Hybrid Threats And The Live Russian Hybrid Conflict

Moderators: DrVolin, Wombaticus Rex, Jeff

Hybrid Threats And The Live Russian Hybrid Conflict

Postby seemslikeadream » Fri Jul 14, 2017 9:47 am

Page 1 of 70
Written evidence from James John Patrick (Known As J.J. Patrick)
Introduction:
Written evidence submitted to the United Kingdom Parliament, Parliament of the European Union, and the Federal Bureau of Investigation in the United States of America by James John Patrick, known as J.J. Patrick.
This evidence is submitted freely in my capacity as a freelance journalist and contains 33,358 words and spreads over 70 pages. Due to the complex nature of the submission, my forgiveness is kindly requested for the length of the statement.
The content is true to the best of my knowledge and honest belief and I am happy to appear before any hearings, though my financial means are limited and I may require financial assistance in doing so.
Summary of Evidence:
1. Russia is deliberately interfering in Western democracy through the use of disinformation, cybercrime, psychological manipulation and the collaboration of well-placed of third parties. This hybrid conflict is live.
2. This interference has decisively impacted upon the democratic process in the United Kingdom and the United States with negative effect, and has attempted to interfere in Swedish and French democratic process. The threat is continuing and extends to additional nations.
3. There is clear evidence of voter manipulation through the use of psychometric techniques, and evidence indicating data-laundering within and outside of the EMEA data protection area by state and non-state actors.
4. The current legal frameworks and responses of the UK and the US are inadequate and have contributed to the continuance the live threat.
Personal Background:
1. Between 2004 and 2014 I served as a police officer with the Derbyshire Constabulary and Metropolitan Police Service in the United Kingdom. I retired in 2014 after giving evidence in a parliamentary inquiry.
2. In 2013 I acted as a whistleblower in the course of my duties, giving evidence to the House of Commons Public Administration Select Committee on the manipulation of crime figures by the police. The final report of the committee said of me “we are indebted to PC Patrick for his courage in speaking out, in fulfilment of his duty to the highest standards of public service, despite intense pressures to the contrary.”
3. I am now a freelance journalist and member of the National Union of Journalists and my primary publication platform is Byline, an independent news website based in the United Kingdom. This is a non-partisan publication which holds no editorial input or sway over my work. I am also signed up to the Impress regulations. My funding comes direct from the public and is unaffiliated to advertising of any kind.
4. I have also acted as a freelance specialist consultant in respect of crime data analysis with an NGO in Mexico.
Page 2 of 70
Background: Hybrid Threats And The Live Russian Hybrid Conflict
1. The concept of a “hybrid threat” was first introduced in NATO’s “Strategic Concept of 2010” and was then incorporated in the NATO “Capstone Concept”, defining hybrid threats as “those posed by adversaries, with the ability to simultaneously employ conventional and non-conventional means adaptively in pursuit of their objectives.”
2. Hybrid threat gained renewed traction in response to Russian actions in Ukraine and the Da’esh campaign in Iraq.
3. In Riga, in February 2015, EU Defence Ministers called for more unity and decisive action across the union and by May 2015 the European External Action Service had created a circular “Countering hybrid threats” encouraging states to recognise the risks and build a response.
4. An unchecked hybrid threat results in the situation we now face: a full-scale hybrid conflict. An alternative war.
5. A Hybrid conflict is defined as “a situation in which parties refrain from the overt use of armed forces against each other, relying instead on a combination of military intimidation (falling short of an attack), exploitation of economic and political vulnerabilities, and diplomatic or technological means to pursue their objectives.”
6. Most references to “hybrid war” are based around the idea of an “adversary who controls and employs a mix of tools to achieve their objectives,” and this brings with it a number of complexities.
7. There is no doubt whatsoever that we find ourselves in the middle of an alternative war by its very description.
8. As with all conflicts, attributing responsibility and intent is necessary, to ensure that state and allied policy responses are proportionate and legitimate. However, international law limitations, technological constraints, and the diffusion of actions to non-state actors work together to give an adversary in such a conflict substantial deniability.
9. For instance, the involvement of a third party not immediately identifiable as state- sponsored (such as Wikileaks) becomes incredibly difficult to set against the legal concept of “beyond reasonable doubt”. Nonetheless, the US have done this with North Korea after the Sony Pictures hack and a NATO Summit in 2014, held in Wales, has set out that the application of Article 5 of the Washington Treaty in the event of a cyber-attack does apply.
10. Currently, no specific international legal framework is in place to regulate hybrid warfare.
11. Use of “force” in international relations is still catered for under the United Nations Charter, which states “in the absence of an armed attack against a country or its allies, a member state can use force legally only if authorised by a United Nations Security Council resolution.”
12. While rules regarding traditional armed conflict are laid down in international humanitarian and human rights law, hybrid conflict and threats are only covered by a patchwork of legal
Page 3 of 70
instruments covering specific policy areas. These are the seas, counter-terrorism, money laundering, terrorist financing, and human rights.
13. This effect has allowed the growth of complex hybrid conflict operations to run almost unchecked, leading the world to the precipice it now stands upon.
14. Trump, Brexit, the attacks on the French and Dutch elections, the world cyber-attack on infrastructure and health organisations, fake news. These are the fronts in a very real conflict from which there may be no return unless a response begins.
15. Europe and much of the West is very much alive to the ongoing war, with a Summit currently ongoing in Prague.
16. The specific focus of the partly open, partly restricted meeting is to discuss “a coordinated international response to Russian aggression” and to discuss the fact “a wide gap remains between mere acknowledgement of the threat and the development of concrete and viable counter-measures.”
