pasted in and the author changed to Felix Dzerzhinsky in Russian Cyrillic language font a half hour later.

        My question is whether it is plausible that G2 did not realize that the original author metadata remained unchanged on the template. If G2 did not then it appears G2 was trying to obscure the fact that the document came from a Podesta attachment as identified by it metadata as being modified the day before by Neera Tanden. The same document in the DNC hands likely had a different metadata fingerprint.

        • Posted Jul 19, 2018 at 10:39 PM | Permalink

          Correction: the Neera Tanden fingerprint is on the Warren Flood doc, not the Trump Doc authored by Lauren Dillin. There is another Warren Flood document in WL archive on the same day as the other email here. Both contain scores of liberal pedigrees of the Obama appointees, v interesting.

          The Trump oppo doc was a .docx (MS Word 2007 and above) and the Flood attachments are .doc (MS Word 97-2003) if this affected how the metadata was viewed by G2.

          It’s likely that the Trump oppo document was selected in response to Crowdstrike’s Alperovitch telling the news media the day before that Fancy Bear only got away with a Trump oppo document. G2 was trying to take credit for the DNC hack but did not have any DNC documents to prove it. Yet G2 was the first to assert that the DNC hack was the source for the WL announcement 3 days earlier of having “Hillary related emails.” This despite that the news media universally falsely reported that WL had Clinton’s private server emails. And, the Russians had already been fingered by Alperovitch yet the Russians had never released hacked documents before, and WL policy prohibits the publishing of state sponsored hacks. So associating the DNC Russian labeled hack to WL announcement would have been a risky assertion by one who did not have inside knowledge.

          Question: Who would have inside knowledge but no be able to disclose documents as evidence, insider or outside hacker?

        • AntonyIndia
          Posted Jul 19, 2018 at 11:19 PM | Permalink

          I don’t see Mueller above writing false leads / labels in his July 13th 2018 official indictment to obscure what really happened or to throw any hounds off scent.
          A DNC inside leaker could have been the WL source but that would totally spoil the Trump collusion narrative so no good for the US deep state.

      • AntonyIndia
        Posted Jul 19, 2018 at 11:01 PM | Permalink | Reply

        Podesta? There are two brothers mingled in the whole saga, John Podesta managing HRC’s campaign and Tony Podesta who was busy in the Ukraine and now under Mueller’s scanner. Better add first names. https://www.nbcnews.com/news/us-news/mueller-now-investigating-democratic-lobbyist-tony-podesta-n812776

    • AntonyIndia
      Posted Jul 19, 2018 at 8:39 PM | Permalink | Reply

      Pretty amazing that the FBI can make a huge international domestic espionage case on the DNC hacking – which happened a few miles from their National HQ, while not bothering to confiscate the material hardware involved. Is relaying on a third party disk copy even admissible in US court? Chain of custody?
      The equivalent in their criminal branch would be to make a case against a gang of killers without collecting their guns or bullets, letting some private eyes bring evidence.

      • Yancey Ward
        Posted Jul 20, 2018 at 1:28 AM | Permalink | Reply

        “Is relaying [sic] on a third party disk copy even admissible in US court? Chain of custody?

        I have seen what I think are erroneous reports that claim Crowdstrike serves as a contractor doing such analysis for the FBI in criminal cases, and thus it is perfectly OK for the FBI to not have collected the servers themselves. I think these stories are likely very misleading- it all but certain that in the cases Crowdstrike has testified for the FBI are all cases where Crowdstrike was working with materials the FBI had already physically collected to satisfy chain of custody issues. That will not be the case here if it is true the DNC servers were never collected by the FBI. I don’t think there is a federal judge anywhere who would allow Crowdstrike to testify in any criminal action in this case if the servers themselves were never secured first by the FBI.

      • MikeN
        Posted Jul 20, 2018 at 5:13 PM | Permalink | Reply

        The evidence described in the indictment goes way beyond the hardware.
        They describe web searches and a deletion of history, suggesting they have keyloggers on the targets’ computers. This would be a major giveaway of sources and methods.

  2. AntonyIndia
    Posted Jul 19, 2018 at 8:49 PM | Permalink | Reply

    Equally amazing is that before the US election neither the FBI nor the DNC managed the effort to drive the few miles between their two national headquarters in Washington DC to confirm in person that a hack was going on, while after Trump was elected suddenly no money or effort were spared to hammer on the same issue.

  3. AntonyIndia
    Posted Jul 19, 2018 at 11:50 PM | Permalink | Reply

    For one it means that US cyber defense is again (DNC, HRC server, House of Rep., patents) proven to be as weak as its attack branch is strong.
    So no, not more money, just redirect ample existing funding.

    • AndyL
      Posted Jul 20, 2018 at 4:02 AM | Permalink | Reply

      The single most surprising thing in all of this (to me anyway) is that there isn’t a concerted effort happening to boost US cyber-security. This is just one example of many recent attacks, whoever did it and for whatever reason.

      • AntonyIndia
        Posted Jul 21, 2018 at 1:15 AM | Permalink | Reply

        July 2017: Defcon hackers find it’s very easy to break voting machines https://www.cnet.com/news/defcon-hackers-find-its-very-easy-to-break-voting-machines/

        In India voting machines are not connected to the Internet at all. They are physically collected by election officials for counting = reading an internal chip.
        Are the FBI/ NSA / EAC etc. sleeping?

        • D. J. Hawkins
          Posted Aug 6, 2018 at 8:45 PM | Permalink

          This is also common in the US. I have worked the last 4 or 5 local elections, and the machines are never connected to the Internet. To do upgrades you have to have physical access to the machines.

        • AntonyIndia
          Posted Aug 6, 2018 at 11:37 PM | Permalink

          The US voting machines have unshielded USB ports; the Indian ones don’t; they use a VGA kind of external connector which is also sealed. https://www.youtube.com/watch?time_continue=113&v=Z9gdacMoeHM

  4. AntonyIndia
    Posted Jul 20, 2018 at 4:00 AM | Permalink | Reply

    Bodis LCC is a company that parks “unused” domain names on Internet for its owners. If accessed by surfers, Bodis counts and some income is generated for the domain name owner. At present Bodis hosts ~ 297,100 domain names; its competition are GoDaddy, Amazon Web Services, Sedo.com etc. https://webhostinggeeks.com/providers/bodis-llc

    • Posted Jul 21, 2018 at 9:22 AM | Permalink | Reply

      Registered voters should be emailed an ID code to unlock their online ballot using also other personal ID info. The ballot would be anonymous but could be checked by the voter by later entry of the same ID into a portal. If anyone ever tried to hack the ballots it would be detectable while the votes remain anonymous. Voters who lacked an email or computer could be assigned one in the mail and vote at public computers.

      • MikeN
        Posted Jul 23, 2018 at 1:27 PM | Permalink | Reply

        Or they could just not have online balloting.

  5. Josh sacks
    Posted Jul 20, 2018 at 9:26 AM | Permalink | Reply

    Bodis is a domain parker. They try to make money hosting dormant domains. It doesn’t mean anything except that domain is dormant.

    • Climate Audit
      Posted Jul 20, 2018 at 10:25 AM | Permalink | Reply

      That’s interesting about Bodis LLC.

      Here’s the underlying report on incident from Virus Total – which I should have included in original post. While the incident report was in May 2018, thinking about it, it’s possible that someone submitted an inquiry to Virus Total or other anti-virus service on that date in respect to phishing email from 2015 – possibly because of current interest in past events. This seems the simplest explanation and renders the incident uninteresting.

      I’ll note this in post and will consider deleting the post to avoid fostering inaccuracies.

  6. Climate Audit
    Posted Jul 20, 2018 at 10:38 AM | Permalink | Reply

    I’ve updated the post to note the possibility/probability of an uninteresting explanation of these phenomena.

  7. Jaap Titulaer
    Posted Jul 20, 2018 at 12:07 PM | Permalink | Reply

    I have a comment in moderation I think. Too many links. Quite relevant I think, so please unblock it.

    • Climate Audit
      Posted Jul 20, 2018 at 1:34 PM | Permalink | Reply

      Can’t find it.

  8. Jaap Titulaer
    Posted Jul 20, 2018 at 2:06 PM | Permalink | Reply

    OK I’ll repost. Your post reminded me of something quite odd.

    The phishing emails as described by SecureWorks as quoted above look quite different from the one that was used in the phishing email send to John Podesta, yet they are assumed to be linked as they happened at the same time.
    The ones in the phishing campaign as reported by SecurewWorks, and targetiting many people, not just DNC, were like this:

    accounts[.]g00qle.com/ServiceLogin/?continue= …&hl=…&sarp=…&docid=…&refer=…&tel=1
    myaccounts[.]googlesetting.com/ServiceLogin/?continue= …&hl=…&sarp=…&docid=…&refer=…&tel=1

    Notice that despite multiple server names being used, the application on those servers is the same. We can tell from their calling convention (/?continue= …&hl=…&sarp=…&docid=…&refer=…&tel=1) and location of the application in the server directory tree (/ServiceLogin).

    Now let’s look at the one that Podesta got around the same time (see http://p3isys.com/component/content/article?id=153:podestahack). It was:
    myaccount.google[.]com-securitysettingpage.tk/security/signinoptions/password?e=… & fn=….&n=….&img=…

    So not just the server is different, the application called is totally different. Yet we are asked to believe that these were the same people at the same time?
    Here the location in the tree is /security/signinoptions and the calling convention is password?e=… & fn=….&n=….&img=…

    The only one who got a similar phishing mail was Rhinehart (see Mother Jones article) but he got one with com-securitysettingpage.ml instead of com-securitysettingpage.tk; it is therefore not certain that these were indeed the same, just quite likely.
    The Rhinehart emails were leaked to DC-leaks, the Podesta one to WikiLeaks.

    But whoever did Podesta is not very likely to be related to the group behind the ‘ServiceLogin’ examples. Yet those are the only ones where arguably some of the servers or IP addresses have been involved in Sofacy/Fancy Bear phishing scams earlier.

    This is clear evidence that the Podesta phishing was a separate action from the main phishing operation that was detected by SecureWorks. Attribution to Sofacy on that basis of the Podesta hack is therefore incorrect.

  9. Jaap Titulaer
    Posted Jul 20, 2018 at 2:40 PM | Permalink | Reply

    Small update.
    They (com-securitysettingpage.ml and com-securitysettingpage.tk) shared the server (IP 80.255.12.237) at some time so these are definitely the same origin. That means that these are merely different names for the same server (at that time).
    See https://www.threatcrowd.org/domain.php?domain=com-securitysettingpage.ml

    That means that whoever did the accountphishing on Podesta (.tk version) was the same that did the same to Rhinehart (.ml).

    • Posted Jul 20, 2018 at 4:21 PM | Permalink | Reply

      So, the John Podesta emails go up on WL and the Billy Rhinehart on DC Leaks. Did the other Hillary For America March-April hacks get published? If not, that seems also a separator.

      Does anyone disagree that G2’s documents confirm access to John Podesta’s emails? Any new thoughts on the 7zip file origin?

      • Follow the Money
        Posted Jul 20, 2018 at 5:14 PM | Permalink | Reply

        No.

        And how about this: Would a GRU agent actually write on his blog as G2 did: “F[***] the Illuminati and their conspiracies!!!!!!!!! F[***] [Company 1]!!!!!!!!!” ??

        Illuminati? Sounds like word used by an old crank or younger 4channer.

        • Posted Jul 21, 2018 at 11:41 AM | Permalink

          FTM, the profile of G2 clearly shows sophistication in a carefully muddied trail. I don’t see a young 4channer. I also don’t see a FSB, SVR or GRU agent.

          Alperovitch announced the Cozy Bear and Fancy Bear were unaware of each other. If that was true then one G2 was connected with would have learned of the other only 24 hours before he had a sophisticated plan launching into action. A plan that he could not plausibly be coordinated and approved by the Russian IC and Putin. If one of the bears was not FSB, SVR or GRU then all bets are off on a G2 affiliation identity.

        • Posted Jul 21, 2018 at 12:51 PM | Permalink

          I suppose that Putin could earlier have become aware of Fancy and Cozy’s concurrent success and approved G2’s op but it’s difficult to see a purpose to G2’s op.

          In the US IC’s (17 or 4 agency) scenario Russia is sole perpetrator, wants to have WL embarrass rival USA, but feeds the data through a cutout posing as a leaker (whistleblower) to get WL to publish it. But the DNC announces and outs the Russians, thus endangering the WL, so the Russians counter with G2.

          Is G2’s op effective in this scenario? If the Russian-WL cutout had posed as a Romanian hacker and G2 was bolstering that facade why then leave the Russian Cyrillic fingerprints on the G2 docs? Why leave a Russian VPN trail?

        • Follow the Money
          Posted Jul 21, 2018 at 1:40 PM | Permalink

          The idea that “Putin” was personally in control and specifically ordered, like an invasion, the hack of Hillary-related people is a fantasy perpetrated by the creator of the Steele “Dossier.” That’s where the idea came from. It was likely laundered into presidential daily briefings which are being repeatedly “leaked” to the media to this day by the dotards of US intelligence bureaucracies.

          Another scenario is the DCCC/G2 actions are “Russian”, and their claim about the DNC and Wikileaks was false and meant to “sow confusion.

        • Posted Jul 21, 2018 at 4:17 PM | Permalink

          Although I certainly see Putin’s Russia as an omnipresent global adversary I don’t understand how they, on one hand, are spending resources trying to ease sanctions and on the other going out of their way to stir the enmity of the presumed future President Hillary, and also allow her to quash the embarrassment by converting it to zeno-outrage (while praying for signs Trump collusion).

          Consider these facts:

          1) Hillary’s DNC and campaign were cyber attacked. Both’s security protocols were way substandard and responses slow.

          2) Hillary was in the height of a her private email server scandal during the spring of 2016, part of which was her lack of security for classified communication. We know as of last month’s IG report that she was actually compromised by several foreign states. Presumably she knew this.

          3) We know as of late 2017 that the Dutch compromised the Russians while attacking the DNC, making the attribution of Cozy Bear ironclad. Hillary certainly knew this from her numerous contacts with the Obama administration if the FBI did not outright tell her (DNC) in January 2016.

          4) Crowdstrike was called in by Hillary in March for her campaign’s attacks yet her DNC was left neglected even after the heads ups and January visit from the FBI.

          5) DNC and Crowdstrike have conflicting stories of when CS was called in to the DNC to check their server.

          6) Four to five weeks before DNC called CS Paul Manafort came into lead the Trump campaign on March 31.

        • Posted Jul 21, 2018 at 4:39 PM | Permalink

          7) We know now that Hillary knew Manafort was connected to pro-Russian Ukrainian regime lobbying because the Podesta Group partnered with Manafort to grease the Uranium One deal.

          8) We know now that Fusion GPS was called by Hillary in mid April, just days after Manafort’s arrival. FGPS had a direct connection into the top FBI counter-intelligence officer liaison in the DOJ with Bruce Ohr with wife Nellie on FGPS payroll. All of Trump’s foreign policy advisers were assembled at this time and one of them, Carter Page, had a Russia file from 2013 with his name on it.

          9) Papadopoulos is named as Trump advisor on March 21, 2016. About three days later he is approached by a British professor with a Hillary email dangle via Russian connection. This slightly pre-dates Manafort arrival.

          10) Trump Jr. is approached in May by a British music promoter with a Russian Hillary email dangle. And Jr. agrees to meet with Natalia V. on June 9. She purportedly enters the country with a special visa approved by Loretta Lynch. She also met with FGPS’s head Glen Simpson before and after meeting with Jr.

          11) FGPS was representing a Russian oligarch in a law suit brought by William Browder, know for his anti-Russian campaign on behalf of his murdered attorney Magnitsy. Natalia V. was working with Fusion on that case while also lobbying people like US Rep. Dana Rohrabacher against the Magnitsky Act sanctions. She thought she was supposed to give this same presentation to Jr. and claimed no knowledge of the music promoter’s Hillary email dangle.

  10. Posted Jul 21, 2018 at 5:00 PM | Permalink | Reply

    12) We know as of last month that at least two FBI intelligence assets were placed into the Trump campaign to dangle Russian Hillary emails or to inquire about them well before a counter-intelligence investigation was officially opened. One of them, Stefan Halper, specifically targeted Carter Page, offering him a paid trip to London to a London conference. The other, going under the alias of Henry Greenberg, approached Roger Stone with a Russian Hillary email dangle. Recall that Stone was also approached by Guccifer 2.0 and is being investigated for that.

    13) By the June 12, 2016, DNC announcement of being hacked by the Russians Hillary, the FBI and certainly the Russian knew there was a full blown operation to either frame the Trump campaign or investigate to implicate it for the hacks and WL publishing.

    14) At this same time Christopher Steele was putting the finishing touches on the first document of the dossier that would be laundered into the US IC, FISA courts and media in several cross-paths to create a maximum effect.

    • AntonyIndia
      Posted Jul 21, 2018 at 8:55 PM | Permalink | Reply

      You mean US IC knew about various HRC / DNC hackers, did nothing about that on purpose trying to create a Trump – Russia case from the (guided) fall out? Mi6 being foreign is a nice legal (and subordinate) shield for domestic CIA ops.

      Trump’s nomination was only publicly clear on May 3 2016 https://www.nytimes.com/2016/05/04/us/politics/indiana-republican-democratic.html

      • Posted Jul 21, 2018 at 11:24 PM | Permalink | Reply

        Antony, domestic CIA ops are illegal. But with the post-911 firewall lifted they can coordinate with the FBI and perhaps supply assistance. That would be a great way to compartmentalize things. Perhaps this explains Mifsud (Papadopoulos dangle) and Goldstone (Trump Jr dangle). Guccifer 2.0’s dangle sheep-dipping Roger Stone seems to fit a familiar pattern here. I wonder if anyone in the intelligence communities notice it. I get the feeling that Nunes, Jordan and some other GOP reps are seeing it. Our host saw it 12 months ago (aided by his known Russian sympathies, I’m sure;).

      • Posted Jul 22, 2018 at 12:29 PM | Permalink | Reply

        Antony, domestic CIA ops are outlawed. But post-911 the firewall between FBI and CIA has been lifted and they can coordinate. Perhaps if CIA and MI6 assets are involved this explains Mifsud (Papadopoulos dangle) and Goldstone (Trump Jr dangle). Guccifer 2.0’s dangle sheep-dipping Roger Stone seems to fit the now seen pattern.

    • Frank
      Posted Jul 22, 2018 at 3:01 PM | Permalink | Reply

      Ron wrote: “We know as of last month that at least two FBI intelligence assets were placed into the Trump campaign to dangle Russian Hillary emails or to inquire about them well before a counter-intelligence investigation was officially opened. One of them, Stefan Halper, specifically targeted Carter Page, offering him a paid trip to London to a London conference. The other, going under the alias of Henry Greenberg, approached Roger Stone with a Russian Hillary email dangle.”

