Russiagate was never what it seemed. ‘What kind of show were they running?’ Part II (the Guccifer 2.0 angle)

Russiagate was never what it seemed. ‘What kind of show were they running?’ Part II (the Guccifer 2.0 angle)
The "Old" (Eisenhower) Executive Office Building across from the White House in Washington, D.C.. (Image: Wikimedia)

It’s probably not as remarkable and telling as it feels that so much of the picture on what Russiagate and Spygate were really about has been resolving itself almost incidentally – on the margins of consciousness – as America focuses on the coronavirus.

Or maybe it is.  Readers will have to decide that for themselves.

In Part I, we took a fresh look at James Comey’s little secret, purportedly about kompromat on Loretta Lynch as regards her approach to the Hillary Clinton email “matter.”  The catalyst for this review was an obscure but important move by the cyber security firm CrowdStrike, which began just days ago to overtly distance itself from the theory that Russian hackers had handed the files pilfered from Democratic IT systems in 2016 to WikiLeaks.

Will this presidential election be the most important in American history?

CrowdStrike isn’t recanting its signature assessment that the cyber threats known as “Cozy Bear” and “Fancy Bear” are sponsored by Russian intelligence.  Rather, CrowdStrike is clarifying that it doesn’t endorse the theory of the handoff to WikiLeaks.

The significance of that is that the evidence for a “Russia-Trump collusion” narrative has been winnowed down at this point to a highly tenuous theory about Roger Stone’s connection with WikiLeaks, plus the Russian handoff story.  The timing and character of the Stone connection never indicated that WikiLeaks saw Stone as a source or a broker of a source.  But if there was a theory of a Russian handoff to WikiLeaks, Stone’s connection, however tenuous, could be depicted as a corroborating indicator by implication.

The Guccifer 2.0 persona is central to the Russian handoff tale, because the persona was the front for each of the visible actions taken to publicize the stolen Democratic files.  In distancing itself from a theory of the release of those files, CrowdStrike is, in effect, distancing itself from the Guccifer 2.0 story.

A reminder, from Part I, of how CrowdStrike’s counsel put the matter in their pushback to the Los Angeles Times:

CrowdStrike was hired by the DNC to respond to the suspected breach of its servers, and did not do any investigations around the release of the information [i.e., the public release via WikiLeaks].

So CrowdStrike is not responsible for, and did not do investigations leading to, the Guccifer 2.0 story.

This is a big pin to pull out from under the story.  It sets us up for a review of several details about it that I believe have been interpreted incorrectly in most treatments to date.

But first – and most important – must come a broader-scale review of recent, retrospective analyses, which must significantly alter how we see the twin Russiagate-Spygate sagas.

The seven fresh takes

We will visit each of these only briefly.  They are, however, some of the features of the narrative whose altered aspect makes the biggest difference.  They have been tumbling out in a growing avalanche in the last few months.  (Where links are not included in each item below, they will be found in other links in this article.)

1. First is the tale of the “kompromat on Lynch” told by James Comey, dealt with in Part I.  The meaningful alteration in how we perceive this one is the recognition that Comey could not reasonably have thought about this what he says he thought. The Russians had been hacking the DNC IT system for months and siphoning off data from it, with the FBI fully aware of that and receiving updates on it from Dutch intelligence.

It was then through Dutch intelligence that Comey became aware in March 2016 of a Russian perception, based on a Debbie Wasserman Schultz (DNC chair) email, that Lynch had corrupt intentions about the Hillary-emails matter.

Comey couldn’t have remained dubious about this for months, as he claimed.  The information was from a source the FBI had been relying on for nearly a year (Dutch intelligence), and was readily verifiable in any case.  Comey’s tale about this doesn’t make sense.

He’s got a secret. (Image: Screen grab of ABC The View video)

2. The Democrats, we have been told, were advised by the FBI multiple times in 2015 and early 2016 that Russian cyber-attackers were going after their system.  Yet the Democrats took no precautionary actions, and reportedly did not take the warnings seriously, for some unexplained but supposedly innocent reason.

This is – how shall I put it? – ridiculous.  We are justified in demanding a better story than this.  At the very least, we need supporting documentation for such an outlandish claim.  In the absence of documentation, it is legitimate to suspect this simply isn’t true.  It’s another question what is true.  But this too makes no sense.

3. We also have the information that in May 2016, after CrowdStrike had diagnosed the intrusion of both Cozy Bear and Fancy Bear on the systems of the DNC and DCCC, as well as the phishing and broad-scale pilfering of John Podesta’s email account, the Democrats continued to use their IT system for nearly three weeks while the cyber-thieves copied off all their correspondence.  In fact, more than half of the files later published by WikiLeaks and DCLeaks were emails sent after CrowdStrike began monitoring the system.

That makes no sense.  CrowdStrike has explained this sequence as a matter of timing its actions to avoid tipping off the hackers that they’ve been caught, an explanation that might be superficially reassuring.  But for the Democrats to knowingly continue using the systems, and then later charge that an evil Russia-involved cabal headed by Donald Trump was responsible for making this data trove available to WikiLeaks, smacks of an insanely elaborate attempt to manufacture the appearance of a crime out of thin air.

4. It would be a lengthy (if worthwhile) endeavor to make the case that the Mifsud/Halper overtures to George Papadopoulos and Carter Page from March to September 2016 are also dubious.  But it takes only a few words to convey that, starting in October 2016, the FBI and DOJ made deceptive representations to the FISA court to obtain surveillance authorization on Carter Page.

There is no innocent explanation for that.  It does make sense, however – as a measure taken to advance a criminal enterprise.  It was evidently never a good-faith effort to monitor a person legitimately under suspicion.  Its motive, very arguably, lay not with law enforcement but with an initiative to gain advantage over a presidential candidate.

5. Just on Friday 13 March, we learned about an interview John Solomon did this week with national security professional K.T. McFarland, who was present at the early January 2017 White House session with president-elect Trump, after which, in a pull-aside, he received the defensive brief about the Steele dossier.  McFarland says now that, looking back on it, her sense is that Comey’s brief to Trump on the dossier had the character of an attempt at blackmail.

Certainly, Andrew McCarthy has already made a case that Comey’s motives for this brief were fishy, since he apparently told Trump only about the salacious kompromat from the dossier.

My initial reaction to that has always been that, in using that approach, Comey withheld the details from the dossier that Trump could have fought as disprovable.  The McFarland interview reminds us of the important thing about the 6 January 2017 brief at the White House: that it was not in good faith, and therefore was not what the narrative has portrayed it as.  That makes it like too many other elements of the Russiagate-Spygate saga.


6. We have also learned this past week, from documents released to the Michael Flynn defense in late 2019 as “Brady” material, that the DOJ and FBI knew in January 2017 that there was nothing to the “Russia-Trump” allegations.

This new discovery is not a revelation so much as a confirmation of conclusions many analysts drew some time ago: about the Steele dossier allegations, the Michael Flynn allegations, the allegations about Page and Papadopoulos.  It is more substantial verification, however, than the Peter Strzok text in which he suspected there wasn’t really any “there there.”

It is also more concrete than the deduction of analysts that the lack of evidence for the Russia-Trump allegations meant they weren’t true.  Apparently the FBI knew they weren’t true.

But I would add one more point to the judgments of FBI officials in January 2017, which is this:  they already knew before that that there was nothing to support the allegations.  They had had access to surveillance intelligence about Trump and his associates and campaign team going back years, in some cases, and many months, at a minimum, in others.

They already knew there was no there there.  The work they did in January 2017 confirmed what they already knew; indeed, was done because the surveillance and previous intelligence collection had turned up nothing, and that was apparently an outcome they were unwilling to accept.

Wochit News video, YouTube

Keep in mind what that means about the continued FISA surveillance under the Carter Page authority.  It wasn’t about mining their targets’ pasts by that point.  They mined their targets’ pasts – to the extent it needed doing – in the first couple of weeks after 19 October 2016.  It was about keeping the new administration under surveillance.

That is the reality.  The Russiagate narrative is a deception.

7. Finally, fast-forward to March 2017, and the “leaking” of the unredacted FISA applications by Senate official James Wolfe to the media.  The timing of that was not accidental, nor does it appear that there was an intention to perpetrate such a leak at that point, in the absence of some unexpected reason for it.

The unexpected reason was supplied by Devin Nunes, whose discoveries about backdoor surveillance and unmaskings from the White House threatened to expose the whole matter – on his terms, and not on the terms of those using the FISA authority.

That alone must alter our understanding of what was going on with Spygate.  But another point about this episode reinforces the significant shift in our mental picture.  After the unredacted FISA applications (the first one, at a minimum) were leaked to the media – as a later court filing clearly indicated they were – the media didn’t use the information to present a truthful picture to their audience.  The media in possession of the leaked material continued to publish about the FISA story according to a concocted narrative, even though they had the means to present an accurate one.

Spygate was never what it was depicted as being.  It was never an effort to probe a national security threat.  From the beginning, it was an operation against the Trump candidacy, and then against his presidency.

(Image: Screen grab of Fox News video)

The Guccifer 2.0 subplot

In light of these emergent realities about the Russiagate-Spygate saga, the recent CrowdStrike move liberates us to recognize more clearly what should and should not constrain us in assessing the role of Guccifer 2.0.  One of the first and most important things, of course, is the proposition that Guccifer 2.0 was created as a front for Russian intelligence.  Nothing constrains us to assume or even accept that (and many analysts have found it highly doubtful from the beginning).

But, without going in-depth into the Guccifer story, I want to outline a handful of factors here that I think help us find our bearings.  They map back to three obscure but important details about the initial Guccifer 2.0 leak to Gawker and The Smoking Gun in June 2016.

They are details relating to the main document that has come under forensic analysis from that leak, which involved a group of ten files.  The main document out of those ten was a file containing opposition research on Trump.  (See extended discussions here, here, and here.)

To make the document appear to have been manipulated by a Russian, the original Trump-oppo content, created in December 2015 by a DNC staffer, was copied into a separate preexisting document from which the contents had been emptied.  This is a description of the transactions by the analyst known as the “Forensicator”:

Text from [an] intermediate RTF file [holding the contents of the original Lauren Dillon/DNC file] was then copied and pasted into an empty Word document.  In Guccifer 2’s case, this empty document was a template document that had its original body text removed.

The preexisting file had been created by a user account with the name “Warren Flood.”  Mr. Warren Flood, Actual, was an Obama campaign worker in 2008 and 2012, and was the IT administrator in the White House for Vice President Joe Biden from January 2009 to October 2010.

And the obscure details are these:

— The Warren Flood file was created in December 2008 as a Word document using MS Office 2007.

— The Warren Flood file was created on a U.S. government computer, as indicated by the annotation “GSA” – General Services Administration – in the “Company” field of the Word document’s Properties block.  (The image was created by Yaacov Apelbaum in his canonical treatment, linked above.)

Credit: Yaacov Apelbaum’s Image 5. See text for link. Author annotation of Company name “GSA.” Click to enlarge for legibility.

That means the Flood file was created during the Obama presidential transition.  Warren Flood was a 2008 transition team staffer (see footnote).  Presidential transition teams are supported by IT arrangements managed by the GSA (which also contracts for licensed software, such as the MS Office suite, for a number of federal agencies).

— The Warren Flood file was an attachment to a John Podesta email from December 2008, which later appeared in the tranches of Podesta emails published by WikiLeaks in October and November of 2016.  In other words, it was exposed to, and suffered, pilfering in the spring of 2016 along with Podesta’s other emails.

There has been an effort among analysts to fit the manipulation of these files in June 2016 to the career situation of Warren Flood in that year, on the theory that Flood’s name on the file implicates him.*  But that isn’t necessary, and I don’t believe it is properly directed.

John Podesta (left) and Robbie Mook, of the Hillary Clinton 2016 campaign.

The old Warren Flood file was created at a time when Flood was working on a government computer and using an old MS Office suite contracted by the GSA; i.e., in December 2008.  But as an attachment to Podesta’s email, the file was available to whoever gained access to Podesta’s email account.

The Forensicator is properly careful to observe that we don’t know for sure the Warren Flood file was retrieved by the manipulator (Guccifer 2.0) as an email attachment.  It might conceivably have been retrieved by another method.

But the opportunity was manifestly there for the file to be obtained as an attachment to the Podesta email.  And it’s doubtful the file was retrieved by another method, because after more than seven years, especially as a file created on a GSA computer during the presidential transition of 2008, it’s very unlikely it was resident anywhere else.  (The file template was also set up to put a “CONFIDENTIAL” watermark on it.  Even Flood probably didn’t work on the file on his own personal computer.)

It wasn’t a DNC document.  It was a presidential transition document.  (The document title makes that clear: it was about a proposed list of appointees for the U.S. Department of Agriculture.)  The only likely “hackable” place to happen on it in 2016 would have been in Podesta’s old emails.

I think it most probable that when the manipulation was done in June 2016, someone else – not Warren Flood – used his old file, obtained from Podesta’s email, to copy the Trump-oppo contents into, while “Russifying” the file.  A third party would reasonably not care whose name was on the file.  But Warren Flood – an IT specialist – would care, and would know, if he were manipulating file metadata, that his name was there.

It doesn’t make sense for Flood to leave his name prominent in the file metadata if his very purpose were to manipulate metadata.  It does make sense for someone else, manipulating the metadata, to not care.

Why does this matter?  Because it means we don’t have to tether the analysis of Guccifer 2.0 to either the Russians or Warren Flood.  Who Guccifer 2.0 really was doesn’t have to fit either profile in terms of known facts about connections or availability.

And as demonstrated by the seven other upended assumptions of the Russiagate-Spygate narrative, we especially don’t have to tether our analysis to any premise that the existing story about Guccifer 2.0 has been told in good faith.  If Democratic party leaders were strangely uninterested in “Russian hacking warnings” from the summer of 2015 to April 2016, and were willing in May 2016 to passively watch “Russian hackers” siphon off thousands of their files, we have no obligation to assume the same Democrats had nothing to do with the public release of those files, some with suspicious manipulations evident in them, starting a few weeks later.


* Most analyses have focused on the hypothesis that Warren Flood was directly involved in the manipulation of the file with his user name on it.  I believe that is the least likely scenario.  Here’s why.

Flood had been running his own company, called Bright Blue Data, since he left the White House in 2010, and there is no record of contracts with any federal agency between then and when the Obama administration departed the White House.  (Bright Blue Data got backing for a loan from the Small Business Administration in November of 2016.)

Record of federal agency awards to Bright Blue Data LLC, 2010-2016. Source; USA Spending:

Flood had a long history with Obama’s campaign organizations in both 2012 and 2008, and other researchers (including Apelbaum) have reported that in the summer of 2016, he was working for the short-lived 63 Magazine, an online magazine for political organizers which published from November 2015 to early 2017.

Flood’s wife, Alice McAlexander, worked for 63 Magazine from November 2015 to November 2016, according to her LinkedIn profile.  Like Flood, she worked in Obama campaign organizations in 2008 and 2012, and from 2013 to January 2015 she worked for 270 Strategies, the consulting firm launched by Obama campaign alumni Jeremy Bird and Mitch Stewart.  She spent most of 2015 working in New York for an autism advocacy group.

There’s no question Flood and McAlexander were well connected in Democratic organizing circles.  There is no evidence that either of them was working for the DNC, the Hillary campaign, or in the White House or a U.S. government agency in 2016.  Although it’s remotely conceivable that they were (and Apelbaum suggests one or both were), the evidence from imagery doesn’t actually prove it.  The most convincing image – of the two of them at a Christmas party with Biden in 2016 – isn’t proof that they worked in the White House at the time.  It was the last Christmas for the administration, and they were loyalists of longstanding and still prominent Democratic activists.  They were likely to be invited to Christmas parties.

J.E. Dyer

J.E. Dyer

J.E. Dyer is a retired Naval Intelligence officer who lives in Southern California, blogging as The Optimistic Conservative for domestic tranquility and world peace. Her articles have appeared at Hot Air, Commentary’s Contentions, Patheos, The Daily Caller, The Jewish Press, and The Weekly Standard.


For your convenience, you may leave commments below using Disqus. If Disqus is not appearing for you, please disable AdBlock to leave a comment.