Allowing Kaspersky Labs in the U.S. Defies Logic

Germany next:Germany big target of cyber espionage and attacks: government report

Barack Obama’s sanction and executive order hardly went far enough on Russia. For Russian Laws and Regulations and Implications for Kaspersky Labs and certificates, go here.

Documents link Russian cybersecurity firm to spy agency

WASHINGTON — U.S. intelligence agencies have turned up the heat on Kaspersky Lab, the Moscow-based cybersecurity giant long suspected of ties to Russia’s spying apparatus.

Now, official Kremlin documents reviewed by McClatchy could further inflame the debate about whether the company’s relationship with Russian intelligence is more than rumor.

The documents are certifications issued to the company by the Russian Security Service, the spy agency known as the FSB.

Unlike the stamped approvals the FSB routinely issues to companies seeking to operate in Russia, Kaspersky’s include an unusual feature: a military intelligence unit number matching that of an FSB program.

“That strikes me as much more persuasive public evidence,” said Paul Rosenzweig, a former deputy secretary for policy at the Department of Homeland Security. “It makes it far more likely that much of the rumor and uncertainty about Kaspersky are true.”

For years, suspicions that Kaspersky is connected to Russia’s spying network have dogged the company, a leading global seller of anti-virus programs. Founder and CEO Eugene Kaspersky studied cryptography, programming and mathematics at an academy operated by the KGB, the FSB’s Soviet-era predecessor, and then worked for the Ministry of Defense.

Since he established the company, it has grown to serve more than 400 million users worldwide, according to its website, and is the largest software vendor in Europe. Its security software is also widely available in the United States.

U.S. agencies also use it, with Kaspersky a subcontractor on federal software contracts. The Democratic National Committee has also used the software, even after its emails were breached last summer by Russian hackers.

But during investigations into Russia’s meddling in last year’s U.S. elections, concerns have grown that Kaspersky software could somehow be used to launch a cyberattack on the U.S. electric grid or other critical infrastructure, such as railroads, airlines or water utilities. ABC News reported in May that the FBI warned industry leaders about those risks last year at a meeting confirmed by McClatchy.

One of Kaspersky’s certificates that carries a military intelligence unit number.
GREG GORDON/MCCLATCHY/TNS

In recent days, two events kept Kaspersky in the news: FBI agents fanned out to interview Russian Kaspersky employees based in the United States, and a Senate committee approved legislation to curb federal use of the company’s products.

Even so, no proof has ever been made public to refute the company’s denials that it has connections to Russian intelligence.

The documents obtained by McClatchy, however, could provide additional evidence that the clandestine FSB has a tight relationship with Kaspersky.

In a statement to McClatchy, the company did not directly address the reference to an FSB military unit number in several of its certificates dating to 2007. The certificates are posted on Kaspersky’s website.

Kaspersky said the FSB’s certification review “is quite similar to that of many countries,” including those of the European Union and the United States. It includes an analysis of the company’s source code “to ensure that undeclared functionality and security issues — like backdoors — do not exist,” the company said.

However, Russia’s certification reviews do not require the company to divulge “the necessary information to permit those (spy) organizations to bypass products’ security mechanisms,” Kaspersky said.

After this story was initially published, the company said it and other high-tech companies that seek to sell products to the Russian government receive their certifications from the Center for Information Protection and Special Communications, known by the FSB military unit number on Kaspersky’s certificates.

A former Western intelligence official who examined the documents for McClatchy described as “very unusual” the assignment of a military intelligence number on Kaspersky’s certificates.

In Russia’s closed society, the FSB retains the right to access any company’s data transmissions, and no firm is allowed to use encryption to block the intelligence agency’s intrusions, the former Western spy said.

Kenneth Geers, a former NATO expert who is a fellow at the Washington-based Atlantic Council, also reviewed the company’s FSB certificate.

Geers said he could not say with certainty the degree to which the documents show a connection between Kaspersky and the FSB.

But “the suggestion is that this is a government op (operation), a unit with a direct government affiliation,” he said.

“No one should be surprised if there are closer relationships between IT vendors and law enforcement, worldwide, than the public imagines,” Geers said.

Case in point: Whistleblower Edward Snowden revealed that American telecommunications companies shared vast amounts of personal data with the U.S. National Security Agency, where Geers once worked.

It’s possible, Geers said, that Kaspersky’s software contains a secret “backdoor” to allow Russian special services access for law enforcement and counterintelligence purposes.

“If such a secret backdoor exists, I would not be shocked,” Geers said. “A worldwide deployment of sensors may be too great a temptation for any country’s intelligence services to ignore.

“Kaspersky may also have been required by Russian authorities to participate in a quiet business partnership with the government,” he said.

A former CIA station chief in Moscow agreed that Kaspersky may have had little choice.

“These guys’ families, their well-being, everything they have is in Russia,” said Steve Hall, who later headed the agency’s Russian operations before retiring in 2015.

Kaspersky is “a Russian company,” Hall said. “Any time (Russian President Vladimir Putin) wants Kaspersky to do something — anything — he’ll remind them that’s where their families are and where their bank accounts are. There’s no doubt in my mind it could be, if it’s not already, under the control of Putin.”

Kaspersky has rejected any notion that it might be an intelligence front, citing its years of delivering quality products.

“As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts,” Eugene Kaspersky said in May during an “Ask Me Anything” session on the website Reddit.

Many cyber experts, including those with federal government backgrounds, have praised the quality of Kaspersky software. The company also has a record of exposing cyberattacks, including the U.S. government’s Stuxnet attack that disabled Iran’s nuclear weapons development even though the Iranian equipment wasn’t connected to the Internet.

But several other experts said they were “not shocked” by the disclosure of the language in Kaspersky’s FSB certificate.

“It is common view around the intelligence community that (Kaspersky) is treated (by the Kremlin) like an arm of the Russian government,” said a former Obama administration cyber official, who asked for anonymity because of the sensitivity of the matter.

Kaspersky has attracted an unwanted spotlight lately in the Justice Department’s investigation headed by special counsel Robert Mueller into whether the Kremlin colluded with President Donald Trump’s 2016 campaign.

At a Senate Intelligence Committee hearing in May, Sens. Marco Rubio, R-Fla., and Joe Manchin, D-W.Va., raised concerns about Kaspersky.

Rubio asked of intelligence agency chiefs, “Would any of you be comfortable with the Kaspersky Lab software on your computers?”

Before him were, among others, the leaders of the FBI, CIA and the National Security Agency.

Each said “no.”

The FBI interviews of Kaspersky employees were conducted June 27, after disclosures that the company paid retired Army Lt. Gen. Michael Flynn more than $11,000 in consulting fees last fall before he began a short-lived stint as Trump’s national security adviser.

The day after the interviews, the Senate Armed Service Committee approved legislation that would bar the Pentagon from buying Kaspersky products.

“The ties between Kaspersky Lab and the Kremlin are very alarming,” said Sen. Jeanne Shaheen, D-N.H. “This has led to a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure, particularly computer systems vital to our nation’s security.”

Her amendment to the defense authorization bill prohibiting Pentagon purchase of the software as of October 2018 won overwhelming approval.

If the amendment becomes law, there could be consequences, a Russian news agency reported. It quoted a top Kremlin communications official, Nikolai Nikiforov, as warning that if the United States freezes out Kaspersky, Putin’s government could not rule out retaliation.

The FBI declined to comment. But the bureau has long suspected that some of Kaspersky’s American-based employees were engaging in intelligence activities, said a U.S. government official, who declined to be identified because of the sensitivity of the matter.

Federal agencies have at least 20 contracts in which Kaspersky products are used. The General Services Administration makes them available on an approved product list for much of the government.

CDW, a top government tech contractor that has provided Kaspersky software and maintenance through four contracts with the Consumer Safety Product Commission (as recently as May 23), declined to say whether it plans to continue offering Kaspersky software.

Dell, the giant computer manufacturer, offers Kaspersky in many of its products. The company did not respond to a request for comment.

So why do federal agencies still use Kaspersky software if there has been such uneasiness about it inside national security circles?

“Under acquisition rules, it is very difficult for an agency to rely on classified information in order to make purchasing decisions,” said J. Michael Daniel, White House cybersecurity coordinator during the Obama administration.

“A lot of acquisition officers didn’t seek out that information because they couldn’t use it in the decision-making process,” said Daniel, now president of the Cyber Threat Alliance, a group committed to improving cyber defenses.

The U.S. intelligence community’s conclusion that Russian cyber operatives pirated thousands of emails from the Democratic National Committee beginning in 2015 helped trigger the inquiries into possible Kremlin interference in the election.

But two months after the DNC disclosed that its servers had been hacked — in an apparent attempt to help prevent further intrusions — the party purchased Kaspersky software on Aug. 25, 2016, for $137.46, according to Federal Election Commission records. It was the only federal political committee that reported buying Kaspersky software in the 2016 cycle, according to FEC records.

A DNC spokesman did not respond to a request for comment.

For its part, the company publishes a blog that advises consumers about computer viruses. The U.S. government official said, though, that in the past Kaspersky has aroused suspicions as to why it warns about some computer bugs but not others.

The firm’s presence has become so embedded in the U.S. economy that the company sponsors a Ferrari Formula One racing team, robotic competitions for children and is among the corporate sponsors of an upcoming conference of the National Conference of State Legislatures.

“They have a big public relations wing,” said the U.S. government official who spoke on condition of anonymity. “They’re fully aware they’re under the microscope.”

Investigating the Other Collusion Case

Seems it at least began in 2015, long before Donald Trump was campaigning for the Oval Office.

Also, as an aside, John Podesta is testifying before the House Intelligence Committee next week. He too has financial ties to Moscow operations.

The Vnesheconombank is Russian owned and has been under a sanctions architecture due to the annexing of Crimea. In Russia, by law, the bank’s board chairman is the Prime Minister of Russia. Vladimir Putin increased leading when he became the bank’s chairman in 2008. Now precisely why is Russia investing at all in the United States in the first place? Well soft power and doing business with the Export Import Bank, an agency that is corrupt to the core. Further, Sergei Gorkov is head of the bank and is is/was a Russian spy.

Image result for Vnesheconombank  ABC

BusinessInsider:The U.S. Treasury has added a bunch of entities to its Russia sanctions list, including a sovereign wealth fund that used to be connected to some pretty high-profile U.S. billionaires.

The Treasury’s Office of Foreign Assistance Control on Thursday added The Russian Direct Investment Fund to the list, along with a number of entities linked to RDIF parent Vnesheconombank and energy giant Rosneft.

Vnesheconombank was first sanctioned last year, but RDIF hadn’t been explicitly targeted until the announcement on Thursday.

Private equity moguls Steve Schwarzman of Blackstone, David Bonderman of TPG, and Leon Black of Apollo Global Management all served as board members for RDIF when it was established in 2011, according to a press release at the time.

At some point, those names were removed from the RDIF website.

The Wall Street Journal first reported that the investors’ names had disappeared from the site in September 2014, but said that they still served on the board at that time. There are currently no names listed on the international advisory board on RDIF’s website.

Back in 2011, each board member issued statements about joining the board. Here are some highlights:

“We believe there are many attractive investment opportunities in Russia — the RDIF will provide the strong and experienced local partnership needed for investors to realize those opportunities.” — David Bonderman

“Russia has strong fundamentals that will continue to fuel its growth trajectory and offer attractive investment opportunities. We believe the Russia Direct Investment Fund will help further align U.S. and Russian objectives in terms of identifying paths toward partnership in the private sector.” — Leon Black

“It’s always good to have friends when you are going to a place that you are not as familiar with.”  — Stephen Schwarzman

Bonderman has spoken publicly about investing in the country in recent months, telling an audience at the Milken Global Conference this year that the Russian market remains attractive, according to a report by CNN Money.

He is quoted as saying: “Sanctions are perfectly set up not to work at all but to make a political statement.”

Spokespeople for Blackstone and TPG declined to comment. Apollo could not be reached for comment.

A spokesperson for the Russian Direct Investment Fund said: “For Vnesheconombank subsidiaries the new clarification by the US Department of the Treasury is essentially a technical repetition of sanctions imposed a year ago, which targeted a number of Russian companies including Vnesheconombank and its subsidiaries.

“Given the nature of the Fund’s activity, RDIF has never attracted financing in the USA, it invests its own funds. Since the introduction of sanctions last year RDIF has continued to invest into the Russian economy and build new international partnerships.”

So what you ask?

Image result for sergei gorkov Sergei Gorkov

Well due to sanctions, those on the Trump campaign team, transition team and now in the White House may have violated sanctions. If so, the reason would be why, to what end and how many may be involved? It should also be added that many Republicans have ties to Russians and oligarchs, not all is as it seems. We can only hope, while not knowing details, the Senate is also investigating Hillary Clinton in much the same condition. Yet as Secretary of State, Hillary and Obama had the ability to sign waivers to finesse sanctions. This was likely the case between Hillary and the Kremlin regarding Skolkovo.

Remember, don’t shoot the messenger. Furthermore, it seems some on the Senate committee are leaking too.

Senate investigators are examining the activities of a little-known $10-billion Russian investment fund whose chief executive met with a member of President Donald Trump’s transition team four days before Trump’s inauguration, a congressional source told CNN.

The source said the Senate intelligence committee is investigating the Russian fund in connection with its examination of discussions between White House adviser Jared Kushner and the head of a prominent Russian bank. The bank, Vnesheconombank, or VEB, oversees the fund, which has ties to several Trump advisers. Both the bank and the fund have been covered since 2014 by sanctions restricting U.S. business dealings.
Separately, Steve Mnuchin, now Treasury Secretary, said in a January letter that he would look into the Jan. 16 meeting between the fund’s chief executive and Anthony Scaramucci, a member of the transition team’s executive committee and a fundraiser and adviser for Trump’s presidential campaign. At the time, Mnuchin had not yet been confirmed as Treasury Secretary. The Treasury Department did not respond to a request for an update.
Two Democratic senators had asked Treasury to investigate whether Scaramucci promised to lift sanctions — a policy shift that would help the fund attract more international investment to Russia.
The questions draw attention to the Russian Direct Investment Fund, a government investment arm that has helped top U.S. private-equity firms invest in Russia and that was advised by Stephen Schwarzman, who is now chairman of Trump’s Strategic and Policy Forum, an advisory group of business leaders.
Schwarzman, chief executive officer of Blackstone Group, was named in 2011 to the fund’s International Advisory Board along with other leaders of major equity companies and sovereigh-wealth funds who reviewed the fund’s operations, plans and potential investments. Schwarzman declined to comment. A source close to him said Schwarzman has not spoken to anyone on the fund “for some time.”
The fund also worked with Goldman Sachs, whose former president Gary Cohn is Trump’s chief economic adviser and where Kirill Dmitriev, the fund’s chief executive, worked as an investment banker in the 1990s. Goldman was part of a consortium created in 2012 to invest in large Russian businesses preparing to go public, and was hired in 2013 to burnish Russia’s investment image. The company declined to comment.

‘I would reach out to people to help him”

Senate and House investigators are looking into various Russian entities to determine whether anyone connected to the Trump campaign helped Russians as they meddled in the 2016 presidential election, and whether Trump associates discussed sanctions with Russian officials.
The congressional inquiries, along with a criminal investigation by special counsel Robert S. Mueller, have shadowed the Trump administration. Trump has denied any connection to Russia’s election-meddling, calling the criminal probe “a witch hunt.”
Scaramucci, the founder of SkyBridge Capital, minimized his January meeting with Dmitriev in the resort town of Davos, Switzerland, at the celebrated annual gathering of the World Economic Forum. Scaramucci had met Dmitriev at previous Davos meetings, although at the gathering in January, Scaramucci was expecting to be named White House liaison to the business community.
Dmitriev “came over to say hello in a restaurant, and I was cordial,” Scaramucci said in a recent email to CNN. “There is nothing there.”
The day after the meeting, Scaramucci told Bloomberg TV that he had “as a private citizen” been working with Dmitriev on bringing a delegation of executives to Russia.
“What I said to him last night, in my capacity inside the administration, I would certainly reach out to some people to help him,” Scaramucci said before describing a thicket of ethical clearances he would face. “The idea was many months ago to have more outreach with Russia but also other countries, not just Russia. China, other countries.”
Scaramucci’s comments alarmed Democratic Senators Elizabeth Warren of Massachusetts and Ben Cardin of Maryland, who asked Mnuchin investigate whether Scaramucci sought to “facilitate prohibited transactions” or promised to waive or lift sanctions against Russia.
In a reply Jan. 30, before he was sworn in, Mnuchin said he would “ensure the appropriate Department components assess whether further investigation of this matter is warranted.”
A spokeswoman for the Russian fund said the two men did not discuss sanctions, and that the discussion itself did not violate sanctions that U.S. imposed in 2014 after Russia annexed part of neighboring Ukraine. The spokeswoman declined to describe the conversation, saying, “We do not comment on private meetings.”

An advocate for lifting sanctions

Since Trump’s election, Dmitriev has been one of Russia’s most vocal officials in calling for an end to U.S. sanctions and arguing that joint U.S.-Russia projects can create jobs in the United States.
The fund hired two U.S. lobbying firms in September 2014, after sanctions were imposed, paying them a combined $150,000 over two months for public relations work. The fund has not hired any lobbyists since then.
With a history of helping U.S. manufacturers and asset management companies invest in Russia, the fund is a logical starting point for Russia’s push to lift U.S. sanctions, former State Department chief economist Rodney Ludema said.
“If you’re going to get your nose under the tent, that’s a good place to start,” said Ludema, a Georgetown University economics professor. “I’m sure their objective is to get rid of all the sanctions against the financial institutions. But RDIF is one [sanctioned organizations] where a number of prominent U.S. investors have been involved.”
Scaramucci also questioned U.S. sanctions while he was in Davos and echoed Trump’s statements about improving relations with Russia.
Two weeks after the meeting between Scaramucci and Dmitriev, when President Trump spoke by phone to Russian President Vladimir Putin, the fund announced it would open an office in New York in May.
No New York office has been opened but the fund “still expects to open a representative office in the US this year,” the spokeswoman said.

 

 

Kislyak’s Party, Sanctions and 39 U.S. States

Yup, it IS Russia, Russia, Russia. Why because Putin’s playbook is working and so many in America are useful dupes and unwitting accomplices. Does that include you?

Well it does include U.S. diplomats attending a party hosted by Russian Ambassador Sergei Kislyak for the sake of photos and social media. Were you there Monday night? It was a propaganda operation that included Russian intelligence officials as well.

Image result for russian embassy washington dc

Embattled Russian diplomat Sergey Kislyak played host to Washington insiders and diplomats at the Russian Embassy Monday night, greeting guests one-by-one in a long receiving line at the embassy in honor of Russia Day. Attendees were encouraged to pose for photos with signs that said “I love Russia” and post them on Facebook, Instagram and other social networks.

The frayed U.S.-Russia relationship was clearly on the embassy’s mind as they handed out a pamphlet highlighting the two countries’ close relationship. On the cover: “As an American, I love Russia – friend of Washington and Lincoln.” At the top of the second page, there was this: “As an American, I love Russia because if not for Russia, there may not have been a United States of America.”

Meanwhile, many Senators came together in a bipartisan fashion for a major piece of legislation on sanctions against Russia.

The Senate has clinched a wide-ranging bipartisan agreement to slap new financial penalties on Russia and limit President Trump’s ability to lift sanctions without giving Congress a chance to weigh in.

“It’s as comprehensive as we could make it, and it’s going to be a very good piece of legislation,”

The agreement imposes new sanctions including “malicious cyber activity” on behalf of Moscow, individuals supplying weapons to Syrian President Bashar Assad’s government or individuals tied to Russia’s intelligence and defense sectors. More here.

So, how bad was this hacking/phishing scheme launched by Russia? Much wider than previously know. Some explain all this to Tucker Carlson.

Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known

Bloomberg: Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step — complaining directly to Moscow over a modern-day “red phone.” In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict.

The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling.

“They’re coming after America,” Comey told the Senate Intelligence Committee investigating Russian interference in the election. “They will be back.”

A spokeswoman for the Federal Bureau of Investigation in Washington declined to comment on the agency’s probe.

Kremlin Denials

Russian officials have publicly denied any role in cyber attacks connected to the U.S. elections, including a massive “spear phishing” effort that compromised Hillary Clinton’s campaign and the Democratic National Committee, among hundreds of other groups. President Vladimir Putin said in recent comments to reporters that criminals inside the country could have been involved without having been sanctioned by the Russian government.

One of the mysteries about the 2016 presidential  election is why Russian intelligence, after gaining access to state and local systems, didn’t try to disrupt the vote. One possibility is that the American warning was effective. Another former senior U.S. official, who asked for anonymity to discuss the classified U.S. probe into pre-election hacking, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America’s disparate voting systems spread across more than 7,000 local jurisdictions.

***

Such operations need not change votes to be effective. In fact, the Obama administration believed that the Russians were possibly preparing to delete voter registration information or slow vote tallying in order to undermine confidence in the election. That effort went far beyond the carefully timed release of private communications by individuals and parties.

One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge of U.S. voting systems before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks.

Secure Channel

As the first test of a communication system designed to de-escalate cyber conflict between the two countries, the cyber “red phone” — not a phone, in fact, but a secure messaging channel for sending urgent messages and documents — didn’t quite work as the White House had hoped. NBC News first reported that use of the red phone by the White House last December.

The White House provided evidence gathered on Russia’s hacking efforts and reasons why the U.S. considered it dangerously aggressive. Russia responded by asking for more information and providing assurances that it would look into the matter even as the hacking continued, according to the two people familiar with the response.

“Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure,” said Eric Schultz, a spokesman for former President Barack Obama. “Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses.”

Illinois Database

Illinois, which was among the states that gave the FBI and the Department of Homeland Security almost full access to investigate its systems, provides a window into the hackers’ successes and failures.

In early July 2016, a contractor who works two or three days a week at the state board of elections detected unauthorized data leaving the network, according to Ken Menzel, general counsel for the Illinois board of elections. The hackers had gained access to the state’s voter database, which contained information such as names, dates of birth, genders, driver’s licenses and partial Social Security numbers on 15 million people, half of whom were active voters. As many as 90,000 records were ultimately compromised.

But even if the entire database had been deleted, it might not have affected the election, according to Menzel. Counties upload records to the state, not the other way around, and no data moves from the database back to the counties, which run the elections. The hackers had no way of knowing that when they attacked the state database, Menzel said.

The state does, however, process online voter registration applications that are sent to the counties for approval, Menzel said. When voters are added to the county rolls, that information is then sent back to the state and added to the central database. This process, which is common across states, does present an opportunity for attackers to manipulate records at their inception.

Patient Zero

Illinois became Patient Zero in the government’s probe, eventually leading investigators to a hacking pandemic that touched four out of every five U.S. states.

Using evidence from the Illinois computer banks, federal agents were able to develop digital “signatures” — among them, Internet Protocol addresses used by the attackers — to spot the hackers at work.

The signatures were then sent through Homeland Security alerts and other means to every state. Thirty-seven states reported finding traces of the hackers in various systems, according to one of the people familiar with the probe. In two others — Florida and California — those traces were found in systems run by a private contractor managing critical election systems.

(An NSA document reportedly leaked by  Reality Winner, the 25-year-old government contract worker arrested last week, identifies the Florida contractor as VR Systems, which makes an electronic voter identification system used by poll workers.)

In Illinois, investigators also found evidence that the hackers tried but failed to alter or delete some information in the database, an attempt that wasn’t previously reported. That suggested more than a mere spying mission and potentially a test run for a disruptive attack, according to the people familiar with the continuing U.S. counterintelligence inquiry.

States’ Response

That idea would obsess the Obama White House throughout the summer and fall of 2016, outweighing worries over the DNC hack and private Democratic campaign emails given to

Wikileaks and other outlets, according to one of the people familiar with those conversations. The Homeland Security Department dispatched special teams to help states strengthen their cyber defenses, and some states hired private security companies to augment those efforts.

In many states, the extent of the Russian infiltration remains unclear. The federal government had no direct authority over state election systems, and some states offered limited cooperation. When then-DHS Secretary Jeh Johnson said last August that the department wanted to declare the systems as national critical infrastructure — a designation that gives the federal government broader powers to intervene — Republicans balked. Only after the election did the two sides eventually reach a deal to make the designation.

Relations with Russia remain strained. The cyber red phone was announced in 2011 as a provision in the countries’ Nuclear Risk Reduction Centers to allow urgent communication to defuse a possible cyber conflict. In 2008, what started during the Cold War as a teletype messaging system became a secure system for transferring messages and documents over fiber-optic lines.

After the Obama administration transmitted its documents and Russia asked for more information, the hackers’ work continued. According to the leaked NSA document, hackers working for Russian military intelligence were trying to take over the computers of 122 local election officials just days before the Nov. 8 election.

While some inside the Obama administration pressed at the time to make the full scope of the Russian activity public, the White House was ultimately unwilling to risk public confidence in the election’s integrity, people familiar with those discussions said.

 

 

 

 

 

 

Moscow’s Igor Sergun: Cong. Rohrabacher to your ‘Like Button’

One part of this Moscow mess began in 2012, when the FBI held a private session with Congressman Dana Rohrahacher, (CA), Mike Rogers, Michigan, and according to one former official, Representative C. A. Dutch Ruppersberger, telling them they were the targets of Russian influence and possible targets of recruiting.

Of note, Igor Sergun died in January of 2016, but his operations were already underway.

Image result for igor sergun

Sergun is credited as an important figure in the renaissance of the GRU, which had suffered deep staff and budget cuts prior to his arrival. Under Sergun, the agency regained political power within the Russian government as well as control over the Spetsnaz special forces, making it “crucial in the seizure of Crimea and operations in the Donbas,” as well as “as the lead agency for dealing with violent non-state actors.”

Perhaps the United States should take a hard look at the actions Ukraine has taken regarding Russian intrusion.

Poroshenko this week ordered Ukrainian Internet providers to block Vkontakte and Odnoclassniki. The sites are similar to Facebook and are two of the most popular social networking sites in the former Soviet space.

More than 25 million Ukrainians, in a country of about 43 million people, use the Russian sites to connect with friends, join groups and use the online messaging systems.

Poroshenko said the new restrictions were necessary to further protect Ukraine from Kremlin hybrid warfare, including disinformation campaigns, propaganda and military attacks. The two neighbors and former Soviet republics have been embroiled in a brutal, three-year war that has killed more than 10,000 people and displaced about 1.7 million eastern Ukrainians.

Supporters of the ban said it would also protect Ukrainians from the Russian security services’ ability to monitor and gather metadata from the sites’ users. Ukrainian government officials said the sites are closely monitored by Russia’s FSB, the successor agency to the KGB. More here from LATimes.

One must take the time to see the evidence the domestic intelligence agencies and private cyber companies along with data analysis experts are uncovering and studying. Further, since we citizens cannot attend meetings, some in classified settings that are held in Congress and we don’t get any information from the investigations, there are some interviews with professionals that are sounding the alarm bells.

Are you sick of Russia and hearing about Putin? Sure you are, but so is our government and other global leaders, rightly so. You are going to have to understand some facts and buckle in….there is more to come. Until the United States crafts a policy, decides on responses and pass legislation, Russia has nothing to stop their actions. What actions?

In part from Time: On March 2, a disturbing report hit the desks of U.S. counterintelligence officials in Washington. For months, American spy hunters had scrambled to uncover details of Russia’s influence operation against the 2016 presidential election. In offices in both D.C. and suburban Virginia, they had created massive wall charts to track the different players in Russia’s multipronged scheme. But the report in early March was something new.

It described how Russia had already moved on from the rudimentary email hacks against politicians it had used in 2016. Now the Russians were running a more sophisticated hack on Twitter. The report said the Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department. Depending on the interests of the targets, the messages offered links to stories on recent sporting events or the Oscars, which had taken place the previous weekend. When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow’s hackers to take control of the victim’s phone or computer–and Twitter account.

As they scrambled to contain the damage from the hack and regain control of any compromised devices, the spy hunters realized they faced a new kind of threat. In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States? At any given moment, perhaps during a natural disaster or a terrorist attack, Pentagon Twitter accounts might send out false information. As each tweet corroborated another, and covert Russian agents amplified the messages even further afield, the result could be panic and confusion.

***

Americans generate a vast trove of data on what they think and how they respond to ideas and arguments–literally thousands of expressions of belief every second on Twitter, Facebook, Reddit and Google. All of those digitized convictions are collected and stored, and much of that data is available commercially to anyone with sufficient computing power to take advantage of it.

That’s where the algorithms come in. American researchers have found they can use mathematical formulas to segment huge populations into thousands of subgroups according to defining characteristics like religion and political beliefs or taste in TV shows and music. Other algorithms can determine those groups’ hot-button issues and identify “followers” among them, pinpointing those most susceptible to suggestion. Propagandists can then manually craft messages to influence them, deploying covert provocateurs, either humans or automated computer programs known as bots, in hopes of altering their behavior.

That is what Moscow is doing, more than a dozen senior intelligence officials and others investigating Russia’s influence operations tell TIME. The Russians “target you and see what you like, what you click on, and see if you’re sympathetic or not sympathetic,” says a senior intelligence official. Whether and how much they have actually been able to change Americans’ behavior is hard to say. But as they have investigated the Russian 2016 operation, intelligence and other officials have found that Moscow has developed sophisticated tactics.

In May 2016, a Russian military intelligence officer bragged to a colleague that his organization, known as the GRU, was getting ready to pay Clinton back for what President Vladimir Putin believed was an influence operation she had run against him five years earlier as Secretary of State. The GRU, he said, was going to cause chaos in the upcoming U.S. election.

What the officer didn’t know, senior intelligence officials tell TIME, was that U.S. spies were listening. They wrote up the conversation and sent it back to analysts at headquarters, who turned it from raw intelligence into an official report and circulated it. But if the officer’s boast seems like a red flag now, at the time U.S. officials didn’t know what to make of it. “We didn’t really understand the context of it until much later,” says the senior intelligence official. Investigators now realize that the officer’s boast was the first indication U.S. spies had from their sources that Russia wasn’t just hacking email accounts to collect intelligence but was also considering interfering in the vote. Like much of America, many in the U.S. government hadn’t imagined the kind of influence operation that Russia was preparing to unleash on the 2016 election. Fewer still realized it had been five years in the making.

Putin publicly accused then Secretary of State Clinton of running a massive influence operation against his country, saying she had sent “a signal” to protesters and that the State Department had actively worked to fuel the protests. The State Department said it had just funded pro-democracy organizations. Former officials say any such operations–in Russia or elsewhere–would require a special intelligence finding by the President and that Barack Obama was not likely to have issued one.

After his re-election the following year, Putin dispatched his newly installed head of military intelligence, Igor Sergun, to begin repurposing cyberweapons previously used for psychological operations in war zones for use in electioneering. Russian intelligence agencies funded “troll farms,” botnet spamming operations and fake news outlets as part of an expanding focus on psychological operations in cyberspace.

One particularly talented Russian programmer who had worked with social media researchers in the U.S. for 10 years had returned to Moscow and brought with him a trove of algorithms that could be used in influence operations. He was promptly hired by those working for Russian intelligence services, senior intelligence officials tell TIME. “The engineer who built them the algorithms is U.S.-trained,” says the senior intelligence official.

Soon, Putin was aiming his new weapons at the U.S. Following Moscow’s April 2014 invasion of Ukraine, the U.S. considered sanctions that would block the export of drilling and fracking technologies to Russia, putting out of reach some $8.2 trillion in oil reserves that could not be tapped without U.S. technology. As they watched Moscow’s intelligence operations in the U.S., American spy hunters saw Russian agents applying their new social media tactics on key aides to members of Congress. Moscow’s agents broadcast material on social media and watched how targets responded in an attempt to find those who might support their cause, the senior intelligence official tells TIME. “The Russians started using it on the Hill with staffers,” the official says, “to see who is more susceptible to continue this program [and] to see who would be more favorable to what they want to do.”

Finish reading this remarkable report here. There is much more detail, including cyber operations, candidates, analysis and concocted political scandals. If one wonders why there is yet no evidence presented yet by the FBI and what the members of Congress are told, you now have a clue. This investigative process is a very long one and attributions as well as analysis is cumbersome and heavy on expert resources.

 

 

 

Comey’s FBI and Operation ‘Midyear’ on Hillary

 Loretta_Lynch_and_Bill_Clinton_meet_in_P_0_41315067_ver1.0_640_480

Primer: This summary places events in a timeline and context. There are some additional details and the text appears to be fair. Further, when Loretta Lynch refers to the investigation as a ‘matter’, it for the most parts tells us all we need to know.

Comey Tried to
Shield the F.B.I. From
Politics. Then He
Shaped an Election.

As the F.B.I. investigated Hillary Clinton and the Trump
campaign, James B. Comey tried to keep the bureau out
of politics but plunged it into the center of a bitter election.

New York Times/WASHINGTON — The day before he upended the 2016 election, James B. Comey, the director of the Federal Bureau of Investigation, summoned agents and lawyers to his conference room. They had been debating all day, and it was time for a decision.

Mr. Comey’s plan was to tell Congress that the F.B.I. had received new evidence and was reopening its investigation into Hillary Clinton, the presidential front-runner. The move would violate the policies of an agency that does not reveal its investigations or do anything that may influence an election. But Mr. Comey had declared the case closed, and he believed he was obligated to tell Congress that had changed.

“Should you consider what you’re about to do may help elect Donald Trump president?” an adviser asked him, Mr. Comey recalled recently at a closed meeting with F.B.I. agents.

He could not let politics affect his decision, he replied. “If we ever start considering who might be affected, and in what way, by what we do, we’re done,” he told the agents.

But with polls showing Mrs. Clinton holding a comfortable lead, Mr. Comey ended up plunging the F.B.I. into the molten center of a bitter election. Fearing the backlash that would come if it were revealed after the election that the F.B.I. had been investigating the next president and had kept it a secret, Mr. Comey sent a letter informing Congress that the case was reopened.

For Mr. Comey, keeping the F.B.I. out of politics is such a preoccupation that he once said he would never play basketball with President Barack Obama because of the appearance of being chummy with the man who appointed him. But in the final months of the presidential campaign, the leader of the nation’s pre-eminent law enforcement agency shaped the contours, if not the outcome, of the presidential race by his handling of the Clinton and Trump-related investigations.

An examination by The New York Times, based on interviews with more than 30 current and former law enforcement, congressional and other government officials, found that while partisanship was not a factor in Mr. Comey’s approach to the two investigations, he handled them in starkly different ways. In the case of Mrs. Clinton, he rewrote the script, partly based on the F.B.I.’s expectation that she would win and fearing the bureau would be accused of helping her. In the case of Mr. Trump, he conducted the investigation by the book, with the F.B.I.’s traditional secrecy. Many of the officials discussed the investigations on the condition of anonymity because they were not authorized to speak to reporters.

Mr. Comey made those decisions with the supreme self-confidence of a former prosecutor who, in a distinguished career, has cultivated a reputation for what supporters see as fierce independence, and detractors view as media-savvy arrogance.

The Times found that this go-it-alone strategy was shaped by his distrust of senior officials at the Justice Department, who he and other F.B.I. officials felt had provided Mrs. Clinton with political cover. The distrust extended to his boss, Loretta E. Lynch, the attorney general, who Mr. Comey believed had subtly helped play down the Clinton investigation.

His misgivings were only fueled by the discovery last year of a document written by a Democratic operative that seemed — at least in the eyes of Mr. Comey and his aides — to raise questions about her independence. In a bizarre example of how tangled the F.B.I. investigations had become, the document had been stolen by Russian hackers.

The examination also showed that at one point, President Obama himself was reluctant to disclose the suspected Russian influence in the election last summer, for fear his administration would be accused of meddling.

Mr. Comey, the highest-profile F.B.I. director since J. Edgar Hoover, has not squarely addressed his decisions last year. He has touched on them only obliquely, asserting that the F.B.I. is blind to partisan considerations. “We’re not considering whose ox will be gored by this action or that action, whose fortune will be helped,” he said at a public event recently. “We just don’t care. We can’t care. We only ask: ‘What are the facts? What is the law?’”

But circumstances and choices landed him in uncharted and perhaps unwanted territory, as he made what he thought were the least damaging choices from even less desirable alternatives.

“This was unique in the history of the F.B.I.,” said Michael B. Steinbach, the former senior national security official at the F.B.I., who worked closely with Mr. Comey, describing the circumstances the agency faced last year while investigating both the Republican and Democratic candidates for president. “People say, ‘This has never been done before.’ Well, there never was a before. Or ‘That’s not normally how you do it.’ There wasn’t anything normal about this.”

‘Federal Bureau of Matters’

Attorney General Loretta E. Lynch and Mr. Comey during a news conference in Brooklyn in May 2015. Both had been federal prosecutors in New York, Mr. Comey in Manhattan and Ms. Lynch in Brooklyn. Credit Sam Hodgson for The New York Times 

The F.B.I.’s involvement with Mrs. Clinton’s emails began in July 2015 when it received a letter from the inspector general for the intelligence community.

The letter said that classified information had been found on Mrs. Clinton’s home email server, which she had used as secretary of state. The secret email setup was already proving to be a damaging issue in her presidential campaign.

Mr. Comey’s deputies quickly concluded that there was reasonable evidence that a crime may have occurred in the way classified materials were handled, and that the F.B.I. had to investigate. “We knew as an organization that we didn’t have a choice,” said John Giacalone, a former mob investigator who had risen to become the F.B.I.’s top national security official.

On July 10, 2015, the F.B.I. opened a criminal investigation, code-named “Midyear,” into Mrs. Clinton’s handling of classified information. The Midyear team included two dozen investigators led by a senior analyst and by an experienced F.B.I. supervisor, Peter Strzok, a former Army officer who had worked on some of the most secretive investigations in recent years involving Russian and Chinese espionage.

There was controversy almost immediately.

Responding to questions from The Times, the Justice Department confirmed that it had received a criminal referral — the first step toward a criminal investigation — over Mrs. Clinton’s handling of classified information.

But the next morning, the department revised its statement.

“The department has received a referral related to the potential compromise of classified information,” the new statement read. “It is not a criminal referral.”

The Justice Department knew a criminal investigation was underway, but officials said they were being technically accurate about the nature of the referral. Some at the F.B.I. suspected that Democratic appointees were playing semantic games to help Mrs. Clinton, who immediately seized on the statement to play down the issue. “It is not a criminal investigation,” she said, incorrectly. “It is a security review.”

In September of that year, as Mr. Comey prepared for his first public questions about the case at congressional hearings and press briefings, he went across the street to the Justice Department to meet with Ms. Lynch and her staff.

Both had been federal prosecutors in New York — Mr. Comey in the Manhattan limelight, Ms. Lynch in the lower-wattage Brooklyn office. The 6-foot-8 Mr. Comey commanded a room and the spotlight. Ms. Lynch, 5 feet tall, was known for being cautious and relentlessly on message. In her five months as attorney general, she had shown no sign of changing her style.

At the meeting, everyone agreed that Mr. Comey should not reveal details about the Clinton investigation. But Ms. Lynch told him to be even more circumspect: Do not even call it an investigation, she said, according to three people who attended the meeting. Call it a “matter.”

Ms. Lynch reasoned that the word “investigation” would raise other questions: What charges were being investigated? Who was the target? But most important, she believed that the department should stick by its policy of not confirming investigations.

It was a by-the-book decision. But Mr. Comey and other F.B.I. officials regarded it as disingenuous in an investigation that was so widely known. And Mr. Comey was concerned that a Democratic attorney general was asking him to be misleading and line up his talking points with Mrs. Clinton’s campaign, according to people who spoke with him afterward.

As the meeting broke up, George Z. Toscas, a national security prosecutor, ribbed Mr. Comey. “I guess you’re the Federal Bureau of Matters now,” Mr. Toscas said, according to two people who were there.

Despite his concerns, Mr. Comey avoided calling it an investigation. “I am confident we have the resources and the personnel assigned to the matter,” Mr. Comey told reporters days after the meeting.

The F.B.I. investigation into Mrs. Clinton’s email server was the biggest political story in the country in the fall of 2015. But something much bigger was happening in Washington. And nobody recognized it.

While agents were investigating Mrs. Clinton, the Democratic National Committee’s computer system was compromised. It appeared to have been the work of Russian hackers.

The significance of this moment is obvious now, but it did not immediately cause alarm at the F.B.I. or the Justice Department.

Months passed before the D.N.C. and the F.B.I. met to address the hacks. And it would take more than a year for the government to conclude that the Russian president, Vladimir V. Putin, had an audacious plan to steer the outcome of an American election.

 Missing Emails

Despite moments of tension between leaders of the F.B.I. and the Justice Department, agents and prosecutors working on the case made progress. “The investigative team did a thorough job,” Mr. Giacalone said. “They left no stone unturned.”

They knew it would not be enough to prove that Mrs. Clinton was sloppy or careless. To bring charges, they needed evidence that she knowingly received classified information or set up her server for that purpose.

A Hot Tarmac

A chance encounter set those plans in motion.

In late June, Ms. Lynch’s plane touched down at Phoenix Sky Harbor International Airport as part of her nationwide tour of police departments. Former President Bill Clinton was also in Phoenix that day, leaving from the same tarmac.

Ms. Lynch’s staff loaded into vans, leaving the attorney general and her husband on board. Mr. Clinton’s Secret Service agents mingled with her security team. When the former president learned who was on the plane, his aides say, he asked to say hello.

Mr. Clinton’s aides say he intended only to greet Ms. Lynch as she disembarked. But Ms. Lynch later told colleagues that the message she received — relayed from one security team to another — was that Mr. Clinton wanted to come aboard, and she agreed.

When Ms. Lynch’s staff members noticed Mr. Clinton boarding the plane, a press aide hurriedly called the Justice Department’s communications director, Melanie Newman, who said to break up the meeting immediately. A staff member rushed to stop it, but by the time the conversation ended, Mr. Clinton had been on the plane for about 20 minutes.

Ms. Lynch said she would not step aside but would accept whatever career prosecutors and the F.B.I. recommended on the Clinton case — something she had planned to do all along.

The script had been edited and revised several times, former officials said. Mr. Strzok, Mr. Steinbach, lawyers and others debated every phrase. Speaking so openly about a closed case is rare, and the decision to do so was not unanimous, officials said. But the team ultimately agreed that there was an obligation to inform American voters.

Mr. Comey’s criticism — his description of her carelessness — was the most controversial part of the speech. Agents and prosecutors have been reprimanded for injecting their legal conclusions with personal opinions. But those close to Mr. Comey say he has no regrets.

By scolding Mrs. Clinton, Mr. Comey was speaking not only to voters but to his own agents. While they agreed that Mrs. Clinton should not face charges, many viewed her conduct as inexcusable. Mr. Comey’s remarks made clear that the F.B.I. did not approve.

At the Justice Department, frustrated prosecutors said Mr. Comey should have consulted with them first. Mrs. Clinton’s supporters said that Mr. Comey’s condemnations seemed to make an oblique case for charging her, undermining the effect of his decision.

In the days after the announcement, Mr. Comey and Ms. Lynch each testified before Congress, with different results. Neither the F.B.I. nor the Justice Department normally gives Congress a fact-by-fact recounting of its investigations, and Ms. Lynch spent five hours avoiding doing so.

“I know that this is a frustrating exercise for you,” she told the House Judiciary Committee.

Mr. Comey discussed his decision to close the investigation and renewed his criticism of Mrs. Clinton.

And with both parties angry at him, he had proved yet again that he was willing to speak his mind, regardless of the blowback. He seemed to have safely piloted the F.B.I. through the storm of a presidential election.

But as Mr. Comey moved past one tumultuous investigation, another was about to heat up.

Russia Rising

Days after Mr. Comey’s news conference, Carter Page, an American businessman, gave a speech in Moscow criticizing American foreign policy. Such a trip would typically be unremarkable, but Mr. Page had previously been under F.B.I. scrutiny years earlier, as he was believed to have been marked for recruitment by Russian spies. And he was now a foreign policy adviser to Mr. Trump.

“Russia, if you’re listening,” he said, “I hope you’ll be able to find the 30,000 emails that are missing.”

In late July, the F.B.I. opened an investigation into possible collusion between members of Mr. Trump’s campaign and Russian operatives. Besides Mr. Comey and a small team of agents, officials said, only a dozen or so people at the F.B.I. knew about the investigation. Mr. Strzok, just days removed from the Clinton case, was selected to supervise it.

In late August, Mr. Comey and his deputies were briefed on a provocative set of documents about purported dealings between shadowy Russian figures and Mr. Trump’s campaign. One report, filled with references to secret meetings, spoke ominously of Mr. Trump’s “compromising relationship with the Kremlin” and threats of “blackmail.”

Mr. Steele had been a covert agent for MI6 in Moscow, maintained deep ties with Russians and worked with the F.B.I., but his claims were largely unverified. It was increasingly clear at the F.B.I. that Russia was trying to interfere with the election.

As the F.B.I. plunged deeper into that investigation, Mr. Comey became convinced that the American public needed to understand the scope of the foreign interference and be “inoculated” against it.

The president replied that going public would play right into Russia’s hands by sowing doubts about the election’s legitimacy. Mr. Trump was already saying the system was “rigged,” and if the Obama administration accused Russia of interference, Republicans could accuse the White House of stoking national security fears to help Mrs. Clinton.

Mr. Comey argued that he had unique credibility to call out the Russians and avoid that criticism. After all, he said, he had just chastised Mrs. Clinton at his news conference.

But John O. Brennan, the C.I.A. director, was so concerned about the Russian threat that he gave an unusual private briefing in the late summer to Harry Reid, then the Senate Democratic leader.

Mr. Comey knew the investigation of the Trump campaign was just underway, and keeping with policy, he said nothing about it.

Mr. Reid’s letter sparked frenzied speculation about what the F.B.I. was doing. At a congressional hearing in September, Representative Jerrold Nadler, Democrat of New York, pressed Mr. Comey for an explanation, citing his willingness to give details about his investigation of Mrs. Clinton.

But Mr. Comey never considered disclosing the case. Doing so, he believed, would have undermined an active investigation and cast public suspicion on people the F.B.I. could not be sure were implicated.

“I’m not confirming that we’re investigating people associated with Mr. Trump,” Mr. Comey said to Mr. Nadler. “In the matter of the email investigation, it was our judgment — my judgment and the rest of the F.B.I.’s judgment — that those were exceptional circumstances.”

Even in classified briefings with House and Senate intelligence committee members, Mr. Comey repeatedly declined to answer questions about whether there was an investigation of the Trump campaign.

To Mr. Comey’s allies, the two investigations were totally different. One was closed when he spoke about it. The other was continuing, highly classified and in its earliest stages. Much of the debate over Mr. Comey’s actions over the last seven months can be distilled into whether people make that same distinction.

The agent said that if Mr. Steele could get solid corroboration of his reports, the F.B.I. would pay him $50,000 for his efforts, according to two people familiar with the offer. Ultimately, he was not paid.

But by fall, the gravity of the Russian effort to affect the presidential election had become clear.

The D.N.C. hack and others like it had once appeared to be standard Russian tactics to tarnish a Western democracy. After the WikiLeaks disclosures and subsequent leaks by a Russian group using the name DCLeaks, agents and analysts began to realize that Moscow was not just meddling. It was trying to tip the election away from Mrs. Clinton and toward Mr. Trump.

At their second meeting, Mr. Comey argued that it would look too political for the F.B.I. to comment so close to the election, according to several people in attendance. Officials in the room felt whiplashed. Two months earlier, Mr. Comey had been willing to put his name on a newspaper article; now he was refusing to sign on to an official assessment of the intelligence community.

That night, WikiLeaks began posting thousands of hacked emails from another source: the private email account of John D. Podesta, chairman of the Clinton campaign.

The emails included embarrassing messages between campaign staff members and excerpts from Mrs. Clinton’s speeches to Wall Street. The disclosure further convinced the F.B.I. that it had initially misread Russia’s intentions.

“You may be aware that your emails have been hacked,” an agent told him.

Mr. Podesta laughed. The same agency that had so thoroughly investigated Mrs. Clinton, he said, seemed painfully slow at responding to Russian hacking.

“Yes,” he answered. “I’m aware.”

Supplementing the Record

The Daily Mail, a British tabloid, was first with the salacious story: Anthony D. Weiner, the former New York congressman, had exchanged sexually charged messages with a 15-year-old girl.

F.B.I. agents in New York seized Mr. Weiner’s laptop in early October. The investigation was just one of many in the New York office and was not treated with great urgency, officials said. Further slowing the investigation, the F.B.I. software used to catalog the computer files kept crashing.

Eventually, investigators realized that they had hundreds of thousands of emails, many of which belonged to Ms. Abedin and had been backed up to her husband’s computer.

Neither Mr. Comey nor Ms. Lynch was concerned. Agents had discovered devices before in the Clinton investigation (old cellphones, for example) that turned up no new evidence.

Then, agents in New York who were searching image files on Mr. Weiner’s computer discovered a State Department document containing the initials H.R.C. — Hillary Rodham Clinton. They found messages linked to Mrs. Clinton’s home server.

And they made another surprising discovery: evidence that some of the emails had moved through Mrs. Clinton’s old BlackBerry server, the one she used before moving to her home server. If Mrs. Clinton had intended to conceal something, agents had always believed, the evidence might be in those emails. But reading them would require another search warrant, essentially reopening the Clinton investigation.

The election was two weeks away.

Mr. Comey learned of the Clinton emails on the evening of Oct. 26 and gathered his team the next morning to discuss the development.

Seeking a new warrant was an easy decision. He had a thornier issue on his mind.

Back in July, he told Congress that the Clinton investigation was closed. What was his obligation, he asked, to acknowledge that this was no longer true?

It was a perilous idea. It would push the F.B.I. back into the political arena, weeks after refusing to confirm the active investigation of the Trump campaign and declining to accuse Russia of hacking.

The question consumed hours of conference calls and meetings. Agents felt they had two options: Tell Congress about the search, which everyone acknowledged would create a political furor, or keep it quiet, which followed policy and tradition but carried its own risk, especially if the F.B.I. found new evidence in the emails.

“In my mind at the time, Clinton is likely to win,” Mr. Steinbach said. “It’s pretty apparent. So what happens after the election, in November or December? How do we say to the American public: ‘Hey, we found some things that might be problematic. But we didn’t tell you about it before you voted’? The damage to our organization would have been irreparable.”

Conservative news outlets had already branded Mr. Comey a Clinton toady. That same week, the cover of National Review featured a story on “James Comey’s Dereliction,” and a cartoon of a hapless Mr. Comey shrugging as Mrs. Clinton smashed her laptop with a sledgehammer.

Congressional Republicans were preparing for years of hearings during a Clinton presidency. If Mr. Comey became the subject of those hearings, F.B.I. officials feared, it would hobble the agency and harm its reputation. “I don’t think the organization would have survived that,” Mr. Steinbach said.

The assumption was that the email review would take many weeks or months. “If we thought we could be done in a week,” Mr. Steinbach said, “we wouldn’t say anything.”

The spirited debate continued when Mr. Comey reassembled his team later that day. F.B.I. lawyers raised concerns, former officials said. But in the end, Mr. Comey said he felt obligated to tell Congress.

“I went back and forth, changing my mind several times,” Mr. Steinbach recalled. “Ultimately, it was the right call.”

That afternoon, Mr. Comey’s chief of staff called the office of Ms. Yates, the deputy attorney general, and revealed the plan.

When Ms. Lynch was told, she was both stunned and confused. While the Justice Department’s rules on “election year sensitivities” do not expressly forbid making comments close to an election, administrations of both parties have interpreted them as a broad prohibition against anything that may influence a political outcome.

Ms. Lynch understood Mr. Comey’s predicament, but not his hurry. In a series of phone calls, her aides told Mr. Comey’s deputies that there was no need to tell Congress anything until agents knew what the emails contained.

Either Ms. Lynch or Ms. Yates could have ordered Mr. Comey not to send the letter, but their aides argued against it. If Ms. Lynch issued the order and Mr. Comey obeyed, she risked the same fate that Mr. Comey feared: accusations of political interference and favoritism by a Democratic attorney general.

If Mr. Comey disregarded her order and sent the letter — a real possibility, her aides thought — it would be an act of insubordination that would force her to consider firing him, aggravating the situation.

Document

Letter to Congress From F.B.I. Director on Clinton Email Case

In the letter, the F.B.I. director, James B. Comey, said that new emails had surfaced in a case unrelated to the closed investigation into whether Hillary Clinton or her aides had mishandled classified information, and that the messages “appear to be pertinent to the investigation.”

So the debate ended at the staff level, with the Justice Department imploring the F.B.I. to follow protocol and stay out of the campaign’s final days. Ms. Lynch never called Mr. Comey herself.

The next morning, Friday, Oct. 28, Mr. Comey wrote to Congress, “In connection with an unrelated case, the F.B.I. has learned of the existence of emails that appear to be pertinent to the investigation.”

His letter became public within minutes. Representative Jason Chaffetz of Utah, a Republican and a leading antagonist of Mrs. Clinton’s, jubilantly announced on Twitter, “Case reopened.”

‘This Changes Everything’

The Clinton team was outraged. Even at the F.B.I., agents who supported their high-profile director were stunned. They knew the letter would call into question the F.B.I.’s political independence.

Mr. Trump immediately mentioned it on the campaign trail. “As you might have heard,” Mr. Trump told supporters in Maine, “earlier today, the F.B.I. … ” The crowd interrupted with a roar. Everyone had heard.

Polls almost immediately showed Mrs. Clinton’s support declining. Presidential races nearly always tighten in the final days, but some political scientists reported a measurable “Comey effect.”

“This changes everything,” Mr. Trump said.

Mr. Comey explained in an email to his agents that Congress needed to be notified. “It would be misleading to the American people were we not to supplement the record,” he wrote.

But many agents were not satisfied.

At the Justice Department, career prosecutors and political appointees privately criticized not only Mr. Comey for sending the letter but also Ms. Lynch and Ms. Yates for not stopping him. Many saw the letter as the logical result of years of not reining him in.

Mr. Comey told Congress that he had no idea how long the email review would take, but Ms. Lynch promised every resource needed to complete it before Election Day.

At the F.B.I., the Clinton investigative team was reassembled, and the Justice Department obtained a warrant to read emails to or from Mrs. Clinton during her time at the State Department. As it turned out, only about 50,000 emails met those criteria, far fewer than anticipated, officials said, and the F.B.I. had already seen many of them.

Mr. Comey was again under fire. Former Justice Department officials from both parties wrote a Washington Post op-ed piece titled “James Comey Is Damaging Our Democracy.”

At a Justice Department memorial for Mr. Margolis, organizers removed all the chairs from the stage, avoiding the awkward scene of Mr. Comey sitting beside some of his sharpest critics.

Jamie S. Gorelick, a deputy attorney general during the Clinton administration, eulogized Mr. Margolis for unfailingly following the rules, even when facing unpopular options. Audience members heard it as a veiled critique of both Mr. Comey and Ms. Lynch.

On Nov. 5, three days before Election Day, Mr. Strzok and his team had 3,000 emails left to review. That night, they ordered pizza and dug in. At about 2 a.m., Mr. Strzok wrote an email to Mr. Comey and scheduled it to send at 6 a.m. They were finished.

A few hours later, Mr. Strzok and his team were back in Mr. Comey’s conference room for a final briefing: Only about 3,000 emails had been potentially work-related. A dozen or so email chains contained classified information, but the F.B.I. had already seen it.

And agents had found no emails from the BlackBerry server during the crucial period when Mrs. Clinton was at the State Department.

Nothing had changed what Mr. Comey had said in July.

That conclusion was met with a mixture of relief and angst. Everyone at the meeting knew that the question would quickly turn to whether Mr. Comey’s letter had been necessary.

That afternoon, Mr. Comey sent a second letter to Congress. “Based on our review,” he wrote, “we have not changed our conclusions.”

Political Consequences

Mr. Comey did not vote on Election Day, records show, the first time he skipped a national election, according to friends. But the director of the F.B.I. was a central story line on every television station as Mr. Trump swept to an upset victory.

Many factors explained Mr. Trump’s success, but Mrs. Clinton blamed just one. “Our analysis is that Comey’s letter — raising doubts that were groundless, baseless, proven to be — stopped our momentum,” she told donors a few days after the election. She pointed to polling data showing that late-deciding voters chose Mr. Trump in unusually large numbers.

Even many Democrats believe that this analysis ignores other factors, but at the F.B.I., the accusation stung. Agents are used to criticism and second-guessing. Rarely has the agency been accused of political favoritism or, worse, tipping an election.

For all the attention on Mrs. Clinton’s emails, history is likely to see Russian influence as the more significant story of the 2016 election. Questions about Russian meddling and possible collusion have marred Mr. Trump’s first 100 days in the White House, cost him his national security adviser and triggered two congressional investigations. Despite Mr. Trump’s assertions that “Russia is fake news,” the White House has been unable to escape its shadow.

Mr. Comey has told friends that he has no regrets, about either the July news conference or the October letter or his handling of the Russia investigation. Confidants like Mr. Richman say he was constrained by circumstance while “navigating waters in which every move has political consequences.”

But officials and others close to him also acknowledge that Mr. Comey has been changed by the tumultuous year.

Early on Saturday, March 4, the president accused Mr. Obama on Twitter of illegally wiretapping Trump Tower in Manhattan. Mr. Comey believed the government should forcefully denounce that claim. But this time he took a different approach. He asked the Justice Department to correct the record. When officials there refused, Mr. Comey followed orders and said nothing publicly.

“Comey should say this on the record,” said Tommy Vietor, a National Security Council spokesman in the Obama administration. “He’s already shattered all norms about commenting on ongoing investigations.”

Mr. Richman sees no conflict, but rather “a consistent pattern of someone trying to act with independence and integrity, but within established channels.”

“His approach to the Russia investigation fits this pattern,” he added.

But perhaps the most telling sign that Mr. Comey may have had enough of being Washington’s Lone Ranger occurred last month before the House Intelligence Committee.

Early in the hearing, Mr. Comey acknowledged for the first time what had been widely reported: The F.B.I. was investigating members of the Trump campaign for possible collusion with Russia.

Yet the independent-minded F.B.I. director struck a collaborative tone. “I have been authorized by the Department of Justice to confirm,” he began, ushering in the next phase of his extraordinary moment in national politics.

Mr. Comey was still in the spotlight, but no longer alone.