Shawn Henry’s recently declassified HPSCI testimony and @IvanPentchoukov
's fantastic recent @epochtimes
piece have once again brought attention to an important question in the Russiagate saga: What sources did the US rely on for attributing the 2016 hacks to Russia?
2/ The answer, of course, is ‘a variety of sources’: the NSA gathered signals intelligence; the CIA received intelligence from human sources inside Russia; the FBI received images and other forensic data from the DNC servers;
3/ businesses were subpoenaed for data on http://bit.ly
, email, and social media accounts; and allied intelligence agencies—including Britain’s GHCQ, the Netherlands’s AIVD, and Ukraine’s Cyber Police—shared forensic and technical data with their American counterparts.
4/ One of the more interesting—and perhaps underappreciated—aspects of the Russian-hacking investigation is that John Brennan and his CIA spooks led the charge in the USIC to push the Russian-hacking narrative.
5/ To be more specific, not only was John Brennan’s CIA the first agency to confidently declare that Putin himself ordered the hacking campaign AND that his intentions were to harm Hillary and help Trump, but it also was the first to confidently blame the hacks on the GRU.
6/ The CIA had “high confidence” that the GRU hacked the DNC as early as July 21, 2016 (one day before Wikileaks published its first tranche of DNC emails on Friday, July 22) during a cybersecurity meeting with other intelligence agencies at the white house .
7/ The WAPO provided the first glimpse of this meeting on July 24th, 2016, as the US political establishment was still reeling from the Wikileaks disclosures. However, this leak was short on details, and said nothing of the CIA's attribution conclusion. https://www.washingtonpost.com/politics/clinton-campaign--and-some-cyber-experts--say-russia-is-behind-email-release/2016/07/24/5b5428e6-51a8-11e6-bbf5-957ad17b4385_story.html
8/ One imagines John Brennan was not amused by this vanilla leak.
Unsurprisingly, a second leak surfaced on July 26 in the Grey Lady. The article boasted the attention-grabbing title: Spy Agency Consensus Grows that Russia Hacked the D.N.C. https://www.nytimes.com/2016/07/27/us/politics/spy-agency-consensus-grows-that-russia-hacked-dnc.html
9/ The first paragraph reports that the John Brenn, oops, I mean the USIC has "high confidence" that Russia hacked the DNC. Further into the piece, the author's detail the conclusions discussed at the Thursday (July 21, 2016) meeting.
10/ There’s a slight problem though: at this point in the investigation of the DNC intrusion, neither the NSA nor the FBI shared the CIA’s “high confidence” regarding the GRU attribution (unfortunately, it isn't clear what the DHS or DNI thought about the CIA's conclusions).
11/ In his book “A Perfect Weapon,” David Sanger explains that “The CIA’s “high confidence” was in part based on human sources inside Russia." Meanwhile, the NSA at best had "moderate confidence" that Russian agencies were responsible for the hacks.
12/ This disagreement is also mentioned in a lengthy Washington Post piece published on June 23rd, 2017. Coincidentally (or not!), this was the very day on which John Brennan testified before the SSCI. https://www.washingtonpost.com/graphics/2017/world/national-security/obama-putin-election-hacking/ https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume3.pdf
13/ In that piece, the authors report that “Some of the most critical technical intelligence on Russia came from another country . . . (and) because of the source of the material, the NSA was reluctant to view it with high confidence.”
14/ In my opinion, this "country" was most likely Russia, but I only have "moderate confidence" in that assessment. There are two reasons I lean toward Russia.
First, Sanger's book twice implies that the NSA's disagreement focused on material from the CIA's Russian sources.
15/ Second, per a NYT piece from December 13, 2016, the IC's evidence for the RU-hacking attribution derived in part from “human and technical sources in Russia.” If the leaky officials were being truthful, then there were "technical" sources in Russia https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
16/ There are a few other countries that the WAPO piece could be referring to, though: Britain, the Netherlands, and Ukraine are all known to have provided signals and/or technical intel relating to the 2016 "Fancy Bear" spearphishing campaign and DNC intrusion.
17/ Ukraine is intuitively the most plausible candidate out of these three. However, the only article I’ve found that discusses its collaboration with US investigators claims that its cyber police passed material over to the FBI. https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html
18/ This article never mentions collaboration with the CIA, whereas both Sanger's book (and Dec 2016 NYT article) and the June 2017 WAPO piece assert that the sketchy intelligence from provided to the CIA.
19/ Britain's GHCQ is also a plausible contender since Robert Hannigan chose to brief John Brennan rather than his counterpart Mike Rogers about sensitive information, which likely included technical and/or signals intelligence https://www.theguardian.com/news/2017/nov/15/how-trump-walked-into-putins-web-luke
20/ The great @themarketswork
and others have noted this peculiarity: why didn't Hannigan brief Rogers instead? https://themarketswork.com/2018/04/12/the-electronic-communication-redacted-names-john-brennan/
So it's not difficult to imagine NSA analysts viewing Hannigan's intel with suspicion.
21/ However, it's not clear precisely what the information Hannigan passed over to Brennan concerned: it could easily have been about "suspicious contacts" between Trump's people and Russians.
22/ Finally, the Dutch AIVD seems the least likely candidate, largely because it appears it communicated its warnings via a direct line with the NSA, rather than via the CIA.
But I digress. https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/
23/ Like the NSA, the FBI did not have “high confidence” in the attribution to the GRU in late July. In fact, per a NYT piece published last October, the FBI only came to share the CIA’s confidence in the GRU-hacking attribution in mid-August of 2016. https://www.nytimes.com/2019/10/24/us/politics/john-durham-criminal-investigation.html
24/ In fact, in 2019 Trump’s former Homeland Security Advisor Tom Bossert made the astonishing claim that: “The United States government reached its conclusion on attributing to Russia the DNC hack in 2016 before it even communicated it to the FBI.” https://abcnews.go.com/Politics/president-trumps-national-security-advisor-deeply-disturbed-ukraine/story?id=65925477
25/ Having gotten the ball rolling w/r/t the IC's "consensus" views concerning attribution, John Brennan quickly raised the stakes. In early August, he sent an eyes-only intel report to the White House. https://www.washingtonpost.com/graphics/2017/world/national-security/obama-putin-election-hacking/
26/ Assuming that leaks to the WAPO and NYT are accurate, this report contained "intelligence" sourced from the CIA's highly valued asset--Oleg Smolenkov. https://www.nytimes.com/2019/09/09/us/politics/cia-informant-russia.html
27/ Smolenkov's bombshell contained two crucial conclusions: (1) Vladimir Putin had personally ordered the election hacking campaign, and (2) Putin's goals were to hurt Hillary's electoral odds and assist Trump.
28/ On the day this envelope arrived, John Brennan briefed Barack Obama, Susan Rice, Avril Haines, and Denis McDonough on its contents. These events likely unfolded on August 2nd since WH visitor logs place Brennan, Rice, and Haines at the White House that day.
29/ This is a big deal: before the FBI and NSA had concluded with “high confidence” that the GRU was responsible for the various election hacks, Brennan was already pushing further conclusions that presupposed the GRU-trace to the President of the United States.
30/ Distressed by this info, Obama “wanted the intelligence community all over this.” Brennan obliged, creating a task force composed of CIA, FBI, and NSA analysts that provided intel to Obama and 13 senior officials and guided the intel collection efforts of another group.
31/ On August 4th, Brennan spoke with the leader of the FSB, Alexander Bortnikov. He informed Bortnikov that the USIC knew what the Russian agencies were up to, and warned him to cease all election interference. https://www.washingtonexaminer.com/brennan-warned-russian-counterpart-about-election-meddling
32/ Around the same time, probably between August 2nd and 6th, Brennan briefed Lisa Monaco, James Clapper, James Comey, and Loretta Lynch on Smolenkov’s bombshell and discoveries of the CIA’s Russian sources. https://www.motherjones.com/politics/2018/03/why-the-hell-are-we-standing-down/
33/ They agreed that Brennan ought to inform the Gang of Eight of the CIA's findings, which he proceeded to do from August 11th through September 6th.
34/ Then Senate Minority Leader Harry Reid was so alarmed by Brennan's August 25th briefing that he fired off a letter to Comey, insisting the FBI investigate allegations of Russian meddling and connections between Trump's campaign and Russia. https://www.nytimes.com/2016/08/30/us/politics/harry-reid-russia-tampering-election-fbi.html
35/ In this letter, Harry Reid mentioned allegations that Carter Page had met with sanctioned individuals in Russia. This was the first time this specific allegation had surfaced publicly; to this day, there is only one publicly known source for it: Steele's Report 94.
36/ This is significant because Brennan claimed under oath that he hadn't seen the dossier until December, yet the Buzzfeed article that published the dossier confirmed Reid had seen some of the reports before he wrote his first fiery letter to Comey. https://www.buzzfeednews.com/article/kenbensinger/these-reports-allege-trump-has-deep-ties-to-russia
37/ This raises the question: did John Brennan provide Reid with these documents? If so, how did Brennan acquire them, and did he commit perjury while testifying before the HPSCI in May of 2017? https://www.theepochtimes.com/did-john-brennan-perjure-himself-in-denying-use-of-steele-dossier_3034718.html
38/ Another interesting aspect of Brennan's briefing with Harry Reid is that Harry Reid later claimed he felt he was being used by Brennan “as a conduit to publicize possible links between Trump campaign associates and the Russian government.” https://dailycaller.com/2018/04/04/john-brennan-harry-reid-russia/
39/ While Brennan and his spooks were undoubtedly working hard behind the scenes to bring the other intelligence agencies in line with the CIA's conclusions re hacking attribution and Putin's role and intentions, the next notable CIA-sponsored narrative-shaping campaign started
41/ Unsurprisingly, the anonymous source(s) attempt(s) to paint the CIA's conclusion as the "consensus view," while simultaneously acknowledging that there were still some unresolved disagreements between the various intelligence agencies.
43/ On December 12th, Reuters published a piece confirming that the ODNI likewise had no yet accepted the CIA's conclusion about Russian intent. https://www.reuters.com/article/us-USA-trump-intelligence-idUSKBN14204E
44/ But Brennan would not be denied. Four days later--on December 16th--the WAPO published another piece reporting that Comey and Clapper had come to accept the CIA's conclusions regarding Russian intentions. https://www.washingtonpost.com/politics/clinton-blames-putins-personal-grudge-against-her-for-election-interference/2016/12/16/12f36250-c3be-11e6-8422-eac61c0ef74d_story.html?utm_term=.1844b2e42cef
46/ It is now well-known that the NSA remain unmoved despite the CIA's persistence, and its disagreement re Putin's intentions (unsurprisingly) didn't leak, but only became widely known when a public version of the ICA was released on January 6th, 2017. https://www.intelligence.senate.gov/sites/default/files/documents/ICA_2017_01.pdf
47/ To summarize the thread thus far: Brennan's CIA led the charge to blame Russia for the hacks, blame Putin personally, and ascribe intentions to him that went beyond what most other agencies thought could be reasonably discerned.
48/ Publicly available information demonstrates that John Brennan played a significant role in promoting the Russia hacking narrative (and the Trump-collusion narrative more generally).
49/ Among other things, Brennan
-Received intel from Robert Hannigan in the summer despite not being his counterpart.
-Oversaw the CIA as it was the first agency to blame the GRU with high confidence on July 21st
-Briefed Obama and his aides on Smolenkov's intel on August 2nd
50/ continued . . .
-Provided a similar briefing to Lynch, Comey, Clapper, and Lisa Monaco shortly thereafter
-Told the FSB's head to piss off in a phonecall on August 4th
-Launched an interagency task force to gather more intel on Russian meddling
51/ continued . . .
-Provided more Smolenkov reports separately from PDBs out of an almost LARPy concern about leaks
-Briefed the GO8 on the Russian intel, prompting Harry Reid to demand Comey investigate Russian interference and potential Trump collusion
52/ continued . . .
-Finally, he countenanced narrative-shaping leaks in December to encourage Comey, Clapper, and Rogers to get with the program
And to be clear, this is an incomplete list of publicly known instances of Brennan's leading role.
53/ In light of Brennan's and his CIA's integral roles in the Russian-hacking saga, I want to conclude with some informed speculation about what directions Durham's investigation may take w/r/t the Russian-hacking story and Brennan's role in pushing it.
54/ Before that, I'll make a caveat: obviously the NSA, FBI, and other intelligence agencies gathered more info during the course of their investigation that led them to conclude with high-confidence that the GRU was the perpetrator.
Unfortunately, we've seen almost none of the
55/ underlying intelligence that supported the USIC's contention about the GRU trace.
The only piece of underlying intel in the public arena was leaked by Reality Leigh Winner to the Intercept. http://theintercept.com/2017/06/05/top
56/ It only addresses the spearphishing campaign against VR systems, which are discussed in a mere four paragraphs near the end of the Netyksho indictment.
In short, there is not nearly enough publicly available evidence for us to assess the attribution claims.
57/ The Mueller Report and Netyksho indictment are useful, but woefully insufficient: they neither provide evidence for the assertions they make, nor do they provide any evidence showing how the hacks probably weren't or could not have been a sophisticated false-flag.
58/ In a post "Iraq has WMDs" world, I believe it's reasonable to demand proof for govt assertions that clearly originate from and benefit one or more of the factions that compose the Deep State.
As a result, I believe it is reasonable to remain skeptical of the GRU attribution.
59/ That being said, the GRU really could have done it (or it could have been a false flag). So my skepticism could simultaneously be reasonable yet mistaken. Hopefully the Durham investigation will elucidate such matters.
60/ In my view, there are some indications that Brennan is scrutinizing aspects of the Russian hacking saga.
For example, after Trump delegated the authority to declassify Russiagate/Spygate intelligence to Barr, the NYT published this piece. https://www.nytimes.com/2019/05/24/us/politics/trump-barr-declassify-intelligence.html
61/ The article voices concerns from various officials in the intelligence community, including concerns that the decisions and motives of analysts will be subject to scrutiny.
Significantly, it mentions Smolenkov's intel and concerns about secrets related to it being revealed
63/ What’s particular curious is that Smolenkov was allegedly Brennan’s most prized source, yet of all the CIA’s Russian sources Smolenkov has been the subject of by far the most leaks.
Given that Durham is scrutinizing Smolenkov and how his intel factored into the ICA, it
64/ isn’t a stretch of the imagination that Durham is doing the same for the other CIA sources who provided the intel that led the CIA to quickly conclude the GRU was responsible.
Hopefully we’ll find out soon.
P.S. I know the end of this thread was rather weak, but I’d already spent too long on the first part of the thread and wanted to get it over with so I can focus on other things.
P.S.S., if any of the links above are broken just let me know and I’ll replace them below.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.