      There is SOME reason to believe that Halper met Carter Page for the first time on July 11, 2016 purely by chance and only dangled Clinton email after the investigation opened on July 31. Alleged FBI-informant “Hank Greenberg” certainly approached Caputo and Stone in late May, but his request for $2M isn’t consistent with entrapment or a simple dangle. Manafort allegedly was surveilled from 2014 to early 2016 because of his work for Yanukowych. Surveillance was restated in August after he was removed as campaign director. There was allegedly no legal surveillance in place when he was campaign director (MJJ) and met with Natalie V (June 9).

      I’m perhaps too willing to believe that the FBI is telling the truth about these subjects. The Intelligence Community certainly received unsolicited intelligence about Trump’s activities with Russians from various sources for years before he became a candidate. FBI DD of Counterintelligence Strzok was almost certainly at the center of any “off-the-record” activities that could have begun as soon as Trump’s candidacy became viable. In my wildest nightmares, I can even imagine Strzok recruiting Steele and using Bruce Ohr to plant Steele with Fusion GPS.

      However, if Strzok or someone else staged the need for an investigation, the January 2017 explosion of news about the investigation would certainly have occurred BEFORE the election. I can’t believe in a successful conspiracy that resulted in trivial pre-election publicity for the Steele Dossier.

      FWIW, I don’t think Mueller can credibly close an investigation without interviewing Trump. The maneuvering began months ago (and presumably will climax with a subpoena of Trump and Mueller’s firing.)

    • Frank
      Posted Jul 22, 2018 at 3:05 PM | Permalink | Reply

      Ron: There is SOME reason to believe that Halper met Carter Page for the first time on July 11, 2016 purely by chance and only dangled Clinton email after the investigation opened on July 31. Alleged FBI-informant “Hank Greenberg” certainly approached Caputo and Stone in late May, but his request for $2M isn’t consistent with entrapment or a simple dangle. Manafort allegedly was surveilled from 2014 to early 2016 because of his work for Yanukowych. Surveillance was restated in August after he was removed as campaign director. There was allegedly no legal surveillance in place when he was campaign director (MJJ) and met with Natalie V (June 9).

      FBI DD of Counterintelligence Strzok was almost certainly at the center of any “off-the-record” activities that could have begun as soon as Trump’s candidacy became viable. In my wildest nightmares, I can even imagine Strzok recruiting Steele and using Bruce Ohr to plant Steele with Fusion GPS. However, if Strzok or someone else staged the need for an investigation, the January 2017 explosion of news about Steele and the investigation would certainly have occurred BEFORE the election.

      • AntonyIndia
        Posted Jul 22, 2018 at 9:28 PM | Permalink | Reply

        Who expected Trump to become the Republican candidate and when? Few and late. Who expected Trump to beat HRC in the electoral college and when? Even less and only on Dec 19 it was clear. Still having some Strzokian “insurance policy” was done just in case – which he texted in August 2016. The voting happened on November 8th.
        The Trump – Russia narrative was shaky and was not thought necessary before the election because they all thought HRC would win hands down. Still they had the guts to come out with it on January 6th 2017 – they knew they had the MSM in their pocket plus the big majority of the (Obama) bureaucracy.

        • Antonylndia
          Posted Jul 23, 2018 at 3:40 AM | Permalink

          Latest finger pointing: Clapper + Strzok -> Obama’s WH instigated the ongoing investigations into Donald Trump and those in his orbit.
          https://www.zerohedge.com/news/2018-07-22/clapper-obama-was-behind-whole-thing

        • Antonylndia
          Posted Jul 23, 2018 at 3:53 AM | Permalink

          How Peter Strzok can still be working for the FBI or any US governmental organization is an enigma to me, unless he knows too much to be cut loose.
          He knew the Chinese hacked HRC’s closet server containing all her Secretary of State correspondence but managed to bend all attention to data loss at the Congress party and tie that to Russia and even Trump.

        • Frank
          Posted Jul 23, 2018 at 11:09 AM | Permalink

          Antony: If no one took Trump seriously as a candidate, they why did they conspire against him to create a phony investigation? Given the unforeseeable response to the re-opening of the email investigation “balance” that disclosure by disclosing an investigation into the Steele Dossier.

          Certainly everyone took Trump seriously after voting. The Deep State had a month to engineer a revolt in the Electoral College and the perfect excuse: “Trump had colluded with Russia to get elected.” Still they did nothing.

          You can’t have it both ways: Either the Deep State conspired because they took Trump seriously or they did nothing because they didn’t take him seriously.

        • Frank
          Posted Jul 23, 2018 at 11:28 AM | Permalink

          Antony: In your video, Clapper is discussing the fact that Obama and the Intelligence Community took Russian interference seriously before the election, particularly the hacking of the DNC and state election computers and the history of recent Russian intervention in European elections. They agonized for weeks over how to handle the issue without appearing to favor HRC and thereby aid the Russian goal of creating distrust. Comey drafted an editorial that was never used. (See p 188-191 of Comey’s book for details.)

          Eventually Clapper (DNI) and Johnson (DHS) issued a report on Russian activities that made no mention of Steele or collusion. The FBI – which was investigating those subjects – was deliberately not included.

        • Frank
          Posted Jul 23, 2018 at 11:46 AM | Permalink

          Antony: Strzok is no longer working for FBI counterintelligence and has lost his security clearance. Officially he has been reassigned to Human Resources. His future (and that of four others mentioned in the IG’s report) is being determined by the FBI Office of Professional Responsibility. Strzok obviously will plead that his is being punished for his political opinions, a violation of the Hatch Act.

          http://www.foxnews.com/politics/2018/06/21/extraordinary-strzok-removal-shows-fbi-agents-in-crosshairs-from-ig-probe.html

        • Posted Jul 23, 2018 at 2:27 PM | Permalink

          Frank wrote: “If no one took Trump seriously as a candidate, they why did they conspire against him to create a phony investigation? Given the unforeseeable response to the re-opening of the email investigation “balance” that disclosure by disclosing an investigation into the Steele Dossier.”

          Don’t confuse with the media’s lack of respect with the fact that Trump was Obama’s worst nightmare and he WAS in the lead for the GOP from the first debate in the summer of 2015 to the clinch in May 2016. If Obama did have nightmares about what Trump would do to his legacy they certainly came true. The ACA (Obamacare) is about the only thing left and its hanging by a thread from a long and painful 8-year failure.

          The Dutch handed the Obama IC ironclad evidence behind a Russian DNC cyber-hack in summer of 2015. What did they do with this? They could have announced it, ordered sanctions and warned Putin against daring to meddle in the 2016 election, (as he likely did in every US election). But no, they stayed silent. Do you really believe nobody told Obama? Do you believe that Obama wouldn’t have personally told Clinton? The only reasonable explanation is that Cozy Bear was left in place to counter-exploit with maximum pay-off. Payoff for the USA? Yes if Obama and Clinton see themselves as indistinguishable from the USA, as J. E. Hoover did, and as Nixon did.

        • Posted Jul 23, 2018 at 2:50 PM | Permalink

          Another example of the US IC playing politics came out the Strzok hearing but was missed by the MSM. Rep (R) Louis Gohmert brought out that all but 4 of Clinton’s 30,000 emails were being copied to an unidentified foreign recipient. When the cyber security’s IG lieutenants informed Strzok of this he did NOTHING because he claimed to not recall the meeting. We still don’t know what country was listening to all of her business as SOS but I think a safe guess is that it was not Russia. https://www.cnsnews.com/commentary/hans-von-spakovsky/clinton-state-departments-major-security-breach-everyone-ignoring

        • Posted Jul 23, 2018 at 2:58 PM | Permalink

          This means that whoever had the Clinton email exploit in place has ALL the Clinton emails, even any that were later deleted.

          We must assume that somebody told Obama and Clinton about this in 2015 or early 2016. So they both knew that a foreign power could embarrass her with a WL at any point. Maybe it WAS the Russians. The Russia-Trump collusion would be a perfect inoculation and insurance policy that would contsrain Russia from ever using it. Could one imagine Russia releasing Hillary private server emails now?

        • AntonyIndia
          Posted Jul 23, 2018 at 8:49 PM | Permalink

          Could one imagine Russia releasing Hillary private server emails now?
          No, as PR China hacked them, not Russia according to Lisa Page – who knew this from Strzok. The Chinese won’t publish now because they love this bar brawl of their two main adversaries, the US and Russia.

        • AntonyIndia
          Posted Jul 23, 2018 at 10:29 PM | Permalink

          True Pundit shows info about Chinese hacks of HRC files https://truepundit.com/fbi-lisa-page-dimes-out-top-fbi-officials-during-classified-house-testimony-bureau-bosses-covered-up-evidence-china-hacked-hillarys-top-secret-emails/ and https://truepundit.com/fbis-comey-covered-up-china-hack-of-hillarys-emails-concealing-intel-from-congress-months-before-election-then-fbi-destroyed-the-evidence/

          Method: HRC aid Heather Samuelson used Chinese (State Dep. forbidden) Lenovo laptops containing Chinese backdoors. FBI boss Comey kept mum about this and even managed to have both laptops destroyed. House Judiciary Committee Chairman Bob Goodlatte wrote Comey about this on Oct. 21 2016.

        • Posted Jul 23, 2018 at 10:32 PM | Permalink

          “No, as PR China hacked them, not Russia according to Lisa Page – who knew this from Strzok.”

          Politifact says that is a false rumor but they could be Politiwrong.

          https://www.politifact.com/punditfact/statements/2018/jul/20/yournewswirecom/no-evidence-former-fbi-lawyer-lisa-page-blamed-chi/

        • AntonyIndia
          Posted Jul 23, 2018 at 10:50 PM | Permalink

          Ron, watch the pea: No evidence that former FBI lawyer Lisa Page blamed the Chinese for DNC hack Who is taking about the DNC hack: not Page or Goodlatte who speak about Chinese hacks of HRCs e-mails – from those Lenovo Yoga laptops used her aid Ms. Samuelson. https://www.scribd.com/document/384225319/102116-Letter-to-Director-Comey#from_embed

        • Frank
          Posted Jul 24, 2018 at 3:51 AM | Permalink

          Antony: The agreement to destroy the laptops was negotiated by the DoJ, not the FBI.

          https://www.grassley.senate.gov/news/news-releases/chairmen-question-doj-agreement-limit-investigation-secretary-clinton’s-private

          According to Mr. Comey’s book, the FBI was desperately looking for missing email from Clinton’s first year, when she was most likely have received written instructions not to use a private server for DoS business. Such a “smoking gun email” would permit indictment. The FBI knew Samuelson and Mills had email from this period and Comey claims he warned the DoJ he wouldn’t close the case without having searched their laptops specifically for such documents. Mills and Samuelson were now working in the private sector and their laptops contain confidential information from other clients. I don’t understand why destruction was part of the deal.

          Given that the laptops were destroyed in June? of 2016, how can anyone know if any potential backdoor was accessed by Chinese hackers. The FBI could only look at files agreed upon by negotiation. I doubt Samuelson volunteered to have possible use of a backdoor checked, possibly exposing her charges.

          If a special prosecutor with unlimited time and resources and with a broad charter had done the email investigation, more possibilities could have been pursued. The FBI was tasked by the DoS IG with determining if HRC mishandled classified information by using a private server. Rightly or wrongly, the investigation didn’t turn into a fishing expedition. There was probably no point in trying with Lynch having the final say.

        • AntonyIndia
          Posted Jul 24, 2018 at 4:28 AM | Permalink

          Disappearing computer hardware hosting official files seems to be a returning phenomenon during the Obama (Lynch/Comey) administration: https://www.theepochtimes.com/key-evidence-in-house-hacking-probe-mysteriously-disappeared_2554276.html

  11. Jaap Titulaer
    Posted Jul 22, 2018 at 3:45 PM | Permalink | Reply

    3) We know as of late 2017 that the Dutch compromised the Russians while attacking the DNC, making the attribution of Cozy Bear ironclad. Hillary certainly knew this from her numerous contacts with the Obama administration if the FBI did not outright tell her (DNC) in January 2016.

    They did. But the FBI told the DNC over and over again, in January they actually visited the DNC because the DNC refused to listen.

    The FBI phoned the DNC almost every month starting sometime in summer 2015. Let’s be nice, say that it was August (AFAIK it was even earlier).
    They called the DNC and DNC did nothing (June/July/Auh?). When asked one month later they indicated that they said it was a prank call.
    So the FBI said: well call us back to FBI switchboard. DNC didn’t and did nothing (July/Aug/Sept). One month later FBI called again, etc.

    It may have been that this was not done monthly (I’ll need to check), but say bi-monthly.
    With the Dutch calling the FBI:”We still see incoming trafic for IP no’s …, … and .. (all DNC)” and later something like “We still see incoming trafic for IP no’s …, … and .. (all DNC). Didn’t you tell them? A simple virus scan should do the trick, assuming they have better than sub-standard stuff”

    Anyways finally the FBI send a SA to the DNC in January 20106 at the latest, to make sure they really understood. He showed them his badge I understand. So no more excuses, right? Wrong. DNC still didn’t do a thing.

    Jan – Feb – Mar – April – May. Finally in early May 2016 (5th I think, a Friday (evening)/Saturday if I remember correctly) the DNC servers were all taken offline for some kind of maintenance, shortly after arrival of CrowdStrike late April 2016.

    To be clear: as far as I can tell the DNC did not want that malware removed. I can’t come up with any other scenario. I do not know any organisation that dumb, that inept as the DNC. Never seen that in my entire life. Never.
    Even with firms mostly consisting of low-brow lawyers (the bar is really low for lawyers in my country).
    I’m sure the ones in US are much smarter as more money can be made, but most lawyers (except people like a mate of mine, who was busy with Artificial Intelligence for Law) understand zero about IT or technology or science in general. But even then. They know when they hear a serious warning and do not ignore that month after month for almost a year.

    So I think they did it on purpose. I just have no idea why.

  12. Jaap Titulaer
    Posted Jul 22, 2018 at 3:50 PM | Permalink | Reply

    13) By the June 12, 2016, DNC announcement of being hacked by the Russians Hillary, the FBI and certainly the Russian knew there was a full blown operation to either frame the Trump campaign or investigate to implicate it for the hacks and WL publishing.

    That was June 14th (via WaPo & CS). CS updated their stuff on June 15th for a few details.
    The June 12th date is when Assange announced that Wikileaks had some HRC related stuff that they would be releasing in the coming month (HRC campaign by then knew about the Podesta email breach).

  13. Jaap Titulaer
    Posted Jul 22, 2018 at 3:55 PM | Permalink | Reply

    Ron: There is SOME reason to believe that Halper met Carter Page for the first time on July 11, 2016 purely by chance and only dangled Clinton email after the investigation opened on July 31.

    Nope. No coincidence. Student from Prof. Halper invited Page made the arrangements on Halper’s behalf. There were only a handfull of people present at that conference, with several who wanted to hear what Page had to say. Page indicated that he was just there to listen and learn, not to speak.

    It is clear the investigation started prior to July 31st. So either FBI was using a CIA asset as an FBI informant prior to opening an investigation, which is quite odd, OR the CIA had already started their own operation (outside USA, but impacting continental USA). Both are illegal AFAIK.
    Hence all the questions about who did what, when, why and under who’s orders.

    • Frank
      Posted Jul 27, 2018 at 11:12 PM | Permalink | Reply

      Jaap: Respectfully, do you have a source for your claim that a student of Halper’s (current associate, or one of hundreds of past students) invited Carter Page. And for the claim that only a “handful” of people attended a meeting with Madeline Albright as featured speaker.

      A week before this meeting Page was giving a high profile (commensement?) address in Russia. Wouldn’t the attendees have been interested in his fresh insights?

    • Frank
      Posted Jul 27, 2018 at 11:36 PM | Permalink | Reply

      Please allow me to put pre-July 31 activities in a less conspiratorial light.

      Putin and Russian money were gaining influence with the radical right long before Trump announced his candidacy. For example, Dana Rohrbacher, informally known as the Congressman from Moscow. Western counter-intelligence agencies were undoubtably monitoring this situation, especially after the invasion of Crimea and civil war in Crimea. Steven Halper met Michael Flynn in 2014. Was it a chance encounter or was this counterintelligence a former head of the DIA associating with Russians? Answer: It doesn’t matter. If intentionally directed, “informal ear-to-the-ground”, or just two professionals meeting by chance, our counterintelligence services should be legally monitoring links to a increasingly hostile world power.

      So, as Trump’s rise to nominee became increasingly apparent, we should have expected that normal highly-classified counterintelligence surveillance activities were occurring. Strzok was almost certainly involved. Perhaps there were suspicions about Trump himself before he even became a candidate.

      At the same time, Russian intelligence was probably trying to contact and perhaps influence those who were rising to power with Trump. And normal monitoring that activity first brought Papadopoulos to the IC’s attention. However, it didn’t spark an official criminal investigation (7/31/2016) until hacked materials from the DNC were released in mid-June.

    • Frank
      Posted Jul 27, 2018 at 11:48 PM | Permalink | Reply

      Jaap: Of course, the normal counterintelligence described about could have turned into an anti-Trump conspiracy with Strzok, Steele, or someone else at the center. They could have created the need for an unnecessary investigation into collusion with Russia.

      However, we can deduce that this didn’t happen. If such as conspiracy had been underway for most or all of 2016, the existence of an officially-approved investigation into collusion into the [faked?] Steele Dossier would have been leaked to the press before the election – as it was in January 2017. In the Deep State you fear, the FBI’s October announcements would have been about investigation of Trump, not Clinton.

    • Frank
      Posted Jul 28, 2018 at 10:27 AM | Permalink | Reply

      Jaap: Of course, the normal counterintelligence described above could have turned into an anti-Trump conspiracy with Strzok, Steele, or someone else at the center. They could have created the need for an unnecessary investigation into collusion with Russia – exactly as many suspect.

      However, we can deduce that this didn’t happen. If such as conspiracy had been underway for most or all of 2016, the existence of an officially-approved investigation into collusion into the [faked?] Steele Dossier would have been announced or leaked to the press before the election. The investigation was in January 2017. In the Deep State you fear, the FBI’s October announcements would have been about investigation of Trump, not Clinton.

      The other normal activity that has many concerned is the reluctance of the DoJ to release information about the Russia investigation. The reason for this is best illustrated by HRC’s interview at the end of the email investigation. She was asked about various emails: Isn’t this classified information that was mishandled? And she answered: “No, and she was confident it wouldn’t have been sent to her by her staff if it were classified.” She could safely tell such lies because she knew what her staff had told the FBI when they were interviewed. However, she didn’t know what was in every email the FBI had collected or what non-political appointees at the DoS might have said. She needed to answer questions on those topics honestly or risk indictment for obstruction. Before Trump and others are interviewed, Mueller wants what his investigators have learned to remain secret and Trump’s attorneys want Congressional Republicans to disclose as much as possible. And a source like Halper was far more value to the IC a year ago than he is now.

  14. Posted Jul 23, 2018 at 7:44 AM | Permalink | Reply

    Jaap wrote: “So I think they did it on purpose. I just have no idea why.”

