US Investigation into Russia’s Influence Campaign

This page will continuously be a work in progress. However, the details of the investigation and its progress are not intended to be the key focus of this website. My primary overall goal is to lay out whatever actual evidence I can find supporting claims of Trump campaign coordination with the Russian state’s effort to subvert the 2016 US election process.

Initial Suspicions

In late Summer 2015, the FBI first became aware of Russian-connected cyber intrusions, including a “massive effort to target government and nongovernmental” agencies. Source

In 2015-2016, US intelligence intercepted various communications between different sets of Russian government officials involving Donald Trump, his business associates, and members of his presidential campaign. These communications began to raise suspicions about whether Trump was working with the Kremlin to advance his campaign.

On July 18–19, 2016, several Trump campaign members met Russian ambassador Sergey Kislyak at a Global Partners in Diplomacy event, linked to the ongoing RNC. Carter Page testified that he, Jeff Sessions, J.D. Gordon, and George Papadopoulos had a meeting with Kislyak, discussing policy issues. Source Gordon said that their discussion involved Trump’s desire to “reset” the US-Russia relationship, and potential future cooperation regarding ISIS and issues in Syria. Source

Sergey Kislyak was under surveillance by US intelligence. The fact that Kislyak’s meetings with Trump campaign officials at the RNC were immediately followed by the launch of the official investigation raises questions about whether Kislyak’s conversations with Trump campaign members and/or other members of the Republican Party revealed active cooperation with the Kremlin.

In July 2016, the FBI launched a counterintelligence investigation into the hacking of the DNC. It later confirmed press reports that this investigation also targeted Donald Trump’s advisors’ contacts and links with Russian government officials and intelligence operatives, and whether there was coordination between the Trump campaign and Russia’s efforts to influence the 2016 election. Source1 Source2

See the separate page detailing Russia’s Influence Campaign

The Trump–Russia investigation involved a joint taskforce including the FBI, Department of Treasury, and Department of Justice for domestic inquiries; and the CIA, the Office of the Director of National Intelligence, and the NSA for foreign and intelligence aspects of the investigation. Source

 Attribution of Hacking to Russia

Since December 2016, US intelligence officials have expressed high confidence in their conclusions that Russia was behind the hacking of the Democratic National Committee, the publication of stolen documents, and other efforts to interfere in the 2016 US election. Furthermore, US officials indicated that Russian president Vladimir Putin personally lead the effort, beginning as a personal ‘vendetta’ against Hillary Clinton, but eventually growing into a broad-scope effort to disrupt the US electoral process. Source See also the January 2017 report from the US Director of National Intelligence:

We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. We have high confidence in these judgments.

Private companies Crowdstrike, Fidelis Cybersecurity, Mandiant, SecureWorks, and ThreatConnect agreed that Russia was behind the leak of DNC emails to Wikileaks. Sources: 1, 2, 3, 4, 5, 6.

On December 29, 2016, the FBI and DHS’s NCCIC published a joint analysis report providing technical details about the tools and infrastructure used by Russian intelligence in hacking various US entities. From the report:

This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information.
The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group… entered into the party’s systems in summer 2015, while the second… entered in spring 2016.
In summer 2015, [the first group’s] spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims…In the course of that campaign, [the first group] successfully compromised a U.S. political party.
In spring 2016, [the second group] compromised the same political party…The U.S. Government assesses that information was leaked to the press and publicly disclosed.
Surveillance of US Individuals

After Carter Page left the Trump campaign, in October 2016, the FBI obtained a 90-day FISA warrant (since, renewed more than once) to monitor Page, based on a belief that Page was acting as an agent of the Russian government, and that he knowingly engaged in clandestine intelligence activities on their behalf. Source (It was later reported that Page had been under FISA surveillance since 2014. Source)

The warrant request was based on Page’s 2013 conversation with Podobnyy, in addition to other as-yet undisclosed contacts between Page and Russian operatives. Source

Probably safe to assume it was also partly based on the Steele dossier.

The warrant also covered two Russian banks. It was based in part on intelligence passed to the CIA by a Baltic country, including a tape recording of a conversation about money from the Kremlin going into the US presidential campaign. Source

Depending on who was in this conversation intercepted by the Baltic country, this could be among the most important pieces of evidence.

Paul Manafort had previously been under FISA surveillance beginning in 2014, although it was discontinued in 2016. Later in 2016, a new FISA warrant re-initiated surveillance on Manafort, which continued into 2017. This second FISA warrant against Manafort was likely obtained due to his intercepted communications with suspected Russian operatives, and other communications between Russians. In addition to surveillance, this warrant also included authorization to search a storage facility belonging to Manafort. Source

Trump Organization and Alfa Bank Servers

As part of their investigation, the FBI examined computer data showing a link between a Trump Organization server and two banks, including Alfa Bank. In part, two servers at Alfa looked up the unique Internet address of the Trump server, mail1.trump-email.com, 2,820 times, representing 80% of all the lookups for that Trump server. Nearly all the other lookups were by Spectrum Health, a medical facility chain led by Dick DeVos, husband of Trump’s Secretary of Education Betsy DeVos. That address, registered to the Trump organization, points to an IP address in Lititz, PA. Source

On September 21, 2016, Eric Lichtblau, a journalist with the NY Times, was reported to have met with a representative of Alfa Bank in Washington. Lichtblau inquired about their server’s traffic with the Trump Organization server. Shortly afterward, the Trump Organization web domain ceased to function. It appeared that Alfa Bank had notified the Trump Organization that the New York Times was looking into their network communications and might expose them, and the Trump Organization immediately shut down the server. However, on September 27, the Trump Organization established a new host name for that same server. The only look up attempts for that new host name came from Alfa Bank. In other words, according to reports, the party who changed the Trump Organization server’s host name must have directly communicated that new host name (e.g., via SMS, or over the phone, or some other channel) to the party using the other server at Alfa Bank. However, despite Alfa Bank’s lookup attempts, actual traffic (such as emails) to the Trump Organization server completely stopped after that point. Source

Voter Targeting

Further investigations looked into the possibility that the Trump campaign assisted Russian “bots” to specifically target high-impact states and important districts in those states for distribution of negative or fabricated “fake news” anti-Clinton stories. “There appears to have been significant cooperation between Russia’s online propaganda machine and individuals in the United States who were knowledgeable about where to target the disinformation.” -Mike Carpenter, who held a senior Pentagon post working on Russian matters at the time of the events. Evidence indicated that the Russian bots targeted women and African-Americans in decisive states of Wisconsin and Michigan. Source

Setbacks

On October 31, 2016 (online, and then on November 1 in the print edition), about a week before the election, the New York Times published a prominent article fully exonerating Donald Trump and his campaign of any involvement in Russia’s election interference. The article claimed that US intelligence believed that “the hacking into Democratic emails… was aimed at disrupting the presidential election rather than electing Mr. Trump.” Moreover, “no evidence has emerged that would link [Trump] or anyone else in his business or political circle directly to Russia’s election operations.” The article, in turn, claimed that US intelligence didn’t have any evidence that Russia exerted influence on Paul Manafort; that the suspicious communications between a Trump Organization server and Alfa Bank were likely benign marketing emails; and that Russia’s goal was not to support Trump, but just to disrupt the election, and was just normal continuing cold war stuff. Finally, the article simply repeated denials of any wrongdoing by Carter Page and Roger Stone without criticism. The final words in the article quote Roger Stone saying that the entire Trump-Russia investigation was “the new McCarthyism.”

The article was inaccurate. Personally, I would call publication of this article, particularly at this time, by the New York Times incredibly irresponsible if not actively complicit.

This story is a story in and of itself. Lead author Eric Lichtblau was reported to have met with a representative of Alfa Bank in Washington on September 21, 2016, and inquired about the server traffic with the Trump Organization server. Shortly afterward, the Trump Organization web domain ceased to function. It appeared that Alfa Bank tipped off the Trump Organization that the New York Times was looking into their network communications and might expose them, and the Trump Organization immediately shut down the server.

However, on September 27, the Trump Organization established a new host name for that same server. The only look up attempts for that new host name came from Alfa Bank. In other words, the party who changed the Trump Organization server’s host name reportedly must have communicated that new host name (e.g., via SMS, or over the phone, or some other channel) to the party using the other server at Alfa Bank. However, traffic to the Trump Organization server completely stopped after that point. Source

This activity should have raised suspicions by Lichtblau. Or at least merited a mention in the article published just days later where he reported that the servers were only engaged in benign marketing communications. But Lichtblau published the 10/30 article completely exonerating Trump essentially without comment or criticism.

Obstruction of Justice

The existence of the criminal investigation into Trump campaign members’ possible cooperation with the Russian state in their interference in the election, being carried out by a joint taskforce of several US intelligence and law enforcement agencies, was revealed very early in the Trump presidency. Following several failed attempts to influence US officials and investigators to end the inquiry, Donald Trump fired FBI Director James Comey. Although Trump told Russian officials visiting the White House the next day that firing “nutjob” Comey would relieve him from the great pressure of the investigation, he had again failed to end the inquiry. Just a week later, former FBI Director Robert Mueller was appointed as special counsel to lead the continued investigation effort involving the joint taskforce. The scope of Mueller’s investigation was stated to include whether Trump’s firing of James Comey constituted criminal obstruction of justice.

Other Political Oceans pages with further information (and sources supporting the above statements):