FOIA Files: Did Special Counsel Robert Mueller Rely on Clinton Campaign Operatives to Point to Russia?

For over eight years, the world has been told that the United States government relied on a private firm called Crowdstrike to investigate the hack of the Democratic National Committee. Both former FBI Director James Comey and Special Counsel Robert Mueller referred to Crowdstrike as a primary source that Russian “conspirators hacked the DNC.”

That narrative was troubling enough and the subject of questions at Congressional hearings. Attempts by members of the public to obtain Crowdstrike’s analysis through FOIA have been shot down time and again owing to corporate “trade secrets” involved, and with Special Counsel Mueller’s July 2018 indictment of those 12 Russians who are unlikely to ever be apprehended, key facts about their investigation were set to be sealed for decades.

New emails obtained by Racket through the Freedom of Information Act, however, suggest there is more to the story. Cyber researchers at Georgia Tech who were indirectly working with the Clinton campaign and Fusion GPS to produce the Alfa Bank claims, also appear to have influenced Special Counsel Mueller’s investigation of the DNC hack.

Racket previously covered the September 2022 letter the Pentagon’s Defense Advanced Research Projects Agency, or DARPA, sent to Senator Grassley, in which DARPA confirmed the cyber researchers authored a DNC hack attribution analysis on August 7, 2016. In relation to other emails and reporting suggesting the cyber researchers also had a hand in assisting Special Counsel Robert Mueller’s investigation, DARPA at the time suggested their work was solely “retrospective”:

DARPA identified the analysis as relating to the indictment, but the Agency’s letter never squared with representations by the cyber researchers that suggested materials were flowing “via DARPA” to the Department of Justice and Special Counsel Robert Mueller. Now we know why. DARPA was either lying or uninformed, and not for the first time.

A FOIA request for emails in the account of Angelos Keromytis, the head of the Enhanced Attribution program for DARPA, shows Keromytis in direct contact with Heather Alpino and providing materials relating to “DCLeaks”, a website associated with the 2016 DNC hack:

Angelos Keromytis was noted throughout emails obtained through Open Records requests to Georgia Tech, where Keromytis was employed after his time at DARPA, which showed that Special Counsel Durham’s team spoke to Keromytis during their investigation about his ties to the Alfa Bank cyber researchers as well as the National Security Division of the Department of Justice.

DOJ attorney Heather Alpino was part of the Special Counsel Mueller team by 2018, detailed to the team from her role inside the National Security Division’s Counterintelligence and Export Control Section, which signed memoranda of understanding with DARPA’s Enhanced Attribution program — a program for which Georgia Tech was awarded a contract in 2016 to develop the science of cyber attribution. An email further down the new email chain suggests that Alpino understood the materials were coming from “performers” in the Enhanced Attribution program, i.e. Manos Antonakakis and David Dagon:

The reference to “domains”, along with additional FOIA pages obtained that list Russian domain names, could indicate that the analysis corresponds to a “Mueller List” of domains and indicators of APT-28, the Russian intelligence group accused of the hack, referenced in an email from David Dagon’s attorneys:

There are strong indications that the same cyber researchers who were working with the Clinton campaign went on to work with the Special Counsel Robert Mueller team on the DNC hack investigation and the indictment of Russians. There’s no doubt the government understood the connection to Clinton attorney Michael Sussmann, Sussmann was the one who had delivered the Alfa Bank allegations on thumb drives that the Clinton campaign paid for.

At the trial of Michael Sussmann, we learned that the FBI had received information from confidential human sources by early October 2016 who alleged that David Dagon was the author of the technical white paper making the claims regarding a secret communications channel between Trump and Russia via Alfa Bank, which the FBI was well on its way to debunking.

We also learned that the requests of FBI field agents involved in that investigation to interview David Dagon were denied by the FBI's leadership. Somehow, these same cyber researchers that had already provided their August 7, 2016 attribution analysis on the DNC hack, in addition to anonymously submitting the Alfa Bank claims through Sussmann, along with later submitting nonsensical Yota Phone allegations, went on to provide materials to Special Counsel Mueller on the DNC hack without raising any eyebrows.

The Mueller team went on to wipe dozens of phones, leaving now obvious questions of whether it was to conceal their contacts with the Clinton-connected cyber researchers. Whether intentional or not, the fact remains that none of the investigations since 2016 have revealed the role of the cyber researchers in the DNC hack investigation.

It’s nearly impossible to see how the government could meet its Brady obligations for a theoretical trial of the Russians. Presumably, all of the cyber researchers’ work on the Alfa Bank allegations would be considered Brady material, going to the credibility of these cyber researchers as witnesses. At least some of that material has not been made available to the government or was destroyed.

And why would the government use these cyber researchers in one of the biggest and most important investigations in history, an investigation the media repeatedly assured us was being run above-board? With unlimited resources at its disposal, it appears the government instead allowed cyber researchers with controversial histories and political connections to influence their investigation.

In March 2022, DARPA stated “DARPA was not involved in efforts to attribute the DNC hack. Dr. Antonakakis worked on DARPA’s Enhanced Attribution program, which did not involve analysis of the DNC hack,” Jared Adams, DARPA’s chief of communications, told the Washington Examiner. “Further, DARPA was not involved in efforts to attribute the Guccifer 2.0 persona, nor any involvement in efforts to attribute the origin of leaked emails provided to Wikileaks.”

DARPA’s statements contradicted a plethora of emails obtained through Open Records requests where the cyber researchers said exactly the opposite. As more emails are produced, it appears that Antonakakis and Dagon were telling the truth about their involvement in the DNC hack investigation and the government is lying.

It’s unclear if DARPA is free to speak about their role in the investigation. A June 2017 memorandum of understanding for the Enhanced Attribution program and the National Security Division of the Department of Justice suggests approval must be sought from the Department of Justice before public disclosure:

Responsibilities detailed in the agreement suggest a significant role for the Department of Defense in criminal investigations - away from oversight that might bring uncomfortable questions like those of Senator Wyden’s in 2022:

The work of the Clinton-connected cyber researchers on the DNC hack wasn’t retrospective, as DARPA claimed. It appears to play a key role in the investigation and critically, the public’s understanding of Russian interference. One would have hoped that understanding didn’t rely on methods considered “spoofable” as noted in emails obtained by Margot Cleveland of The Federalist, and on cyber researchers suspected by some of spoofing the data used in the Alfa Bank allegations.

Racket reached out to attorneys for Dagon, Keromytis, and Antonakakis, as well as Georgia Tech and DARPA. None commented for the record. More to come, and as noted earlier, please watch this site for news about a Twitter Spaces on the subject.