    Last month we learned that President Obama had given a stand down order to US IC in countering Russian cyber attacks. They were just a puzzled as to why. https://freebeacon.com/national-security/obama-cyber-chief-confirms-stand-order-russian-cyberattacks/

    Daniel was quoted saying to his team that they had to stop working on options to counter the Russian attack: “We’ve been told to stand down.” Prieto is quoted as being “incredulous and in disbelief” and asking, “Why the hell are we standing down?”

    Recall that our host’s first question on this topic is why did the DNC incursion continue for three weeks after CS entered the DNC premises and as the Russians in the servers in 7 seconds.

    If Manafort was under surveillance before entering the Trump campaign this heavily bolsters my suspicion that a full-blown operation was started at that moment. The only question is who were the leaders of the operation.

    • AntonyIndia
      Posted Jul 23, 2018 at 9:25 AM | Permalink | Reply

      That “stand down” on response order happened in late August 2016. Susan Rice also was involved.

      Had Russophobes in US IC found alliance in Rice and Obama?

  15. Posted Jul 24, 2018 at 11:25 AM | Permalink | Reply

    Reblogged this on I Didn't Ask To Be a Blog.

  16. AntonyIndia
    Posted Jul 25, 2018 at 9:30 PM | Permalink | Reply

    Another UK link to the US-Russian spy narrative: Matt Tait https://www.weeklystandard.com/haley-byrd/this-former-british-spy-exposed-the-russian-hackers

    • Antonylndia
      Posted Jul 25, 2018 at 10:48 PM | Permalink | Reply

      This (ex?)GCHQ cyber hacker saw himself as “the one Twitter account on the entire Internet daring to take the government’s side.”: @pwnallthings (130K followers)
      He advises others to sign up for Google’s Advanced Protection Program for gmail users. He was “adopted” by Mueller for his search. He now teaches in a Texas college.

    • Posted Jul 26, 2018 at 8:31 AM | Permalink | Reply

      Antony, did you notice reading the article it does not make clear that the manner in which G2 left Russian evidence was more like he left a note at the crime scene rather than a fingerprint? No matter, we know it was the Russians because they were following Tait’s Twitter. How do we know this? G2 was following Tait and G2 is Russian. How do we know G2 is Russian? Only Russians would change the released document author name the first head of the Soviet secret police.

      Are we to believe that this is one of the brightest minds at GCHQ? This is what the Mueller July 13 indictment is based on?

      • AntonyIndia
        Posted Jul 26, 2018 at 10:32 AM | Permalink | Reply

        G2 is not only suspect as a US/UK/ false flag because of the phony Russian bear prints but also because in G2’s first post was written: The main part of the papers, thousands of files and mails, I gave to Wikileaks. They will publish them soon. https://guccifer2.wordpress.com/2016/06/15/dnc/ No Russian spy agency would handout such a solid public link – making their own (and Wikileaks!)lives more difficult. US/UK IC on the other hand had seen what was going on since months and had time to prepare a G2 & had a huge grudge against WL due to Edward Snowden exposing their dirty linen there. Kill two birds with one G2 stone.

  17. Jeffrey Westcott
    Posted Jul 26, 2018 at 12:52 PM | Permalink | Reply

    Am I wrong in thinking that the internet is a subject where the private sector, in general, and private individuals, specifically, have vastly more forensic talent than that within any government, including both the US and Russia? The Mueller indictment’s reliance on the certain identity of the DNC hacker seems at best premature, at worst just grasping at straw.

    • barn E. rubble
      Posted Aug 4, 2018 at 9:01 PM | Permalink | Reply

      RE:”. . . in general, and private individuals, specifically, have vastly more forensic talent than that within any government, including both the US and Russia? . . .”

      I’ve been fascinated by the ‘crowd sleuthing’ . . . I just wish I understood the tech stuff more to completely follow it.

  18. ccscientist
    Posted Jul 27, 2018 at 4:59 PM | Permalink | Reply

    It is also interesting the RT (Russia Today) a Russian “news” –ie propaganda–cable channel, is still on the air in the US. I watched some of their editorials and they made no sense at all. Coming from a totally different universe of thought. This may explain why their web ads for the election were so strange.

    • Posted Jul 28, 2018 at 9:40 AM | Permalink | Reply

      “This may explain why their web ads for the election were so strange.”

      I think all agree that Russia Today acts as a state organ and that Russia meddled in the election by attacking both sides to with the aim of amplifying the divide and sewing discord. Ironically, their efforts amounted to a drop in the bucket of already present political division. By stepping into it they succeeded only in having animosities partially diverted to themselves. Are we to believe their aim was reverse the Magnitsky Act sanctions? Do the Russians not know how the US government works, that the sanctions were passed by congress and cannot be reversed by a president?

      If the Russian aim was to strengthen the US economy yesterday’s quarterly GDP growth was reported at 4.1%. Success!

      • Frank
        Posted Jul 29, 2018 at 1:06 AM | Permalink | Reply

        Ron: According to the Magnitsky Act, the President determines which Russians deserve to be subject to sanctions and informs Congress of his choices. So, even if Congress doesn’t choose to repeal the Magnitsky Act, President Trump could remove some (or even all) of those currently sanctioned.

        https://www.gpo.gov/fdsys/pkg/PLAW-112publ208/html/PLAW-112publ208.htm

        • Posted Jul 29, 2018 at 11:16 AM | Permalink

          Frank, thanks to your link I can see that neither one of us was correct. The “list” created by the “Magnitsky Act” is actually the product of joint cooperation between the President and Congress.

          (1) In general.–Not later than 120 days after receiving a
          written request from the chairperson and ranking member of one
          of the appropriate congressional committees with respect to
          whether a person meets the criteria for being added to the list
          required by subsection (a), the President shall submit a
          response to the chairperson and ranking member of the committee
          which made the request with respect to the status of the person.
          (2) Form.–The President may submit a response required by
          paragraph (1) in classified form if the President determines
          that it is necessary for the national security interests of the
          United States to do so.
          (3) Removal.–If the President removes from the list
          required by subsection (a) a person who has been placed on the
          list at the request of the chairperson and ranking member of one
          of the appropriate congressional committees, the President shall
          provide the chairperson and ranking member with any information
          that contributed to the removal decision. The President may
          submit such information in classified form if the President
          determines that such is necessary for the national security
          interests of the United States.

          So to remove someone from the list the President needs information from the US IC to supply reasoning to Congress. In an environment where the US IC is at odds with the President at best, and is actively running an operation against him at worst, there should not be much to worry about.

          Going back to the June 9 meeting of Trump Jr. with Natalia V., it makes the independent recounting of the meeting by all the participants even more credible that the purpose was to present her Russian clients’s side of the Hermitage Capital-Magnitsky story. I am sure you are well aware that the MSM is still perpetuation the impression that this is a lie and the real real purpose of the meeting was to set up a quid pro quo for Hillary’s personal emails. The typical liberal blogger claim is that Trump Jr. said the meeting was about “adoptions,” which without explanation of the Russian reaction to the Magnitsky Act of blocking adoptions, makes it sound like Trump Jr. is making a nonsensical lie.

        • Posted Jul 29, 2018 at 11:49 AM | Permalink

          Trump Jr’s judgments to accept the meeting with the expectation of gaining Hillary emails and not to alert the FBI in most circumstances would look questionable, opening oneself to charges of nefarious intentions to receiving stolen property. But, can Trump Jr. really be blamed now for having hesitation to calling the FBI? After all, it would have been FBI Special Agent Peter Strzok that responded to Trump’s phone call. Could Strzok have been trusted to allow the transaction to proceed in order to gain the emails and transfer them in response to Congress’s subpoena? What are the chances you place on that having happened, Frank, versus the chance that Strzok, McCabe and Comey would intentionally scare the fish away?

        • Frank
          Posted Jul 29, 2018 at 7:23 PM | Permalink

          Ron: Item 3) appears to say that AFTER the President removes a name from the list (a fait accompli, if you like), he can be required to explain his rational to the chairman or ranking member. As head of the executive branch, Trump can probably find someone in the IC who will provide “a” rational for almost any action he wants to take. Perhaps I exaggerate. Hopefully we can agree that the president has significant, if not total, ability to influence who is sanctioned by the Magnitsky Act. In other words, sanctions relief – Natalie V’s assignment – could be one side of a quid pro quo deal for Hillary’s missing email. I’m not saying there was a deal.

        • Frank
          Posted Jul 29, 2018 at 10:39 PM | Permalink

          Ron: Trump Jr.’s acceptance of the meeting with Natalie V. was reckless.

          Did he expect to the Russians to give away valuable information for free? If so, they could have sent their dirt on HRC to WikiLeaks (like the material from the DNC). The logical assumption was that the Russians (at least those associated with meeting, who might have been operating independently of Putin’s staff) were hoping for something in return. Getting something secretly is the first step in being compromised. Next, the Russians later ask you for a trivial, but technically illegal, favor in return and hint that your secret might leak if you don’t cooperate. So, the correct response would be: ” I think the American public deserves to know all of the bad things HRC has done. Please inform them. However, I won’t meet with representatives (official or unofficial) from a foreign government to facilitate this process.”

          You raise the challenging possibility that the “dirt” being offered was email subpoenaed by Congress – something Trump Jr. didn’t know. If it were, the information was stolen (hacked) from the DoS and Congress had no authority to see it until classified sections had been redacted. I think the correct thing to have done would be to have asked the Committee Chairmen who had subpoenaed the records to facilitate a meeting to inform the DoS IG, who had filed a complaint, and Comey, who was in charge of investigating that complaint.

          Would nothing have happened? The IG filed a complaint against Clinton. Comey allegedly told Yates that he was unwilling to close the email investigation (and would ask for a special prosecutor) if the DoJ didn’t negotiate access to the laptops of Mills and Samuelson. He ordered that a search warrant be issued for Weiner’s laptop in late October (something that could have been delayed until after the election) and told the public (though he allegedly trusted his team not to leak). IMO, Trump fired the only person demonstrably willing to indict HRC if the evidence demanded it.

          (Yes, others think I place too much faith in our institutions. And I think Trump is irresponsibly destroying that faith for political purposes.)

        • Posted Jul 30, 2018 at 7:29 AM | Permalink

          “Natalie V’s assignment – could be one side of a quid pro quo deal for Hillary’s missing email.”

          How would that have worked? As you pointed out any deal would have left him open for further blackmail whether he won the election or not. Do you believe you are the only one who knows the tactics of subversion?

          Taking the meeting was dangerous but not reckless. Buying the emails would not have been illegal if he turned them over to authorities immediately afterward. If a person approaches and art collector with an offer to sell a stolen painting a wealthy collector may feel a duty to secure the priceless painting first before calling the police. Same with kidnapping. If the deal was instead of cash and carry a quid pro quo it would have been even easier to go the authorities afterward. No need to fill Trump’s end of the bargain then. What you are missing is evidence that Trump was already subverted. This is why Hillary paid Perkins and Coie to pay Fusion GPS to pay Steele to plant the dossier.

          Regarding faith in institutions, there should be no need to ask for special faith. Trust can be earned and maintained by square dealing just as in normal commerce.

        • Posted Jul 30, 2018 at 8:16 AM | Permalink

          “The IG filed a complaint against Clinton. Comey allegedly told Yates that he was unwilling to close the email investigation (and would ask for a special prosecutor) if the DoJ didn’t negotiate access to the laptops of Mills and Samuelson.”

          Frank, do you have a source for this? Regardless, it would just show how corrupt Yates and Lynch were and that it only made even Democrat Comey uneasy to be too transparent in whitewashing Hillary’s crimes. He understandably didn’t want to be over the top and perhaps be exposed by whistleblowers from underneath. This is exactly what happened that he finally issued the search warrant for Weiners laptop after the NY office allegedly was clamoring to go public after DC had been sitting on their hands for a month not issuing a warrant.

          Considering that the US DOJ and FBI were politically corrupted by Obama’s administration and you readily admit that a president “can probably find someone in the IC who will provide “a” rational for almost any action he wants to take,” the only danger or Trump Jr. taking the meeting with Natalia V. involved the possibility of it being a setup by Obama’s IC. And that possibility, that Rob Goldstone had connections to western intelligence is not ruled out in my mind at all.

        • Posted Jul 30, 2018 at 2:23 PM | Permalink

          “Trump Jr.’s acceptance of the meeting with Natalie V. was reckless”

          Rob Goldstone, who set up the meeting with a dangle of a “Crown prosecutor of Russia” offering “some official documents and information that would incriminate Hillary in her dealings with Russia,” seems like opposition research. There was no mention of ill-gotten goods.

          If that was reckless then how can one not see it reckless seeking out Russian agents to create a narrative to be collected by a former British intelligence officer and current western IC asset and then planting it in the US media after laundering throughout US IC, Top Dems and never-Trump GOP personalities? The FBI believed every word from Steele and Simpson without checking. Comey is confused to this day as to who initiated the dossier. He still claims it was a never-Trumper, the cover story fed to the press for a year.

          Why did Goldstone, a gay British music promoter decide to make a dangle of Hillary dirt to Trump? Why did Goldstone arrange a meeting of Trump Jr. the Russian legal counsel to a Putin oligarch? Why did he lie to both parties about the purpose of their meeting? Did Goldstone have contact with Fusion GPS or Hillary proxy?

          “All answers lie with Rob Goldstone.” — Natalia V.

          Mueller, Schiff and Dems to this point has shown no curiosity though.

      • Frank
        Posted Jul 31, 2018 at 12:15 AM | Permalink | Reply

        Ron asked: Frank, do you have a source for this [story about the DoS IG and how Comey obtained the laptops.]

        The story about the laptops initially came from Comey’s book, but I believe the details were confirmed by the IG’s report. The dubious deals made to get those laptops were discussed.

        When the State Department was unable to fulfill its obligation to turn over records to Congress and FOI, the DoS IG investigated to determine what went wrong. HRC and her inner circle declined to speak to the IG, so the IG was forced to file a complaint with the FBI that an unknown amount of confidential information could have been mishandled or compromised on HRC’s server. (The system worked here.)

        Ron continued about “Democrat Comey”. Comey was a Republican until sometime in 2016, when he became an independent. He made political contributions to both Romney and McCain. His unpolished book is a jumbled mixture of history interspersed with candid personal feelings on a variety of subjects, including bullies, lying, listening, and teamwork. You might come away believing that Comey’s passion was the integrity of the justice system and that Trump and that Trump was the antithesis of the ideas that had motivated Comey for decades.

        Both the Aglarov’s and Goldstone (who worked with Emin) were friends of the Trumps, visited Trump Tower one month before before Trump announced his candidacy and heard about his campaign plans.

  19. Frank
    Posted Jul 31, 2018 at 12:48 AM | Permalink | Reply

    Ron: I presume that you recognize that Trump Jr. got the “dirt” on Hillary Clinton he was seeking from the Russians. It came out gradually in October of 2016 in the form of the emails hacked from Podesta. The only question is whether the meeting in June had anything to do with the October release.

    • Posted Jul 31, 2018 at 8:20 AM | Permalink | Reply

      Frank, if I was looking at the Washington Post timeline a year ago I might be leaning in the direction of Putin trying to build points with Trump, or more likely, to compromise him to undermine him.

      But nothing ever developed from all these dozen pieces of circumstantial evidence. In fact, we know now the Hillary campaign was actively aware of this Trump’s Russia vulnerability and was taking daring active measures to exploit it. We know the FBI was biased in Hillary’s favor and had placed spies (informants) inside Trump’s campaign. And, it would not be a shocker if Russian agents were actively trying to compromise Trump’s campaign as they did Carter Page in 2013 or anyone who expresses Russian sympathy. The FBI was aware but took no effort to warn them. The Mueller investigation and press are not making progress uncovering anything. On the contrary, the handful of conservative reporters, Judicial Watch, the IG and congresspersons are uncovering alarming deceit and intentionally hidden key facts.

      If Rob Goldstone was Trump’s friend and truly was a go-between for Putin and Trump he would be extradited and likely in jail now. An alternative explanation for his behavior is that he was a subversive. (But planted by whom?) Again, Mueller seems uninterested.

      • Frank
        Posted Jul 31, 2018 at 9:35 PM | Permalink | Reply

        Ron: Goldstone testified to Congress and presumably was interviewed by Mueller. It isn’t a crime to have friends in both Russia and the US, nor I think to inform one group of friends that another group may have useful information of dubious legality. Profiting from illegality is another matter.

        Ron wrote: “In fact, we know now the Hillary campaign was actively aware of this Trump’s Russia vulnerability and was taking daring active measures to exploit it.”

        Politics is all about exploiting the weaknesses of your opponents. Trump’s warmth towards and admiration for Putin was a weakness Trump created for himself, not something that was unfairly imposed upon him by HRC. The Steele Dossier appears to have been unfairly imposed on Trump, but it is my understanding that Fusion was to look for dirt in Trump’s BUSINESS arrangements in Russia. To the best of my knowledge, the concept of collusion was originated with Steele, not HRC or the DNC. However, I’d be happy to be proven wrong.

    • Ed Snack
      Posted Jul 31, 2018 at 4:25 PM | Permalink | Reply

      Frank, that simply isn’t true. The meeting was promoted by Goldstone with the “lure” that the Russians had compromising info on HRC (wasn’t specifically emails, it was said to be information about illegal contributions to her campaign by Russians and possibly others), yet the Russians in that meeting (NV primarily) knew nothing about that and wanted only to talk about potentially lifting the restriction s imposed by the Magnitsky Act. Surely, if there was such info on offer it would have got a mention especially as Don Jr terminated the meeting and left after 15 minutes.

      The Podesta emails simply weren’t on offer as far as we can tell. They don’t relate to campaign financing issues except maybe peripherally – there was some meat in them but mainly around the way Bernie Sanders was treated.

      Surely whgat is interesting about that meeting are the facts we know about: The stated purpose was apparently deliberately misrepresented (and no one in the Mueller team has even contacted Goldstone about that); NV was barred from entering the USA but received a special Visa just 3 or so days before signed off by none other than Lynch; and NV met both before and after the meeting with Glen Simpson of Fusion GPS.Simpson was of course involved in lobbying on behalf of Putin related interests to lift the Magnitsky Act so maybe the NV/GS meetings related to that.

      I think the most likely explanation of the meeting is that it represents two entwined strands – first it was a form of honey trap as part of the “Russian Collusion” narrative being spun by the Clinton campaign, and second it was an opportunistic way for GS to lobby the Trump campaign (as a backstop, who knows, maybe they might even win) to lighten or remove the Magnitsky Act restrictions. It is often overlooked that if DJT is a Putin tool, one the the things that Putin would like would be some easing of those restrictions (because the Russians have put quite a bit of effort and money into lobbying for just that) – and yet nothing has changed on that front. Negative evidence maybe, but another piece of evidence against any Trump/Putin narrative. After all, it wouldn’t be hard for Trump to come out against Browder and sound off at his quite likely illegal acts and his move to a relative tax haven and to use that as a way to start easing the restrictions.

    • Posted Aug 1, 2018 at 7:49 AM | Permalink | Reply

      Frank, I agree that there was circumstantial evidence to look at the Trump campaign in 2016. But when the investigations developed nothing except apparent intentional efforts to fabricate a frame-up, the investigation should have gone in that direction. It’s now two years since the FBI and DOJ we can see must have known that Steele was conducting and information operation. But instead of investigating that they joined it. This is true at later stages for the MSM and Dem senate and house investigators as well. This leaves our country dangerously close to having no justice recourse for what most of the country and world now sees as an abomination.

