Scott Ritter analyzes the recently released responses of Shawn Henry, a private security consultant, to Adam Schiff’s questions about data exfiltrated from the DNC.
By Scott Ritter
Special to Consortium News
It is one of the hottest conversations making the rounds on the internet — Shawn Henry, the retired FBI cyber-sleuth-turned private cyber security consultant, speaking with Adam Schiff, the Democratic chairman of the House Permanent Select Committee on Intelligence, recorded in transcripts of executive session testimony conducted on December 5, 2017, and only recently released to the public.
Schiff: Do you know the date in which the Russians exfiltrated the data from the DNC?
Henry: I do. I have to just think about it. I don’t know. I mean, it’s in our report that I think the Committee has.
Schiff: And, to the best of your recollection, when would that have been?
Henry: Counsel just reminded me that, as it relates to the DNC, we have indicators that data was exfiltrated. We do not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated.
Schiff: And the indicators that it was exfiltrated, when does it indicate that would have taken place?
Henry: Again, it’s in the report. I believe — I believe it was April of 2016. I’m confused on the date. I think it was April, but it’s in the report.
Schiff: It provides in the report on 2016, April 22nd, data staged for exfiltration by the Fancy Bear actor. [Note: Fancy Bear is an attribution label used by Henry’s parent firm, CrowdStrike, to identify specific hacking methods and tools which are collectively referred to as an “advanced persistent threat”, or APT. Fancy Bear is also known by other cyber security organizations as APT-28, and is assessed by the U.S. government as being affiliated with Russian Military Intelligence, or GRU.]
Henry: Yes, sir. So that, again, staged for, which means there’s not — the analogy I used with Mr. Stewart [Congressman Chris Stewart, R-Utah] earlier was we don’t have a video of it happening, but there are indicators that it happened. There are times when we can see data exfiltrated, and we can say conclusively. But in this case, it appears it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left.
Henry’s testimony has been used by many detractors of the “Russia-did-it” narrative promulgated by many congressional Democrats (including Schiff), the U.S. Intelligence Community (including the FBI), and former Special Prosecutor Robert Muelleras clear cut evidence that CrowdStrike had no direct evidence that any data or emails had been stolen from the DNC, and as such the entire narrative used to sustain the allegations that Russia was behind the thefts was, in fact, baseless.
>>Please Donate to CNs’ 25th Anniversary Spring Fund Drive<<
Such a sweeping conclusion, however, is not sustained by either Shawn Henry’s testimony, or the available evidence. While there remain serious questions about the efficacy of the official narrative laying the alleged cyber attacks on the DNC at the feet of Russian intelligence, Henry’s testimony in and of itself does not make that case. Indeed, information subsequently released by the FBI suggests that, Henry’s assertions notwithstanding, data transfers did, in fact, occur on April 22.
“On or about April 22,” an indictment charging Russian military intelligence officers with the hacking of the DNC server alleges, “the Conspirators compressed gigabytes of data from DNC computers, including opposition research. The conspirators later moved the compressed DNC data using X-Tunnel to a GRU-leased computer located in Illinois.” Based on an analysis of the Illinois computer and another in Arizona, Mueller likewise asserts, in his report, that “[T]he GRU also stole documents from the DNC network shortly after gaining access. On April 22, 2016, the GRU copied files from the DNC network to GRU-controlled computers.”
[In a footnote to his report, Mueller uses the qualifier “appear” to say that GRU “officers appear to have stolen thousands of emails and attachments, which were later released by WikiLeaks in July 2016.” He was never able to establish how the emails got to GRU headquarters.]
What Henry’s testimony does do, however, is dismantle the official predicate used by the FBI to initiate its counterintelligence investigation, known as Crossfire Hurricane, into alleged collusion between persons affiliated with the presidential campaign of Donald Trump and the Russian government to influence the outcome of the 2016 Presidential election in favor of Trump.
The date of the alleged “staging” of data for “exfiltration” — April 22, 2016 — is highlighted by Schiff, during his questioning of Henry.
Schiff: In your report, when you stated the data was staged for exfiltration on April 22ndof last year, that would have been the first time that you found evidence that the data was staged for exfiltration?
Henry: I believe that is correct.
Schiff: Did you have a chance to read the information that was filed in conjunction with the George Papadopolous plea? [Note: George Papadopolous was a one-time foreign policy adviser to the Trump campaign who pled guilty to lying to FBI agents.]
Henry: I did not.
Schiff: In that information, it states that Mr. Papadopolous was informed at the end of April that the Russians were in possession of stolen DNC or Clinton emails. If that information is correct, that would only be days after that data was staged for exfiltration?
Recently declassified Foreign Intelligence Surveillance Act (FISA) applications submitted by the Department of Justice to the Foreign Intelligence Surveillance Court, a unique judicial body that approves requests for secret warrants used by law enforcement to conduct covert electronic and physical surveillance of U.S. citizens, reveal that the predicate for the FBI’s Crossfire Hurricane investigation into alleged Russian collusion by the Trump campaign was triggered by a May 10, 2016, meeting between Papadopolous and an Australian diplomat, Alexander Downer (who at the time was the Australian Ambassador to the United Kingdom) in a London bar.
According to Downer, Papadopolous revealed that, based upon an April 26 conversation with a Maltese professor named Joseph Mifsud, “he [Papadopolous] thought that the Russians may release information, might release information, that could be damaging to Hillary Clinton’s campaign at some stage before the election.”
Downer and a fellow Australian diplomat who was also at the meeting and witnessed Papadopolous’ statement, drafted a cable back to the Australian Ministry of Foreign Affairs in Canberra recording the gist of the conversation. “There was no suggestion from Papadopoulos nor in the record of the meeting that we sent back to Canberra, there was no suggestion that there was collusion between Donald Trump or Donald Trump’s campaign and the Russians,” Downer said. “All we did is report what Papadopoulos said.”
After the release by WikiLeaks on July 22, 2016, of thousands of emails allegedly sourced from the DNC, Downer, concerned that there might be a link between Papadopolous and the DNC emails, provided a copy of his cable to the U.S. Embassy in London, which forwarded it onto the FBI. This cable was used by the FBI to initiate its Crossfire Hurricane counterintelligence investigation into the Trump campaign; a derivative investigation into Papadopolous was given the codename “Crossfire Typhoon.”
As far as predicates for sensitive counterintelligence investigations of presidential campaigns go, the Papadopolous conversation with Misfud is transparently weak. A cursory examination of the emails released by WikiLeaks on July 22, 2016, shows that no in-time reference pre-dates May 25, 2016, more than a month after the alleged “data staging” event that Schiff highlighted as the link between the DNC hack and Papadopolous.
In short, regardless of the content of Papadopolous’s conversation with Mifsud, as relayed by Downer, there was no linkage between any emails alleged to be in the possession of Russia at the time of the April 26, 2016, Papadopolous-Misfud meeting and the actual data released by WikiLeaks on July 22, 2016, that the FBI used to justify the opening of both the Crossfire Hurricane and Crossfire Typhoon investigations. As Mueller notes in his report, the information released by WikiLeaks on July 22, 2016, coincides with a separate, alleged cyber attack on the DNC Microsoft Exchange Service between May 25 and June 1, 2016 — an attack that Mifsud could not have known about when he met with Papadopolous in April.
Moreover, the FBI knew before it interviewed Papadopolous on Jan. 27, 2017, that Papadopolous was not involved in any scheme to acquire purloined Russian emails on behalf of the Trump campaign. In September and October of 2016, the FBI made use of two confidential human sources (CHS) to engage Papadopoulos in conversations designed to elicit corroboration into its now-debunked theory.
In a Sept. 15, 2016, meeting between Papadopolous and an FBI-controlled CHS, Papadopolous was asked outright whether or not the Trump campaign could benefit from third-party intervention from the likes of WikiLeaks or Russia. Papadopolous made it clear in his response that no one in the campaign was advocating for this kind of intervention because it was “illegal,” “compromised national security,” and “set a bad precedent.”
“At the end of the day,” Papadopolous said, “it’s an illegal, it’s illegal activity. Espionage is treason. This is a form of treason.” And when asked by a second FBI-controlled CHS on Oct. 29, 2016,about who he thought was behind the hacking of the DNC, Papadopolous responded that it could be “the Chinese,” “the Iranians,” “Bernie supporters,” or “Anonymous” — but not the Russians. “Dude, Russia doesn’t have any interest in it anyways,” Papadopolous said. “They — dude, no one knows how a president is going to govern anyways. I mean…Congress is very hostile to Russia anyways.” It was a prescient, and telling, exchange — one the FBI chose to ignore.
In the court filing detailing the facts sustaining Papadopolous’s guilty plea, Mueller declared that “defendant PAPADOPOULOS impeded the FBI’s ongoing investigation into the existence of any links or coordination between individuals associated with the Campaign and the Russian government’s efforts to interfere with the 2016 presidential election.”
However, any careful examination of the data used by the FBI to link Papadopolous to the WikiLeaks release of DNC emails on July 22, 2016, clearly shows that there was absolutely no connection. As such, Papadopolous’s conversation with Mifsud had zero material bearing on the FBI’s investigation, a fact known to the FBI prior to its interview of Papadopolous on Jan. 27, 2017.
Indeed, the demonstrative lack of connection between Papadopolous and the hacking of the DNC should have been grounds for shutting down the Crossfire Hurricane investigation. There is only one explanation for the FBI’s actions in continuing to pursue Papadopolous — the interview was a perjury trap, plain and simple, designed to generate a conviction that would politically damage a sitting president and create the impression that the investigation into Russian collusion was more credible than it actually was.
The Papadopolous saga has been overshadowed by the ongoing controversy swirling around the Department of Justice decision to drop its charges against former Trump National Security Advisor Michael Flynn who, like Papadopolous, pled guilty to lying to an FBI agent. The same kind of prosecutorial misconduct, perpetrated by many of the same individuals, that prompted dropping Flynn’s charges infects every aspect of the Papadopolous matter — even more so.
While Papadopolous cannot undo his sentence, or get back the time he served in prison, he can be exonerated by a much-deserved presidential pardon. Anything less would represent a victory by those who have corrupted American justice for political purposes, and a defeat for every American citizen who believes in the foundational principle of impartial justice.
Scott Ritter is a former Marine Corps intelligence officer who served in the former Soviet Union implementing arms control treaties, in the Persian Gulf during Operation Desert Storm, and in Iraq overseeing the disarmament of WMD.
The views expressed are solely those of the author and may or may not reflect those of Consortium News.
>>Please Donate to CNs’ 25th Anniversary Spring Fund Drive<<