The Mueller Report Book Club

A and B. GRU Hacking and Dissemination of the Hacked Materials

pp 36 – 49

Thanks to all for the feedback on whether we should continue.

It looks like Jerrold Nadler plans to make the Mueller report a central part of the leadup to impeachment proceedings, so we should continue to pay attention to it. I was concerned that it would go on the ever-mounting pile of Donald Trump’s misdeeds and fade from sight. With Nadler subpoenaing the materials behind the report, we will be hearing more about it. Lawfare continues to produce their podcasts. Here are Part II and Part III.

Section III is long. I am going to take it a bit at a time. We are now getting into the part of the report that describes how the Russians interfered in the 2016 election and how the Trump campaign interacted with them.

GRU is the acronym for the Russian-language name of Russia’s military intelligence organization, the Main Intelligence Directorate of the General Staff. The GRU competes in such things with the FSB, Russia’s Federal Security Service, roughly the equivalent of the FBI.

The hacking of computers belonging to various organizations and individuals in the Democratic Party was massive. The purpose was to release the documents in ways that would be damaging to the Democratic Party and the Clinton campaign.

The hacking began in March 2016 and continued into April, targeting

the computers and email accounts of organizations, employees, and volunteers supporting the Clinton Campaign, including the email account of campaign chairman John Podesta. (p. 36)

The computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) were compromised.

The hacking was carried out by spearphishing. It was hard to find a good definition of spearphishing. Many definitions come from the viewpoint of computer developers, rather than the users that are targeted. For example, the “spear” part indicates a relatively narrow targeting to a particular group of people, in this case the DCCC and DNC.

The FBI has a definition that can be helpful to users. The perpetrators get enough information to design emails that look like they come from a trusted source.

…the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.

Only one person needed to fall for this to let the Russians into the Democratic Party networks. Twenty-nine computers on the DCCC network and more than 30 on the DNC network, including the mail server and shared file server, were compromised. Malware was implanted to record keystrokes and to download data.

Dissemination of the Hacked Materials (pp 41-48)

The simplicity of the statements in the report indicates a deep set of sources.

The GRU carried out the anonymous release through two fictitious online personas that it created – DCLeaks and Guccifer 2.0 – and later through the organization WikiLeaks. (p. 41)

DCLeaks had Facebook and Twitter accounts. The DCLeaks.com website remained operational and public until March 2017.

Posting of documents began in June 2016. The documents seem to have come from email accounts, including those of an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers.

The GRU released through dcleaks.com thousands of documents, including personal identifying and financial information, internal correspondence related to the Clinton Campaign and prior political jobs, and fundraising files and information. (p. 41)

Guccifer 2.0

On June 15, the day after the DNC announced the breach of its network, GRU officers using the persona Guccifer 2.0 created a WordPress blog, posing as a lone Romanian hacker. That same day, the website began to release DNC and DNCC documents, ultimately releasing thousands of them.

Released documents included opposition research performed by the DNC (including a memorandum analyzing potential criticisms of candidate Trump), internal policy documents (such as recommendations on how to address politically sensitive issues), analyses of specific congressional races, and fundraising documents. Releases were organized around thematic issues, such as specific states (e.g., Florida and Pennsylvania) that were perceived as competitive in the 2016 U.S. presidential election. (p. 43)

Later in June, the Guccifer 2.0 persona released documents to reporters and other interested individuals. This continued into August.

Through the Guccifer 2.0 persona, the GRU was in contact with a former Trump campaign member. The member’s identity is redacted because of Harm to Ongoing Matter.

Use of WikiLeaks

In November 2015, Julian Assange emailed WikiLeaks staff to set an anti-Clinton tone for the organization. In March 2016, WikiLeaks released a searchable archive of approximately 30,000 Clinton emails that had been obtained through FOIA litigation. Both actions were before the GRU hacked the DNC and DCCC.

Shortly after the GRU began releasing stolen documents through dcleaks.com in June 2016, DCLeaks contacted WikiLeaks, and WikiLeaks contacted Guccifer 2.0. WikiLeaks wanted their material. The communications were partly hidden, but it is clear that the GRU transferred stolen DNC and Podesta documents to WikiLeaks.