      You never answered the question of what could Trump have been expected to do for Putin or how such a deal could ever been made. Give a hypothetical.

      The motives of the alternative scenario are transparent: to covertly overturn a legitimate election.

      • Frank
        Posted Aug 2, 2018 at 3:51 AM | Permalink | Reply

        Ron: “[Frank,] You never answered the question of what could Trump have been expected to do for Putin or how such a deal could ever been made. Give a hypothetical.”

        1) Recognition of Russian annexation of Crimea and ending the sanctions that were imposed as a result. Worth billions to the Russian economy.

        2) Removing the names of favored oligarchs from the provisions of the Magnitisky Act.

        3) Grant Russia (and Assad and Iran and Hezbollah) victory in Syria by abandoning US-supported rebels to a peace that leaves Assad in place. That will encourage future foreign adventures by the Russian military and mercenaries.

        4) Trump has already refused to endorse the mutual-defense provisions of NATO at appropriate forums.

        Ron, doesn’t the fact that you even need to ask what Trump could do for Putin suggest a problem with your sources of information? It is perfectly fine to passionately support Mr. Trump, but we must prevent confirmation bias from blinding us to the obvious truth that Trump had lots to give Putin.

        • Posted Aug 2, 2018 at 8:30 AM | Permalink

          Frank, so you are saying that Putin sized Trump up as a Jimmy Carter Democrat or a Barack Obama, publicly telling Putin to “cut it out” while privately ordering a stand down of any response, telling Putin in 2012 “I’ll have more flexibility after the election,” cancelling anti-missile shields for Europe, cutting US defense spending, pushing a reset button.

          Trump, because he campaigned NATO not paying their fair share, and threatening that the US will not be taken advantage of, is playing into Putin’s hand. His priority in increasing defense spending, even at the demotion in priority of his coveted wall, is a sure sign that he was a Putin stooge.

          All of your items would have been approached by Hillary with a Ronald Reagan toughness while Trump would have been seen as likely being a shrinking violet by Putin. It must be shocking to Putin to see Trump’s increased pressure of sanctions against NC and Iran. Clearly Putin miscalculated in Syria to have lost that entire company of mercenaries. But I suppose that Trump is just over-compensating for the media accusations of collusion to through everyone off the scent. If only the DNC hackers did not leave Russian fingerprints…

        • Frank
          Posted Aug 3, 2018 at 5:17 AM | Permalink

          Ron said: “Frank, so you are saying that …”.

          No. I answered YOUR question about what Trump could have done for Putin as part of a deal. Since you changed the subject, I’m gather you accept that Trump had valuable things to offer Putin. Presumably you also realize that Putin did provide Trump with the hacked DNC and Podesta email and the services of more than 1000 trolls at the IRA. The components of a deal are obvious, but that doesn’t mean one was NEGOTIATED. Putin may have assisted Trump simply because he expected Trump to weaken US support for NATO and liberal democracy (vs right-wing authoritarians) in Europe.

          I doubt Putin is disappointed or impressed by much Trump has done. Spending more on the US military is meaningless in the absence of any willingness to use that military to constrain Putins’s actions anywhere.

          Trump agreed to a meeting with Kim with no written commitment about what “denuclearization” means, and declared NK problem solved. Pressure to maintain sanctions vanished, and Pompeo has been stonewalled ever since. Obama and Kerry settled for too little with Iran, but Trump’s unilateral action won’t put as much pressure on Iran as Obama had.

          Has the US abandoned the land the Russians were trying to seize in Syria with those mercenaries? Has Mattis been given orders to yield ground next time? Isn’t Putin still winning in Syria?

          Fingerprints? The Dutch have the Russian hackers on video.

          I’m skeptical of Kagan’s interventions, but he analyzes the situation right:

          https://www.brookings.edu/blog/order-from-chaos/2018/07/24/the-united-states-and-russia-arent-allies-but-trump-and-putin-are/

        • Posted Aug 3, 2018 at 8:37 AM | Permalink

          Frank, the reason I didn’t digress into the topics of specific Russo-American foreign policy issues is that it should be obvious that there is no single central issue that is more important than a dozen others. Trump could have conceded on issue one but been doubly tough on issues 2, 3 and 4. Or, he could have quietly approved the sale of 20% of US Uranium reserves to Russian control, allowed Russia into Syria, Crimea and Ukraine while voicing displeasure but making no counter response. A deal would have been silly.

          Certainly it’s possible that Putin could have judged one presidential candidates to be a preference over the other. I’m sure Russia preferred Jimmy Carter to Ronald Reagan, for exmple. But, if we follow your logic (and Think Progress’s) Putin would have preferred Reagan since he was right wing. That’s absurd. Why would anyone want a rival country’s leader to be authoritarian? As far as left and right, as Ronald Reagan famously pointed out left and right is a canard; there is only up and down, meaning liberty versus oppression. Trump’s strongest support is among Libertarians.

          “Spending more on the US military is meaningless in the absence of any willingness to use that military…”

          Clearly you and I disagree on the principal of peace through strength and weakness being provocative to aggressors.

          The Dutch hack of the SVR’s DNC hack was known to the Obama administration and presumably to Clinton many months before the Podesta hack at Clinton For America using a different hacking tool. The fact that you are aware of the forensic contradictions in the left’s narrative that have been exposed here at this site yet you discard them in favor of a blurred false picture is telling.

      • MikeN
        Posted Aug 9, 2018 at 12:29 AM | Permalink | Reply

        Checking Michael Cohen’s travel, finding that he did not travel to Prague as indicated in the dossier, but instead a different Michael Cohen did travel there, should have been a huge red flag.

        • Frank
          Posted Aug 10, 2018 at 12:52 AM | Permalink

          Well, Mike, the fact that Cohen’s passport apparently didn’t leave the US during the correct period doesn’t mean that Cohen himself didn’t travel to Prague. And it doesn’t mean that the Russian Cohen allegedly met wasn’t using a trip to Prague as a cover story to disguise a trip to the US to meet Cohen. Unfortunately, the “Steele hypothesis” can’t be invalidated by a single counterexample. However, the Steele Dossier has far bigger flaws than Prague.

          Assume Trump has been cultivated for several years as the dossier alleges. Imagine you are the Russians. Trump has gotten or is about to get Secret Service protection. How would you communicate with him? Unless Page, Flynn or Manafort already were a trusted ally, neither Trump nor the Russians would to want to communicate via people that Trump barely knew in March. IMO, this is ludicrous. On the other hand, Cohen has been Trump’s “fixer” for many years. It makes far more sense to suspect Cohen of being part of some sort of long-term collusion, despite the flawed intelligence about Prague.

          Given that I can create a more convincing story than found in the Dossier, so I doubt it was faked. Partly wrong, sure. Totally faked? Not likely. Nor is anyone going to run a grand conspiracy between the DNC or Deep State through Simpson of Fusion GPS – a former WSJ reporter making a living as a researcher mostly for lawyers. The central player in such a conspiracy is unlikely to be a person who tracks down a house in Colorado owned by one of Browder’s many shell companies and personally serves him with a subpoena. If Steele was part of a conspiracy to get Trump, the hiring of Steele by Fusion GPS could be a cover story for how actually Steele became involved.

          Alternative hypothesis: Suppose Russian efforts to cultivate Trump had failed to create a working relationship. Imagine Russia is hacking and gearing up its operation against the US election. Putin now wants to use the hacked material to get reach some sort of deal with Trump or simply entangle Trump, creating dissension and distrust. Then you start a crash program to make contact with the Trump campaign? Secretly meet with Page in Moscow and approach others elsewhere? Recruit the Agalarovs to introduce Natalie V (amateurs not known to Steele’s sources)?

  20. Frank
    Posted Aug 1, 2018 at 1:53 AM | Permalink | Reply

    Ron, Ed and friends: Listening and trying to understand differing points of view, I realize that much of today’s controversy comes down to whether one considers Russia to be an “enemy”. A recent podcast from the National Constitution Center had a discussion (with one of two participants from the Federalist Society) of the treason clause, and whether any of Trump’s activities fit the definition of treason. During WWII, people who gave very little “aid and comfort” to our enemies were convicted of treason. Is Russia our enemy? This may be the fundamental question, whether or not we are considering treason or some more reasonable charge. The speakers suggested that the recent battle in Syria between Russian mercenaries and US forces and the hacking of state election computers (a far more serious attack than simply stealing information or spying) COULD provide a legal basis for claiming Russia is our “enemy” in a courtroom. I’m more inclined to argue that our NATO obligations and Putin’s stated desire to reconstitute the Russian Empire make Russia an enemy. FWIW, Putin’s actions and rationalizations remind me of Hitler in the years prior to WWII so I personally view Russia as an enemy. When did Hilter become the enemy of Britian and France?

    The article below suggests we can look at Russia three different ways: a) ideologically – Putin is a dangerous totalitarian dictator. b) Russia is a “Great Power” rival of the US. c) Putin and Russia are potential Christian allies in our war with Muslim civilization. Those with the first two perspectives consider Trump’s attitude towards Putin potentially “treasonous” and collusion with Russia to get elected (and thereby aid our enemy Russia) as clearly “treasonous”. Those who adopt the third perspective view the Russia investigation as a potentially “treasonous” interference with presidential authority and impeachment for collusion as a “coup”.

    https://www.theatlantic.com/politics/archive/2016/12/the-conservative-split-on-russia/510317/

    After the annexation of Crimea, the first two perspectives on Russian dominated policymaking and the IC rightly monitored (“spied on”, as Trump would say) Russian sympathizers. The IC must have been shocked when Trump chose Manafort, Page, and Flynn as advisors – people they already were monitoring and/or had investigated. Perhaps Trump himself was already considered as a potential Russian sympathizer before he announced his candidacy. Monitoring, or even sending a Steven Halper to probe, appears appropriate, and surveillance with a warrant.

    Until Trump was inaugurated, the Russia-is-our-enemy perspective was approved bi-partisan policy. Did that policy end – making the collusion investigation a witch-hunt or even a coup? Who decides? I doubt that the Senate would confirm an SoS who openly advocated for Trump’s views of Russia and there would be many votes for impeaching such a SoS.

  21. Frank
    Posted Aug 2, 2018 at 5:19 AM | Permalink | Reply

    Ron, Ed and friends: Below is an possible explanation for the disagreement about the investigation into collusion with Russia. Treason is constitutionally defined as:

    “adhering to [our] Enemies, giving them Aid and Comfort”

    During WWII, several Americans (including “Toyko Rose”) were convicted of treason for giving remarkably little aid and comfort to our enemies. If we were at war with Russia and Trump were not President, Trump arguably could be charge with treason.

    So, the fundamental disagreement comes down to whether Russia is our “enemy”. Although the above is the legal definition of treason, I am using the term symbolically – to illustrated the extreme passion involved.

    Russia is clearly an enemy for those who perceive: a “Great Power” struggle, an ideological struggle with NATO allies against totalitarianism, or strong parallels between Putin’s and HIlter’s motivations and tactics. Before Trump began his campaign, a bi-partisan consensus existed that Russia was at least a potential enemy. Our IC was rightfully monitoring Russian sympathizers like Manafort, Carter, Flynn, and Rohrbacher (using sources like Halper). The IC must have been shocked when some became Trump’s advisors – unless, of course, they already considered Trump himself to be a Russia sympathizer. (And, heaven help us, Strzok was involved.)

    Trump and many of his supporters, however, don’t see Russia as an enemy. Some assert that Putin is a potential Christian ally in our war against Islamism civilization. If Russia is an ordinary country like Britain, the Russia investigation is a “witch hunt” and using it to impeach Trump a “coup”. Trump’s inability to end the Mueller investigation is arguably due to treason.

    Who decides whether Russia is, or is not, an enemy? Our system of checks and balances (including impeachment) has diffused this power over three branches. Trump may be chief executive, but Congress is the ultimate authority.

  22. AntonyIndia
    Posted Aug 4, 2018 at 2:25 AM | Permalink | Reply

    Judicial Watch FOIAed 71 FBI pages on their contacts with UK Christopher Steele: on 02 02 2016 the FBI admonished him (p71), so way before Fusion GPS allegedly hired him. Also notice the 99% blank space: so much to hide. https://www.judicialwatch.org/press-room/press-releases/judicial-watch-fbi-records-show-dossier-author-deemed-not-suitable-for-use-as-source-show-several-fbi-payments-in-2016/

    • Posted Aug 4, 2018 at 10:20 AM | Permalink | Reply

      Christopher Steele had an active relationship with the FBI as early as February 2, 2016. We must rethink everything now. Is the reason 99% of the communications with Steele is redacted because it would reveal all sorts of other confidential informants working against Trump for the FBI and others and blowing the FBI’s timeline? Was the FBI not only getting information from Steele as an informant but supplying him information and using him as an agent? Was Steele, as asset from the CIA or other US IC entity, supplying information outside of normal channels?

      We know now that Steele’s introduction to the FBI through Victoria Nuland in late July of 2016 was unnecessary since Steele had already been working for the FBI for over six months. Perhaps Steele need to be introduced through the front door by those working with him at the back door. We would be naive to think that the government, or even a specific agency like the FBI, is cohesive. The left hand may have maneuvered against the right, perhaps even running internal ops.

      Steele’s telling reporters Corn and Isikoff in October 2016 that he was hired by a never-Trumper was a participation in a deceit to the American people. This makes him an active agent, not an informant. Because we know now Steele knew exactly who he was working for.

      James Comey said last March that he still believed that Steele was originally hired by a never-Trumper through Fusion GPS. Is Comey on drugs or did was he out of the Steele-FBI loop?

      • AntonyIndia
        Posted Aug 5, 2018 at 4:19 AM | Permalink | Reply

        Glenn Simpson of Fusion knew Steele well since at least 2009 while working in Brussels; he also knew that Steele would not go himself back into Russia as that was too risky for him being an ex-UK spook. Still ex-WSJ journalist Simpson presents Steele as a reliable (but second hand!/i>) source and pays him well. On page 60 of his House deposition Nov 14 2017 Simpson claims that on July 16th 2016 Steele first told him he was going to inform the FBI about his findings reg.Trump. Either Steele was lying or both were lying.

        • Posted Aug 5, 2018 at 9:56 AM | Permalink

          Antony, I’m not sure that Fusion GPS’s Simpson was the main connection with Steele unless he risked lying to congress when he testified that he hired Steele in June 2016. This FBI release shows that Steele was an active US IC asset. This makes it look like the Trump-Russia collusion information op was hatched from the Obama IC.

          We know from DNC leader Donna Brazile’s book that Hillary had completely corrupted the DNC and was using it as her campaign arm, controlling its expenditures before she became the party nominee. Perhaps Hillary had maintained a connection with the Obama DOS and IC and colluded to run ops on any GOP opponent. This would fit the picture of Steele being on the payroll so early in 2016.

          I might even believe Victoria Nuland, Hillary’s right hand at DOS, when she said she wanted to not be a part of the operation, even though she told the FBI she worked closely with Steele and vouched for him to get him into the front door in July 2016. Nuland may have been reluctant to be a Hillary partner as Donna Brazile clearly was. I remember seeing Nuland before the congress Benghazi hearing just weeks after the event when she spilled the beans that there was no “fog of war” and the attack was watched in real time with drones. We later saw that the idea of using the event in Cairo to call the Benghazi a protest against a Youtube video was Hillary’s genius.

          The FBI’s early dealings with Steele completely blow the Washington Post’s timeline. The only question is how far the media will go to hold onto the false narrative as they did for Benghazi to get through the 2012 election.

        • Ed Snack
          Posted Aug 5, 2018 at 3:51 PM | Permalink

          Antony, Steele is actually a “persona non gratia” in Russia, he couldn’t go personally unless special approval was granted by the Russian authorities. Very similar to NV who had to seek a special visa to visit the USA.

    • Posted Aug 4, 2018 at 11:08 AM | Permalink | Reply

      In a June senate hearing Victoria Nuland confirmed that Steele had come to the US State Department at Foggy Bottom in October 2016 to brief DOS officials directly. Nuland, when questioned if she attended said she actively avoided the meeting. She apparently avoided it so much that she later responded that she did not know about the meeting until afterwards. Yes, that would be impossible for both statements to be true.

      If Senator Burr was running his investigation like Mueller clearly Nuland would be getting indicted for lying to congress. https://www.weeklystandard.com/eric-felten/victoria-nuland-cant-keep-her-steele-story-straight

    • Frank
      Posted Aug 4, 2018 at 8:39 PM | Permalink | Reply

      Anthony and Ron: At the beginning of 2016, there was a bipartisan consensus that Russia was our enemy. The Magnitsky Act was signed in 2012, additional sanctions put in place after the invasion and annexation of Crimea in 2014 and at the end of 2016 by Obama and by Congress in April 2017 (by a 98-2 vote in the Senate and signed by Trump).

      It was and is the IC’s job to stay informed about the activities of Russian sympathizers, Including Americans like Flynn, Manafort and Carter (and possibly Rohrbacher). Without evidence that a crime had been committed, a warrant for electronic surveillance can’t be obtained, but there would be nothing wrong with paid consulting with Steele* or informal probing with a friend like Halper or general collecting of intelligence (such as the report about Papadopoulos’s early knowledge about Russian hacking). And Strozak was the #2 man in the FBI’s counterintelligence organization – so expect to soon learn that he was involved. And expect the FBI to be reluctant to share the methods and sources they use to monitor Russian sympathizers.

      It may even be that Trump was on the IC’s list of Russian sympathizers before he announced his candidacy: the beauty pageant, Eric Trump has bragged about the Trump Organization’s access to Russian investors (since US banks were leery after four bankruptcies), Trump Soho has two Russian partners, including Felix Sater (a past member of the Russian Mafia), the Agaralovs, etc.

      So whatever happened before July 31, 2016 was well within the scope of the normal duties of the IC to monitor the activities of Americans who sympathized with our nation’s enemies. Same as they might with North Korea (Dennis Rodman?) and Iran.

      *After the Soviet Union dissolved, the CIA decided to treat Russia as a friendly country, meaning that would listen to defectors from Russian intelligence services, but provide money or assistance to defectors. Britain continued to actively encourage and help those who defected from Russia. As Britain’s former top expert on Russia, Steele knows things the US IC doesn’t.

      • Posted Aug 5, 2018 at 12:16 AM | Permalink | Reply

        Frank, the GOP has been consistent in its weariness of Putin from G.W Bush to present, as evidenced by John McCain in 2008 calling Putin the KGB, to Mitt Romney in 2012 calling Russia out as America’s greatest threat. Obama and the left ridiculed that toughness, saying “the 1980s called and wanted their foreign policy back.” This was not because the left were pro-Putin but because they were anti-GOP, which was their most important rival. Hillary, when asked in the Dem primary debate who was America’s greatest enemy she said the GOP. The left is only angry with Russia because they are being told by the fake press that Putin is responsible for Hillary’s loss.

        In the heart of the Cold War in the 1950s when Russia controlled all of eastern Europe and was thought to be ahead of the US is ICBM technology, with the “missile gap,” it was the left that was anti-American and pro-Soviet. Yes, I even personally knew one of these communists. I watched him cry when the Soviet Union fell. (I’m certain that Bernie Sanders cried and maybe John Brennan too.) But when conservative found out that the US IC had spied on far left individuals in the 1950-60s they rightly denounced it along with the left because civil liberties were more an existential imperative for America than the containment of Soviet world domination. It now seems the left’s concern for civil liberties ends with their own.

        This just in: Trump issues fresh sanctions. https://www.washingtontimes.com/news/2018/aug/3/trump-hits-russian-bank-n-korean-firms-sanctions/

        BTW, I’m not sure that they way Bill Browder made his millions with Hermitage Capital was any cleaner than Manafort money. The difference is that Browder got bitten by the bear.

        Carter Page apparently was too honest to have made the slightest lie to the FBI or he would be standing trial now with other Trump supporters. Mifsud, Goldstone, Halper and Greenman are the ones with guilty knowledge and they are all free.

        • Frank
          Posted Aug 5, 2018 at 8:31 PM | Permalink

          Animosity towards Russia has varied since 2000. President Bush initially reporting that he had looked into Putin’s eyes and seen the soul of a good man. Relations deteriorated. When Obama and Hillary took over, Medvedev was President; they thought they could reset relations and failed. Relations really went bad when there were public disturbances during Putin’s re-election (which Putin accused the US of sponsoring) and then Russia invaded Crimea. Romney and McCain showed more candor and realism than Obama.

          During the Cold War and since, I believe it is fairer to say that the center of both parties supported the view that there was an ongoing ideological struggle between totalitarianism and liberal democracy, and that liberal democracy poses the biggest threat to leaders like Putin. Autocrats like Putin fear that demonstrators – such as those at the Euromaidan, Tahrir Square, Tiananmen Square, and especial in Putin’s case, the Russian White House and Berlin Wall – will someday be coming for them. The fringes of both parties (most notably today the alt right) have rejected that worldview and sometimes (post Vietnam) the fringe has gained control. Indeed, today Trump is opposed to all of the European leaders with roots in the center and supports their authoritarian, right-wing adversaries. Trump and Putin are arguably allies in this respect

          The idea that Brennan is a Communist sympathizer is fake news created to help Trump. He is now working for Kissinger Associates and has never espoused the view that the US created Qaeda to destroy Communism – the logical complaint for a Russian sympathizer. (That kind of nonsense is coming from the alt-right.)

          I don’t know about ethics of Mr. Browder’s entire career, but your comparison with Manafort represents the worst kind of politically-motivated ignorance. Mr. Browder’s campaign against the Russian kleptocracy is clearly motivated by outrage at the system that embezzled the large tax payment he made and killed the man he hired to expose that corruption. Mr. Browder’s campaign has UNNECESSARILY put his life in danger and subjected his affairs extraordinary scrutiny (from Fusion GPS among others). Manafort has been charged with money laundering to avoid paying US taxes on $75M in dubious income from Ukraine.

        • Ed Snack
          Posted Aug 5, 2018 at 9:51 PM | Permalink

          Frank,

          I’d just suggest that research Bill Browder a bit further before making those comments. There is at least reasonable evidence that Browder is not being particularly honest. He claims that Magnitsky was his lawyer, but Magnitsky did not have any legal qualifications for a start.

          Read both sides and see where you think the truth lies. I’m unconvinced by Browder but there’s no doubt he spins a good yarn.

        • Frank
          Posted Aug 6, 2018 at 4:09 AM | Permalink

          Ed: Sergei Magnitsky was an auditor working for the law firm retained by Hermitage Capital in Moscow.

          It is hard to believe that you would bother to cite slight such a trivial mischaracterization. Ask yourself one simple question, if Bill Browder were the bad guy in this story, would he draw attention to himself and thereby risk legal scrutiny and assassination (the fate of several critics of Putin)? Would he really perpetrate one of the biggest hoaxes in international history?

          Now do you have doubts about the credibility of the US FBI? If so, think about the power of the Russian state security to manipulate this story. They many be able to create a reasonable doubt in the upcoming Prevezon trial.

        • AntonyIndia
          Posted Aug 6, 2018 at 5:53 AM | Permalink

          Legal scrutiny? Even sitting US president Trump has been put under a microscope by the FBI – not to start about J. Edgar Hoover. Assassination? Like the CIA personnel organized together with LBJ for US president JFK? https://web.archive.org/web/20080620083703/http://www.rollingstone.com:80/politics/story/13893143/the_last_confessions_of_e_howard_hunt/7

          US deep state is paramount to Russian deep state: all US citizens lose. It also has a much bigger budget and arsenal: many foreign citizens also lose in their home lands (like Irak, Libya, Syria – all secular, non communist regimes)

        • Posted Aug 6, 2018 at 7:29 AM | Permalink

          Frank wrote: “The fringes of both parties (most notably today the alt right) have rejected that worldview [west vs east bipolar struggle] and sometimes (post Vietnam) the fringe has gained control. Indeed, today Trump is opposed to all of the European leaders with roots in the center and supports their authoritarian, right-wing adversaries. Trump and Putin are arguably allies in this respect”

          “Alt right” is a made up term by the left to counter their own radicalism. The entire country and world has been shifting left in all corners. Trump, Reagan and JFK are nearly identical in policy views. Reagan supported JFK, himself an active Democrat at the time. Reagan famously said, “I didn’t leave the Democratic Party; they left me.”

          Equal opportunity does not result in equal outcomes. This naturally leaves electorates open for exploitation by unscrupulous politicians as well as the those he see it to be virtuous to give away other people’s money. “The only problem with socialism is that eventually you run out of other people’s money.” These words by Margaret Thatcher would be seen as “alt right” on today’s campuses. Authoritarianism is needed by the left to gain the power to confiscate and control education and media. The radical right, being the Freedom Caucus, being accused by the left as authoritarians is Orwellian.

      • AntonyIndia
        Posted Aug 5, 2018 at 12:51 AM | Permalink | Reply

        Well Russia became Bill Browder’s personal enemy only after they charged him for massive tax fraud. He then went abroad and manipulated the Obama administration to sanction Russia. He lies a lot, even in on camera and in US court : https://www.youtube.com/watch?v=OBjO0TIb7pw

        More about him: http://populist.tv/2018/01/20/bill-browder-links-and-resources-to-understand-controversy/

      • Ed Snack
        Posted Aug 5, 2018 at 3:56 PM | Permalink | Reply

        So why weren’t they all over the Clinton campaign and the Podesta’s ? Bill Clinton’s speaking engagement in Moscow for a $500K fee alone shouyld be a red flag under your theory, and Mueller’s participation in the Uranium One affair is another that should have led to him being under surveillance. Yet apparently not, is only one “side” allowed to be under suspicion ?

        And classifying Flynn as a “Russian Sympathizer” is a bit of a stretch.

        • Antonylndia
          Posted Aug 5, 2018 at 10:27 PM | Permalink

          the FBI & co see red flags only on the “republican” Trump side; non on the Democratic (blue) side under HRC, who can blame them? 😉

        • Frank
          Posted Aug 7, 2018 at 12:14 AM | Permalink

          Ed Snack and AntonyIndia: I find the Clinton’s earning $100M running the Clinton Foundation outrageous, but that doesn’t mean someone can prove any quid pro quo agreements exist or that any law was intentionally broken. If I understand correctly, the IG’s report on the email investigation accidentally confirmed the existence of an on-going investigation into the Clinton Foundation.

          FWIW, the Comey demonstrated his willingness to prosecute HRC by requesting a search warrant and publicly announcing the re-opening of the investigation weeks before the election. So think news of the emails on the laptop would have leaked, but the FBI could have found some excuse for not proceeding immediately. The IG’s main criticisms said Comey was unfair to HRC.

          All of us remember (and are constantly reminded about byour little corner of the blogosphere) the things that hurt our side and we forget those that hurt the other.

          Flynn was pushed out of his DIA job early and retired, possibly holding a grudge. Flynn was making regular appearances on RT, gave a talk for $45,000 at a RT Moscow event where he was seated next to Putin and was reportedly seen hanging out with a Russian woman while attending a Cambridge intelligence forum with many Russians. He consulted ($65,000) for two Russian companies. Enough to make Flynn worth monitoring, but certainly not enough to open a criminal investigation.

        • Ed Snack
          Posted Aug 7, 2018 at 12:43 AM | Permalink

          Frank, if that’s what it taskes to get monitored, I repeat, why wasn’t both Bill Clinton ($500K for one speech and from a bank that is in Putin’s acknowledged circle), and Podesta – look up his trading in shares in a company co-owned with Russians.

          Also Flynn wasn’t seated next to Putin, that’s yet another lie that you seem keen on repeating. Putin was at the dinner, as principal guests often will, he circulated after the meal and spent a little time at each table. He briefly visited the table that Flynn sat at, and may have exchanged greetings with Flynn but did not have any extended exchange – it’s a little unclear, there are photo’s but not a video. Some claim that Putin nodded to Flynn, others saw nothing.

          The grudge wasn’t Flynn’s, it was the FBI’s McCabe who had the grudge as Flynn had supported an FBI analyst taking a case against the FBI and against McCabe himself. Hence the suspicion that McCabe had the 302 interview records of Flynn’s interview altered. That BTW has precedent, has has been shown that Andrew Weissman did the same in the Arthur Anderson/Enron case and wasn’t indicted and imprisoned for perversion of justice only because of the presumed prosecutorial immunity.

          We know that the Clinton foundation broke laws, for example the $145M donated by former shareholders in Uranium One/Urasia donated to the Foundation were not declared as the should have been but the Foundation was allowed to simply file amended declarations several years later when that info came out rather than anyone investigating seriously. Maybe there is a “serious” investigation, but I’ll believe it when I start seeing results. Otherwise it will be like the eMail investigation – despite cleat evidence of malfeasance and multiple insances of lying to the FBI, immunity was handed out like candy and no one was charged – because it was intended from the start that no one should be charged. I bet Flynn would have like the same treatment that Huma Abedin and Cheryl Mills for example were treated to.

        • Frank
          Posted Aug 8, 2018 at 8:22 PM | Permalink

          Ed: Why are you so sure that the Clinton’s aren’t being monitored. You weren’t aware that an investigation of the CGI was underway (or perhaps inactive awaiting new evidence). As I pointed out, the Trump campaign likely walked into normal intelligence and counterintelligence activities, by appointing advisors with questionable backgrounds. The difference is that Trump and some rabid Congressmen are trying to use this to discredit the IC. We only hear about the activities that impacted Trump; activities with sources and methods the FBI wants to keep confidential. The logical thing to do is try to listen to multiple points of view and keep an open mind? Could you be spending too much time hearing propaganda, not facts? If you fall into the trap of believing our government is our nation’s biggest problem, the populist solution is often to place your a strong authoritarian leader with a convincing message. (See Argentina.) In hopes of creating some doubt in your mind, I’ll address a couple issues.

          Did Flynn sit next to Putin at dinner? I certainly can’t say for certain. But Flynn himself seems to say he had a serious conversation with Putin. IF I am right, who is spreading false information? Do you occasionally check to see if your preferred sources are telling you the truth, or do you allow your preconceptions to filter what information you retain?

          In any case, whether they talked for 5 minutes or much longer, doesn’t the big picture still add up to someone the CI would want to monitor? If so, stop nit-picking.

          https://www.washingtonpost.com/news/checkpoint/wp/2016/08/15/trump-adviser-michael-t-flynn-on-his-dinner-with-putin-and-why-russia-today-is-just-like-cnn/?noredirect=on&utm_term=.cd43466b927c

          I’ve read several complaints (with personal outrage) about prosecutors failing to turn over “potentially exculpatory evidence” (Brady disclosures) However, I later learned that prosecutors only breach their disclosure obligations when:

          “the nondisclosure was so serious that there is a reasonable probability that the suppressed evidence would have produced a different VERDICT” (Wikipedia)

          Prosecutors are not required to turn over everything. They often provide summaries of witness statements, creating allegations that those statements were “amended”. This could be how your allegations of altering may have arisen. There is a big difference between allegations against Weissman from a defense attorney and a reprimand from a judge or bar association. Have any links to reprimands?

          By firing Comey and publicly bragging he did so because of the Russian investigation, Trump is now dealing with a special prosecutor with unlimited and money to discover wrongdoing. (See aKen Starr’s journey from Whitewater to Monica Lewinsky.) If HRC had been investigated by a special prosecutor charged with uncovering insecure handling of classified information and official government records in the DoS, a dozen or more people might have lost their jobs, security clearances or been indicted. Some of them might have ratted on HRC, Mills and Abedin – just like Mueller has gained the cooperation of Papadopoulos, Flynn and Cohen. Unfortunately, the election would have been over and HRC might have been president long before a wide-ranging investigation was complete. Trump and HRC have been treated differently, but Trump and Bill Clinton have been treated more equally.

        • Posted Aug 9, 2018 at 12:51 AM | Permalink

          Frank, you are right; presidential candidates need to be vetted by the IC. The democrats narrowly missed nominating Gary Hart and John Edwards after all. Actually, I think we have to go back to Eisenhower to find a president that did not have a scandal that would have disqualified them for the presidency from some group’s viewpoint. I’m sure the career IC see it as their job to steward the country J. Edgar Hoover and Allen Dulles did. Both knew well that JFK was dangerously naive about the red menace.

          When Newly inaugurated Trump tweeted that he believed that Trump Tower had been under Obama IC surveillance Comey, Obama and Clapper said there was no evidence they knew of to support such an accusation. Of Course, they had to lie to protect Trump from having to reveal the belief he was a Russian spy. And they needed to protect the country from the belief that the US had either elected a Putin stooge or that the US IC is an unaccountable rogue entity within.

          If there was one person that is intimately aware of the power of the IC and DOJ and knew what a special prosecutor or counsel could do to a president it’s HRC.

          Although it is true that the country suffered the humiliation of gaining the results of the dress DNA the independent counsels thankfully glossed over the Vince Foster investigation. Interestingly though, the reason that Monica Lewinsky came to the special prosecutor was that Linda Tripp recorded their conversations and kept Lewinsky’s blue dress. The reason Tripp forced Lewinsky out was because she feared that Lewinsky would otherwise wind up just as Vince Foster was found. Recall that Foster handing Tripp his lunch desert as he was going out becuase he was on a diet and told her to forward his calls the pager number he was checking out. He would be coming back.

        • Posted Aug 9, 2018 at 12:55 AM | Permalink

          Frank, you are right; presidential candidates need to be vetted by the IC. The Democrats narrowly missed nominating Gary Hart and John Edwards after all. Actually, I think we have to go back to Eisenhower to find a president that did not have a scandal that would have disqualified them for the presidency from some group’s viewpoint. I’m sure the career IC see it as their job to steward the country J. Edgar Hoover and Allen Dulles did. Both both felt their young president was dangerously naive to the red menace.

          When Newly inaugurated Trump tweeted that he believed that Trump Tower had been under Obama IC surveillance Comey, Obama and Clapper said there was no evidence they knew of to support such an accusation. Of Course, they had to lie to protect Trump from having to reveal the belief he was a Russian spy. And they needed to protect the country from the belief that the US had either elected a Putin stooge or that the US IC is an unaccountable rogue entity within.

          If there was one person that is intimately aware of the power of the IC and DOJ and knew what a special prosecutor or counsel could do it’s HRC.

  23. Posted Aug 7, 2018 at 12:11 AM | Permalink | Reply

    Frank wrote: here “FBI DD of Counterintelligence Strzok was almost certainly at the center of any “off-the-record” activities that could have begun as soon as Trump’s candidacy became viable. In my wildest nightmares, I can even imagine Strzok recruiting Steele and using Bruce Ohr to plant Steele with Fusion GPS. However, if Strzok or someone else staged the need for an investigation, the January 2017 explosion of news about Steele and the investigation would certainly have occurred BEFORE the election.”

    You wrote that on July 22. Since then we learned from FOIAed FBI records that Steele was indeed working for the FBI near the start of 2016, well before Fusion GPS entered the picture in April. Steele almost certainly would have been dealing with Strzok — just as in your nightmare. Tonight Devin Nunes said on Hannity that reporters should start looking at Ohr for the next big news.

    It now seems quite plausible that Obama was helping Hillary by setting up a direct line from the White House to the office of FBI DD of counterintelligence Strzok. Fusion GPS was only brought in when the operation went into full action, opening back-channel communication through the Bruce and Nellie Ohr connection.

    You pointed out that Manafort was under surveillance up until his entry into the Trump campaign. That means they knew of his connection to Russian oligarch Oleg Deripaska. That seems odd that Manafort would not have been the target of a Hillary email dangle. If the FBI suspected Trump of Russia collusion and his new campaign manager had a secret connection to Deripaska why not target near the head of the fish instead of young campaign volunteers?

    What if Manafort was sent by Deripaska whom he was indebted to? In Manaforts emails he said that Deripaska want daily briefings. What if the reports on the campaign that Deripaska wanted were not to go to Putin but to Hillary and the FBI? Deripaska, it became known this year, worked for Mueller to get back a CIA hostage taken by Iran during Obama’s first term. Deripaska was using $20 million of his own money. The operation was near success when Hillary pulled the plug, reportedly. In the current Manafort trial Deripaska is a Mueller friendly witness against Manafort. It’s a small world.

    • Frank
      Posted Aug 7, 2018 at 2:50 AM | Permalink | Reply

      Ron: Thanks for appreciating my prediction that the IC was likely informally monitoring, but not electronically surveilling, other “Russian sympathizers” before the election. I included Trump himself in this group. It is too bad you didn’t follow my rational: The IC was supposed to be informally monitoring influential people with connections to Russia. Such contacts therefore do not imply a conspiracy launched before July 31, 2016.

      I’m positive that any grand conspiracy to entrap Trump in an authorized investigation would have found a way to make that investigation public before the election.

      How do you know Manafort wasn’t offered an email dangle? By the Russkis or our IC? How do you know he didn’t take it? The IC’s interest in influential people close to Russia has been steadily growing since Crimea (and before) – it didn’t begin with candidate Trump’s surprising warmth toward Putin.

      Links between Russia and many right-wing nationalist parties have been growing for years. You may not like the term alt-right, but I think it helps distinguish Trump from Reagan and JFK. Their domestic policies may be similar, but their foreign policy is radically different. The latter strongly supported human rights, collective defense (NATO), and free trade to link nations together

  24. Jaap Titulaer
    Posted Aug 9, 2018 at 11:13 AM | Permalink | Reply

    There is so much wrong in this, the story doesn’t add up.

    [I]
    First, as I discussed earlier in this thread, there were two phishing campaigns: one (1) that ensnared the email password of John Podesta and the other one (2) that uses parts of infrastructure that has arguably been used before by Sofacy/Fancy Bear.

    Yet it was the group behind phishing campaign #1 that managed to get the credentials of John Podesta which were then used to download all his emails (+attached documents) in UNIX/internet email format.
    And that group was different from the group that performed phishing campaign #2 (at around the same time) because they are using different spoofing software. Yet it is group #2 (and only them) that uses infrastructure that had been used before by Sofacy/Fancy Bear. Which means that the link between them and the Podesta hack is unlikely.

    [II]
    Second the US IC and Mueller claim that the phishing campaign was all that was needed to break into the DNC network!
    That is not how that can work and that is not how this usually works. Another kind of email campaign is usually used in order to gain access into a network.

    How do the US IC and Mueller claim that access was gained to the DCCC & DNC network?

    For the US IC claims see: JAR_16-20296A_GRIZZLY STEPPE-2016-1229.pdf (id: JAR-16-20296A, dated 2016-12-29, title: GRIZZLY STEPPE – Russian Malicious Cyber Activity), please refer to page 3 especially the diagram.

    It describes the phishing campaign to gather email account credentials. So far so good.
    But then it claims that this was all that was needed to gain access to the DNC infrastructure. Remember it was claimed that malware was found there, inside the network.
    This claim in made perhaps less clear in the JAR than in the indictment (described below, but first the JAR).

    In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members.

    Also see the diagram, step #6.

    Now of course you could say that the access could merely be to the email boxes of the compromised accounts.
    If so then it is silent on how access was achieved to gain entry in to the actual computer networks of DCCC & DNC.

    In the indictment (https://www.justice.gov/file/1080281/download) it is described at #24:

    24. By in or around April 2016, within days of YERMAKOV’s searches regarding the DCCC, the Conspirators hacked into the DCCC computer network.
    Once they gained access, they installed and managed different types of malware to explore the DCCC network and steal data.

    a. On or about April 12, 2016, the Conspirators used the stolen credentials of a DCCC Employee (“DCCC Employee 1”) to access the DCCC network.
    DCCC Employee 1 had received a spearphishing email from the Conspirators on or about April 6, 2016, and entered her password after clicking on the link.

    This can only be described as MAGIC because they claim that THOSE credentials (and nothing else) was then used (JAR in step #6 in figure 2, indictment #24.a) to access the DNC internal network.
    And that is impossible.

    First, operating system (MS Windows) network credentials are not the same as email credentials. You could use the same password for both, but even John Podesta would not manage that, as OS passwords are typically changed monthly and follow strict rules, whereas the password for a private email is never or rarely changed and often too simple to be allowed in a secure network.

    But more importantly, you can’t remotely login to a (MS Windows or similar) network or a laptop with merely a user ID & password, even when you know the operating system user-id & password.
    You either need to trick a victim employee (of the victim organisation) in installing malware (A) on his or her laptop OR you need to have a laptop (B) of the victim organisation (DCCC/DNC) and probably a security token, like an building access pass with a chip on it.
    Neither of this is described. This is simply skipped as if by magic.

    Yet the indictment goes from 24.a to 24.b & further without skipping a beat. And clearly claims that the email account credentials were used to gain access to the network, in order to be able to install spy software (like X-Agent & X-Tunnel).

    Again as stated in 24.a:

    On or about April 12, 2016, the Conspirators used the stolen credentials of a DCCC Employee (“DCCC Employee 1”) to access the DCCC network.
    DCCC Employee 1 had received a spearphishing email from the Conspirators on or about April 6, 2016, and entered her password after clicking on the link.

    So this is the spear-phished email account credentials, and that ALONE is apparently enough to REMOTELY gain access in order to do further exploit the network as described in 24.b, c & d (etc). That is simply not how this works.

    As described in 24.b:

    Between in or around April 2016 and June 2016, the Conspirators installed multiple versions of their X-Agent malware on at least ten DCCC computers, …

    But how where they able to do that? Apparently by using the (impossible) access gained as described in 24.a.

    The standard approach by Sofacy is to send another type of email, and email with a link to an executable or script which installs a small & simple first stage malware agent which executes on the victim’s PC/laptop using the credentials of the currently logged in user (i.e. the victim) to install itself on the victim’s machine and then starts to download and install second stage malware such as X-Tunnel and X-Agent.

    And that is the missing link. All of the identified tiny URLs that were found were email account phishing URLs, none of them were URL’s that points to malware, none of the emails described had any such malware as attachment.

    Ergo: the critical 1st stage of entry into the networks of DCCC & DNC is still missing in action. And the description thereof in the indictment is suspiciously incomplete and as stated incorrect.

    • Climate Audit
      Posted Aug 11, 2018 at 9:52 AM | Permalink | Reply

      Jaap, fascinating analysis as always. I’ve tried to collect as much information as I could on precise syntax, as this seemed to offer an interesting tool for classification (like pottery styles in archaeology). I need to tidy my organization of this data and write it up as it may offer more clues to others.

  25. Frank
    Posted Aug 10, 2018 at 2:10 AM | Permalink | Reply

    Jaap: Are the missing details essential to proving the Russians are guilty? It’s my (poor) understanding that there are multiple lines of evidence. And it may be that the government could add sensitive missing details verbally if challenged by a defense witness in court.

    Jaap writes: “The standard approach by Sofacy is to send another type of email, and email with a link to an executable or script which installs a small & simple first stage malware agent which executes on the victim’s PC/laptop using the credentials of the currently logged in user (i.e. the victim) to install itself on the victim’s machine and then starts to download and install second stage malware such as X-Tunnel and X-Agent.”

    Doesn’t knowing the victims internal and external correspondents and routine attachments that are normally circulated make it easier to get someone to click on malware?

    • Paul Courtney
      Posted Aug 13, 2018 at 7:22 PM | Permalink | Reply

      Frank: Where would you get even a poor understanding of “lines of evidence” which are presently known only to Mueller’s team? Did you talk to one of them? Or did you read something and fail to consider that your source doesn’t actually have any inside information? No evidence has been made public, so what lines are you talking about?

      Jaap demonstrated that Mueller’s team has made a leap (essentially the same leap our host perceived and reported in this series, the same beat skipped by Crowdstrike) that strikes at the “Russia done it” meme you’ve apparently swallowed whole; and your comment is, “what about the other lines of evidence” (that you imagine Mueller has)? Your skepticism seems to go only one way. You’re “positive” the Russia-Trump investigation was not a conspiracy or it would have been leaked. Well, as late as Oct ’16 they didn’t have enough to get a FISA warrant legitimately (so they got one anyway),AND they ALL thought Trump had NO chance. Even with Pres. Hillary covering for them, they might have been very embarrassed after election if they had leaked such a specious “investigation”. Maybe so embarrassing, Hill feels the need to throw somebody under a bus to make story go away. No, who would worry about that.

      Frank, maybe could you show a bit of balance, analyze this- HRC campaign pays $ to law firm (and pays $ to DNC to pass to law firm) disclosed as “legel fees” that in fact is for oppo research from Fusion GPS. Fusion pays a brit for info from russians (are you worried now? The RUSSIANS Frank!). Put aside for the moment that one of Clinton favorite things is to accuse the opponent of doing exactly what Clinton is doing (she learned from Alinsky), please look into that and let us know what campaign finance laws she broke. I’m no fan of Trump, but I can smell a Clinton bag job- Trump Russia is a Clinton bag job all the way down.

  26. Jaap Titulaer
    Posted Aug 10, 2018 at 4:24 AM | Permalink | Reply

    Jaap: Are the missing details essential to proving the Russians are guilty?

    For any specific allegations: yes.

    In general: they were born, so of course they are guilty!

    On a more serious note: the details should add up. In case of [II] above we may perhaps come up with a reason (as I will discuss below), but as far as [I] above goes that is clear evidence that there were at least two distinct groups running a phishing campaign in early 2016, and the Sofacy/Fancy Bear group was not the same group that ensnared Podesta.
    That second group may still have been pro-Russian (like the Ukrainian Cyber Berkut people), but is clearly distinct (and not coordinated, which may explain a lot of the inconsistencies).

    And it may be that the government could add sensitive missing details verbally if challenged by a defense witness in court.

    Perhaps, but why? What can be so sensitive? To save someone from embarrassment perhaps?
    Let’s review the options.

    First a short background. Nowadays you can not simply do external access to a computer network and get in like the old days. The only attack surface exposed is now in the DMZ or on the outside of a firewall. That’s where external webservers reside. You may be able to hack into those webservers, but then you are still stuck outside. A hacker can hack into and say deface the webserver of an institution, but when a hacker does that he still is not inside the victims network.

    Out of the box (as you would get it from some IT company that has set up your network) one can’t simply break into a webserver and then progress into the internal network from there, unless someone changed stuff around enough for some reason. And made several mistakes along the way.

    Hence nowadays the standard route is via machines that have VPN certificates & credentials that allows you to login to the network, like laptops. You either get physical access to one, you get a copy of the (secret) VPN certificates or you manage to get a victim to install some malware on his or her laptop.
    That last one is the most popular approach and the standard one used by groups like Sofacy.

    Getting physical access to the laptop is usually not enough, you may also need a personal smartcard for 2FA (two factor authentication). But let’s say that the DCCC/DNC did not have smartcards. Then one of the options is that you manage to get credentials (and let’s assume they will work for the OS as well as the email) and that you also manage to steal a DNC laptop.
    I do not see how that is embarrassing to anyone and why that would not be mentioned in the indictment. So that is not a likely scenario.

    An embarrassing scenario would be if a high ranking DNC person also has VPN certificates installed on her/his non-DNC machine, like say the Congressional laptop of DWS (then head of DNC). Once that is done the people who have admin access to her Congressional machine (the Awan bro’s) can then use that machine to login to the DNC.
    Makes no sense for the Awan bro’s to be working together with some Russians, so I do not see how that helps the case against the Russians.
    But the chances that DWS’s laptop would also have access to DNC are pretty good, which means that the Awan bro’s could certainly get in. And they even knew the OS passwords of many of their clientele, so no need for any phishing campaign (which, by the way, would only get you the email PWD, not the one that you need, the OS PWD).
    In the ‘Russians did it case’ you are still assuming that DNC used gmail (which is certainly possible, even when the email address says @dnc.org) and that for some reason the MS Windows password stayed the same as the gmail password, which is not very likely as those credential systems are not (and can’t be) directly linked.
    In the Awan case there is no need for such assumptions. They have admin levels access to her machine and likely even know her DNC PWD.

    So really the standard attack route (getting a person to install malware on his/her laptop) is really what we would expect. And the only likely one.

    Doesn’t knowing the victims internal and external correspondents and routine attachments that are normally circulated make it easier to get someone to click on malware?

    Certainly. But what is so sensitive about simply completing the story and explain that this is what happened?
    I.e. someone got an email with a link to malware and clicked on it. Why is that part missing?
    I can think of no scenario where it would make sense to hide such facts, you do not need to tell all the gory details or name names, you just can tell how it is.

    • Jaap Titulaer
      Posted Aug 10, 2018 at 6:13 AM | Permalink | Reply

      I think the reason why this is missing in the indictment is simply because they have not found any evidence for emails with malware links. If they had they would have mentioned it in the indictment. Makes the story complete.
      If instead a DCCC or DNC laptop had been stolen and used then they would have said so in the indictment.
      But they didn’t.

      Simple reason likely is that they have no clear evidence (or perhaps not even a clue) how the hackers got from stolen email credentials to actually breaking into the DCCC & DNC networks.

      Yet that was what CrowdStrike had told them they had found, Sofacy hackers inside the DNC network. So it must have happened, right? Right? …

      • Posted Aug 10, 2018 at 8:04 AM | Permalink | Reply

        Jaap, we know that Cozy Bear (APT29) was in the DNC network from summer 2015 (according to Dutch IC) to May 2016 (according to CS). Also according to CS Fancy Bear (APT28) entered the DNC network independently in April 2016. IIRC specific IP address evidence was supplied by CS to back up these claims showing the traffic and dates. Isn’t possible that a DNC staffer clicked on a malware executable? I think I remember the DNC network people sending credentials in emails. Might that be part which was too embarrassing to mention in the indictment? Just being devil’s advocate.

        On the Awan brothers, the evidence is obvious that they had compromised DWS in some way in order to have her spread their network of associates to other Dem House members, turn a blind eye to their steeling of requisitioned goods, to keeping Awan on her payroll after his group was barred by police from their employment at congress. We still do not know what Awan had on DWS. But it has to be very big and unmentionable.

        • AntonyIndia
          Posted Aug 10, 2018 at 8:32 AM | Permalink

          Ron, also this US cyber breach involving the Democratic party ended in a plea deal plus non prosecution. The pattern: DOJ sees a blue flag and raises a white flag in response.
          https://www.zerohedge.com/news/2018-07-03/imran-awan-gets-sweetheart-plea-deal-doj-wont-prosecute-alleged-spy-ring

        • Posted Aug 10, 2018 at 12:56 PM | Permalink

          Wow, they gave Awan immunity from all past (non-violent) crimes. I wonder if they also bought him an airline ticket for his troubles. No corruption here. Move along.

        • Jaap Titulaer
          Posted Aug 10, 2018 at 1:28 PM | Permalink

          we know that Cozy Bear (APT29) was in the DNC network from summer 2015 (according to Dutch IC)

          Yep we know and it is irrelevant for this, as they are not Sofacy. Well DNC may be asked why they didn’t take any action in Jan 2016, or whether CS was correct that they only remove that as late as June 2016. But otherwise irrelevant for this indictment which is about Sofacy/Fancy Bear/APT28.

          Isn’t possible that a DNC staffer clicked on a malware executable?

          Yes certainly. But again that is not what they say in the indictment.
          There they say & imply that the email password (& user id = email address) was used to enter the DCCC network.
          No mention of any malware. No mention that an email password for a gmail based email-service is different from the OS password.

          But even more painful: the Sofacy hackers DO NOT NEED to know your password once you click on a malware link.
          As I said above: it is executed using the credentials of the currently logged in user , who at that moment clicks and executes the malware.

          Let’s face it, the victim is probably some random user. Unlikely to be an admin. So you either can’t install anything or are severely limited. And you certainly have no special rights.

          And even when you are an admin, the account that has an email account will not be the same account that has admin rights on any of the servers. The person who is admin typically has the same rights as normal users on their normal accounts (the accounts with email), and no email access on their admin accounts, exactly to prevent any such abuse, after all admins are just human beings and may be fooled.

          So the malware operates under the assumption that you do have execute rights, but little more. And then they exploit some bugs and weaknesses of the OS in order to do what they want to do. One of which is privilege escalation without actually having a privileged account (admin account). Or the get some process to execute something using the account of that process (which may have more rights).

          And they typically do not use passwords at any time, but use the encrypted hashes of such passwords which may be stored on the OS (many processes accept that hash instead of UID/PWD, this trick is called ‘pass the hash’ and a favorite of hackers such as Sofacy).

          But whatever they do, I’m not aware of any exploit using malware that actually has any use for the (plain text, actual) password of any users email account (or even the more relevant PWD for that users OS account).

          I think I remember the DNC network people sending credentials in emails.

          Yeah they did that at least once, that seems a PWD for contributors for one of the websites. Silly, but unrelated.

        • Climate Audit
          Posted Aug 11, 2018 at 10:20 AM | Permalink

          Jaap, I too have been puzzled by the gap between capturing email credentials and “traditional” APT28 installation of malware via a poisoned attachment to an email. I thought that the Indictment provided an important potential detail, one which I didn’t notice in your excellent commentary. Paragraph 21 contains the following:

          In the spearphishing emails, LUKASHEV and his co-conspirators embedded a link purporting to direct the recipient to a document titled “Hillary-clinton-favorable-rating.xlsx.” In fact, this link directed the recipients’ computers to a GRU-created website

          When I read the first part of this sentence, this seemed to describe a “classic” APT28 technique for delivering malware, but the second part (going to a spoof website) seems to totally waste the opportunity, reverting back to nothing more than credential phishing. Do you think that it is possible that the Indictment mis-described what happened i.e. that APT28 malware was installed ?

          I’m 99.99% convinced that Indictment was incorrect on the exact dates of exfiltration of DNC hack emails. I have long been persuaded by steemwh1sks conclusion that they were exfiltrated between May 19 and May 25, based on combined information of 30-day retention policy, last date of May 25, dates of emails between Apr 19 and May 25. Yet Mueller stated exfiltration occurred between May 25 and June 1. I think that they must have goofed on this somehow, giving some support to the idea that they might also have goofed on function of xlsx attachment to Apr 6 email.

        • Posted Aug 10, 2018 at 6:52 PM | Permalink

          Jaap, let’s take an inventory of what we have.

          1) You pointed out in July the fingerprint of the Podesta and Rinehart attack were distinctly separate from the other main attack at the time which could be linked to earlier Fancy Bear’s attacks.

          2) Rinehart emails were given to DCLeaks and Podesta to Wikileaks, which connects that hacker or group to both publishings.

          3) Guccifer 2.0 has Podesta email attachment documents and at least one DNC document, linking G2 to both Wikileaks. Also, G2 was the first to display certainty of knowledge that the Assange June 12 announcement pertained to DNC emails and not Hillary private server documents, as the media universally mis-reported.

          4) G2’s only effect was to discredit the leaks as being the work of evil Russian hacker (claiming to be Romanian) with no relate-able qualities any person could attach sympathy for.

          5) HRC had access to all the same emails and documents that were hacked and given to WL. The only problem for HRC would be discovering which documents were in WL possession. G2 showed knowledge of a DNC leak/hack and also the Podesta hack through the display of the Podesta attachments.

          6) We know that as early as April 2016 HRC was employing Fusion GPS, who hired Steele. We also know this week that Steele was working for the FBI as early as the beginning of Feb. 2016. And, Steele continued to work with the McCabe, Strzok group through Bruce Ohr, and Fusion GPS employed wife, back doors months after Steele was fired by the FBI.

        • Posted Aug 10, 2018 at 7:28 PM | Permalink

          7) Everyone (the Dutch IC, FBI, Obama, Clinton, Alperovitch) presumably already knew since the fall of 2015 that Cozy Bear was sitting in the DNC network. And they had Russians on video doing the hack, and incredible stroke of luck and extreme rarity. This evidence may have been too valuable to waste. Although classified, the evidence could presented throughout the US IC to galvanize a consensus of the Russian meddling. The FBI may have been slow to warn the DNC because they were given a general stand down order from the White House on countering any Russian hacks of the campaign.

          8) The stand down order did not mean that the White House would not be using very closely held assets in attempts to gain more knowledge about hack attempts. Perhaps they were attempting to “shoulder surf.”

          9) One logical intelligence asset with Russian knowledge they might call upon besides Christopher Steele would be “friendly” oligarch Oleg Deripaska, who had a relationship with Clinton and Mueller we know of. See rescue attempt of CIA agent in Iran. On Feb. 13, 2018, a story broke in here that Steele had the same US lobbyist contact as Oleg Deripaska prompting Senator Tom Cotton to ask FBI director Wray that day, “Do you know if Christopher Steele worked for Oleg Deripaska?” during a Senate Select Committee on Intelligence hearing. Wray hesitated and said he could talk about perhaps “in a classified setting.”

          10) We learn yesterday here that Steele, Ohr and Deripaska were working together in January 2016. What could they have been working on?

          11) Deripaska was the same oligarch that the Dems alleged sent Manafort into the Trump campaign as a conduit to Putin. Recall the Manafort email promising to give Deripaska personal reports on the campaign to bring them “whole.” That angle seems to have been dropped by Mueller at the now ended Manafort trial.

        • Posted Aug 11, 2018 at 11:30 AM | Permalink

          Deripaska wrote a drain-the-swamp libertarian op-ed for the Daily Caller in March, a month after his name came up regarding connection to Steele. In the op-ed he takes clear aim at the Obama deep state, accusing them of the “Wag the Dog” tactic in the Russia-Russia to distract from their own corruption.

          So why is Steele writing Ohr in Jan 2016 about helping Deripaska with a US visa? Apparently, Deripaska, Steele, and Julian Assange share the same US lobbyist lawyer, Adam Waldman. Reporter John Solomon of The Hill noted Waldman has a Forest Gump knack for showing up in all sorts of places in the Trump-Russia story. To be fair, Waldman is a big shot whose clients include Johnny Depp and Angelina Jolie.

          Waldman disclosed that Deripaska has paid him $40K per month since 2009. Apparently, Deripaska has been using the connected US lobbyist in order to attempt to get US travel restrictions removed. His ban started in 1998 due to alleged links to organized crime. Before Waldman, Deripaska’s lobbyist was Paul Manafort and his business partner Rick Davis, who was John McCain’s presidential campaign manager in 2008. Before that it was former Senate Majority Leader and presidential candidate Bob Dole and his aid Bruce Jackson. Manafort and Davis had worked in Bob Dole’s 1996 presidential campaign.

          Apparently anti-Putin McCain was clueless that his top staff had just completed a reversal of the 2004 Ukrainian Orange Revolution, handing Ukraine back to Putin control while also teaming with Putin and Deripaska to facilitate a Russian sought Montenegro independence.

          Ironically, Trump and McCain hate each other despite both hiring the identical international prostitutes to run their presidential campaigns. They both could read more here… https://www.thenation.com/article/mccains-kremlin-ties/

          BTW, I misstated the Manafort trial had ended. It’ll be interesting to see if Deripaska testifies.

        • Jaap Titulaer
          Posted Aug 11, 2018 at 7:27 PM | Permalink

          @Steve: yeah paragraph 21.d sounds more like it.

          [21] d. On or about April 6, 2016, the Conspirators created an email account in the name (with a one-letter deviation from the actual spelling) of a known member of the Clinton Campaign. The Conspirators then used that account to send spearphishing emails to the work accounts of more than thirty different Clinton Campaign employees. In the spearphishing emails, LUKASHEV and his co-conspirators embedded a link purporting to direct the recipient to a document titled “hillary-clinton-favorable-rating.xlsx.” In fact, this link directed the recipients’ computers to a GRU-created website.

          Now they do not continue the story here. But perhaps there was something there? Instead of an excel-sheet (XLSX, so no macro’s) they get, say, a java script? That could be a 0/1st stage.
          Odd that they stop the story there (para 22 is about more credentials phishing attempts. para 23 is about scouting the DCCC & DNC network from outside for weak spots).

          Instead we get this weird para 24.a as quoted above (“On or about April 12, 2016, the Conspirators used the stolen credentials of a DCCC Employee (“DCCC Employee 1”) to access the DCCC network.”). Which simply makes no sense.

          An attack like they start to describe in para 21 should be as follows: you get an email with a link (not attachment) and when you click on it will start a script. That script runs inside your web-client on your PC and works like a 0-stage malware.
          It checks the PC and based on what it detects it will attempt to go to next stage, which is to download & run a next stage malware, typically a tiny down loader (like Seduploader, Sofacy/Sourface) for the main malware (stage 2 like X-Agent & X-Tunnel).

          para 25 is about remote control servers, para 26 is about the entry into DNC from DCCC network (which is possible when they are in fact one network with two (or more) domains: DCCC and DNC).

          And yes their dates are off. Or weirdly vague.

          32. Despite the Conspirators’ efforts to hide their activity, beginning in or around May 2016, both the DCCC and DNC became aware that they had been hacked and hired a security company (“Company 1”) to identify the extent of the intrusions.
          By in or around June 2016, Company 1 took steps to exclude intruders from the networks.

          Yet as far as we know CS was hired in April (not May) and first main activity within DNC was on Friday evening May 5th 2016 (not some time in June, even when they did extra clearance in June).

          And more stuff in the indictment is a bit off in similar ways. Perhaps a bit of a rush job?

          And it seems that they lump everything together, try to mix stuff that may not mix.
          And they may include stuff done by other people (and they do not tell us why they believe why much of that other stuff is also done by the same group, which would make sense to do.
          See 33: 33a and 33c are about covering their tracks inside DCCC, but 33.b. has got nothing to do with that but with a separate issue (the website actblues.com)
          Similar is 34, seems some other unrelated hacking activity, can very easily be some other group.

          More weird stuff:

          41. On or about June 15, 2016, the Conspirators logged into a Moscow-based server used and managed by Unit 74455 and, between 4:19 PM and 4:56 PM Moscow Standard Time, searched for certain words and phrases, including:

          Seems quite specific, yes? And also makes little sense to me.
          When I do a search I search on someone else’s server, say one of Google. I log into my PC (not my own server) and then connect via internet to a public Google server.
          Yet apparently in Russia they log into their own server which sits in some building in Moscow (apparently their own building) and well there it ends. They do ‘searches’ on that server and I wonder why because in that way you will not find much.

          And why do they do these searches?

          42. Later that day, at 7:02 PM Moscow Standard Time, the online persona Guccifer 2.0 published its first post on a blog site created through WordPress. Titled “DNC’s servers hacked by a lone hacker,” the post used numerous English words and phrases that the Conspirators had searched for earlier that day (bolded below):

          Right …. so you do ‘searches’ on your own server for words (for some reason). And apparently the reason you do this is because you use those exact same words later in some piece that you are writing.
          ??? Does that even make sense ???

          And so on and so forth.

        • Climate Audit
          Posted Aug 13, 2018 at 9:34 AM | Permalink

          Jaap, just to confirm that I’ve understood you correctly. You observe that a standard APT attack style is initiation from a link:

          An attack like they start to describe in para 21 should be as follows: you get an email with a link (not attachment) and when you click on it will start a script. That script runs inside your web-client on your PC and works like a 0-stage malware.

          You also explained that login credentials are irrelevant to such an attack and question narrative about step in which employee network credentials are supposedly capture. In such an attack, is there any need to even construct a spoofed webpage; couldn’t they write a script which attacks in background while transferring to a real page? Or am I misunderstanding?

        • Climate Audit
          Posted Aug 13, 2018 at 9:38 AM | Permalink

          And yes their dates are off. Or weirdly vague.

          32. Despite the Conspirators’ efforts to hide their activity, beginning in or around May 2016, both the DCCC and DNC became aware that they had been hacked and hired a security company (“Company 1”) to identify the extent of the intrusions.
          By in or around June 2016, Company 1 took steps to exclude intruders from the networks.

          Yet as far as we know CS was hired in April (not May) and first main activity within DNC was on Friday evening May 5th 2016 (not some time in June, even when they did extra clearance in June).

          My interpretation of the “error” in Mueller’s timeline is that they intentionally were vague/misleading on timeline in way that would avoid drawing attention to the fact that DNC emails were sent and later exfiltrated AFTER Crowdstrike installed supposed protection. Shawn Henry of Crowdstrike was ex-FBI and a pal of Mueller’s. I suspect that Mueller did a solid for his pal.

        • Climate Audit
          Posted Aug 13, 2018 at 9:43 AM | Permalink

          More weird stuff:

          41. On or about June 15, 2016, the Conspirators logged into a Moscow-based server used and managed by Unit 74455 and, between 4:19 PM and 4:56 PM Moscow Standard Time, searched for certain words and phrases, including:

          Seems quite specific, yes? And also makes little sense to me.

          I’m very interested in your interpretation of this episode. In my (careful) reading of the Indictment, these searches appeared to be the most distinctive new information and the major new information showing a link outside the G2-DCLeaks bubble. (There’s interesting information in Indictment about links within G2-DCLeaks bubble, but there were already strong links between G2 and DCLeaks and so these were not a surprise and didn’t clarify much.)

        • Jaap Titulaer
          Posted Aug 11, 2018 at 8:09 PM | Permalink

          Sorry I goofed up the ending marker on that last blockquote.

          But anyway that last bit is of course about them trying to implicate The Conspirators in the Guccifer 2 sting.

          And I like your previous comment ‘like pottery styles in archaeology’, yeah it’s a bit like that.
          Another variant of that is trying to decipher a badly translated text. Trying to decipher what the original actually said.

          That is typically done in multiple steps. First based on the meager information you try to correct the text, and in a second step you attempt to correct the interpretation.

          So #41 is probably about the fact that G2 was (somehow) detected to use a Moscow based VPN-server. So what they meant to say is that G2 logged onto his PC (somewhere), then connected (or logged on) to a VPN service hosted on a server in Moscow and via that link connected to the internet and then started searching like normal people do, i.e. using a search service like Google.
          OK so far so good.

          Still does not explain why they would search for words that they would later use in a document. I mean they simply used the exact same term that they searched for. Not an explanation of that term or context thereof or something. So they searched for ‘illuminati’ and then later used that term in the document. So why ‘search’ for it?

          Perhaps they did not mean search but ‘translation’, that is a reasonable guess because one of the terms listed is given as:

          широко известный перевод
          [widely known translation]

          Aha! Seems like they used a translation service?
          That still does not resolve all of the terms ‘searched’ for. I.e. the translation of ‘dcleaks’ is ‘dcleaks’ …

          Which brings us to the second step, interpretation.
          First observe that the odd wording of #41 makes it difficult to follow.
          Perhaps it would be easier to say (#41) that G2 used a VPN service in Moscow and then used Google Translate to translate some terms from Russian into English. And then they later (#42) used these same English terms in a document that was later published by G2 (in the US).
          Implying that the original writer is actually a Russian.

          But why attempt to translate or ‘search’ for DCleaks?
          And in case you are really a Russian with poor skills in English, then you would probably need to using a translation service not just for a few terms, but certainly for the whole text, simply because the grammar is so difficult.
          And you can use a VPN service located in Moscow from anywhere in the world, even from the US. But why would you specifically want to use one located in Moscow? Assuming that you really are a Russian spy?

          Alternative:
          You can also use Google Translate to translate some terms from English into Russian. Then you start up (another) VPN session and connect to some (Russian?) VPN service, you select the country you want to appear to be in and select Russia. You get connected via a VPN server in Moscow and get a Moscow IP address.
          Then you go to Google Translate and put in your Russian terms. Which is handy as you now have left a trace for a bunch of words that you have used in a document that you are about to publish.

          Sounds like a reasonable alternative explanation to me.

        • Climate Audit
          Posted Aug 13, 2018 at 10:33 AM | Permalink

          fascinating idea. I’ve done tweet thread on it. BTW, in this context, @jeffreycarr ‘s acute analysis of spearphish use of yandex[.com email address bears re-reading. He not only pointed out possibility of false flag, but surmised that user didn’t even speak Russian: see https://medium.com/@jeffreyscarr/the-yandex-domain-problem-2076089e330b

        • Jaap Titulaer
          Posted Aug 11, 2018 at 8:52 PM | Permalink

          I’m 99.99% convinced that Indictment was incorrect on the exact dates of exfiltration of DNC hack emails. I have long been persuaded by steemwh1sks conclusion that they were exfiltrated between May 19 and May 25, based on combined information of 30-day retention policy, last date of May 25, dates of emails between Apr 19 and May 25. Yet Mueller stated exfiltration occurred between May 25 and June 1. I think that they must have goofed on this somehow, giving some support to the idea that they might also have goofed on function of xlsx attachment to Apr 6 email.

          Indeed. When downloaded in one time, then this happened shortly after the last dated email in the archive, so on the 25th of May. If that was later in the evening then perhaps as late as May 26th. But that’s about it.
          And when there were multiple download times, the others would be before the 25th (and from the email archive, probably no earlier than May 19th, although there seem to be a few older email, the bulk is from 19 Apr-25 May). But of course to get the May 25th emails one needs at least a final download on that day (or very shortly thereafter).

          And please note that as far as I know all stuff that WikiLeaks published ALL were emails (+ their attachments). I know of no documents other than those which were attached to those emails.
          Also all these emails where in Internet standard (UNIX standard/open standard) text format. That is compatible with the format you would get with several tools that can do a direct mass download from SMTP email services such as GMail, or PC email clients that use this open standard format to store email as files (such as Thunderbird).
          That in turn means that these emails are not very likely to have been taken from a PC with MS Outlook, nor from a server with MS Exchange, as both use a different format to store emails in (more like one big database). Perhaps one can make a script to talk to Exchange and ask it to send you the mails in individuals files using the open standard format, but IDK.

          As far as I can tell, all what was needed for the material that WikiLeaks leaked was simple temporary access to the internet accessible email boxes of the victms of the (various) credentials phishing campaign(s). No need to even hack in to any DNC or DCCC server.

        • Climate Audit
          Posted Aug 13, 2018 at 10:53 AM | Permalink

          Another great point. When I read Indictment, I had very strong impression that Mueller arm-waved through critical hack of DNC emails, merely saying the following. (In paragraphs on earlier phases of the hack, he at least provided some details, but not for this step.)

          29. Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees. During that time, YERMAKOV researched PowerShell commands related to accessing and managing the Microsoft Exchange Server.

          You make a fascinating point that it’s straightforward to proceed from temporary access to victim email boxes to the Wikileaks content, but not to proceed from access to very large MSExchange database to the specific Wikileaks content:

          Also all these emails where in Internet standard (UNIX standard/open standard) text format. That is compatible with the format you would get with several tools that can do a direct mass download from SMTP email services such as GMail, or PC email clients that use this open standard format to store email as files (such as Thunderbird).
          That in turn means that these emails are not very likely to have been taken from a PC with MS Outlook, nor from a server with MS Exchange, as both use a different format to store emails in (more like one big database). Perhaps one can make a script to talk to Exchange and ask it to send you the mails in individuals files using the open standard format, but IDK.

          As far as I can tell, all what was needed for the material that WikiLeaks leaked was simple temporary access to the internet accessible email boxes of the victms of the (various) credentials phishing campaign(s). No need to even hack in to any DNC or DCCC server.

          It would be interesting to see any technical opposition to your view. Your technical point very much sharpens a more naive concern that I and others have had: why did the DNC hack select nine relatively obscure Finance official, rather than bigger fish like DWS? Who was in system and not published? steemwh1sks observed long ago that emails addresses of 7 of 9 officials were available in May 2016 on dark web. (I can’t confirm past steemwh1sks saying so.)

        • Climate Audit
          Posted Aug 13, 2018 at 1:47 PM | Permalink

          Jaap, earlier in the year, you observed (https://climateaudit.org/2018/03/21/dnc-hack-due-to-gmail-phishing/#comment-780441) that dnc.org emails were on “email solution hosted by Google on the gmail infrastructure.” from which you observed:

          This means that the only way to get DNC.org emails are leaks or via email phishing (like was done to Podesta).
          Breaking into the DNC servers (hosted by MIS or usually by Amazon) will not get you there (as the email servers are somewhere else entirely).

          Mueller Indictment claimed that DNC hack occurred through access to “Microsoft Exchange Server”.

          Can you elucidate whether this assertion in Indictment forces any revision of earlier thoughts? Or do the facts in your earlier comment cast doubt on Mueller paragraph?

        • Posted Aug 12, 2018 at 10:31 AM | Permalink

          Jaap, your analysis is excellent but can we conclude anything other than the cyber expertise is lacking in this indictment? How did any of the indictment details purport to prove that it was a Putin ordered Russian attack, let alone a specific GRU hacker?

          As a person on the grand jury I knew the Russian SVR was caught red-handed in the DNC server in 2015 and they were not expelled until May 2016. I also know that Russia had a Facebook and troll campaign to meddle in the election. I know DNC and Hillary For America’s emails ended up on WL. And then there’s G2’s Russian whiskers. It seems no stretch to assign Russian guilt. The best mitigating evidence would be to have positive proof of incursion by a non-Putin controlled group, but that seems to be a tall order. Our country appreciates your investigation. 🙂

          If Steele or the FBI were approaching Deripaska in January 2016 perhaps it was to ask if Putin had hacked HRC emails. Perhaps Steele was reprimanded in Feb 2, 2016, for disclosing the SVR attack to Deripaska. If that knowledge got out it would become open season to hack the DNC and HRC knowing that the blame had already been pre-assigned.

        • Frank
          Posted Aug 12, 2018 at 2:59 PM | Permalink

          Maybe the Republicans should be looking into this Awan scandal, instead of demanding immediate release of “all” of the documents from Mueller’s investigation – which is still underway. And complaining about the email investigation that failed to produce a “smoking gun” that could take down HRC. Unfortunately, Trump’s lawyers want to know everything Mueller knows before letting the President be interviewed. Mueller wants to keep some information secret to test the credibility of the president’s answers, especially in areas where they have no reliable information from other sources. And they want to protect the identity of sources of information about westerners collaborating with Russia, like Steven Halper.

        • Posted Aug 12, 2018 at 3:56 PM | Permalink

          “Mueller wants to keep some information secret to test the credibility of the president’s answers…”

          Yes. The only problem is that if Mueller can’t present any fruit of two years of investigation toward Russian collusion that gives Trump a clean bill and provides no basis for which he should be questioned. If Mueller simply wants to ask why he fired Comey and charge either perjury or obstruction for whatever the answer is that is not going to fly now.

          Everyone would like to be able to slap a lie detector on their rival with the threat of grave consequences for evasion. If we applaud violations of the Constitution because we share in the disdain of the victim our pleasure will not be long-lived.

          Declassifying the documents of the deep state investigation of candidate Trump would have little bearing on the Mueller’s questions. If they had anything showing collusion it would already be out. The main effect would be to de-legitimize Mueller and possibly open the way for his and Rosenstein’s firing, and in his worst nightmare open a special council to investigate the actual truth of what happened. Awan likely will not be heard from again. It would be nice to see the police body cam footage of Seth Rich’s last words about his killers, or at least find out if that was destroyed.

        • Jaap Titulaer
          Posted Aug 13, 2018 at 12:11 PM | Permalink

          You also explained that login credentials are irrelevant to such an attack and question narrative about step in which employee network credentials are supposedly capture. In such an attack, is there any need to even construct a spoofed webpage; couldn’t they write a script which attacks in background while transferring to a real page? Or am I misunderstanding?

          Correct.
          The URL (link) is directly to a script on a server somewhere. That server would probably be setup as HTTP or HTTPS web-server so that whatever the link points to is transferred to client when the link is clicked. Action thereafter depends on client settings & security.
          It can be better to hide a malicious JavaScript inside a normal looking web-page, so it can also be an actual (visible) web page which when loaded will attempt to execute the included/linked malicious JavaScript.

          And no, no credentials are necessary. It is the credentials of the currently logged in person behind the client PC (who clicks on the link) that is used.

