Part 1 is here.
In Part 2, we looked at the story of intelligence the FBI supposedly gained in March 2016 from Russian hacking of Democrats’ computer systems, in the context of both the other known events of that eventful month, and the overall intelligence and cybersecurity posture the U.S. government had to have at the time.
An important event especially likely to be related to the “Russian hacking intelligence” is the discovery on 9 March 2016 that the FBI had been processing raw NSA intelligence in such a way that contractor personnel had been exposed to it.
This discovery had a profound effect on U.S. intelligence data-handling in the months that followed, and very probably on what the Obama administration was doing to track the Trump campaign.
But the nature of the intelligence involved is also significant, because it could very well have been related to the Russian-hacking intelligence story. The coincidental timing – the FBI receiving the Russian-hacking intelligence at the same time the improper exposure of raw intelligence to contractors was discovered – sets up a question, at least, that demands an answer. Were the two related?
They most certainly could have been. And one of the keys is our old friend Nellie Ohr.
Is it time to mention Nellie Ohr again?
I will make no analytical call before its time, and we have no smoking gun on this (and perhaps never will). But we do have some more-than-interesting data points on Nellie Ohr, as potentially one of the contractors who was improperly exposed to raw NSA data in the FBI incident – or, at least, an analyst who knew of the Russian-hacking intelligence through her work, whether she was involved in that incident or not.
Either way, because of her link to Fusion GPS and the dossier, her line of work has a particularly illuminating relevance to the Russian-hacking intelligence story.
Note: it doesn’t appear, from what we know of her work history, that Ms. Ohr was working under a company contract for the FBI in March 2016. She worked for a company called Miklos – a government contractor – through December 2015, and if she did work for the FBI presumably exited the job at that point. However, she might have had access to relevant raw intelligence up to that point, which would still have been significant to being hired by Fusion GPS. It’s also possible she worked briefly as an independent contractor between her Miklos and Fusion GPS jobs. Bottom line: nothing we know precludes her having been exposed to the intelligence at the FBI.
With that understood, one data point is that she was hired by Fusion GPS to work on what became the Steele dossier.
But another is the form of expertise Ms. Ohr was apparently specializing in, during the years between her stint with the CIA open-source initiative (in which we know she was involved in 2010) and her hiring by Fusion GPS in 2016.
This arcane expertise was something she wrote an article about in 2014 (the link to it is in this piece). The article has since been removed from the blog site of her then-employer Plessas, but it was about cyber sleuthing against Russians. Specifically, the topic was tracking Russian users through their online user names on the social media platform Yandex.
The point of her piece was that the Russians patterns of thought behind online “handles” are different from American patterns. But the conceptual abstractness of that point makes it applicable to a lot more situations than interacting on Yandex.
You would certainly use expertise like this to assist in tracking Russian hackers and Russian users on the dark web.
That Ohr’s expertise was principally applied to tracking cyber crime is evident in hindsight. From 2010, when she was in a DOJ working group on organized crime (along with her DOJ husband Bruce) as a representative from the CIA’s Open Source Works program, to her 2014 article, to a conference presentation she made in October 2017 on the topic “Ties Between Government Intelligence Services and Cyber Criminals – Closer Than You Think?” – the pattern of Ohr’s work points to tracking cyber criminals. Her academic background being Russian history, we can assume Russians have been her focus.
At this point it’s necessary to think analytically again. The little clue about “Russian hacking intelligence,” investigated in Part 1, actually lays quite a bit open to us, if we’re paying attention. It reminds us “we” have ways of watching Russians, in real-time or near-real-time, as they do sneaky things on the Web. “We” could be our intelligence agencies, or those of friendly governments.
We knew that, really. But thinking about its implications hasn’t figured much in our processing of Russiagate.
Think about it now. Think about it in the context of Nellie Ohr having employment with government agencies from 2010 to at least 2015, analyzing the online activity of Russian cyber criminals.
Think about it in the context of Dan Bongino’s point: that for cyber security reasons, Hillary’s private email account had to be whitelisted by his tech aides so that Obama could correspond with it. Why was that? Because we know what cyber criminals, including Russians, are capable of. Because we watch them do it, and/or routinely investigate and document the trails they leave when they do it.
Now ask yourself: is it really likely that the FBI, or the CIA or NSA, knew nothing about what Russians were doing online before the intrusions on Democrats’ servers in late 2015, or the phishing of John Podesta’s email account in March 2016, or the appearance of Cozy Bear in Democrats’ systems in 2015, or Fancy Bear in April of 2016? Is it likely that they have been flailing around in the dark trying to figure it all out?
Or is it likelier that they have had a pretty good picture all along, and in fact have always known not just more than we do, but enough to change the whole character of what this drama is really about?
Getting back briefly to Nellie Ohr: we should not fixate on whether she might have worked for the FBI in 2015 or 2016. She could well have been working for the CIA, which has a charter to track the activities of Russian cyber criminals, especially as they are related to Russian state policies. We know she was doing that as early as 2010.
The FBI “blow-up” on 9 March is what advises us that contractors were exposed to raw intelligence, however. And the fact that the FBI learned of the “Russian hacking intelligence” at the exact time this discovery about unauthorized exposure was also made is an extraordinary coincidence.
Add to it that this area of intelligence focus was exactly the one Ohr’s expertise related to, and that she went on to work for Fusion GPS, helping to assemble an opposition narrative against Trump involving Russian cyber crime.
Add, moreover, that just days after the “Russian hacking intelligence” and the blow-up at the FBI, John Brennan – the convener of the August 2016 high-level task force on “Russian meddling” (see here and here) and chief pusher of the “Russia” narrative with Congress – made a very odd trip to the FSB in Moscow.
Together, you have multiple data points that no self-respecting analyst would lose track of, or discount a connection between.
The sense that the “Russiagate” narrative was something manufactured, rather than arising from the actual suspicion that Trump was involved in collusion with Russians, continues to grow.
There are a number of reasons to take this sense seriously. But one of the most important remains this one. The U.S. government knew a great deal in and before 2016 about Russian cyber operations and Russian crime in general; knowledge that was material to making big cases against Russian oligarchs and Russian hackers with links to the FSB, and even – we are told – material to James Comey’s decision to exonerate Hillary Clinton in July 2016.
The U.S. government’s interest in these interrelated topics long predated the Trump candidacy, and arose independently of anything Trump ever did. It was a major area of focus and expertise in its own right, yielding tremendous amounts of information and background.
In all that prior knowledge, there has never been evidence of involvement in any of it by Trump or his associates.