Access Hollywood, the GRU, Wikileaks, Porn Stars, and the FBI: A Perfect Storm
This article examines the momentous political events that occurred on October 7th, 2016, and the staggered Wikileaks releases up to the election. It is the sixth and final article in the series “Russian Active Measures and the 2016 U.S. Presidential Election.” While it is not necessary to read previous entries, it is recommended.
The first article provides definitions for the concepts “Active Measures” and “Disinformation” and provides a history past Russian interference efforts.
The second article provides a description of Russian hacking and cyber warfare efforts in the lead up the the 2016 U.S Presidential Election.
The third article describes how Russia’s Foreign and Military Intelligence agencies breached the Democratic National Committee.
The fourth article describes the role Wikileaks played in amplifying Russian Active Measures and the response of the Clinton and Trump campaigns.
The fifth article covers the Obama Administration’s and U.S. Intelligence Community’s response to the Russian Active Measures campaign in 2016.
This article is an excerpt from my book, While We Slept: Vladimir Putin, Donald Trump, and the Corruption of American Democracy, available here.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
October 7th, 2016: A Perfect Storm
When the joint Department of Homeland Security and Office of the Director of National Intelligence statement was released on October 7th revealing that the Russian government had ordered the hack on the DNC, Trump was preparing for his upcoming debate with Hillary Clinton.
Senior staffers had just received advance notice that in one hour, approximately 4pm, The Washington Post was going to release what came to be known as the Access Hollywood tape, in which Trump was recorded boasting to television host Billy Bush about attempting to seduce a married woman and how he often didn’t wait before kissing attractive woman.
“I don’t even wait,” Trump told Bush. “And when you’re a star, they let you do it. You can do anything. … Grab ’em by the pussy. You can do anything.”
“This is fatal,” Paul Ryan told RNC chairman Reince Priebus in a private phone conversation. “How can you get him out of the race?”
Priebus explained to the Speaker of the House that it was impossible, there was no mechanism to strip Trump of the Republican Party nomination. When a day later Trump convened a meeting at Trump Tower to discuss the fallout of the tape, Priebus didn’t mince words.
“I’ll tell you what I’m hearing,” Priebus replied when asked by Trump what he had been hearing. “Either you’ll lose in the biggest landslide in history, or you can get out of the race and let somebody else run who can win.”
Despite Preibus’s stark assessment, Trump maintained a core group of loyalists including his children and the former mayor of New York, Rudolph Giuliani.
Also among those who remained loyal at this critical moment was his new campaign chairman. Steve Bannon had replaced Paul Manafort on August 17th after The New York Times had run a story about a secret ledger found in Ukraine that listed illicit payments by the ousted Yanukovych government to the Republican political svengali.
Bannon had been recommended to Trump by Rebekah Mercer, the daughter of the libertarian hedge fund billionaire and top Trump donor Robert Mercer.
At 4:32pm on October 7th, exactly 32 minutes after The Washington Post broke the Access Hollywood story, Wikileaks released 2,050 emails that GRU Unit 26165 had exfiltrated from John Podesta’s inbox. It was a surprise capper, and only the first of a staggered series of leaks that would last through the election, to one of the most infamous days in the history of American politics.
Not everyone was surprised, however.
On September 26th Roger Stone had told Paul Manafort, no longer employed by the campaign but still involved in an unofficial capacity, that “John Podesta was going to be in the barrell,” and that “there were going to be leaks of John Podesta’s emails.”
Another person unsurprised by the Podesta leaks was Donald Trump.
On September 29th, Trump had been riding in a limo with Rick Gates on their way to La Guardia airport when he took a call from Roger Stone. After the call concluded, Trump told Gates that “more releases of damaging information would be coming.”
Wikileaks was also in direct contact with Donald Trump Jr. On September 20th, Wikileaks sent Trump Jr. a Twitter DM, writing: “A PAC run anti-Trump site putintrump.org is about to launch.”
WikiLeaks continued, “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?”
“Off the record I don’t know what this is, but I’ll ask around,” Trump Jr. replied.
“Guys I got a weird Twitter DM from wikileaks. See below,” Trump Jr. wrote in an email to senior campaign staffers.
“I tried the password and it works and the about section they reference contains the next pic in terms of who is behind it. Not sure if this is anything but it seems like it’s really wikileaks asking me as I follow them and it is a DM. Do you know the people mentioned and what the conspiracy they are looking for could be? These are just screen shots but it’s a fully built out page claiming to be a PAC let me know your thoughts and if we want to look into it.”
“Hiya, it’d be great if you guys could comment on/push this story,” Wikileaks wrote to Trump Jr. again on October 3rd, attaching a likely fabricated quote from Hillary Clinton claiming to want to “drone” Julian Assange.
“Already did that earlier today,” Trump Jr. replied thirty minutes later. “It’s amazing what she can get away with.”
“I love Wikileaks!” Trump proclaimed at a rally three days after the Podesta leaks.
Two days later @Wikileaks sent the following direct message to Donald Trump Jr.: “Strongly suggest your dad tweets this link if he mentions us … there’s many great stories the press are missing and we’re sure some of your follows [sic] will find it. btw we just released Podesta Emails Part 4.”
Shortly thereafter, Trump tweeted, “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged System!”
Two days after that, Trump Jr. tweeted the link from his personal account: “For those who have the time to read about all the corruption and hypocrisy all the @wikileaks emails are right here: wlsearch.tk.”
While Trump loudly and publicly luxuriated in the Wikileaks disclosures, Michael Cohen was involved in clandestine damage control in the wake of the Access Hollywood tape.
A Stormy Situation: Michael Cohen Makes An Illegal Hush Money Payment on Behalf of Candidate Donald Trump
The night after the tape was released, Cohen was informed by Trump’s press secretary Hope Hicks that a rumor was circulating of the existence of a tape in which Trump could be seen with prostitutes while he was in Moscow for the 2013 Miss Universe Pageant.
Hicks had heard that the celebrity tabloid website TMZ may have the tape and wanted Cohen to utilize his relationship with its founder Harvey Levin to learn what he could.
In addition to the potential emergence of the Moscow tape, the Access Hollywood scandal dredged up old problems. Stephanie Clifford, a pornographic actress who went by the name of Stormy Daniels, had engaged in an extramarital, sexual affair with Donald Trump after meeting him at a golf tournament in 2006.
While salacious rumors of the affair had been previously been hinted at in the press, following the release of the Access Hollywood tape Trump and his enablers feared that he wouldn’t be able to politically survive another sex scandal. Cohen was tasked with making the problem go away.
Unbeknownst to the public, Donald Trump had entered into a “catch and kill” alliance with his longtime friend David Pecker, the CEO of American Media Inc (AMI), parent company of the tabloid The National Enquirer.
Shortly after he announced his candidacy, Trump and Michael Cohen sat down with Pecker for a meeting in August of 2015 in Trump Tower. During the meeting, Pecker offered to buy the rights to and bury potentially embarrassing or unflattering stories about Trump and to do so in coordination with Cohen.
In addition to buying and withholding Trump related matters from the public, The National Enquirer also routinely wrote stories attacking Trump’s Republican primary opponents and Hillary Clinton.
In late 2015, AMI paid a former Trump World Tower doorman, Dino Sajudin, $30,000 in order to bottle-up an as yet unsubstantiated story that Trump had fathered a love child with a former employee.
Shortly thereafter and at Trump’s personal direction, AMI arranged to pay $150,000 to Karen McDougal, the 1998 Playboy Playmate of the Year who had a 10-month sexual relationship with Trump from 2006–2007, for exclusive rights to the story and then never ran it.
In the aftermath of the Access Hollywood tape, however, Pecker refused to buy the Stormy Daniels story, leaving it to Trump and Cohen to deal with personally.
Cohen arranged for a $130,000 payment to be made to Clifford using his own money by drawing down a home equity line. Cohen, who was reimbursed by Trump, made the payments using a private company, Essential Consultants LLC, and pseudonyms for the various parties.
Cohen’s payment to Daniels went through on October 27th, with the election just under two weeks away.
Three days later, he received a message from his friend Giorgi Rtskhiladze, whom he and Trump had worked with on a potential Trump Tower Batumi project in the formerly-Soviet Republic of Georgia.
Read my description of the Trump Tower Batumi project here.
“Stopped the flow of some tapes from Russia but not sure if there is anything else. Just so u [sic] know…”
“Tapes of what?” Cohen replied.
“Not sure of the content but the person in Moscow was bragging had [sic] tapes from Russia trip.” Rtskhiladze was referring to the alleged Moscow tape. “I’m sure it’s not a big deal but there are lots of stupid people.”
Rtskhiladze later claimed that he was only referring to a rumor a friend had overheard at a Moscow party. The identity of the “person in Moscow” is not publicly known.
Russian Military Intelligence Continues Its Campaign
Meanwhile, in the time between Trump’s July 27th call for Russia to find Hillary’s missing emails and election day on November 8th, the GRU continued its malicious activities unabated.
On August 15th, the GRU reached out to a Republican Congressional candidate in Florida, providing them with documents related to his opponent. While the candidate has never been named by the authorities, suspicions in Florida fell on Representative Brian Mast, who has admitted to using information hacked by the GRU.
Mast went on to win his election.
“Feel free to send any Florida information my way,” wrote a Florida-based Republican political operative and blogger named Aaron Nevins in a message to Guccifer 2.0.
Ten days later, on August 22nd, the GRU obliged, sending 2.5 gigabytes of Democratic voter turn-out analyses to Nevins. The DCCC documents analyzed individual Florida districts and divided voters into blocs of how likely they were to turn out and vote for Democrats.
“Holy fuck man I don’t think you realize what you gave me,” Nevins breathlessly replied to Guccifer. “I’m still going through that stuff and I find buried deep the [sic] turnout model for the democrats entire presidential campaign. This is probably worth millions of dollars.”
Nevins posted the information on his politics blog HelloFLA on September 8th. A day later, Guccifer 2.0 sent a link to the article to Roger Stone, with the message, “hi, what do you think of the info on the turnout model for the democrats entire presidential campaign?”
“[P]retty standard,” Stone replied.
According to publicly available information, Stone and Guccifer 2.0 had been privately communicating over Twitter director messages since at least August 14th.
Nine days before that, Stone had written a column for Breitbart in which he denied Russian involvement in the DNC hack and claimed that Guccifer 2.0 was in fact a lone Romanian hacker.
Guccifer 2.0 subsequently thanked Stone for writing the article and over the course of their private correspondence Guccifer told Stone that he was a “great man.”
At another point, the GRU via Guccifer 2.0 wrote, “please tell me if i can help you anyhow,” saying that “it would be a great pleasure for me.”
While Stone’s twitter direct messages with Guccifer 2.0 ended abruptly on September 9th, it is not known whether the two may have communicated using different Twitter accounts or on entirely different, potentially encrypted, alternative platforms.
Furthermore, there is evidence suggesting that around this time the GRU believed that the FBI may have been monitoring their private twitter messages.
In late August, investigative reporter William Bastone from the news outlet The Smoking Gun, who had been contacted by Guccifer as far back as June 27th, wrote to the hackers asking about their contacts with Roger Stone, who had been publicly indicating that he had inside information on upcoming Wikileaks releases.
“why r u asking?” Guccifer replied to Bastone. “the fbi’s tracking me, reading my dm [direct messages] and giving you hints. no?”
Nor was Bastone the only American reporter the GRU interacted with.
On August 22nd, the same day they sent the DCCC voter turnout analyses to Aaron Nevins, Guccifer 2.0 connected with Lee Stranahan, a reporter with Breitbart. Stranahan had messaged Guccifer and claimed that he helped Roger Stone write his August 5th piece in Breitbart and had personally convinced him that Guccifer 2.0 was not Russian.
Stone later admitted it was Stranahan who informed him of Guccifer 2.0’s existence. The GRU provided Stranahan with stolen DCCC documents related to the Black Lives Matter movement.
After the election, Stranahan quit Breitbart in protest after referring to it’s editor-in-chief Alexander Marlowe as a “TRAITOR IN CHIEF” when Marlow acknowledged the Russian hack took place. He then got a job at the Russian state-controlled news agency Sputnik.
Over the course of August, hackers in Unit 74455 carried out cyber espionage operations against VR Systems, an elections software and hardware provider.
The operation was led by GRU officer Anatoliy Sergeyivich Kovalev, who back in June had started researching website domains used by State Boards of Elections, secretaries of state and other elections related organizations to search for vulnerabilities.
The NSA later assessed in a top secret document leaked in 2017 that the GRU’s attack on VR Systems obtained information on election-related software and hardware and was likely used to launch spear phishing attacks against local government organizations involved in voter registration.
Intelligence officials speaking to The New York Times in 2017 claimed that, in addition to VR Systems, two other providers of critical election infrastructure had been breached. The identity of these companies and the exact nature of the breaches remain classified.
VR Systems provided election-related software and hardware solutions for local election officials in Florida, California, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia.
In Florida alone, 62 out of its 67 counties used VR Systems software, including the Democratic stronghold Miami-Dade.
VR Systems also serviced 23 out of 100 counties in North Carolina.
After the election, it was discovered that VR Systems routinely used remote access software to troubleshoot problems for customers from a distance. Election security experts have described the use of remote access software as a critical security lapse because, depending on how a network is configured, it can not only allow outside intruders in but potentially provide them with access to the entire target network.
Government guidelines regarding voter registration systems do not ban the use of remote access software, but recommend that tech providers and their customers use encrypted virtual private networks (VPN) when they do so.
If, however, a hacker was inside VR Systems’s network when a VPN was established, or had obtained a VR Systems employee’s VPN credentials, they could have remotely infiltrated the customer’s network.
In fact, this was exactly how Unit 74455 hackers had accessed the Ukrainian electric grid only a year earlier.
Nor was VR Systems the only election related company that engaged in remote access. After initially denying having done so, Elections Systems and Software, the largest provider of voting machines in the US, later admitted to having used remote access software with a number of its customers between 2000 and 2006.
According to Special Counsel Robert Mueller’s report, after sending spear phishing emails to VR Systems employees, the Russians successfully installed malware on their network.
VR Systems, on the other hand, has maintained that the spear phishing attempts were unsuccessful. To bolster this claim, they point to an investigation conducted by the private cyber security firm FireEye which concluded that the company had not been breached by hackers.
The FireEye analysis, however, was conducted over a year after the alleged Russian intrusion, an ample amount of time for evidence of the hack to be scrubbed by the perpetrators.
When the Department of Homeland Security conducted its own investigation into the matter in 2018, over two years after the alleged breach, they found no malware in their system.
Questions remain as to whether the FireEye and DHS investigations looked into the full spectrum of ways hackers could have compromised VR Systems and their customers, or whether the scope of the investigations were too limited to be considered comprehensive.
On August 30th, six days after VR Systems had received spear phishing emails from the GRU, Florida held a state primary election. Prior to the close of the polls, an election results webpage hosted by VR Systems for the heavily Democratic Broward County began prematurely and illegally displaying election results.
At the time, VR Systems blamed the incident of a “clerical error.” Whatever caused the anomaly, it led to chain reaction in which other Florida counties were unable to display their results in a timely manner following the close of the polls.
While there is no publicly available evidence that any of the results in Florida were tampered with, local election officials have admitted that if a VR Systems employee’s credentials had been successfully stolen, hackers could have changed election results.
As uncovered by the reporting of Kim Zetter, an analysis of all the public statements issued by VR Systems reveals a confused and inconsistent timeline of events related to their handling of the spear phishing emails sent by the GRU.
In a letter sent to the North Carolina State Board of Elections, VR Systems claimed that the spear phishing emails had been caught and identified upon receipt before any employees could open them.
In a subsequent letter to Senator Ron Wyden (D-OR), however, VR Systems claimed they identified the spear phishing emails around the same time that they participated on a September 30th conference call between the FBI and Florida election officials to discuss the efforts of foreign hackers to target the state’s election infrastructure.
On October 31st, GRU hackers created the email address vrelections@gmail.com and sent spear phishing emails to over 100 Florida-based VR Systems state election customers containing a malware attachment disguised as a Word document masquerading as a user guide for VR Systems electronic poll book software — devices that contain voter check-in information that have replaced the thick binders of paper used previously.
A month earlier, VR Systems had sent a legitimate email to customers in North Carolina that contained a user guide, indicating that the GRU was aware of how to design their emails to appear like VR Systems usual correspondence.
Officials in Florida’s Washington County, and another as yet unnamed country, appear to have clicked and been infected by the malware.
One VR Systems customer, Durham County in North Carolina, experienced a series of unexplained technical glitches and anomalies in the lead up to and on election day itself.
On November 6th, the Sunday before the election, Durham-based election workers were attempting to load voter data from a county computer onto USB flash drives which would then be inserted into laptops that poll workers would use to determine voter eligibility. The data transfer from the central county computer to the flash drives inexplicably was taking up to ten times longer than usual.
The problems continued into the next day and threatened to disrupt election day. As a result, Durham county officials contacted VR Systems and despite the fact that VR Systems was at that time aware that they had been targeted by Russian hackers, the company proceeded to access the county computer remotely.
On election day itself, numerous laptops used by Durham county poll workers to determine voter eligibility crashed, froze or indicated that individuals had already voted when they hadn’t.
A number of laptops displayed a false warning that voters needed to produce ID, when North Carolina law had changed so that was no longer necessary. The problems got so bad that state officials ordered Durham to switch to using paper records.
The process of doing so led to significant delays and it remains unknown how many of those who experienced the inconvenience left without voting. The events in Durham remain unexplained, and while there is no direct evidence of Russian hackers causing the problems the possibility cannot be ruled out.
While the GRU’s activities continued unabated, the Clinton campaign struggled to deal with the steady and very public Wikileaks releases of John Podesta’s emails in the month leading up to the election.
Clinton staffer Glen Caplin was placed in charge of roughly a dozen other staffers and, working out of an office they called the “room of tears,” they poured over the content of the released emails to monitor them for potential items that could embarrass the campaign.
While most of the leaked emails were innocuous, others were marked by the kind of petty infighting that, while not unusual for large organizations, proved unflattering in the harsh glare of October during campaign season.
Most of the leaked emails revealed little more than the kind of snark and petty grievances common to all campaigns.
In one email Chelsea Clinton is referred to as a “spoiled brat” by former Clinton Foundation executive Doug Band.
Another featured Robby Mook sarcastically referring to New York mayor Bill De Blasio as a “terrorist.”
In yet another, the president of the liberal think tank the Center for American Progress Neera Tanden refers to Hillary’s political instincts as “suboptimal.”
One email featured Clinton staffer Jennifer Palmieri criticizing Catholic Republicans by describing their faith as “the most socially acceptable politically conservative religion.”
The Clinton campaign would try unsuccessfully to push the media narrative towards the fact that the emails were stolen by Russia rather than on the rather innocuous content of the emails themselves. This misplaced media focus, paired with the steady drip way in which Wikileaks released the emails, turned them into a significant issue for the campaign as it closed in on election day.
It would take the Director of the FBI, however, to turn the storm into an F-5 hurricane.
Comey’s Fateful Decision and the 2016 Election
On October 28th, 2016, just over a week before the election, James Comey sent a letter to Congress stating that the FBI was reopening the Clinton email criminal inquiry. The letter was leaked to the press and a media furor erupted, serving as an October Surprise gut punch to the Clinton Campaign.
A separate investigation into the disgraced former Democratic lawmaker from New York Anthony Weiner, who was married at the time to Clinton aide and confidant Huma Abedin, had inadvertently uncovered emails that were possibly pertinent to the Clinton email investigation.
Despite the fact that long standing FBI policy forbids it from making any moves that could possibly influence the outcome of an election, and despite the fact that DOJ officials warned him that any announcement would violate this policy, Comey decided it was better to disclose rather than conceal the reopening of the investigation.
Two days before the election, Comey sent a second letter to Congress in which he said that, after working “around the clock,” the FBI had reached the same conclusion they had in July and that the case was again closed.
Regardless, the damage was done.
Millions of Americans had already cast early votes. The Clinton campaign learned through focus groups that voters were conflating the DNC and Podesta emails released by Wikileaks with the “email scandal” that was being so thoroughly flogged by the press.
The Trump campaign was ebullient by the late stage development, with many Trump aides coming to believe for the first time that he might actually win the presidency.
The statistician and elections analyst Nate Silver has since stated, “Hillary Clinton would probably be president if FBI Director James Comey had not sent a letter to Congress on Oct. 28.”
On November 8th, supporters of both candidates traveled to the polls with baited breath. For many Democrats and within the Washington and coastal elite, a Trump presidency remained unthinkable. Confidence was high that Hillary Clinton would be the next President of the United States.
This assessment was shared by Vladimir Putin and the Russians, who according to the CIA possessed yet more damaging information on Clinton that they planned to release after election day along with supposed proof that voter data had been tampered with to bolster Trump’s repeated claims that the election was rigged.
In a small election day gesture to support of his father, Donald Trump Jr. retweeted @Ten_GOP, which billed itself as the “Unofficial Twitter account of the Tennessee GOP.” The message read, “This vet passed away last month before he could vote for Trump.. Here he is in his #MAGA hat.. #voted #ElectionDay.”
While the message retweeted by candidate Trump’s eldest son may have just been one among the over 1 billion election related tweets that had been generated since August, it contained a dark secret.
Unbeknownst to Don Jr or the other Trump campaign aides including Kellyanne Conway and campaign digital director Brad Parscale who had also retweeted messages from it, @Ten_GOP was in fact the creation of propagandists in St. Petersburg and just one small part of a sweeping Russian disinformation campaign targeting American voters.