Category Archives: Cyber War

Comey’s FBI and Operation ‘Midyear’ on Hillary

Posted on by

 Loretta_Lynch_and_Bill_Clinton_meet_in_P_0_41315067_ver1.0_640_480

Primer: This summary places events in a timeline and context. There are some additional details and the text appears to be fair. Further, when Loretta Lynch refers to the investigation as a ‘matter’, it for the most parts tells us all we need to know.

Comey Tried to
Shield the F.B.I. From
Politics. Then He
Shaped an Election.

As the F.B.I. investigated Hillary Clinton and the Trump
campaign, James B. Comey tried to keep the bureau out
of politics but plunged it into the center of a bitter election.

New York Times/WASHINGTON — The day before he upended the 2016 election, James B. Comey, the director of the Federal Bureau of Investigation, summoned agents and lawyers to his conference room. They had been debating all day, and it was time for a decision.

Mr. Comey’s plan was to tell Congress that the F.B.I. had received new evidence and was reopening its investigation into Hillary Clinton, the presidential front-runner. The move would violate the policies of an agency that does not reveal its investigations or do anything that may influence an election. But Mr. Comey had declared the case closed, and he believed he was obligated to tell Congress that had changed.

“Should you consider what you’re about to do may help elect Donald Trump president?” an adviser asked him, Mr. Comey recalled recently at a closed meeting with F.B.I. agents.

He could not let politics affect his decision, he replied. “If we ever start considering who might be affected, and in what way, by what we do, we’re done,” he told the agents.

But with polls showing Mrs. Clinton holding a comfortable lead, Mr. Comey ended up plunging the F.B.I. into the molten center of a bitter election. Fearing the backlash that would come if it were revealed after the election that the F.B.I. had been investigating the next president and had kept it a secret, Mr. Comey sent a letter informing Congress that the case was reopened.

For Mr. Comey, keeping the F.B.I. out of politics is such a preoccupation that he once said he would never play basketball with President Barack Obama because of the appearance of being chummy with the man who appointed him. But in the final months of the presidential campaign, the leader of the nation’s pre-eminent law enforcement agency shaped the contours, if not the outcome, of the presidential race by his handling of the Clinton and Trump-related investigations.

An examination by The New York Times, based on interviews with more than 30 current and former law enforcement, congressional and other government officials, found that while partisanship was not a factor in Mr. Comey’s approach to the two investigations, he handled them in starkly different ways. In the case of Mrs. Clinton, he rewrote the script, partly based on the F.B.I.’s expectation that she would win and fearing the bureau would be accused of helping her. In the case of Mr. Trump, he conducted the investigation by the book, with the F.B.I.’s traditional secrecy. Many of the officials discussed the investigations on the condition of anonymity because they were not authorized to speak to reporters.

Mr. Comey made those decisions with the supreme self-confidence of a former prosecutor who, in a distinguished career, has cultivated a reputation for what supporters see as fierce independence, and detractors view as media-savvy arrogance.

The Times found that this go-it-alone strategy was shaped by his distrust of senior officials at the Justice Department, who he and other F.B.I. officials felt had provided Mrs. Clinton with political cover. The distrust extended to his boss, Loretta E. Lynch, the attorney general, who Mr. Comey believed had subtly helped play down the Clinton investigation.

His misgivings were only fueled by the discovery last year of a document written by a Democratic operative that seemed — at least in the eyes of Mr. Comey and his aides — to raise questions about her independence. In a bizarre example of how tangled the F.B.I. investigations had become, the document had been stolen by Russian hackers.

The examination also showed that at one point, President Obama himself was reluctant to disclose the suspected Russian influence in the election last summer, for fear his administration would be accused of meddling.

Mr. Comey, the highest-profile F.B.I. director since J. Edgar Hoover, has not squarely addressed his decisions last year. He has touched on them only obliquely, asserting that the F.B.I. is blind to partisan considerations. “We’re not considering whose ox will be gored by this action or that action, whose fortune will be helped,” he said at a public event recently. “We just don’t care. We can’t care. We only ask: ‘What are the facts? What is the law?’”

But circumstances and choices landed him in uncharted and perhaps unwanted territory, as he made what he thought were the least damaging choices from even less desirable alternatives.

“This was unique in the history of the F.B.I.,” said Michael B. Steinbach, the former senior national security official at the F.B.I., who worked closely with Mr. Comey, describing the circumstances the agency faced last year while investigating both the Republican and Democratic candidates for president. “People say, ‘This has never been done before.’ Well, there never was a before. Or ‘That’s not normally how you do it.’ There wasn’t anything normal about this.”

‘Federal Bureau of Matters’

Attorney General Loretta E. Lynch and Mr. Comey during a news conference in Brooklyn in May 2015. Both had been federal prosecutors in New York, Mr. Comey in Manhattan and Ms. Lynch in Brooklyn. Sam Hodgson for The New York Times 

The F.B.I.’s involvement with Mrs. Clinton’s emails began in July 2015 when it received a letter from the inspector general for the intelligence community.

The letter said that classified information had been found on Mrs. Clinton’s home email server, which she had used as secretary of state. The secret email setup was already proving to be a damaging issue in her presidential campaign.

Mr. Comey’s deputies quickly concluded that there was reasonable evidence that a crime may have occurred in the way classified materials were handled, and that the F.B.I. had to investigate. “We knew as an organization that we didn’t have a choice,” said John Giacalone, a former mob investigator who had risen to become the F.B.I.’s top national security official.

On July 10, 2015, the F.B.I. opened a criminal investigation, code-named “Midyear,” into Mrs. Clinton’s handling of classified information. The Midyear team included two dozen investigators led by a senior analyst and by an experienced F.B.I. supervisor, Peter Strzok, a former Army officer who had worked on some of the most secretive investigations in recent years involving Russian and Chinese espionage.

There was controversy almost immediately.

Responding to questions from The Times, the Justice Department confirmed that it had received a criminal referral — the first step toward a criminal investigation — over Mrs. Clinton’s handling of classified information.

But the next morning, the department revised its statement.

“The department has received a referral related to the potential compromise of classified information,” the new statement read. “It is not a criminal referral.”

The Justice Department knew a criminal investigation was underway, but officials said they were being technically accurate about the nature of the referral. Some at the F.B.I. suspected that Democratic appointees were playing semantic games to help Mrs. Clinton, who immediately seized on the statement to play down the issue. “It is not a criminal investigation,” she said, incorrectly. “It is a security review.”

In September of that year, as Mr. Comey prepared for his first public questions about the case at congressional hearings and press briefings, he went across the street to the Justice Department to meet with Ms. Lynch and her staff.

Both had been federal prosecutors in New York — Mr. Comey in the Manhattan limelight, Ms. Lynch in the lower-wattage Brooklyn office. The 6-foot-8 Mr. Comey commanded a room and the spotlight. Ms. Lynch, 5 feet tall, was known for being cautious and relentlessly on message. In her five months as attorney general, she had shown no sign of changing her style.

At the meeting, everyone agreed that Mr. Comey should not reveal details about the Clinton investigation. But Ms. Lynch told him to be even more circumspect: Do not even call it an investigation, she said, according to three people who attended the meeting. Call it a “matter.”

Ms. Lynch reasoned that the word “investigation” would raise other questions: What charges were being investigated? Who was the target? But most important, she believed that the department should stick by its policy of not confirming investigations.

It was a by-the-book decision. But Mr. Comey and other F.B.I. officials regarded it as disingenuous in an investigation that was so widely known. And Mr. Comey was concerned that a Democratic attorney general was asking him to be misleading and line up his talking points with Mrs. Clinton’s campaign, according to people who spoke with him afterward.

As the meeting broke up, George Z. Toscas, a national security prosecutor, ribbed Mr. Comey. “I guess you’re the Federal Bureau of Matters now,” Mr. Toscas said, according to two people who were there.

Despite his concerns, Mr. Comey avoided calling it an investigation. “I am confident we have the resources and the personnel assigned to the matter,” Mr. Comey told reporters days after the meeting.

The F.B.I. investigation into Mrs. Clinton’s email server was the biggest political story in the country in the fall of 2015. But something much bigger was happening in Washington. And nobody recognized it.

While agents were investigating Mrs. Clinton, the Democratic National Committee’s computer system was compromised. It appeared to have been the work of Russian hackers.

The significance of this moment is obvious now, but it did not immediately cause alarm at the F.B.I. or the Justice Department.

Months passed before the D.N.C. and the F.B.I. met to address the hacks. And it would take more than a year for the government to conclude that the Russian president, Vladimir V. Putin, had an audacious plan to steer the outcome of an American election.

 Missing Emails

Despite moments of tension between leaders of the F.B.I. and the Justice Department, agents and prosecutors working on the case made progress. “The investigative team did a thorough job,” Mr. Giacalone said. “They left no stone unturned.”

They knew it would not be enough to prove that Mrs. Clinton was sloppy or careless. To bring charges, they needed evidence that she knowingly received classified information or set up her server for that purpose.

A Hot Tarmac

A chance encounter set those plans in motion.

In late June, Ms. Lynch’s plane touched down at Phoenix Sky Harbor International Airport as part of her nationwide tour of police departments. Former President Bill Clinton was also in Phoenix that day, leaving from the same tarmac.

Ms. Lynch’s staff loaded into vans, leaving the attorney general and her husband on board. Mr. Clinton’s Secret Service agents mingled with her security team. When the former president learned who was on the plane, his aides say, he asked to say hello.

Mr. Clinton’s aides say he intended only to greet Ms. Lynch as she disembarked. But Ms. Lynch later told colleagues that the message she received — relayed from one security team to another — was that Mr. Clinton wanted to come aboard, and she agreed.

When Ms. Lynch’s staff members noticed Mr. Clinton boarding the plane, a press aide hurriedly called the Justice Department’s communications director, Melanie Newman, who said to break up the meeting immediately. A staff member rushed to stop it, but by the time the conversation ended, Mr. Clinton had been on the plane for about 20 minutes.

Ms. Lynch said she would not step aside but would accept whatever career prosecutors and the F.B.I. recommended on the Clinton case — something she had planned to do all along.

The script had been edited and revised several times, former officials said. Mr. Strzok, Mr. Steinbach, lawyers and others debated every phrase. Speaking so openly about a closed case is rare, and the decision to do so was not unanimous, officials said. But the team ultimately agreed that there was an obligation to inform American voters.

Mr. Comey’s criticism — his description of her carelessness — was the most controversial part of the speech. Agents and prosecutors have been reprimanded for injecting their legal conclusions with personal opinions. But those close to Mr. Comey say he has no regrets.

By scolding Mrs. Clinton, Mr. Comey was speaking not only to voters but to his own agents. While they agreed that Mrs. Clinton should not face charges, many viewed her conduct as inexcusable. Mr. Comey’s remarks made clear that the F.B.I. did not approve.

At the Justice Department, frustrated prosecutors said Mr. Comey should have consulted with them first. Mrs. Clinton’s supporters said that Mr. Comey’s condemnations seemed to make an oblique case for charging her, undermining the effect of his decision.

In the days after the announcement, Mr. Comey and Ms. Lynch each testified before Congress, with different results. Neither the F.B.I. nor the Justice Department normally gives Congress a fact-by-fact recounting of its investigations, and Ms. Lynch spent five hours avoiding doing so.

“I know that this is a frustrating exercise for you,” she told the House Judiciary Committee.

Mr. Comey discussed his decision to close the investigation and renewed his criticism of Mrs. Clinton.

And with both parties angry at him, he had proved yet again that he was willing to speak his mind, regardless of the blowback. He seemed to have safely piloted the F.B.I. through the storm of a presidential election.

But as Mr. Comey moved past one tumultuous investigation, another was about to heat up.

Russia Rising

Days after Mr. Comey’s news conference, Carter Page, an American businessman, gave a speech in Moscow criticizing American foreign policy. Such a trip would typically be unremarkable, but Mr. Page had previously been under F.B.I. scrutiny years earlier, as he was believed to have been marked for recruitment by Russian spies. And he was now a foreign policy adviser to Mr. Trump.

“Russia, if you’re listening,” he said, “I hope you’ll be able to find the 30,000 emails that are missing.”

In late July, the F.B.I. opened an investigation into possible collusion between members of Mr. Trump’s campaign and Russian operatives. Besides Mr. Comey and a small team of agents, officials said, only a dozen or so people at the F.B.I. knew about the investigation. Mr. Strzok, just days removed from the Clinton case, was selected to supervise it.

In late August, Mr. Comey and his deputies were briefed on a provocative set of documents about purported dealings between shadowy Russian figures and Mr. Trump’s campaign. One report, filled with references to secret meetings, spoke ominously of Mr. Trump’s “compromising relationship with the Kremlin” and threats of “blackmail.”

Mr. Steele had been a covert agent for MI6 in Moscow, maintained deep ties with Russians and worked with the F.B.I., but his claims were largely unverified. It was increasingly clear at the F.B.I. that Russia was trying to interfere with the election.

As the F.B.I. plunged deeper into that investigation, Mr. Comey became convinced that the American public needed to understand the scope of the foreign interference and be “inoculated” against it.

The president replied that going public would play right into Russia’s hands by sowing doubts about the election’s legitimacy. Mr. Trump was already saying the system was “rigged,” and if the Obama administration accused Russia of interference, Republicans could accuse the White House of stoking national security fears to help Mrs. Clinton.

Mr. Comey argued that he had unique credibility to call out the Russians and avoid that criticism. After all, he said, he had just chastised Mrs. Clinton at his news conference.

But John O. Brennan, the C.I.A. director, was so concerned about the Russian threat that he gave an unusual private briefing in the late summer to Harry Reid, then the Senate Democratic leader.

Mr. Comey knew the investigation of the Trump campaign was just underway, and keeping with policy, he said nothing about it.

Mr. Reid’s letter sparked frenzied speculation about what the F.B.I. was doing. At a congressional hearing in September, Representative Jerrold Nadler, Democrat of New York, pressed Mr. Comey for an explanation, citing his willingness to give details about his investigation of Mrs. Clinton.

But Mr. Comey never considered disclosing the case. Doing so, he believed, would have undermined an active investigation and cast public suspicion on people the F.B.I. could not be sure were implicated.

“I’m not confirming that we’re investigating people associated with Mr. Trump,” Mr. Comey said to Mr. Nadler. “In the matter of the email investigation, it was our judgment — my judgment and the rest of the F.B.I.’s judgment — that those were exceptional circumstances.”

Even in classified briefings with House and Senate intelligence committee members, Mr. Comey repeatedly declined to answer questions about whether there was an investigation of the Trump campaign.

To Mr. Comey’s allies, the two investigations were totally different. One was closed when he spoke about it. The other was continuing, highly classified and in its earliest stages. Much of the debate over Mr. Comey’s actions over the last seven months can be distilled into whether people make that same distinction.

The agent said that if Mr. Steele could get solid corroboration of his reports, the F.B.I. would pay him $50,000 for his efforts, according to two people familiar with the offer. Ultimately, he was not paid.

But by fall, the gravity of the Russian effort to affect the presidential election had become clear.

The D.N.C. hack and others like it had once appeared to be standard Russian tactics to tarnish a Western democracy. After the WikiLeaks disclosures and subsequent leaks by a Russian group using the name DCLeaks, agents and analysts began to realize that Moscow was not just meddling. It was trying to tip the election away from Mrs. Clinton and toward Mr. Trump.

At their second meeting, Mr. Comey argued that it would look too political for the F.B.I. to comment so close to the election, according to several people in attendance. Officials in the room felt whiplashed. Two months earlier, Mr. Comey had been willing to put his name on a newspaper article; now he was refusing to sign on to an official assessment of the intelligence community.

That night, WikiLeaks began posting thousands of hacked emails from another source: the private email account of John D. Podesta, chairman of the Clinton campaign.

The emails included embarrassing messages between campaign staff members and excerpts from Mrs. Clinton’s speeches to Wall Street. The disclosure further convinced the F.B.I. that it had initially misread Russia’s intentions.

“You may be aware that your emails have been hacked,” an agent told him.

Mr. Podesta laughed. The same agency that had so thoroughly investigated Mrs. Clinton, he said, seemed painfully slow at responding to Russian hacking.

“Yes,” he answered. “I’m aware.”

Supplementing the Record

The Daily Mail, a British tabloid, was first with the salacious story: Anthony D. Weiner, the former New York congressman, had exchanged sexually charged messages with a 15-year-old girl.

F.B.I. agents in New York seized Mr. Weiner’s laptop in early October. The investigation was just one of many in the New York office and was not treated with great urgency, officials said. Further slowing the investigation, the F.B.I. software used to catalog the computer files kept crashing.

Eventually, investigators realized that they had hundreds of thousands of emails, many of which belonged to Ms. Abedin and had been backed up to her husband’s computer.

Neither Mr. Comey nor Ms. Lynch was concerned. Agents had discovered devices before in the Clinton investigation (old cellphones, for example) that turned up no new evidence.

Then, agents in New York who were searching image files on Mr. Weiner’s computer discovered a State Department document containing the initials H.R.C. — Hillary Rodham Clinton. They found messages linked to Mrs. Clinton’s home server.

And they made another surprising discovery: evidence that some of the emails had moved through Mrs. Clinton’s old BlackBerry server, the one she used before moving to her home server. If Mrs. Clinton had intended to conceal something, agents had always believed, the evidence might be in those emails. But reading them would require another search warrant, essentially reopening the Clinton investigation.

The election was two weeks away.

Mr. Comey learned of the Clinton emails on the evening of Oct. 26 and gathered his team the next morning to discuss the development.

Seeking a new warrant was an easy decision. He had a thornier issue on his mind.

Back in July, he told Congress that the Clinton investigation was closed. What was his obligation, he asked, to acknowledge that this was no longer true?

It was a perilous idea. It would push the F.B.I. back into the political arena, weeks after refusing to confirm the active investigation of the Trump campaign and declining to accuse Russia of hacking.

The question consumed hours of conference calls and meetings. Agents felt they had two options: Tell Congress about the search, which everyone acknowledged would create a political furor, or keep it quiet, which followed policy and tradition but carried its own risk, especially if the F.B.I. found new evidence in the emails.

“In my mind at the time, Clinton is likely to win,” Mr. Steinbach said. “It’s pretty apparent. So what happens after the election, in November or December? How do we say to the American public: ‘Hey, we found some things that might be problematic. But we didn’t tell you about it before you voted’? The damage to our organization would have been irreparable.”

Conservative news outlets had already branded Mr. Comey a Clinton toady. That same week, the cover of National Review featured a story on “James Comey’s Dereliction,” and a cartoon of a hapless Mr. Comey shrugging as Mrs. Clinton smashed her laptop with a sledgehammer.

Congressional Republicans were preparing for years of hearings during a Clinton presidency. If Mr. Comey became the subject of those hearings, F.B.I. officials feared, it would hobble the agency and harm its reputation. “I don’t think the organization would have survived that,” Mr. Steinbach said.

The assumption was that the email review would take many weeks or months. “If we thought we could be done in a week,” Mr. Steinbach said, “we wouldn’t say anything.”

The spirited debate continued when Mr. Comey reassembled his team later that day. F.B.I. lawyers raised concerns, former officials said. But in the end, Mr. Comey said he felt obligated to tell Congress.

“I went back and forth, changing my mind several times,” Mr. Steinbach recalled. “Ultimately, it was the right call.”

That afternoon, Mr. Comey’s chief of staff called the office of Ms. Yates, the deputy attorney general, and revealed the plan.

When Ms. Lynch was told, she was both stunned and confused. While the Justice Department’s rules on “election year sensitivities” do not expressly forbid making comments close to an election, administrations of both parties have interpreted them as a broad prohibition against anything that may influence a political outcome.

Ms. Lynch understood Mr. Comey’s predicament, but not his hurry. In a series of phone calls, her aides told Mr. Comey’s deputies that there was no need to tell Congress anything until agents knew what the emails contained.

Either Ms. Lynch or Ms. Yates could have ordered Mr. Comey not to send the letter, but their aides argued against it. If Ms. Lynch issued the order and Mr. Comey obeyed, she risked the same fate that Mr. Comey feared: accusations of political interference and favoritism by a Democratic attorney general.

If Mr. Comey disregarded her order and sent the letter — a real possibility, her aides thought — it would be an act of insubordination that would force her to consider firing him, aggravating the situation.

Document

Letter to Congress From F.B.I. Director on Clinton Email Case

In the letter, the F.B.I. director, James B. Comey, said that new emails had surfaced in a case unrelated to the closed investigation into whether Hillary Clinton or her aides had mishandled classified information, and that the messages “appear to be pertinent to the investigation.”

So the debate ended at the staff level, with the Justice Department imploring the F.B.I. to follow protocol and stay out of the campaign’s final days. Ms. Lynch never called Mr. Comey herself.

The next morning, Friday, Oct. 28, Mr. Comey wrote to Congress, “In connection with an unrelated case, the F.B.I. has learned of the existence of emails that appear to be pertinent to the investigation.”

His letter became public within minutes. Representative Jason Chaffetz of Utah, a Republican and a leading antagonist of Mrs. Clinton’s, jubilantly announced on Twitter, “Case reopened.”

‘This Changes Everything’

The Clinton team was outraged. Even at the F.B.I., agents who supported their high-profile director were stunned. They knew the letter would call into question the F.B.I.’s political independence.

Mr. Trump immediately mentioned it on the campaign trail. “As you might have heard,” Mr. Trump told supporters in Maine, “earlier today, the F.B.I. … ” The crowd interrupted with a roar. Everyone had heard.

Polls almost immediately showed Mrs. Clinton’s support declining. Presidential races nearly always tighten in the final days, but some political scientists reported a measurable “Comey effect.”

“This changes everything,” Mr. Trump said.

Mr. Comey explained in an email to his agents that Congress needed to be notified. “It would be misleading to the American people were we not to supplement the record,” he wrote.

But many agents were not satisfied.

At the Justice Department, career prosecutors and political appointees privately criticized not only Mr. Comey for sending the letter but also Ms. Lynch and Ms. Yates for not stopping him. Many saw the letter as the logical result of years of not reining him in.

Mr. Comey told Congress that he had no idea how long the email review would take, but Ms. Lynch promised every resource needed to complete it before Election Day.

At the F.B.I., the Clinton investigative team was reassembled, and the Justice Department obtained a warrant to read emails to or from Mrs. Clinton during her time at the State Department. As it turned out, only about 50,000 emails met those criteria, far fewer than anticipated, officials said, and the F.B.I. had already seen many of them.

Mr. Comey was again under fire. Former Justice Department officials from both parties wrote a Washington Post op-ed piece titled “James Comey Is Damaging Our Democracy.”

At a Justice Department memorial for Mr. Margolis, organizers removed all the chairs from the stage, avoiding the awkward scene of Mr. Comey sitting beside some of his sharpest critics.

Jamie S. Gorelick, a deputy attorney general during the Clinton administration, eulogized Mr. Margolis for unfailingly following the rules, even when facing unpopular options. Audience members heard it as a veiled critique of both Mr. Comey and Ms. Lynch.

On Nov. 5, three days before Election Day, Mr. Strzok and his team had 3,000 emails left to review. That night, they ordered pizza and dug in. At about 2 a.m., Mr. Strzok wrote an email to Mr. Comey and scheduled it to send at 6 a.m. They were finished.

A few hours later, Mr. Strzok and his team were back in Mr. Comey’s conference room for a final briefing: Only about 3,000 emails had been potentially work-related. A dozen or so email chains contained classified information, but the F.B.I. had already seen it.

And agents had found no emails from the BlackBerry server during the crucial period when Mrs. Clinton was at the State Department.

Nothing had changed what Mr. Comey had said in July.

That conclusion was met with a mixture of relief and angst. Everyone at the meeting knew that the question would quickly turn to whether Mr. Comey’s letter had been necessary.

That afternoon, Mr. Comey sent a second letter to Congress. “Based on our review,” he wrote, “we have not changed our conclusions.”

Political Consequences

Mr. Comey did not vote on Election Day, records show, the first time he skipped a national election, according to friends. But the director of the F.B.I. was a central story line on every television station as Mr. Trump swept to an upset victory.

Many factors explained Mr. Trump’s success, but Mrs. Clinton blamed just one. “Our analysis is that Comey’s letter — raising doubts that were groundless, baseless, proven to be — stopped our momentum,” she told donors a few days after the election. She pointed to polling data showing that late-deciding voters chose Mr. Trump in unusually large numbers.

Even many Democrats believe that this analysis ignores other factors, but at the F.B.I., the accusation stung. Agents are used to criticism and second-guessing. Rarely has the agency been accused of political favoritism or, worse, tipping an election.

For all the attention on Mrs. Clinton’s emails, history is likely to see Russian influence as the more significant story of the 2016 election. Questions about Russian meddling and possible collusion have marred Mr. Trump’s first 100 days in the White House, cost him his national security adviser and triggered two congressional investigations. Despite Mr. Trump’s assertions that “Russia is fake news,” the White House has been unable to escape its shadow.

Mr. Comey has told friends that he has no regrets, about either the July news conference or the October letter or his handling of the Russia investigation. Confidants like Mr. Richman say he was constrained by circumstance while “navigating waters in which every move has political consequences.”

But officials and others close to him also acknowledge that Mr. Comey has been changed by the tumultuous year.

Early on Saturday, March 4, the president accused Mr. Obama on Twitter of illegally wiretapping Trump Tower in Manhattan. Mr. Comey believed the government should forcefully denounce that claim. But this time he took a different approach. He asked the Justice Department to correct the record. When officials there refused, Mr. Comey followed orders and said nothing publicly.

“Comey should say this on the record,” said Tommy Vietor, a National Security Council spokesman in the Obama administration. “He’s already shattered all norms about commenting on ongoing investigations.”

Mr. Richman sees no conflict, but rather “a consistent pattern of someone trying to act with independence and integrity, but within established channels.”

“His approach to the Russia investigation fits this pattern,” he added.

But perhaps the most telling sign that Mr. Comey may have had enough of being Washington’s Lone Ranger occurred last month before the House Intelligence Committee.

Early in the hearing, Mr. Comey acknowledged for the first time what had been widely reported: The F.B.I. was investigating members of the Trump campaign for possible collusion with Russia.

Yet the independent-minded F.B.I. director struck a collaborative tone. “I have been authorized by the Department of Justice to confirm,” he began, ushering in the next phase of his extraordinary moment in national politics.

Mr. Comey was still in the spotlight, but no longer alone.

 

 

 

Russia Funds and Manages Conflict in Ukraine, 11,000 Dead

Posted on by

Ukraine, the forgotten war:

The situation in the ATO area remains controlled by Ukraine’s Army. Russian occupation forces shelled Ukrainian positions 21 times during the past 24 hours.

The epicenter of confrontation was Prymorsky area. Militants shelled Shyrokyne from 122 mm light portable rocket system Partyzan and IFV weaponry. The enemy shelled Mariinka from IFV, grenade launchers of different systems and heavy machine guns. Krasnohorivka positions were shelled from anti-tank grenade launchers and Vodyane – from IFV and heavy machine guns. Hnutove was shelled from small arms. Snipers were shooting in Mariinka.

In Donetsk region militants shelled Avdivka and Verkhnyotoretske from 82 mm mortars, anti-tank grenade launchers and heavy machine guns. Ukrainian positions near Troitske and Pisky were hit from anti-tank grenade launchers and small arms. More here.

Russia Funds and Manages Conflict in Ukraine, Leaks Show

Hacked emails show that the Kremlin directs and funds the ostensibly independent republics in eastern Ukraine and runs military operations there. In late 2016, Ukrainian hacker groups released emails purportedly taken from the office of Kremlin official Vladislav Surkov, who oversees Ukraine policy for Russian President Vladimir Putin. The Surkov leaks confirm what many have long suspected: the Kremlin has orchestrated and funded the supposedly independent governments in the Donbas, and seeks to disrupt internal Ukrainian politics, making the task of rebuilding modern Ukraine impossible. Russia has consistently denied accusations from Kyiv and the West that it is providing the separatists with troops, weapons, and other material support or meddling in Ukrainian affairs. The emails from Surkov’s office betray the official Kremlin line, revealing the extent of Russian involvement in the seizure of Ukrainian territory, the creation of puppet “people’s republics,” and the funding to ensure their survival.

There have been three tranches of information from Surkov’s account: a PDF document detailing plans to destabilize Ukraine, a dump of 2,337 emails, and a final dump of 1,000 emails. While the plot to destabilize Ukraine with its detailed plan to use energy tariffs to foment revolution has garnered attention, its veracity is disputed. The trove of 2,337 emails, released by the group called “Ukrainian Cyber Alliance,” including the hacker group Cyber Hunta and research collective InformNapalm, covers the period from September 2013 to November 2014, when Russia illegally annexed Crimea and deployed separatist proxies in eastern Ukraine to start a war. The final dump dates from September 2014 to September 2016. We have analyzed the overlooked second and third troves. Here’s what we found.

On May 16, 2014, a little-known Russian “political consultant” named Aleksandr Borodai was elected prime minister of the self-proclaimed Donetsk People’s Republic. At the time, many noted that Borodai was a friend and former employee of Russian billionaire Konstantin Malofeyev, the founder of Marshall Capital and, according to a separate set of leaked documents, a funder to far-right political organizations in Europe. While Malofeyev denied all connections to Borodai (“You can find a link between me and almost any Orthodox activist. But that doesn’t mean I’m paying them a salary or that we’re in the same business.”), the Surkov leaks show otherwise. Three days before the announcement of the government of the Donetsk People’s Republic, an employee from Malofeyev’s Marshall Capital emailed Surkov’s office a list of candidates for the separatist republic’s government. Some of these “candidates” had an asterisk by their name, signifying that they “are people who we have checked, and are especially recommended.”

20170419 haring 1

A portion of the document sent from the office of Konstantin Malofeyev to Vladislav Surkov, aide to President Putin.

The Kremlin also had a hand in maintaining the puppet government. On June 16, 2014, one of the candidates with an asterisk by his name—the “elected” Chairman of the Supreme Soviet, Denis Pushilin—sent Surkov’s office a spreadsheet with expenses for a new press center in Donetsk. The budget included estimated salaries for an editor, journalist, and other monthly expenses, along with the cost of a router and other pieces of office equipment. The Kremlin not just manages their puppet republic in eastern Ukraine, it is micromanaging and propping it up.

20170419 haring 2

Part of the expense list sent by the Donetsk People’s Republic official Denis Pushilin to Surkov, including the cost of a laptop, router, camera, and other pieces of office equipment.

But that’s not all. The Kremlin actively works to disrupt and slow down the reform process in Ukraine by promoting pro-Russian candidates and proposals. For example, Surkov has met with and assisted pro-Russian activists and leaders who live in Crimea, Dnipro, Kharkiv, Kyiv, and Slovyansk. The emails show that Surkov keeps lists of pro-Russian activists across the country that he can deploy when he needs a favor.

The leaks also show that Surkov actively monitors Ukraine’s reforms and works with editors to push a pro-Russian agenda in Ukrainian and Russian outlets. Surkov has significant influence on the media narrative in eastern Ukraine. For example, on August 25, 2014, he received an email asking for edits to a letter that was supposedly from local citizens living in eastern Ukraine; in it, they told of the horrors resulting from the Ukrainian military’s “Anti-Terrorist Operation” and its effect on women, the elderly, and children, supposedly from the perspective of a suffering civilian. The letter was published by Russian Reporter and RT a few days later with minor wording changes.

20170419 haring 3

Comparison of the letter sent from the “public representatives of the Donbass” to the Ukrainian government, with the original version sent to Surkov (left) and the version that was later posted online (right), after suggested edits.

Predictably, Kremlin officials have refuted the authenticity of these emails. However, cyber experts have pronounced these leaked emails genuine based on the routing information and some individuals have confirmed the authenticity of individual documents. The hackers published a nearly one-gigabyte Outlook data file that included the inbox, outbox, drafts, deleted email, spam, and other folders from [email protected] ’s account. While it is easy to fake screenshots, PDF documents, and other files, faking email inboxes is difficult. Within the email files, every message in the second trove of emails contains the same header information — where it originated, which servers it moved through, and so on—which indicates the messages are likely genuine. Using basic digital forensics, which involves uncovering and examining electronic evidence located on digital storage, including computers, cell phones, and networks, we can verify specific details in the emails, suggesting that the leaks are authentic. A majority of the emails are copied and pasted information from news articles, brief summaries of current events in Abkhazia, Moldova, South Ossetia, and Ukraine, and emails related to business developments in Russia. This high ratio of “uninteresting to interesting” bolsters the authenticity of the leaks because nearly all genuine email account hacks have a similar profile. In other words, political officials’ inboxes look much like the average person’s work inbox: full of schedules and routine briefings, with only a handful of incriminating emails. Surkov’s inbox follows this pattern.

In his own words, the Surkov leaks show that the Kremlin directs and funds the ostensibly independent republics in eastern Ukraine and runs military operations there. Yet nearly all media in the West speak about the war in the Donbas as being run by Kremlin-backed separatists, but this isn’t a true characterization. Moscow is actively guiding and managing this breakaway state, down to paying invoices for office equipment. The leaks provides clear, irrefutable evidence that the Donetsk People’s Republic is not an independent actor; it is a creature of the Kremlin and should be treated as such. It’s time for the media and foreign governments to catch up and call it what it is: a Russian hybrid war.

China is Charged With Control of North Korea, Bad Idea?

Posted on by

President Trump has conferred to Asian leaders over the matter of North Korea’s missile tests and the threats of a nuclear strike. Many conversations have been filling the phone wires that put President Xi of China in charge of handling Kim Jung Un. Okay, but can or will China do all that is necessary and will it resolve the threat of an escalated war in the region? The answer is unknown.

In part from FNC: U.S. commercial satellite images indicated increased activity around North Korea’s nuclear test site, while Kim has said that the country’s preparation for an ICBM launch is in its “final stage.”

South Korea’s Defense Ministry has said the North appears ready to conduct such “strategic provocations” at any time. South Korean Acting Prime Minister Hwang Kyo-ahn has instructed his military to strengthen its “immediate response posture” in case North Korea does something significant on the April 25 anniversary of its military. North Korea often marks significant dates by displaying military capability.

In a statement released late Friday, North Korea’s Foreign Ministry accused Trump of driving the region into an “extremely dangerous phase” with his sending of the aircraft carrier and said the North was ready to stand up against any kind of threated posed by the United States.

With typical rhetorical flourish, the ministry said North Korea “will react to a total war with an all-out war, a nuclear war with nuclear strikes of its own style and surely win a victory in the death-defying struggle against the U.S. imperialists.”

*** So, China appears to have taken some steps to send North Korea a message like refusing a coal shipment. But was that just a one off tactic? Cutting off oil and gasoline shipments…was that too yet another gesture by China? How about access to banking and ATM machines?

PYONGYANG, North Korea (AP) — No modern airport terminal is complete without an ATM, and Pyongyang’s now has two. But they don’t work — because of new Chinese sanctions, according to bank employees — and it’s not clear when they will.

ATMs are an alien enough concept in North Korea that those in the capital’s shiny new Sunan International Airport have a video screen near the top showing how they work and how to set up an account to use them. The explanatory video is in Korean, but the machines, which are meant primarily for Chinese businesspeople and tourists, don’t give out cash in the North Korean currency.

Humm right? But can we really trust China to go the distance to stop North Korea? I offer this answer…NO.

China has been angry with the United States over deploying the THAAD missile defense system in S. Korea. China is one of the largest know hacking networks in the world…remember that? Alright, how about this lil gem?

***

Researchers claim China trying to hack South Korea missile defense efforts

Deployment of THAAD upsets China, seen as espionage tool.

Sean Gallagher: Chinese government officials have been very vocal in their opposition to the deployment of the Terminal High-Altitude Air Defense (THAAD) system in South Korea, raising concerns that the anti-ballistic missile system’s sensitive radar sensors could be used for espionage. And according to researchers at the information security firm FireEye, Chinese hackers have transformed objection to action by targeting South Korean military, government, and defense industry networks with an increasing number of cyberattacks. Those attacks included a denial of service attack against the website of South Korea’s Ministry of Foreign Affairs, which the South Korean government says originated from China.

FireEye’s director of cyber-espionage analysis John Hultquist told the Wall Street Journal that FireEye had detected a surge in attacks against South Korean targets from China since February, when South Korea announced it would deploy THAAD in response to North Korean missile tests. The espionage attempts have focused on organizations associated with the THAAD deployment. They have included “spear-phishing” e-mails carrying attachments loaded with malware along with “watering hole” attacks that put exploit code to download malware onto websites frequented by military, government, and defense industry officials.

FireEye claims to have found evidence that the attacks were staged by two groups connected to the Chinese military. One, dubbed Tonto Team by FireEye, operates from the same region of China as previous North Korean hacking operations. The other is known among threat researchers as APT10, or “Stone Panda”—the same group believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. These groups have also been joined in attacks by two “patriotic hacking” groups not directly tied to the Chinese government, Hultquist told the Journal—including one calling itself “Denounce Lotte Group” targeting the South Korean conglomerate Lotte. Lotte made the THAAD deployment possible through a land swap with the South Korean government.

APT = Advanced Persistent Threat 10 refers to China as noted here with this summary which was found as early as 2009.  In part it includes:

“Operation Cloud Hopper” uses internet addresses also used by the threat actor known in the cybersecurity community as “APT10.” Using a combination of unique hacking tools and open source software, it has attempted to gather information about diplomatic and political organizations, as well as intellectual property, according to the report.

APT10 was identified in a 2013 report by FireEye detailing its use of the Poison Ivy family of malware, which the new report says ceased after FireEye revealed its findings. Also in 2013, FireEye identified APT1, which appears to be Unit 61398 of China’s People’s Liberation Army. The PwC-BAE report notes that the “Operation Cloud Hopper” attacks tend to occur during business hours in China.

Since 2009, APT10 has been observed to target mostly government and U.S. defense organizations, but now “has almost certainly been undertaking a global operation of unprecedented size and scale targeting a number of MSPs,” the report says.

CIA WikiLeaks Mole a Russian or Defector?

Posted on by

The truth is often stranger than fiction and when it does finally come out, the twists and turns to the stories are shocking. So, it has been announced that the FBI and CIA are on a full blown mole search investigation to determine who within or as a contractor to the CIA is loyal or on the payroll of a foreign rogue nation such as Russia.

Schindler at the Observer wrote and explained that the last major Soviet penetration of NSA during the Cold War was Ron Pelton, a former agency analyst who started selling secrets to the KGB in 1980. Pelton betrayed highly sensitive signals intelligence programs to Moscow and was convicted of espionage in 1986 after Vitaly Yurchenko, a KGB officer who temporarily defected to the United States, tipped off the FBI about an NSA source selling secrets to the Kremlin.

Image result for ron pelton espionage Quazoo

So, could it be Bernie Sanders? After all, he honeymooned in Yaroslavl, Soviet Union…not modern day Russia. Anyone hear of Evgeny Buryakov who is alleged to have attempted to recruit Carter Page an early advisor to Donald Trump? Could it be John Kerry himself as part of a larger plot for Russian cooperation over Syria or Iran? It is thought that the mole is an insider or contractor, yet who could pass thumb drives or envelops via dead drops?

None of the above is real or proven, it is just suggested to think out of the box as we are only restrained by our own limits of imagination. We had never heard of Edward Snowden either right?

*** What about those ‘Shadow Brokers’? One must understand the world of espionage and how it has adjusted due to the internet and global communications with encryption.

A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed a National Security Agency operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves “the Shadow Brokers” began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this month—a move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last year’s election-related hacks, but security experts say the Shadow Brokers’ attacks fit the pattern established by Russia’s GRU during its election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named “Guccifer 2.0.”

“I think there’s something going on between the U.S. and Russia that we’re just seeing pieces of,” said security technologist Bruce Schneier, chief technology officer at IBM Resilient. “What happens when the deep states go to war with each other and don’t tell the rest of us?”
The Shadow Brokers made their deubt in August, appearing out of nowhere to publish a set of secret hacking tools belonging to the “Equation Group”—the security industry’s name for the NSA’s elite Tailored Access Operations program, which penetrates foreign computers to gather intelligence. At that time, the Shadow Brokers claimed to be mercenary hackers trying to sell the NSA’s secrets to the highest bidder. But they went on to leak more files for free, seemingly timed with the public thrusts and parries between the Obama administration and the Russian government.

From the start, outside experts had little doubt that Russian intelligence was pulling the strings. “Circumstantial evidence and conventional wisdom indicates Russian responsibility,” exiled NSA whistleblower Edward Snowden tweeted last August. “Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the [Democratic National Committee] hack.”

The FBI started investigating, and in August agents arrested an NSA contractor named Hal Martin after discovering that Martin had been stockpiling agency secrets in his house for two decades. But even as Martin cooled his heels in federal custody, the Shadow Brokers continued to post messages and files.

Snowden and other experts speculated that the Russians obtained the code without the help of an insider. As a matter of tradecraft, intelligence agencies, including the NSA, secretly own, lease, or hack so-called staging servers on the public internet to launch attacks anonymously. By necessity, those machines are loaded up with at least some of the agency’s tools. Snowden theorized that the Russians penetrated one of those servers and collected an NSA jackpot. “NSA malware staging servers getting hacked by a rival is not new,” he wrote.
Whatever their origin, the leaks dried up on Jan. 12, when the Shadow Brokers announced their “retirement” 10 days before Donald Trump’s swearing-in. The group didn’t reemerge until this month, after the Syrian military’s deadly chemical-weapons attack in Ghouta. Reportedly moved by images of the Syrian children injured or killed in the attack, Trump responded by ordering the launch of 59 Tomahawk missiles at a Syrian government air base—departing drastically from the will of Putin, who considers Syrian President Bashar al-Assad a strategic ally.

The Russian government immediately condemned the U.S. response. Two days later, so did the Shadow Brokers. The group broke its months-long silence and released another tranche of NSA secrets along with a lengthy open letter to Trump protesting the Syrian missile strike. Abandoning any pretense of a profit motive, the Shadow Brokers claimed now to be disillusioned U.S. voters—“the peoples who getting you elected,” as they put in, using phrasing that holds dual meaning coming from a suspected Kremlin operation.

The Shadow Brokers have been playing hardball ever since. Their most recent release, on Friday, exposed the code for a sophisticated NSA toolkit targeting Windows machines, putting some of the agency’s capabilities, circa 2013, in the hands of every newbie hacker able to use a keyboard.

This time, the Shadow Brokers didn’t stop with code. For the first time in their short history, they also released internal NSA spreadsheets, documents, and slide decks, some bedecked with the insignia and “Top Secret” markings familiar to anyone who’s browsed the Snowden leaks.

The leak exposes in detail a 2013 NSA hacking operation called Jeep Flea Market that gained deep access to Dubai-based EastNets, a company that handles wire transfers for a number of Middle East banks, something of obvious interest to U.S. intelligence. (EastNets denies the breach.) But the Shadow Brokers exposed more than just an NSA operation. Metadata left in the files identified the full name of a 35-year-old NSA worker in San Antonio who was apparently involved in the hack. (The Daily Beast was unable to reach him for comment.)
NSA hackers don’t face the same danger as CIA officers working undercover in a foreign country, but the likelihood that Russia has begun exposing them by name, while linking them to specific operations, raises the stakes for the intelligence community. If nothing else, the San Antonio NSA worker could plausibly face criminal and civil charges in the United Arab Emirates, just as hackers working for Russian and Chinese intelligence have been indicted in the U.S.

It’s conceivable that the Shadow Brokers included the name by mistake. Groups like WikiLeaks and the journalists with the Snowden cache are accustomed to scrubbing identifying metadata from documents. But a less-experienced hand might overlook it. Schneier is doubtful. “If we’re assuming an intelligent and strategic actor, which I think we are, then you have to assume that they did that on purpose,” he said.

Nothing is certain; the Shadow Brokers are a puzzle with missing pieces. But Friday’s Shadow Brokers release obliterated one theory on the spot. The NSA would never have put classified spreadsheets and PowerPoint slides on a staging server. They could only have come from inside the NSA.

Which sets the stage for a revival of a storied Cold War intelligence ritual, with the declining agency morale that comes with it: the Russian mole hunt. “I think we’re most likely looking at someone who went rogue from within, or a contractor who had access to this information,” said Eric O’Neill, national-security strategist for Carbon Black. “Either way, we have someone in the intelligence community that’s a pretty high-placed spy.”

A former FBI surveillance specialist, in 2001 O’Neill helped bring down Robert Hannsen, a double agent in the bureau who’d been secretly spying for Russia. “The FBI must be scrambling right now,” he said. “There’s so many leaks going on: this leak, the CIA Vault7 leaks, and at the same time there’s the investigation into any administration ties to Russia, and the DNC intrusion, and all these leaks coming out of the White House. There’s only so much that the FBI’s national security agents can do.”

If Russia did have a mole inside the NSA in 2013, the most recent date of the documents, Schneier thinks it unlikely that it does now, or else the Shadow Brokers wouldn’t exist. “You only publish when it’s more useful as an embarrassment than as intelligence,” he said. “So if you have a human asset inside the NSA, you wouldn’t publish. That asset is too important.”

It’s also possible, though unprecedented in the public record, that Russia found a way into the NSA’s classified network. A competing theory focuses on the FBI’s early suspect, Hal Martin. He’s not the Shadow Brokers, but he reportedly worked in the NSA’s Tailored Access Operations program and had 50,000 gigabytes of classified material in his home. Might he himself have been hacked? Martin is charged in Maryland with 20 counts of willful retention of national defense information, but prosecutors have not made any accusation that his trove slipped into enemy hands.

As Snowden demonstrated when he walked out of the NSA with a thumb drive of secrets, it’s comparatively easy now to steal and smuggle classified information. But O’Neill says the FBI’s counterintelligence mission is easier too, because of the rampant audit trails and server logs in classified networks.

“It’s much easier getting the secrets out now, but on the flip side, it’s also easier for law enforcement and the FBI to track down who had access to the data,” he says. “I like to think this mole hunt is going to be a little easier than it was in the past.”

Until then, expect the Shadow Brokers to stick around. In their Friday dump, they hinted at more revelations this week: “Who knows what we having next time?”

*** WASHINGTON — Forget about spies. It’s rogue insiders that cause heartburn at U.S. intelligence agencies these days.

Few spy cases have broken in the past decade and a half. In contrast, a proliferation of U.S. intelligence and military insiders have gone rogue and spilled secrets to journalists or WikiLeaks, the anti-secrecy group.

The leaks are as damaging as any major spy case, perhaps more so. And they have underscored the ease of stealing secrets in the modern age, sometimes with a single stroke of a keyboard.

Since early March, WikiLeaks has published part of a trove of documents purportedly created by cyber units of the Central Intelligence Agency. WikiLeaks continues to upload the documents and hacking tools, dubbed Vault 7, to the internet for all to see.

For its part, a mysterious group that calls itself the Shadow Brokers has re-emerged and dumped a large catalog of stolen National Security Agency hacking tools on the internet, including evidence the agency had penetrated Middle Eastern banking networks.

“In the past, we’ve lost secrets to foreign adversaries,” retired Air Force Gen. Michael Hayden, a former director of both the CIA and the NSA, said in an interview. “Now we’ve got the self-motivated insider that is our most important counterintelligence challenge.”

Hayden cited the cases of Army Pfc. Chelsea Manning, convicted in 2013 for releasing three-quarters of a million classified or sensitive military and diplomatic documents to WikiLeaks. He also mentioned Edward Snowden, the former NSA contractor who shook public opinion with his disclosures to journalists in 2013 about U.S. surveillance practices. Hayden added the Vault 7 disclosures last month, which others presume were stolen by a contract employee at the CIA. Read more here.

 

 

 

CNN Reported Dossier Basis for Trump Surveillance, But…

Posted on by

The FBI last year used a dossier of allegations of Russian ties to Donald Trump’s campaign as part of the justification to win approval to secretly monitor a Trump associate, according to US officials briefed on the investigation.

The dossier has also been cited by FBI Director James Comey in some of his briefings to members of Congress in recent weeks, as one of the sources of information the bureau has used to bolster its investigation, according to US officials briefed on the probe.
This includes approval from the secret court that oversees the Foreign Intelligence Surveillance Act (FISA) to monitor the communications of Carter Page, two of the officials said. Last year, Page was identified by the Trump campaign as an adviser on national security. More here from CNN.
Okay, so everyone remains angry with James Comey right? Okay, well hold on….this could get complicated. We cant dismiss the notion that Obama and Susan Rice had a valid reason for their surveillance
actions, at least some as the below case was provided to the White House.
Enter Evigeniy Mikhailovich Bogachev.
Image result for evgeniy mikhailovich bogachev

U.S. v Evgeniy Mikhailovich Bogachev et al by Brian Ries on Scribd

Bogachev was a case from 2014 investigated by CrowdStrike and then later offered help to the FBI office in Omaha and later the FBI office in Pittsburgh finally after countless months, ran a global cyber operation and succeeded in stopping international bank thefts in the millions of dollars. Many Russian immigrants located in Brighton Beach were recruited to be mules going to domestic banks, opening accounts and later withdrawing funds, cleaning all traces of the stolen millions. It should be noted that CrowdStrike was the same firm the Hillary campaign hired to investigate intrusions.

Image result for evgeniy mikhailovich bogachev

Now it gets even more interesting.

The matter of Bogachev with his named operation of ‘Business Club’ and his global cyber operatives hacking with sophisticated bots, malware and remote servers came to the attention of the Russian Federation. They liked what the Bogachev Zeus operation had the ability to do. So, top Kremlin officials allowed the operation to continue without prosecution if they would work to gather intelligence on the global reaction to Putin annexing Crimea and moving in on Ukraine.

All of this came to the attention also of U.S. based private cyber professional where they studied the code, the IP addresses, the servers, the patterns, names and other common cyber traits. The DNC hack attributions are a dovetail to the ‘Business Club’ operation due to style, coding, networks, language and server locations.

In 2015, the Obama State Department issued sanctions and a $3 million dollar bounty on Bogachev who operated with the alias of ‘Slavik’. Russia of course is not only not cooperating but refuses to admit any such action was real and the evidence is not vetted. This is a usual response by top Russian officials.

An estimated $100 million was stolen via cyber operations by Slavik and computers infected with various versions of Zeus still exist while the FBI was able to seized all those known to their sting operation.

The FBI described the cyber sting operation as hand to hand combat with Bogachev and his operation on the Zeus case was deemed successful. It is unknown at this time who and where is he still operating. The summary of this operation was taken from the full article published by ‘Wired’ under the title ‘The Hunt for Russia’s Most Notorious Hacker’

Late last year, the DHS released a joint statement which read in part:

This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. Government and its citizens. These cyber operations have included spearphishing, campaigns targeting government organizations, critical infrastructure, think tanks, universities, political organizations, and corporations; theft of information from these organizations; and the recent public release of some of this stolen information.  In other countries, Russian intelligence services have also undertaken damaging and disruptive cyber-attacks, including on critical infrastructure, in some cases masquerading as third parties or hiding behind false online personas designed to cause victim to misattribute the source of the attack.  The Joint Analysis Report provides technical indicators related to many of these operations, recommended mitigations and information on how to report such incidents to the U.S. Government.

A great deal of analysis and forensic information related to Russian government activity has been published by a wide range of security companies.  The U.S. Government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of the activities generally described by a number of these security companies.  The Joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response.  The U.S. Government seeks to arm network defenders with the tools they need to identify,, detect and disrupt Russian malicious cyber activity that is targeting our country’s and our allies’ networks.