The Office cannot rule out that stolen documents were transferred to WikiLeaks through intermediaries who visited during the summer of 2016. For example, public reporting identified Andrew Müeller-Maguhn as a WikiLeaks associate who may have assisted with the transfer of these stolen documents to Wikileaks. (p. 47)

On October 7, 2016, WikiLeaks released the first emails stolen from the Podesta email account. WikiLeaks released 33 tranches of stolen emails between October 7, 2016 and November 7, 2016, immediately before the election. The releases included private speeches given by Clinton; internal communications; and correspondence related to the Clinton Foundation. WikiLeaks released over 50,000 documents stolen from Podesta’s personal email account.

WikiLeaks and Assange made several public statements about the source of the materials designed to obscure that source. They implied that Seth Rich, a former DNC staff member who was killed in July 2016 and the subject of rightwing conspiracy theorizing, was the source. After the U.S. intelligence community publicly announced its assessment that Russia was behind the hacking operation, Assange continued to deny that the Clinton materials released by WikiLeaks had come from Russian hacking.

The report gives much more detail about how the communications took place.

The second paragraph of the section overview (p. 36) has significant redactions, the reason for which is given as “Harm to Ongoing Matter.” This probably refers to the counterintelligence investigation. Mueller referred to that investigation in his testimony on July 24. Obviously this is justifiable in terms of legal procedure, but we need to know more about that investigation. I’ll write a post about this later in this sequence.

Investigative methods are redacted. This is not important for understanding. Clearly the FBI hacked into the GRU’s communications and materials. That’s all we need to know. A couple of years ago, Dutch intelligence gained access to Russian government computers in 2014 and warned the US about potential hacking of Democratic Party organizations. The operation that provided information to Mueller must have been something like that.

The Mueller Report Book Club – III. Russian Hacking and Dumping OperationsPost + Comments (36)

(pp 14-35)

Much of this chapter is redacted under “Harm to Ongoing Matter,” (HOM) presumably referring to the court case against 13 employees of the Internet Research Agency (IRA). A few redactions are labeled “Personal Privacy” (PP) and “Investigative Technique,” (IT) and there seems no need to try to decipher them.

The unredacted part of the chapter is a story that has appeared in the news many times. I’ll outline it and provide a few juicy quotes.

The IRA is funded by Yevgeniy Viktorovich Prigozhin and companies he controlled, including Concord Management and Consulting LLC and Concord Catering. It conducted social media operations in the United States with objectives of sowing discord and later electing Donald Trump president, starting in at least 2014. By February 2016, the IRA was supporting Trump against Clinton. Proghozin was sanctioned by the US Treasury Department in December 2016.

The operations included running accounts on Twitter, Facebook, and Instagram, holding rallies, and buying advertisements. The accounts looked like they belonged to individuals, groups, and activists of various sorts – rightwing, black, political, and religious. The IRA also ran a bot network on Twitter to amplify their messages. By the end of the 2016 election, they had reached millions of people.

(testimony of Colin Stretch, General Counsel of Facebook) (“We estimate that roughly 29 million people were served content in their News Feeds directly from the IRA’s 80,000 posts over the two years. Posts from these Pages were also shared, liked, and followed by people on Facebook, and, as a result, three times more people may have been exposed to a story that originated from the Russian operation. Our best estimate is that approximately 126 million people may have been served content from a Page associated with the IRA at some point during the two-year period.”). The Facebook representative also testified that Facebook had identified 170 Instagram accounts that posted approximately 120,000 pieces of content during that time. Facebook did not offer an estimate of the audience reached via Instagram. (Footnote 6, p. 15)

The chapter contains numerous specific examples of tweets and other social media from the IRA, including @TEN_ GOP, which pretended to be “the informal voice of the Tennessee GOP,” and “Miners for Trump,” which held rallies in Pennsylvania.

“Main idea: Use any opportunity to criticize Hillary [Clinton] and the rest (except Sanders and Trump – we support them)”

The IRA recruited Americans across the political spectrum to help spread its message. This section, starting on page 31, also contains both HOM and PP redactions. Members of the Trump campaign shared or retweeted IRA matter. Donald Trump Jr., Eric Trump, Kellyanne Conway, Brad Parscale, and Michael T. Flynn all retweeted IRA tweets against Hillary Clinton.

IRA employees also tried to contact Trump campaign members directly, representing themselves as US persons. The IRA’s contacts included requests for signs and other materials for rallies and requests to promote the rallies and help coordinate Iogistics. Some campaign volunteers agreed to provide the requested support (for example, agreeing to set aside a number of signs), the investigation has not identified evidence that any Trump campaign official understood the requests were coming from foreign nationals.

A name that may be worth keeping in the back of your mind is “Project Lakhta,” which is mentioned as a larger project that includes the IRA operations. The rest of that paragraph is redacted.

The Mueller Report Book Club – II. Russian “Active Measures” Social Media CampaignPost + Comments (23)

(pp 11-13)

This section lays the basis for and scope of the investigation. It first cites Rod Rosenstein’s Appointment Order. (The report uses more capitalization than I usually do. It is helpful in pointing to specific documents.) The subjects of investigation are:

(i) any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump; and

(ii) any matters that arose or may arise directly from the investigation; and

(iii) any other matters within the scope of 28 C.F.R. § 600.4(a).

The last covers “federal crimes committed in the course of, and with intent to interfere with, the Special Counsel’s investigation, such as perjury, obstruction of justice, destruction of evidence, and intimidation of witnesses.” It also covers similar crimes committed during the FBI’s investigation that was wrapped into the Special Counsel’s investigation.

Later memos confirmed that the investigation includes

• allegations that three Trump campaign officials – Carter Page, Paul Manafort, and George Papadopoulos – “committed a crime or crimes by colluding with Russian government officials with respect to the Russian government’s efforts to interfere with the 2016 presidential election”
• Manafort’s crime arising from payments he received from the Ukrainian government
• Manafort’s crimes arising from his receipt of loans from a bank whose CEO was then seeking a position in the Trump Administration
• allegations that Papadopoulos committed a crime or crimes by acting as an unregistered agent of the Israeli government
• four sets of allegations involving Michael Flynn, the former National Security Advisor to President Trump
• the “pertinent activities” of Michael Cohen, Richard Gates, Roger Stone, and two names redacted for personal privacy (PP) reasons
• leads related to Cohen’ s establishment and use of Essential Consultants LLC to, among other things, receive funds from Russian-backed entities
• individuals who might be working with people being investigated
• allegations that then-Attorney General Jeff Sessions made false statements to the United States Senate.

That’s a big investigation. Mueller inherited parts of this from the ongoing FBI investigation. It speaks to Mueller’s care that he confirmed with the Acting Attorney General that the bulleted points were indeed to be investigated. Two district court cases have confirmed the office’s authority to investigate these matters.

The Special Counsel’s office operated like a US Attorney’s office. The Office made its own judgements about what to investigate within the stated parameters and, for example, didn’t chase down every news item about a Russian contact with the campaign.

“Certain proceedings associated with the Office’s work” continue and have been transferred to the Department of Justice and the FBI.

The Special Counsel’s team at its max:

• 19 attorneys – five of whom joined the Office from private practice and 14 on detail or assigned from other Department of Justice components
• a filter team of Department lawyers and FBI personnel who screened materials for privileged information before turning those materials over to investigators
• three paralegals on detail from the Department’s Antitrust Division
• an administrative staff of nine responsible for budget, finance, purchasing, human resources, records, facilities, security, information technology, and administrative support.

They worked alongside approximately 40 FBI agents, intelligence analysts, forensic accountants, a paralegal, and professional staff assigned by the FBI to assist the Special Counsel’s investigation.

The Office

• issued more than 2,800 grand jury subpoenas
• executed nearly 500 search-and-seizure warrants
• obtained more than 230 orders for communications records
• obtained almost 50 orders authorizing use of pen registers
• made 13 requests to foreign governments
• and interviewed approximately 500 witnesses, including almost 80 before a grand jury.

The FBI also embedded personnel at the Office who did not work on the Special Counsel’s investigation, but rather reviewed the results of the investigation and sent written summaries of foreign intelligence and counterintelligence information to FBIHQ and FBI Field Offices. Not all of that information is included in this report.

This ends the preliminary materials in the report. They are important because they tell us some things about what Mueller thinks is important (that Russia interfered in the 2016 election) and how he went about the investigation.

Articles of interest:

Just Security: Unfinished Business: What Mueller Didn’t Cover, But Congress Can

Washington Post: Was Mueller’s dodge on obstruction a blunder — or brilliant?

The Mueller Report Book Club – The Special Counsel’s InvestigationPost + Comments (20)

Pages 4-10 (pages are those in the original report.)

The executive summary has four subsections:

• Russian Social Media Campaign
• Russian Hacking Operations
• Russian Contacts With The Campaign
• The Special Counsel’s Charging Decisions

Russian Social Media Campaign

The Internet Research Agency (IRA) carried out the earliest Russian interference operations identified by the investigation-a social media campaign designed to provoke and amplify political and social discord in the United States.

The report calls the IRA operations “the earliest,” which implies there were other organizations involved. The first two paragraphs contain redactions, “Harm to Ongoing Matter” (which I will refer to as HOM from now on). This could be the Roger Stone prosecution or the FBI counterintelligence investigation, which continues.

My reading of Rod Rosenstein’s charge to the Special Counsel was that the investigation was to be primarily into the Russian interference, and I assumed it would be comprehensive. But timing is everything, and the investigation ended when it did. On balance, getting the information out sooner and having the FBI continue the counterintelligence investigation is probably a good decision, although it is possible that Donald Trump’s naming of William Barr as Attorney General cut the investigation short.

Counterintelligence investigators tend to be extremely secretive, which I disagree with on the whole. More about that as we hit more redactions.

The IRA itself called its operations information warfare. It began operations before the presidential campaign, as early as 2014, and favored Trump and disparaged Clinton.

The investigation did not identify evidence that any U.S. persons conspired or coordinated with the IRA. Section II of this report details the Office’s investigation of the Russian social media campaign.

Russian Hacking Operations

The Russian intelligence service known as the Main Intelligence Directorate of the General Staff of the Russian Army (GRU) carried out the hacking operations. The hacking began in March 2016 into Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). The material was disseminated through fictional “DCLeaks” and “Guccifer 2.0,” along with Wikileaks. WikiLeaks began releasing emails stolen from John Podesta on October 7, 2016, less than one hour after a U.S. media outlet released the “grab her by the pussy” video. The Trump campaign displayed interest.

A couple of redactions here (Harm to Ongoing Matter, HOM) look like they have to do with the Roger Stone prosecution.

Russian Contacts With The Campaign

The Russian government felt that a Trump win would benefit it, and members of the Trump campaign expected to benefit electorally from the Russian actions, but

the investigation did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities.

The Russian contacts consisted of

• business connections,
• offers of assistance to the Campaign,
• invitations for candidate Trump and Putin to meet in person,
• invitations for Campaign officials and representatives of the Russian government to meet, and
• policy positions seeking improved U.S.-Russian relations.

This section then gives a summary timeline of Russian contacts which you might want to mark to check back on sequences of events. I’m not going to summarize the timeline, as the events will be treated in detail later in the report.

Worth emphasizing:

On January 6, 2017, members of the intelligence community briefed President-Elect Trump on a joint assessment-drafted and coordinated among the Central Intelligence Agency, FBI, and National Security Agency – that concluded with high confidence that Russia had intervened in the election through a variety of means to assist Trump’s candidacy and harm Clinton’s. A declassified version of the assessment was publicly released that same day.

In January and February 2017, three Congressional committees announced investigations into Russian interference. In May, Trump fired James Comey, and the Special Counsel was appointed.

This timeline implies that the report covers only the period up to the appointment of the Special Counsel. The January 2017 briefing and DNI report make it impossible for Trump to claim he knows nothing about Russian interference, but he does anyway.

The Special Counsel’s Charging Decisions

The charging decisions have three main components:

First, the report concludes that Russia’s two principal interference operations in the 2016 U.S. presidential election – the  social media campaign and the hacking-and-dumping operations – violated  U.S. criminal law. Therefore, individuals and entities involved in the social media campaign were charged with participating in a conspiracy to defraud the United States and related counts of identity theft.

Second, although the investigation identified numerous links between individuals with ties to the Russian government and individuals associated with the Trump campaign, the evidence was not sufficient to support criminal charges, three in particular:

• The evidence was not sufficient to charge any campaign official as an unregistered agent of the Russian government;
• Evidence about the June 9, 2016 meeting and WikiLeaks’ s releases of hacked materials was not sufficient to charge a criminal campaign-finance violation.
• Evidence was not sufficient to charge that any member of the Trump Campaign conspired with representatives of the Russian government to interfere in the 2016 election

Third, several individuals affiliated with the Trump Campaign lied to the Special Counsel’s Office (SCO) and to Congress about their interactions with Russian-affiliated individuals and related matters. Some of those lies were charged as violations of the federal false statements statute, including by Michael Flynn, George Papadopoulos, and Michael Cohen. A redaction (HOM) in the series naming those charged may refer to Roger Stone. The US District Court also found that Paul Manafort lied to the SCO and the grand jury.

A few other points:

Interactions between Russian Ambassador Kislyak and Trump Campaign officials both at Trump’s April 2016 foreign policy speech and during the week of the Republican National Convention were brief, public, and non-substantive.

The investigation did not establish that the efforts to dilute a portion of the Republican Party platform on providing assistance to Ukraine were undertaken at the behest of candidate Trump or Russia.

The investigation was limited in a number of ways – by individuals invoking their fifth-amendment rights, by lies, and by materials and witnesses being outside the United States. Also, some witnesses deleted relevant communications or communicated during the relevant period using encrypted applications that do not provide for long-term retention of records.

There are gaps in the record, which is part of the reason that conclusions could not be drawn about some of the potential crimes.

The Mueller Report Book Club – Executive Summary to Volume IPost + Comments (54)

The Introduction puts the important conclusion right up front.

The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.

That’s a stark way to begin, followed by a quick summary of the major events of the Russian campaign and the American response. Obviously Muller intends that conclusion as a takeaway.

The investigation identified two Russian operations. (I will frequently peel out Mueller paragraphs into bullets to make them more readable.)

• First, a Russian entity carried out a social media campaign that favored presidential candidate Donald J. Trump and disparaged presidential candidate Hillary Clinton.
• Second, a Russian intelligence service conducted computer-intrusion operations against entities, employees, and volunteers working on the Clinton Campaign and then released stolen documents.

We are now learning in the news that there were more Russian operations. The report goes on to say that the Trump campaign expected a benefit from the Russian operations but does NOT say that the operations changed any results in the election. That is difficult to determine and outside the scope of the investigation.

The treatment of evidence is described in detail.

• The report describes actions and events that the Special Counsel’s Office found to be supported by the evidence collected in our investigation.
• … the report points out the absence of evidence or conflicts in the evidence about a particular fact or event.
• … when substantial, credible evidence enabled the Office to reach a conclusion with confidence, the report states that the investigation established that certain actions or events occurred.
• A statement that the investigation did not establish particular facts does not mean there was no evidence of those facts.

The last is particularly important to keep in mind, in view of Attorney General William Barr’s and President Donald Trump’s claims.

The report explicitly disavows the word “collusion” as being useful. Discussion of conspiracy is consistent with criminal law. The word “coordination” appears in the appointment order but, like “collusion”, does not have a settled definition in federal criminal law.

We understood coordination to require an agreement-tacit or express-between the Trump Campaign and the Russian government on election interference. That requires more than the two parties taking actions that were informed by or responsive to the other’s actions or interests.

What the report contains:

Volume I describes the factual results of the Special Counsel’s investigation of Russia’s interference in the 2016 presidential election and its interactions with the Trump Campaign. Section I describes the scope of the investigation. Sections II and III describe the principal ways Russia interfered in the 2016 presidential election. Section IV describes links between the Russian government and individuals associated with the Trump Campaign. Section V sets forth the Special Counsel’s charging decisions.

Volume II addresses the President’s actions towards the FBI’s investigation into Russia’ s interference in the 2016 presidential election and related matters, and his actions towards the Special Counsel’ s investigation. Volume II separately states its framework and the considerations that guided that investigation.

Here are a couple of articles relevant to our general topic.

A Side-by-Side Comparison of Barr’s vs. Mueller’s Statements about Special Counsel Report

The Articles of Impeachment Against Donald J. Trump: A Draft

The Mueller Report Book Club – Introduction, Volume IPost + Comments (41)