        • Climate Audit
          Posted Aug 13, 2018 at 12:51 PM | Permalink

          Without necessarily understanding it very deeply, it has long appeared to me that one needed to prove, rather than assume, the identity of (let’s call it ) the X-Agent hacking group (who skilfully use zero day exploits to install malware to burrow deep into a network) and any specific gmail-credential phishing hacking group. (Here I used “X-Agent hacking group” to limit the term to the technical style without reifying identification – borrowing a method of terminology from pottery style analysis of archaeologists.) If, as you’ve explained, gmail credential theft is irrelevant to the requirements of the X-Agent hacking group, that would seem to count against identifying the two operations with the same hacking group – as you’ve speculated (for this and other reasons).

          One of the scenarios that occurred to me early on was that APT28 was indeed embedded in DNC servers, but, in accordance with its longstanding practice, didn’t do anything other than observe. The various anomalies that you’ve raised seem to make this possibility more likely, rather than less likely.

        • Jaap Titulaer
          Posted Aug 13, 2018 at 7:25 PM | Permalink

          Jaap, earlier in the year, you observed (https://climateaudit.org/2018/03/21/dnc-hack-due-to-gmail-phishing/#comment-780441) that dnc.org emails were on “email solution hosted by Google on the gmail infrastructure.” from which you observed:

          This means that the only way to get DNC.org emails are leaks or via email phishing (like was done to Podesta).
          Breaking into the DNC servers (hosted by MIS or usually by Amazon) will not get you there (as the email servers are somewhere else entirely).

          Mueller Indictment claimed that DNC hack occurred through access to “Microsoft Exchange Server”.

          Can you elucidate whether this assertion in Indictment forces any revision of earlier thoughts? Or do the facts in your earlier comment cast doubt on Mueller paragraph?

          Hmm yeah that is odd. The gmail based business solution claim (for DNC.org) was fairly common, but I do not know what the primary source for that was.

          Using MS Exchange yet also having a web-based changed password page does not really make much sense UNLESS you simply make additional email-only accounts. In which case you end up with the same situation as with external email solution: email account is not the same as your MS Windows account.

          You see with Microsoft Exchange one usually would use MS Windows credentials. But you can also create separate email-only accounts for use with MS Exchange. That extra email-only account is often used when you use the web-version of Outlook to access the emails (OWA / Outlook Web Access).
          That (OWA) can have the change password feature enabled, but if the account is linked to AD (Active Directory) that is a bit odd.
          As that would then change your MS Windows password.
          But AFAIK OWA & Exchange do support that AND synchronizing that change with AD (Active Directory), where the Windows accounts are stored.

          I know OWA use only in one of two flavors: With Change Password (via OWA) disabled + using the MS Windows account details (managed by AD) OR With Change Password enabled + using an extra email only account (managed by Exchange). Another mix would be rather dangerous & a bit odd …
          When you need to change your windows password you would use the regular way, not some web-form. You are on the machine where you do that, no need for some silly internet web-page. So I would advise against it. And why would you?

          I guess that they could have enabled OWA on a web-server linked to MS Exchange, then enabled the Change Password feature for OWA AND activated the AD sync AND in that way enabled people to change their primary Windows password via the Internet. Yikes! & LMAO.

          The phishing is normally for web-based credentials (non OS credentials). If they (DNC) really used MS Exchange then the phishing is more likely not for their DNC (OS) accounts, but for other accounts like private gmail accounts. Or perhaps some secondary gmail-based business solution. Like maybe they had DNC email accounts on MS Exchange and DCCC accounts or HRC campaign accounts on a gmail-based solution?

          But the idea that they would have allowed people to change their MS Windows accounts via Outlook Web Access, i.e. via the Internet, seems rather far fetched to me. But never say never 🙂

        • Climate Audit
          Posted Aug 14, 2018 at 8:01 AM | Permalink

          Jaap, you say “I do not know what the primary source for that was”. In your earlier comment, you had looked up metadata and gave following interesting info. Does this refresh any recollection?

          When we check mail.dnc.org via WhoIs it seems that this is hosted by Google. It is not really the same as gmail, but more a company specific email solution hosted by Google on the gmail infrastructure.
          Direct IP is 172.217.10.147 but other lookups resolve to 216.58.209.243. Both are at Google.

          WhoIs lookup using ultratools.com for mail.dnc.org:

          Source: whois.arin.net
          IP Address: 172.217.10.147
          Name: GOOGLE
          Handle: NET-172-217-0-0-1
          Registration Date: 4/16/12
          Range: 172.217.0.0-172.217.255.255
          Org: Google LLC
          Org Handle: GOGL
          Address: 1600 Amphitheatre Parkway
          City: Mountain View
          State/Province: CA
          Postal Code: 94043
          Country: United States

          WhoIs lookup using whois.com.au for mail.dnc.org:

          NetRange: 216.58.192.0 – 216.58.223.255
          CIDR: 216.58.192.0/19
          NetName: GOOGLE
          NetHandle: NET-216-58-192-0-1
          Parent: NET216 (NET-216-0-0-0-0)
          NetType: Direct Allocation
          OriginAS: AS15169
          Organization: Google LLC (GOGL)
          RegDate: 2012-01-27
          Updated: 2012-01-27

          Port 80 (Web) according to https://www.threatcrowd.org/domain.php?domain=mail.dnc.org has mail.google.com/a/dnc.org, so similar to gmail (but not the same). Normal Gmail accounts are hosted at mail.google.com/gmail.

          HTTP/1.1 302 Found Location: https://mail.google.com/a/dnc.org Date: Wed, 21 Mar 2018 20:22:49 GMT Content-Type: text/html; charset UTF-8 Server: ghs Content-Length: 230X-XSS-Protection: 1; modeblockX-Frame-Options: SAMEORIGIN

          This means that the only way to get DNC.org emails are leaks or via email phishing (like was done to Podesta).
          Breaking into the DNC servers (hosted by MIS or usually by Amazon) will not get you there (as the email servers are somewhere else entirely).

        • Climate Audit
          Posted Aug 14, 2018 at 10:45 AM | Permalink

          Jaap, I noticed a reference to MSEXCH:MSExchangeIS in a Wikileaks DNC email (https://wikileaks.org/dnc-emails/emailid/13859). Does this indicate anything additional to you?

          You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

          dncrrmain@dnc.org
          You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

          Diagnostic information for administrators:

          Generating server:

          /O=DNC EXCHANGE/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=DNCPress
          #MSEXCH:MSExchangeIS:/DC=org/DC=dnc:DNCDAG1[578:0x000004DC:0x0000001D] #EX#

          dncrrmain@dnc.org
          #MSEXCH:MSExchangeIS:/DC=org/DC=dnc:DNCDAG1[578:0x000004DC:0x0000001D] #SMTP#

        • Jaap Titulaer
          Posted Aug 13, 2018 at 8:13 PM | Permalink

          And it is indeed possible.

          Change Password Feature in Outlook Web App
          By default, the domain password that’s used by the user to access a Windows-based network is the same as the password that’s used to access Outlook Web App. A user can change their domain password using a Web browser by using the Change Password feature within Outlook Web App.

          Outlook Web App provides the functionality to change passwords that haven’t expired yet. However, if a password has already expired or is required to be changed at the first sign-in, the password can’t be changed via Outlook Web App unless you make a configuration change on the Client Access server to enable changing expired passwords.

          https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/bb684904(v=exchg.141)

          Now all you need is people who actually do that.
          And while you are at it, just give admins a single account with email plus OWA. And no security training 🙂

        • Climate Audit
          Posted Aug 14, 2018 at 10:33 AM | Permalink

          Revisiting discussion specific to DNC email hack. Wikileaks stated that leaks came from seven email accounts (shown below). My own examination of details indicates that more accounts were involved, but perhaps bcc’s explain difference. In any event, the emails are concentrated within Finance department + Miranda (who was installed by Hillary campaign as part of Hillary coup on DNC finances).

          The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10520 emails), National Finance Director Jordon Kaplan (3799 emails), Finance Chief of Staff Scott Comer (3095 emails), Finanace Director of Data & Strategic Initiatives Daniel Parrish (1742 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails).

          There are numerous emails in the WL DNC archive between the help desk (help[@dnc.org) and finance officials. Help desk was located at MISDepartment (which was bullied out of contract by Crowdstrike). In one email, Scott Comer asked help desk for password for departed employee from MISDepartment (https://wikileaks.org/dnc-emails/emailid/7354)

          From:ComerS@dnc.org
          To: help@dnc.org
          Date: 2016-05-13 11:44
          Subject: Former Employee’s Emails

          Hi Help Desk,

          Some of our donors are still emailing Julia Fahl, even though she departed a few weeks ago. Is there a way for me to have access to her email account so I can see which loose ends need to be tied up?

          Thanks,

          Scott Comer
          Finance Chief of Staff | LGBT Finance Director

          A logical implication is that a hack of MISDepartment would be extremely efficient method to obtain dnc.org email passwords of Comer and other hacked officials. Alternatively, as discussed a while back, a disgruntled MISDepartment employee would be able to easily extract emails. Other than smoking gun evidence to the contrary (and I wonder whether Mueller really has it in respect to DNC hack), the MISDepartment situation seems very fertile.

    • Frank
      Posted Aug 13, 2018 at 11:42 PM | Permalink | Reply

      Ron wrote: “The only problem is that if Mueller can’t present any fruit of two years of investigation toward Russian collusion that gives Trump a clean bill and provides no basis for which he should be questioned.”

      Let me re-write your statement. “The only problem is that Comey can’t present any fruit from one year of investigation that provides any basis for which HRC should be questioned.” As you remember, several months earlier Comey had given up hope of finding a “smoking gun” email or witness proving that HRC KNOWINGLY and INTENTIONALLY ignored rules for handling classified information (that was not yet marked classified). Nevertheless she was asked to appear for questioning solely on the hope that she might admit wrongdoing (by admitting knowing that an email from her server was classified) or by committing perjury.

      Why is Trump any different?

      Whether or not Mueller’s investigation has produced a potential case against Trump, there are potential cases about Flynn, Page, Papadopoulos, his son, his son-in-law, Manafort, and others who met with Russians or informants pretending to be connected to Russia. You are assuming Trump will deny hearing anything about these meetings. Investigators don’t make assumptions, they collect evidence. If Trump wants to lie to protect these people, he must risk his presidency. Like all Americans, he can always refuse to answer on the grounds it may incriminate him, but admitting that answering could be incriminating also risks his presidency.

      Then there is the possible obstruction charge.

      • Ed Snack
        Posted Aug 14, 2018 at 4:02 AM | Permalink | Reply

        Frank, you have a problem. Knowingly and intentionally is NOT required for an offence to be committed. Comey made that up. But having classified information on her rivals server, Clinton is guilty if she did so negligently. Given that it appears that every email sent on that server was bcc’d To a third party (apparently not Russia) it would appear that she was indeed extremely negligent.

        Clinton claimed when questioned not to know what the C meant on a page, standard indication of Classifed documents that she with her long history in polotics should most definitely have known ( alien to the FBI in other words). There is also the published email where a subordinate is instructed to remove the classified tags and to send it anyway.

        There should be no reasonable doubt that she intentionally and negligently violated the law. And BTW she also committed perjury with regard to an FOI case where she stated under oath that she had released all responsive emails, yet the FBI uncovered many additional emails that she had not released.

        As for Flynn, I think we’d need to see the 302forms and also know if they were intentionally altered by McCabe to be sure if he actually lied or was simply accused of it. The FBI also threatened to charge his son.

        Page has not been charged and no verifiable information about any collusion relating to him has surfaced. Papadopoulos, if the original mention of compromising was made by a CIA provocateur (as Mifsud appears to be – he has remarkably close links to the Italian state security apparatus for a Russian agent of influence) then any charges against him are connived and part of a seditious, treasonous plot.

        • Ed Snack
          Posted Aug 14, 2018 at 4:05 AM | Permalink

          Oh dear, auto-correct is a pain. That should be private server not rivals. And it is lying to the FBI not alien to the FBI.

          Should also mention the Strzok text where he said that Clinton’s email admin, when questioned, “lied his ass off”. Yet was he charged ? Nope, instead he was granted immunity. How corrupt or incompetent, grant immunity and yet never charge anyone else.

      • Posted Aug 14, 2018 at 8:16 AM | Permalink | Reply

        Frank wrote: “Whether or not Mueller’s investigation has produced a potential case against Trump, there are potential cases about Flynn, Page, Papadopoulos, his son, his son-in-law, Manafort, and others who met with Russians or informants pretending to be connected to Russia.”

        First, it’s not a crime to speak to a Russian, or even the Russian government. Second, there was zero communication with the Russian government by anyone in the Trump campaign except through the Russian ambassador whose job it is to speak to US officials (while under 24-7 surveillance by US IC). Flynn may or may not have given a 100% recital of his conversation to the FBI for them to check against their surveillance. But there is no charge of improper communication. Flynn pleaded guilty for the same reason Papadopoulo did; it was deemed less costly than defending against a multi-million-dollar witch hunt.

        As Ed pointed out, Mifsud appears to be an intelligence asset of the west. The fact that the Russian collusion investigators show no interest in Mifsud or Goldstone tells us all we need to know. But let’s dig deeper. The FBI’s story is that they were alerted to the Trump-Russia connection by the Australian diplomat after he saw the DNC hack announced and put it together to his conversation in the London bar with Papadopoulos a month earlier. But by this time we know now that Carter Page was already being set up to meet with Stefan Halper on July 11 at the London symposium. Page said his invitation came in late May be someone else. Halper initially lied about when he first met Page, saying it was late summer, August. We can be sure Page is telling the truth because he knows that the government has all his emails and the only thing keeping out of jail is the fact that he is more honest than a boy scout. Papadopoulos was set up and falsely charged, collateral damage in the op against America, an innocent bystander. I hope you feel safer.

        Frank, you know, unlike 99% of people, that Natalia V. was working with Fusion GPS, who were working for Putin interests against William Browder. Natalia V’s blocked visa had to be special green-lighted by the Obama administration, Loretta Lynch. Natalia admits to meeting with Glen Simpson before and after the Trump Tower meeting. Do you really think that if Putin wanted to establish a back door to the Trump campaign this is how he would do it, through Clinton’s surrogates?

      • paul courtney
        Posted Aug 14, 2018 at 12:39 PM | Permalink | Reply

        Frank: The more you post, the more obvious your bias. Evidence of crime re: Hillary came from her own mouth on the steps of the UN in May, ’15. When you say her interview might produce perjury charge, you show your ignorance (maybe you forgot) that she was not put under oath. So you say, why is Trump different? For one thing, there’s no crime to be investigated: Flynn and Papdapoulos only charged with lying to FBI; Manafort charges have nothing to do with Trump or campaign; Page never charged; his son and son-in-law? now you’re just trolling. How about this-if, as you say, Trump “no different”, then he’s not put under oath. And they destroy laptops, and give immunity to Manafort, Flynn, Papadapoulos and Cohen. You’re good with same treatment down the line?

        • Climate Audit
          Posted Aug 14, 2018 at 1:47 PM | Permalink

          let’s not re-litigate Hillary here. I’d rather discussing technical issues of hacking.

  27. Jaap Titulaer
    Posted Aug 13, 2018 at 12:21 PM | Permalink | Reply

    fascinating idea. I’ve done tweet thread on it. BTW, in this context, @jeffreycarr ‘s acute analysis of spearphish use of yandex[.com email address bears re-reading. He not only pointed out possibility of false flag, but surmised that user didn’t even speak Russian: see https://medium.com/@jeffreyscarr/the-yandex-domain-problem-2076089e330b

    Ha ha, priceless 🙂
    And he is right of course, for those who don’t like to read it all, here’s the conclusion :

    The point that I’m trying to make is that if anyone in Russia wanted to spear phish employees of the DNC, then creating a @yandex.com email address instead of a @yandex.ru email address is not only unnecessary extra effort but it makes absolutely no sense. You don’t gain anything operationally. You’ve used Yandex. You might as well paint a big red R on your forehead.

    However, you know what does make sense?

    That the person who opened the account DOESN’T SPEAK RUSSIAN!

    He went with Yandex.com because all analysis stops with merely the name of a Russian company, a Russian IP address, or a Russian-made piece of malware. To even argue that a Russian intelligence officer let alone a paranoid Russian mercenary hacker would prefer a Yandex.com email to a Yandex.ru email is mind-numbingly batshit insane.

    I have no idea who created hi.mymail@yandex.com to spear phish Billy Rhinehart, but I bet you $100 that he wasn’t Russian.

    Note that this is about the group that phished Rhinehart, i.e. the same that also phished Podesta; the group which I said uses different software than the likely Sofacy (related) group

    • Climate Audit
      Posted Aug 13, 2018 at 12:59 PM | Permalink | Reply

      Refresh me on your view on another topic: do you surmise that group that hacked DNC emails is same as group that hacked Podesta emails? Data on DNC hack doesn’t seem to be nearly as clear as for Podesta hack. I think that the Podesta hackers were also spearphishing DNC email addresses (resulting in DCLeaks publication of William Rinehart, Sarah Hamilton etc) but the Finance officials seem like different selection procedure.

      • Jaap Titulaer
        Posted Aug 13, 2018 at 5:24 PM | Permalink | Reply

        IDK who did the DNC finance people. I have not seen any details on the Finance group. To be honest I have seen no breakdown of who got hacked + what their email looked like, ie. to what server/program it went. That would tell you. But we simply do not know as most of the details are not published.

        Perhaps we can ask firms like security works for their data, you like we would do for any paper with ‘ interesting’ conclusions…

    • Follow the Money
      Posted Aug 13, 2018 at 1:44 PM | Permalink | Reply

      The argument that use of @yandex.com is an indicator of fake Russian fingerprints is consistent with the argument the original released G2 docs show fake Russian fingerprints by means of “Felix Edmundovich” in the metadata. The Mueller indictment avoids “Felix” as evidence in support of their contentions.

      The indictment is indeed conspicuously weak on explaining the DNC intrusion, unlike that for the DCCC.

      From the indictment:

      The GRU had multiple units, including Units 26165 and 74455, engaged in cyber operations…

      These five digit titles are suspiciously like that used by Mandiant (now owned by FireEye) to claim the Chinese military engaged in large scale and traceable hacking. Search ‘PLA Unit 61398’ Wikipedia (as far as I have time now) seems to suggest, or I infer the five digit name might be a creation by the private security industry, this time a synonym for “APT1”.

      “Units 26165 and 74455” may be titles of random numbers to make the threats seem important and obscure, imagined alternatives to the likes of “Fancy Bear” — not names or unit titles or room numbers or anything created by the hackers themselves.

  28. bmcburney
    Posted Aug 13, 2018 at 1:14 PM | Permalink | Reply

    Steve,

    “Shawn Henry of Crowdstrike was ex-FBI and a pal of Mueller’s. I suspect that Mueller did a solid for his pal.”

    Indeed, but G2 also performed a very similar solid for CS/Henry also with respect to the e-mail exfiltration dates; something which cries out for an explanation.

One Trackback

  1. […] A Russian Spearphishing Domain Is Now Hosted in New York City […]

Post a Comment

Required fields are marked *

*
*

%d bloggers like this: