A Badly Executed Mob Shakedown: The President’s Ukraine Mess Is Just An Extension of His Russia Mess

On Friday I wrote the following in an email explaining what is actually going on with the Ukraine mess that the President has made:

I amazed that all of this current brouhaha is just a really bad Russian mob shakedown. The play here is to get Parnas’s and Fruman’s boss in the Russian mob, Dmitri Firtash, off of house arrest and out from under the extradition warrant to the US so he can go back to Kyiv and take over the Ukrainian natural gas industry, strip it of every last penny, then crash it on behalf of Putin and the Russian mob. This then forces Ukraine to buy natural gas from Russia, which allows Putin to then further knuckle Ukraine by sucking resources out of Ukraine to create leverage to force Ukraine back into his orbit. As was reported last night, Giuliani is on Parnas’s payroll and has been for a while. Parnas is on DiGenova’s and Toensing’s payroll, who are working pro bono with Giuliani on behalf of the President, though they’re using him as their translator for their legal work for Firtash. Parnas and Fruman report to Firtash in regard to Russian organized crime activities. Firtash works for the Kyiv born Semion Mogilevich, who is the titular head of the Bratva. Mogolivech works for Putin who is the functional krysha/roof/protector of the Bratva. The Biden stuff is simply disinformation recycled from the Russians from 2014 as part of the maskirovka.

Earlier this evening, Andrew Weiss, who is the Vice President for Studies of The Carnegie Endowment for International Peace and is in their Russia and Eurasia Program, tweeted the following explainer that really delineates all the parts of the network I was describing in my email from last Friday. (I’m going to put the first half above the jump and the second half below it).

Read more

The Mueller Report Book Club – III. Russian Hacking and Dumping Operations

A and B. GRU Hacking and Dissemination of the Hacked Materials

pp 36 – 49

Thanks to all for the feedback on whether we should continue.

It looks like Jerrold Nadler plans to make the Mueller report a central part of the leadup to impeachment proceedings, so we should continue to pay attention to it. I was concerned that it would go on the ever-mounting pile of Donald Trump’s misdeeds and fade from sight. With Nadler subpoenaing the materials behind the report, we will be hearing more about it. Lawfare continues to produce their podcasts. Here are Part II and Part III.

Section III is long. I am going to take it a bit at a time. We are now getting into the part of the report that describes how the Russians interfered in the 2016 election and how the Trump campaign interacted with them.

GRU is the acronym for the Russian-language name of Russia’s military intelligence organization, the Main Intelligence Directorate of the General Staff. The GRU competes in such things with the FSB, Russia’s Federal Security Service, roughly the equivalent of the FBI.

The hacking of computers belonging to various organizations and individuals in the Democratic Party was massive. The purpose was to release the documents in ways that would be damaging to the Democratic Party and the Clinton campaign.

The hacking began in March 2016 and continued into April, targeting

the computers and email accounts of organizations, employees, and volunteers supporting the Clinton Campaign, including the email account of campaign chairman John Podesta. (p. 36)

The computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) were compromised.

The hacking was carried out by spearphishing. It was hard to find a good definition of spearphishing. Many definitions come from the viewpoint of computer developers, rather than the users that are targeted. For example, the “spear” part indicates a relatively narrow targeting to a particular group of people, in this case the DCCC and DNC.

The FBI has a definition that can be helpful to users. The perpetrators get enough information to design emails that look like they come from a trusted source.

…the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.

Only one person needed to fall for this to let the Russians into the Democratic Party networks. Twenty-nine computers on the DCCC network and more than 30 on the DNC network, including the mail server and shared file server, were compromised. Malware was implanted to record keystrokes and to download data.


Dissemination of the Hacked Materials (pp 41-48)

The simplicity of the statements in the report indicates a deep set of sources.

The GRU carried out the anonymous release through two fictitious online personas that it created – DCLeaks and Guccifer 2.0 – and later through the organization WikiLeaks. (p. 41)

DCLeaks had Facebook and Twitter accounts. The DCLeaks.com website remained operational and public until March 2017.

Posting of documents began in June 2016. The documents seem to have come from email accounts, including those of an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers.

The GRU released through dcleaks.com thousands of documents, including personal identifying and financial information, internal correspondence related to the Clinton Campaign and prior political jobs, and fundraising files and information. (p. 41)


Guccifer 2.0

On June 15, the day after the DNC announced the breach of its network, GRU officers using the persona Guccifer 2.0 created a WordPress blog, posing as a lone Romanian hacker. That same day, the website began to release DNC and DNCC documents, ultimately releasing thousands of them.

Released documents included opposition research performed by the DNC (including a memorandum analyzing potential criticisms of candidate Trump), internal policy documents (such as recommendations on how to address politically sensitive issues), analyses of specific congressional races, and fundraising documents. Releases were organized around thematic issues, such as specific states (e.g., Florida and Pennsylvania) that were perceived as competitive in the 2016 U.S. presidential election. (p. 43)

Later in June, the Guccifer 2.0 persona released documents to reporters and other interested individuals. This continued into August.

Through the Guccifer 2.0 persona, the GRU was in contact with a former Trump campaign member. The member’s identity is redacted because of Harm to Ongoing Matter.


Use of WikiLeaks

In November 2015, Julian Assange emailed WikiLeaks staff to set an anti-Clinton tone for the organization. In March 2016, WikiLeaks released a searchable archive of approximately 30,000 Clinton emails that had been obtained through FOIA litigation. Both actions were before the GRU hacked the DNC and DCCC.

Shortly after the GRU began releasing stolen documents through dcleaks.com in June 2016, DCLeaks contacted WikiLeaks, and WikiLeaks contacted Guccifer 2.0. WikiLeaks wanted their material. The communications were partly hidden, but it is clear that the GRU transferred stolen DNC and Podesta documents to WikiLeaks.

The Office cannot rule out that stolen documents were transferred to WikiLeaks through intermediaries who visited during the summer of 2016. For example, public reporting identified Andrew Müeller-Maguhn as a WikiLeaks associate who may have assisted with the transfer of these stolen documents to Wikileaks. (p. 47)

On October 7, 2016, WikiLeaks released the first emails stolen from the Podesta email account. WikiLeaks released 33 tranches of stolen emails between October 7, 2016 and November 7, 2016, immediately before the election. The releases included private speeches given by Clinton; internal communications; and correspondence related to the Clinton Foundation. WikiLeaks released over 50,000 documents stolen from Podesta’s personal email account.

WikiLeaks and Assange made several public statements about the source of the materials designed to obscure that source. They implied that Seth Rich, a former DNC staff member who was killed in July 2016 and the subject of rightwing conspiracy theorizing, was the source. After the U.S. intelligence community publicly announced its assessment that Russia was behind the hacking operation, Assange continued to deny that the Clinton materials released by WikiLeaks had come from Russian hacking.


The report gives much more detail about how the communications took place.

The second paragraph of the section overview (p. 36) has significant redactions, the reason for which is given as “Harm to Ongoing Matter.” This probably refers to the counterintelligence investigation. Mueller referred to that investigation in his testimony on July 24. Obviously this is justifiable in terms of legal procedure, but we need to know more about that investigation. I’ll write a post about this later in this sequence.

Investigative methods are redacted. This is not important for understanding. Clearly the FBI hacked into the GRU’s communications and materials. That’s all we need to know. A couple of years ago, Dutch intelligence gained access to Russian government computers in 2014 and warned the US about potential hacking of Democratic Party organizations. The operation that provided information to Mueller must have been something like that.


Wednesday Open Thread

There are several Mueller thread(s) below this post. I haven’t been watching, so I have no idea if the testimony is ongoing, but the latest thread is getting way long, so here’s a new one.

From what I gather from occasional glances at Twitter, the hearing aired facts established by the written report, including that: 1) the report didn’t exonerate Trump, 2) Russia fucked with our election for the purpose of helping to elect Trump, 3) the Trump campaign eagerly welcomed that help, 4) Trump obstructed the investigation.

However, the emerging media consensus seems to be that the hearings were a huge victory for Trump and the Republicans because 1) Mueller is old, and 2) pundits and reporters are bored with the proceedings. Does that about sum it up?

Open thread.

Special Counsel Mueller’s Testimony Before the House Permanent Select Committee on Intelligence Live Stream

Here’s the live stream of Special Counsel Mueller testifying before the House Permanent Select Committee on Intelligence.

Just a quick note about all the hot takes on how Special Counsel Mueller performed this morning to keep in mind as he testifies this afternoon:

Mueller was, and will be again this afternoon, the quintessential example of a career DOJ official. He says no more than he feels he should and that’s it. He also now has serious old man voice. Together this presents as visually reticent to befuddled, but it isn’t. You’ll notice when he’s had his team’s integrity impugned, he’s been more animated. No disrespect to Jeremy Bash, but he’s a political appointee, not someone whose made a career in National Security positions of different types. His understanding and approach and expectation of how you respond to these things is different than the one Mueller learned and has abided by during his long career first as a civil servant and then as an appointed senior leader. And Frank Figliuzzi’s explanation of this reality was spot on. The news media screaming that he didn’t give them the juicy media clips they want is just garbage. Finally, this format that the committee’s use for these hearings wasn’t and isn’t designed to actually produce detailed, delineated, thoughtful responses. If the Democrats on the committee, or Democrats in Congress, or anyone else wanted that, then committee counsel should have been given the first two hours, 1/2 hours each rotation for the Democratic and Republican counsels, to ask appropriate questions and elicit detailed answers in follow ups. The final hour to 90 minutes could be reserved for individual member questions. Optimally, the whole hearing would have been done by the committee counsel and the members would have sat there and taken notes.

Open thread!

Livestream: Mueller Testimony Part 2

Here is another open-thread for the testimony of Robert Mueller: