One item from Sen. Dianne Feinstein’s (D-Calif.) publication of Fusion GPS CEO Glenn Simpson’s Aug. 2017 testimony to the Senate Judiciary Committee that has not gotten too much attention is the part where the spy responsible for producing the Trump-Russia collusion dossier, Christopher Steele, tipped off the FBI in early July 2016.
According to Simpson, “I believe it was … [the] first week of July…” citing public sources.
Well, that was before George Papadopoulos reportedly entered the picture. According to the New York Times’ report published on Dec. 30, 2017, “when leaked Democratic emails began appearing online, Australian officials passed the information about Mr. Papadopoulos to their American counterparts, according to four current and former American and foreign officials with direct knowledge of the Australians’ role.”
The Democratic National Committee emails began appearing on Wikileaks on July 22, 2016.
Meaning, by the time the Australian diplomat had tipped off the FBI about George Papadopoulos — who apparently was bragging in a bar in May 2016 that the Russians had emails that would make Hillary Clinton look bad — Steele had already told the FBI about his first memo dated June 20, 2016, that alleged the Russians had Donald Trump on tape with prostitutes at a hotel in Moscow.
Now, whether it was Steele’s contact with the FBI in early July or the Australian diplomat later that compelled the FBI to open its investigation, per Simpson’s testimony, by mid-September, the agency wanted everything Steele had. Steele most certainly played a role in the agency’s investigation.
Simpson here confirmed what has been long suspected, that the FBI had and in some capacity used the Steele dossier in their investigation. Sara Carter is now reporting that it was used by the Justice Department at least in part to obtain a Foreign Intelligence Surveillance Act (FISA) court warrant against the Trump campaign.
Timeline of key events
In light of Simpson’s testimony, and when other key developments happened, it appears appropriate to begin constructing a timeline of events to do with the DNC hack and purported Russian and Trump campaign connections.
April 2016 (date unknown): The Democratic National Committee and the Hillary Clinton campaign hire Fusion GPS to conduct opposition research on then-candidate Trump via law firm Perkins Coie.
April 26, 2016: Per Special Counsel Robert Mueller’s statement of offense on Papadopoulos, he is told “the Russians had emails of Clinton”; “thousands of emails” by someone representing Russia or pretending to represent Russia. Were these the DNC emails that would later be published by Wikileaks? Or Hillary Clinton’s missing emails containing classified information from her private server?
April 29, 2016: The DNC learns that its servers had been breached and convenes an emergency meeting.
May 3, 2016: When asked by MSNBC’s Andrea Mitchell if there was any indication that foreign governments had penetrated her private email server that contained classified information, Democratic presidential candidate Hillary Clinton emphatically denied the charge, saying, “No, not at all.”
May 4, 2016: Romanian hacker Marcel Lehel Lazar, AKA Guccifer, who had first exposed Hillary Clinton’s private email server that contained classified information, contradicted Clinton in an interview with Fox News, claiming to have penetrated her private email server after Clinton had denied it.
May 4 and 5, 2016: Crowdstrike is hired by Perkins Coie to investigate the potential cyber security breach at the DNC. The “Fancy Bear” malware is discovered on the DNC server by Crowdstrike. This malware would later be tied to Guccifer 2.0 and the publication of a Trump opposition research document.
June 1, 2016: Per Mueller, Papadopoulos tries to set up a meeting, based on his contacts with individuals who say they have a connection to the Russian government to set up a meeting with Trump and Russian President Vladimir Putin. The idea was reportedly rejected by then Trump campaign manager, Paul Manafort, according to the Daily News. “We need someone to communicate that DT is not doing these trips,” Manafort told his business partner Rick Gates per the Daily News report.
June 3, 2016: Rob Goldstone then attempts to set up a meeting with Donald Trump, Jr. and the Russian lawyer Natalia Veselnitskaya, offering dirt on Hillary Clinton.
June 9, 2016: The Trump, Jr. meeting occurs, ends after 20 minutes, producing nothing. Fusion GPS CEO Glenn Simpson meets with Veselnitskaya before and after the meeting.
June 12, 2016: Julian Assange says to ITV he has emails related to Hillary Clinton that will be published.
June 14, 2016: The Washington Post breaks the DNC hack story for the first time.
June 15, 2016: Crowdstrike publishes its analysis of the DNC hack. Guccifer 2.0 suddenly appears and begins publishing some documents, including an opposition research file on Trump, with Russian fingerprints. The WordPress blog by Guccifer 2.0 appeared, taking credit for the DNC hack described in the Washington Post story, and taunting Crowdstrike. The blog posted some of the documents as proof of the hack. Critically, Guccifer 2.0 claimed, “The main part of the papers, thousands of files and mails, I gave to Wikileaks. They will publish them soon.” Here, Guccifer 2.0 was going out of its way to associate itself with Wikileaks, not the other way around. The same day, it was revealed that metadata in one of the files posted by Guccifer 2.0 was modified by a user whose name in Cyrillic was “Felix Edmundovich,” an apparent reference to a founder of the Soviet-era secret police. This was used by many observers as more confirmation that somehow the Russians did it.
June 20, 2016: The first Steele memo is authored, alleging Trump could be compromised by the Russians because of the alleged incident at the Moscow hotel.
First week of July 2016: Steele contacts the FBI, per Simpson’s testimony.
July 22, 2016: Wikileaks publishes the DNC emails.
Post-July 22: Australian diplomat tips off the FBI, per the New York Times.
Mid-to-late September 2016: FBI contacts Steele and asks for everything he has, per Simpson’s testimony.
Sept. 2016: Steele, per Steele’s later testimony, referred to an “internal Trump campaign source” that the FBI had who had “other intelligence that indicated the same thing and one of those pieces of intelligence was a human source from inside the Trump organization.” Later, a source close to Fusion GPS would say that Simpson’s testimony had been in error, that it was a “mischaracterization by Simpson of the Australian diplomat tip about Papadopoulos,” according to a tweet by NBC News reporter Ken Delanian.
This final bit, regardless of the “mischaracterization,” indicates that not only was Steele sharing information with the FBI, the FBI was sharing information with Steele. At the time, nobody publicly knew about Papadopoulos or the Australian diplomat.
Again, whether it was Steele’s account or the Australian diplomat’s account that prompted the FBI investigation, it was Steele who was the first to report to the FBI per Simpson’s testimony and it was reportedly Steele’s dossier that was used to get a FISA court warrant.
Who was behind the scheme to keep offering dirt on Clinton to the Trump campaign?
But other questions remain about the timeline, including the role Fusion GPS played in reporting on the supposed scheme by Russia to give dirt on Clinton to the Trump campaign. According to Steele’s July 19, 2016 memo, “a senior colleague in the Internal Political Department of the PA, Diveykin (nfd) also had met secretly with [Carter] Page on his recent visit [to Moscow]. Their agenda had included Diveykin raising a dossier of ‘kompromat’ the Kremlin possessed on Trump’s Democratic presidential rival, Hillary Clinton, and its possible release to the Republican’s campaign team.”
So, there was apparently three attempts to bait Trump campaign personnel with promises of dirt on Clinton from Russia: Papadopoulos, Trump, Jr. and then Page.
The same exact scheme was perpetrated three times, twice with reports coming from individuals tied closely to Fusion, including Steele and Veselnitskaya. This raises questions about whether meetings were set up to incriminate the Trump campaign with the appearance of collusion.
Also, after Papadopoulos fails to get the Trump-Putin meeting together, Goldstone is almost immediately contacting Trump, Jr. for another meeting, suggesting potential coordination.
Who really hacked the DNC?
Also, there have emerged new questions about the role allegedly played by Russia in hacking the DNC. A forensic cyber investigator using the pseudonym Adam Carter has noted inconsistencies about the account provided by Crowdstrike on the DNC hack and the dates of the emails that were reportedly hacked.
While Crowdstrike’s Falcon software was deployed on May 5, 2016, Carter notes that the emails from the DNC go all the way until May 25, 2016. “Strangely, it does seem that two of the pieces of malware were compiled within the five days that CrowdStrike appear to have been working at the DNC,” Carter writes at Disobedient Media.
Could just be a coincidence, but Carter asks a disturbing question: “Considering the dates of CrowdStrike’s activities at the DNC coincide with the compile dates of two out of the three pieces of malware discovered and attributed to APT-28 (the other compiled approximately 2 weeks prior to their visit), the big question is: Did CrowdStrike plant some (or all) of the APT-28 malware?”
If so — and the implications are frightening — it would call into question the very basis for this entire investigation. Then, it might not be Russia who hacked the DNC, but something else that happened. Carter points to the use of an operationally dead IP address previously associated with a supposed Russian hack on the German Bundestag, an IP address that had been suspended May 20, 2015, a year before the hacks were said to have occurred.
Writes Carter, “Not only was it pointless to include it operationally, retaining it unnecessarily would be an obvious operational security risk for attackers and would inherently make the malware more detectable and make it easy for people to tie it to Fancy Bear. This would have been counterproductive and a needless risk being taken by Fancy Bear which begs the question – was it really Fancy Bear?”
Those are great questions. Wikileaks has long denied any connection to Russia being the source of the DNC emails. Former United Kingdom Ambassador to Uzbekistan Craig Murray said in an interview with the Daily Mail published Dec. 14, 2016 has said “Neither of [the leaks] came from the Russians. The source had legal access to the information. The documents came from inside leaks, not hacks.”
Other problems with Crowdstrike’s account come from Crowdstrike co-founder Dmitri Alperovitch’s original statement to the Washington Post published June 14, 2016 on the lack of evidence as to how it was that somebody got onto the Democratic National Committee (DNC) servers to get the emails that were ultimately published on Wikileaks in July 2016.
“CrowdStrike is not sure how the hackers got in. The firm suspects they may have targeted DNC employees with ‘spearphishing’ emails… ‘But we don’t have hard evidence,’ Alperovitch said,” the report stated.
Nor was Alperovitch really sure who had hacked the DNC emails: “CrowdStrike is less sure of whom Cozy Bear works for but thinks it might be the Federal Security Service, or FSB, the country’s powerful security agency, which was once headed by Putin.”
In other words, there was a great deal of uncertainty surrounding the “Cozy Bear” malware, which was tied to the DNC emails, as opposed to Fancy Bear, which was tied to Guccifer 2.0. They were separate bits of malware, according to Crowdstrike.
Carter complains about the lack of evidence in his report, writing, “To date, CrowdStrike has not been able to show how the malware had relayed any emails or accessed any mailboxes. They have also not responded to inquiries specifically asking for details about this.”
Crowdstrike was the only group that investigated the DNC servers. Later, the DNC refused to give the FBI access and the agency apparently deferred to Crowdstrike on forensics. Former FBI Director James Comey later confirmed in testimony on Jan. 10 before the Senate Intelligence Committee that “Ultimately what was agreed to is the private company would share with us what they saw.”
Meaning, now that House and Senate Congressional committees have been able to track down much of the information about the Steele dossier, something they may want to focus their attention on is the original DNC hack and the server the hack supposedly took place on.
Nobody including Papadopoulos could have publicly known about the DNC emails until the June 14, 2016 Washington Post report. Papadopoulos’ own contacts predated that report. Per the Mueller statement of offense, Papadopoulos appears to have been actually offered private Clinton server emails “of Clinton” which were known about publicly from her own FBI investigation into storing classified information on a private email server. For example, the original Guccifer (not Guccifer 2.0) claimed to have penetrated Clinton’s server. Before the Post story, almost everyone was concerned about Clinton’s missing emails.
Steele for all his contacts was unable to report on the hack in his memos until after the Wikileaks emails had emerged on July 22, 2016. Steele does not mention the hack until July 30, 2016 in his memos. Then suddenly he had cracked the entire case.
This is not to say it wasn’t Russia. That may yet ultimately be revealed. What it does say is it has not been proven to anyone’s satisfaction. Which is why Congressional committees need to put in the same diligence into the Crowdstrike report as they’ve put into getting to the bottom of the Steele dossier. All the answers could be on the DNC servers.
Robert Romano is the Vice President of Public Policy at Americans for Limited Government.
