Just A Quick Note On The Russia Investigation

Jane Mayer has produced an excellent piece of long form reporting on Christoper Steele and the investigation into Russia’s active measures and cyberwarfare campaign to both influence the outcome of the 2016 presidential elections and to continue to influence US politics (h/t: Paul Campos at LGM). I just want to highlight what I think are two of the most important points, if not the two most important points, in Mayer’s article, which Campos also highlighted, with some commentary.


Robert Hannigan, then the head of the U.K.’s intelligence service the G.C.H.Q., had recently flown to Washington and briefed the C.I.A.’s director, John Brennan, on a stream of illicit communications between Trump’s team and Moscow that had been intercepted.

I cannot emphasize how important this is. While this has been reported and/or alluded to in other reporting, what Mayer is unequivocally stating is that the head of Britain’s equivalent of the NSA hand carried the signals intelligence (SIGINT) of communications between the Trump campaign and/or Trump organization with the Russians. Moscow in this sentence means Russian government, not just people living and/or working in Moscow. This is important because it means that counterintelligence task force that Director Comey set up, and that Special Counsel Mueller inherited, has had the actual communications captured by British intelligence. Thanks to our British allies, from the start of his investigation, Special Counsel Mueller and his team have known exactly who from the Trump campaign and/or businesses were in touch with Russian officials and what they said to each other. So when you see reporting on Mueller’s investigation or what he is seeking in subpoenas, just keep in mind that the Special Counsel has known a lot about the who, the what, and the when since he started. What he and his team have been doing is fleshing this out. Mapping the overall network. Determining the directions of influence. And, of course, following the money.

The second important part of Mayer’s reporting I want to highlight is:

One subject that Steele is believed to have discussed with Mueller’s investigators is a memo that he wrote in late November, 2016, after his contract with Fusion had ended. This memo, which did not surface publicly with the others, is shorter than the rest, and is based on one source, described as “a senior Russian official.” The official said that he was merely relaying talk circulating in the Russian Ministry of Foreign Affairs, but what he’d heard was astonishing: people were saying that the Kremlin had intervened to block Trump’s initial choice for Secretary of State, Mitt Romney. (During Romney’s run for the White House in 2012, he was notably hawkish on Russia, calling it the single greatest threat to the U.S.) The memo said that the Kremlin, through unspecified channels, had asked Trump to appoint someone who would be prepared to lift Ukraine-related sanctions, and who would coöperate on security issues of interest to Russia, such as the conflict in Syria. If what the source heard was true, then a foreign power was exercising pivotal influence over U.S. foreign policy—and an incoming President.

The question here is who was the American conduit of interference? The contemporary reporting at the time was that Kellyanne Conway played the leading role in dissuading the President from nominating Governor Romney as Secretary of State.

President-elect Donald Trump’s former campaign manager again strongly suggested on Sunday that his supporters would not back former Massachusetts Gov. Mitt Romney for secretary of state.

Kellyanne Conway, one of Trump’s top advisers, told CNN’s Dana Bash that while she hoped Romney would be a gracious secretary of state if selected, his aggressive criticism of Trump during the 2016 Republican primary did not sit well with the president-elect’s supporters.

“It’s just breathtaking in scope and intensity the type of messages I have received from all over the country,” Conway said. “The number of people who feel betrayed to think that Governor Romney would get the most prominent Cabinet post, after he went so far out of his way to hurt Donald Trump — there was the Never Trump movement, and then there was Mitt Romney.”

Just who was Kellyanne Conway receiving messages from about a potential Romney nomination to be Secretary of State? And is she still receiving them? Or, if it wasn’t Conway, or only just Conway, which other staffer, friend, or family member close to the President is taking direction from the Kremlin? I’m sure Special Counsel Mueller and his team are diligently trying to answer these questions.

Stay Frosty!

Open thread.

Exactly What Is Special Counselor Mueller Investigating?

This morning Cheryl did a post laying out what James Rosen thinks are the four tracks of Special Counsel Mueller’s investigation:

THERE ARE FOUR important tracks to follow in the Trump-Russia story. First, we must determine whether there is credible evidence for the underlying premise that Russia intervened in the 2016 election to help Trump win. Second, we must figure out whether Trump or people around him worked with the Russians to try to win the election. Next, we must scrutinize the evidence to understand whether Trump and his associates have sought to obstruct justice by impeding a federal investigation into whether Trump and Russia colluded. A fourth track concerns whether Republican leaders are now engaged in a criminal conspiracy to obstruct justice through their intense and ongoing efforts to discredit Mueller’s probe.

Cheryl provided appropriate caveats regarding Risen, his past reporting, and the editorial bias of The Intercept where he is now employed. Quite simply Risen is wrong. He is wrong because he fundamentally misunderstands what is actually going on with the Special Counsel’s oversight of a dual track counterintelligence and criminal investigation. There are actually five parts to what Special Counsel Mueller and his team are investigating. They are:

1) Russian interference in the election. This includes the hacking and phishing, the troll farms and the bots.  The Russian deployed human and signals and electronic intelligence. Basically the active measures and cyberwarfare campaign to influence the American electorate in order to prevent Hillary Clinton from being elected president and to ensure that Donald Trump was elected president. And, perhaps, suppressing enough of the vote by various means to ensure that the Democrats couldn’t flip the Senate and/or the House.

2) What, if any, connections exist between the Trump campaign, including surrogates, as well as other campaigns such as Jill Stein’s, and any other Americans and/or American organizations with the Russians to influence the American electorate in order to prevent Hillary Clinton from being elected president and to ensure that Donald Trump was elected president. And, perhaps, suppressing enough of the vote by various means to ensure that the Democrats couldn’t flip the Senate and/or the House.

3) Whether the President and/or others conspired to and/or actually tried to cover up the second item above in order to frustrate both the counterintelligence and criminal investigations.

4) The financial crimes investigation into the President’s, his children’s, his son in law’s, his son in law’s family’s, and many of the President’s associate’s (Felix Sater and Michael Cohen for instance) businesses that have been uncovered as a result of the counterintelligence and criminal investigations.

5) Any other criminality that is subsequently discovered as a result of the investigation.

These five investigatory parts are divided between the counterintelligence and criminal tracks to the investigation. And in the case of much of the counterintelligence portions, the fine line that Special Counsel Mueller and his team are walking is how to build criminal cases out of the counterintelligence investigation. Basically, they have to come up with appropriate evidence that can be used for a criminal prosecution that does not compromise American, allied, and partner nation sources and methods. What Special Counsel Mueller knows as a result of having full access to and oversight of the counterintelligence investigation versus what he thinks he can prove in a court of law are things we all have to wait to find out.

Finally, it is amazing just how well this has held up.

Open thread!

Penetration At All Levels: US Senate Edition

This is what happens when you decide to play political games for power and profit rather than provide for the common defense and promote the general welfare! That this is being disclosed now means that the penetration has occurred, Senators, their staffs, and/or their campaigns are already compromised, and the enemy – Russia – wants everyone to know in order to increase the confusion and distrust and further aggravate the social, political, economic, religious, and ethnic/racial tensions and divisions in the US. Are Senators Grassley’s and Graham’s recent actions the result of being compromised or attempts to seek partisan advantage? And what about the House of Representatives? There is no way the Russians have hacked the Senate, but not the House.

From The Associated Press:

PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America’s political elite.

“They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . “They are looking for information they might leak later.”

The Senate Sergeant at Arms office, which is responsible for the upper house’s security, declined to comment.

Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate’s internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs “Pawn Storm.”

Trend Micro previously drew international attention when it used an identical technique to uncover a set of decoy websites apparently set up to harvest emails from the French presidential candidate Emmanuel Macron’s campaign in April 2017. The sites’ discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.

Hacquebord said the rogue Senate sites — which were set up in June and September of 2017 — matched their French counterparts.

“That is exactly the way they attacked the Macron campaign in France,” he said.

Business Insider also has coverage:

The US Senate was targeted last year by the same hacking group that broke into the Democratic National Committee servers during the 2016 presidential election, according to the cybersecurity firm Trend Micro.

The research firm found that phishing sites were set up by Pawn Storm, also known as Fancy Bear or APT28, mimicking the Senate’s internal email system in an attempt to gain users’ login credentials.

“By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017,” the researchers wrote.

The  June 2017 phishing attempts would not have been the first time the Russia-linked hackers tried to infiltrate the US Senate.  In its extensive analysis of Fancy Bear’s targets during the presidential election, the Associated Press found that Senate staffers Robert Zarate, Josh Holmes, and Jason Thielman were targeted between 2015-2016.

Fancy Bear had a “digital hit list” throughout that period that targeted a wide range of Russia’s perceived enemies, including former Secretary of State John Kerry, Ukrainian President Petro Poroshenko, anti-corruption activist Alexei Navalny, and half of the feminist protest punk rock group Pussy Riot.

Trend Micro said that the Senate’s Active Directory Federation Services (ADFS), which is bascially its internal email system, “is not reachable on the open internet.” But phishing of users’ credentials on a server “that is behind a firewall still makes sense.”

“In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest,” the researchers wrote.

Hacquebord said he doesn’t think it’s correct to say that the methods Pawn Storm used were not advanced.

“They have to know who they want to target, and the timing is important,” Hacquebord said. “The techniques may not be advanced but the social engineering is. They’ve been using these same tactics for quite some time, and it’s been quite effective. They are also very persistent.”

He added that Pawn Storm was using zero-days, or software vulnerabilities that can be exploited by hackers before the developer discovers and patches it.

“These zero days are expensive on the black market,” Hacquebord said. “This is not the stuff of amateurs.”

In case you think compromising members of the Senate, their staffs, and their campaigns is very bad, it gets worse.

On June 13, 2017, Attorney General Jeff Sessions testified to the Senate Intelligence committee about Russian interference in the 2016 presidential election. After fielding hours of questions about his knowledge of the plot, Sessions was greeted by an abrupt change in topic from Senator John McCain. “Quietly, the Kremlin has been trying to map the United States telecommunications infrastructure,” McCain announced, and described a series of alarming moves, including Russian spies monitoring the fiber optic network in Kansas and Russia’s creation of “a cyber weapon that can disrupt the United States power grids and telecommunications infrastructure.”

When McCain asked if Sessions had a strategy to counter Russia’s attacks, Sessions admitted they did not.

But while the role of hacks in the election is the subject of several ongoing probes, the hacks of other U.S. institutions and infrastructures have been largely ignored by the Trump administration, even as the hacking became more aggressive throughout 2017. In June, shortly after McCain’s testimony, the Department of Homeland Security and the FBI released an urgent joint report stating that U.S. nuclear power stations and other energy facilities had been hacked. In July, Bloomberg and the Washington Postconfirmed that the hackers worked for the Russian government.

While U.S. government officials stressed that the public was not yet at serious risk, claiming the hackers had not yet gained the ability to control the grid, intelligence officers warned that infrastructure attacks by a hostile state can also operate as a form of political leverage. Most analyses of the 2016 election hacks have framed leverage in personal terms: kompromatstolen from hacked emails used to blackmail individuals into submission or to humiliate officials as part of a propaganda campaign. Less examined is the form of leverage McCain raised at the Sessions hearing: the possibility of vital infrastructure, like the power grid, being crippled, potentially causing massive financial and humanitarian consequences. In this formulation, an entire government could ostensibly be held hostage to another government’s whim out of fear of triggering a cataclysmic attack.

As 2017 wore on, Russia continued to hack infrastructure around the world , again crippling government and corporate offices across Ukraine, along with energy sectors in the United Kingdom and government officialsin France, and ending the year targeting NATO countries through unprecedented focus on underwater North Atlantic cables that provide internet service to the U.S. and Europe. Disrupting these cables, one British naval official said, would “immediately and potentially catastrophically affect both our economy and other ways of living.”

In September, security firm Symantec said it had notified more than 100 energy companies in the U.S., Turkey, Switzerland, Afghanistan, and elsewhere about Dragonfly 2.0—a set of intrusions into industrial and energy-related companies suspected to originate in Russia. Using targeted phishing emails and compromised websites designed to capture users’ credentials, the hackers gained access in some cases not just to front-office networks but to “operational machines.” As a Symantec security analyst told Fast Company, “We’re talking about machines that are controlling elements that are plugged into the power grid.” A month later, the Dept. of Homeland Security and FBI warned critical infrastructure providers in nuclear, energy, and other key sectors about the ongoing attacks, noting that “threat actors are actively pursuing their ultimate objectives over a long-term campaign.”

And if you think Putin is going to stop, he’s not. He’s going to turn the screws.

When the employees of the famous “troll factory” in St. Petersburg return to their desks after the Russian holidays, they will be writing comments and posts on social media in much more spacious offices. As the city’s leading business daily Delovoy Peterburg reports in an investigative article published just before New Year, the 4,000 square metres of their previous address on 55, Savushkina Street have been replaced by 12,000 square metres in St Petersburg’s Lakhta business district.

The impressive threefold increase of work space is testimony to the success of the “factory”. As Russian RBC Daily’s investigation in April 2017 showed, the trolling activities have now branched out into a conglomerate of at least 16 different online outlets, all of which voice strong support for Kremlin’s policies, while systematically linking to each other’s products. At the same time they carry little or no advertisement.

The owner of the “troll factory”, businessman and billionaire Yevgeny Prigozhin, has also become known as “Putin’s chef” because of his success in providing catering services for, among other clients, the Kremlin and other branches of the Russian government. Mr Prigozhin has been sanctioned by the U.S. Treasury Department for providing financial support for Russia’s military occupation of Ukraine. Delovoy Peterburg’s investigation also reveals that the owners of the new premises are contributors to President Putin’s election campaign.

As I wrote 18 months ago: we are at cyberwar. I was one of the first national security professionals to publicly make that argument based on what was available in open source reporting. Eighteen months later we have actually moved to the point were the cyberwar is just one of the fronts in an elaborate, multi-pronged Russian attack and offensive against the US, our EU and NATO allies, and other liberal democratic states and societies. A formal declaration of war and placing the US on a mobilized for war footing in order to appropriately respond is no longer something to joke about. We can either get serious with this threat and respond appropriately through a formal declaration of war, placing the US on a war footing to fight back, and the mobilization of our closest allies by invoking NATO Article 5 or we can watch Putin make bank as he dismantles liberal democracy in the US, Canada, and the EU and then tries to scarf up eastern Europe, the Baltics, and parts of Scandanavia.

This is not a game. It is not a joke. This is not politics as usual or as unusual. This is not about partisan advantage. We have wasted trillions of dollars, thousands of American and allied lives, and hundreds of thousands to millions of lives of host country nationals caught in the crossfire misunderstanding and improperly responding to Islamic extremism and the terrorism it engenders as an existential threat. Right now we have decided to purposefully ignore a real existential threat: Russia’s war against the US, the EU, NATO, and liberal democracy because it might jeopardize Paul Ryan’s desires to gut Social Security, Mitch McConnell’s dreams to gut campaign finance laws and pack the Federal courts, Stephen Miller’s blatant racism, Mike Pence’s fetish for punishing LGBTQ people because they make him feel icky about himself, and the President’s psychological inability to come to terms with the fact that he is only in office because Vladimir Putin felt threatened by Secretary Clinton combined with the desires of a plurality of white racists and misogynists to make one last stand for bigotry and oppression. And because stating that truth is considered to be politically inappropriate. We can either get it together or we can be remembered as a society so stupid we allowed ourselves to be subverted and destroyed without a single shot being fired.

As I asked eighteen months ago: we are at war, what are we going to do about it?

Senator Cardin’s Report on the US Security Concerns of Russian Active Measures and Cyberwarfare

Senator Ben Cardin (D-MD) has overseen the production of a report on the US security concerns regarding the Russian active measures and cyberwarfare campaigns against the US and a number of European states. This is a minority staff report prepared for the Senate Committee on Foreign Relations. The report can be found at this link or downloaded below. A section by section summary can be found at this link or downloaded below.

Final_Cardin_Report Section by Sections of RR 1-8

For those interested, here’s the video of the German Marshall Fund’s event about the report with Senator Cardin and Congressman Hurd.

Responding to Russia’s Attacks on Democracy

January 10, 2018 | 8:45AM to 10:30AM EST
Washington, DC


  • Panel 1: U.S. Senator Ben Cardin, Ranking Member of the Senate Foreign Relations Committee (D-MD)
  • Panel 2: U.S. Congressman Will Hurd, Member of the House Committee on Homeland Security (R-TX)


  • Secretary Michael Chertoff, former United States Secretary of Homeland Security

While Americans have recently been awakened to the threat of Vladimir Putin’s efforts to undermine democratic institutions in the United States, such tactics are all too familiar to our European partners and allies who have been on the frontlines of Russia’s assault on democracy. There is much we can learn from the history of Russia’s activities aimed at undermining democracies in Europe, as well as from how our European partners and allies respond. The U.S. government, including the Executive Branch and Congress, must take steps to work with our European partners and allies to defend against and deter such activities in the future.

Please join the Alliance for Securing Democracy at The German Marshall Fund of the United States for a two-part discussion. The first conversation will feature U.S. Senator Ben Cardin, ranking member of the Senate Foreign Relations Committee, as he presents findings from his new report, “Putin’s Asymmetric Assault on Democracy in Russia and Europe: Implications for U.S. National Security.” This will be directly followed by a conversation with U.S. Representative Will Hurd on Russia’s threat to U.S. national security. Former U.S. Secretary of Homeland Security Michael Chertoff will moderate both sessions.

Open thread!

Breaking: Senator Feinstein Has Released The Transcript of Glenn Simpson’s Testimony To The Senate Judiciary Committee

Senator Feinstein has released the transcript of Glenn Simpson’s, of Fusion GPS, testimony to the Senate Judiciary Committee. You can find all 312 pages at this link. Or access it below in case Senator Grassley throws a tantrum and it get’s removed from Senator Feinstein’s outward facing Senate page. I haven’t had a chance to read through this and won’t get to it till at least tomorrow, if not later in the week, but enjoy!


Open thread!