17. Senior NATO figures and high-ranking representatives from a large number of countries are in attendance.
18. Over one hundred specialists representing 27 countries are coming to the restricted part of the SUMMIT.
19. The meeting is being facilitated by Czech think tank European Values.
20. “The 2016 StratCom Summit in Prague was organised at a crucial time when Russian disinformation [was] increasingly targeting Western audiences, trying to sow confusion, distrust and division. I came away from the Summit encouraged by the level of awareness and expertise across Europe, its governments and organisations, who are all actively engaged in countering Russia’s disinformation operations,” said General Petr Pavel, Chairman of the NATO Military Committee, about last year’s gathering.
21. Kremlin Watch is a strategic program run by European Values, which aims to expose and confront instruments of Russian influence and linked disinformation operations focused on working to destabilise the Western democratic system.
22. The introduction to their annual report, the premise for this year’s summit, makes clear the threats uncovered by this investigation are very real.
23. “Demand is growing for a coordinated international response to Russian aggression, with many EU heads of state, other European politicians, and security experts voicing alarm about the threat. As of May 2017, several Western countries have experienced Russian interference in their elections, while the number of cyber attacks across Europe continues to rise,” the report says.
24. The comprehensive strategic assessment for 2017 makes for a sobering read, covering the EU28 including, for now, the United Kingdom.
25. The report immediately identifies two countries as being ‘collaborators’ with Russia: Greece and Cyprus, who have shown - across a number of assessed factors - no resistance to Russian influence.
Page 4 of 70
26. The authors identify a group of eight EU states who largely continue to ignore or deny the existence of Russian disinformation and hostile influence operations - Hungary, Austria, Croatia, Luxembourg, Malta, Portugal, Slovakia, Slovenia – and three states who half- acknowledge existence of the threat. They deduce the latter hesitation is attributable either to geographic distance and historical neutrality (Ireland) or to the presence of pro-Kremlin forces in the political domain which suppress any efforts to place the threat on the agenda (Italy and Bulgaria).
27. Hungary has recently been put on notice of proceedings by the European Commission in relation to its asylum laws.
28. Belgium “recognises the threat of Russian disinformation abroad, particularly in the Eastern neighbourhood, but does not consider this to be a problem for its internal security, and therefore does not consider it a national priority. Its security institutions predominantly focus on the threat of Islamist terrorism,” while Spain and France consider “Islamist propaganda to be the more serious issue and mostly attribute disinformation campaigns to terrorist recruitment. In France, incoming President Macron seems poised to make a shift in this position, but it remains an open question given France’s historically sympathetic attitude to Russia.”
29. Denmark, the Netherlands, Romania, Finland, Czech Republic, Germany, the United Kingdom, Poland are recognised as cognizant of the risks but the counter-measure strategies are identified as being in infancy and having “weak spots”, rendering them vulnerable.
30. The report also states: “For many of the EU28, a wide gap remains between mere acknowledgement of the threat and the development of concrete and viable counter- measures. The implementation of an effective strategy at the state level requires at least partial political consensus, civic support, and strong democratic institutions. Strong rhetoric and condemnation of Russian interference comes at virtually no political cost, but developing a pan-government approach necessitates the dedication of all major political parties and government bodies, as well as their active resistance against local obstacles and Kremlin-linked counter-pressures.”
31. This assessment is accurate by this investigation’s own findings.
32. The four states showing the highest levels of activity, resilience, and readiness to respond to the Russia threat, given their historical experiences, are Sweden, Estonia, Latvia, Lithuania.
33. This assessment in the case of Sweden is accurate by the findings of the previous “Skada” investigation.
34. The Baltic States (Latvia, Lithuania, and Estonia), the report says “stand at the forefront of the fight against hostile Russian influence, in large part due to their geographic proximity to Russia, historical experience, and sizeable Russian minorities. These countries have adopted strong countermeasures against Russian influence, often restricting Russian pseudo-media. They also actively engage their Russian-speaking minorities, to greater or lesser success. The Baltic experience with Kremlin-linked subversion tactics is the most developed within the EU28 and serves for major lessons learnt.”
35. The report is clear on the need for a free and independent press to form part of a counter- measure, saying “there is a strong negative correlation between the degree of Russian
Page 5 of 70
subversive influence on the one hand and the state of media literacy and press freedom on the other. In countries with deteriorating press freedom, for instance, due to measures that limit serious investigative journalism, submission to Russian influence has increased in recent months (e.g., Hungary and Croatia).”
36. But the assessment of the Western EU nations serves as a stark warning that press freedom alone is not enough.
37. According to the report, the “traditionally powerful European states only begin to display interest in countering Russian disinformation during, immediately before, or even after major domestic elections, when they have experienced or anticipate Russian interference”
38. They correctly identify that France widely ignored the threat until the recent presidential elections even though newly elected President Emmanuel Macron experienced Russian meddling during his campaign. His official foreign policy adviser recently stated, “we will have a doctrine of retaliation when it comes to Russian cyber-attacks or any other kind of attacks.”
39. The government of the Netherlands barely reacted when Russian disinformation circulated during the 2016 referendum on the Association Agreement with Ukraine but during the 2017 parliamentary elections, it decided not to use electronic voting in order to avoid possible Russian meddling.
40. The Dutch intelligence agency AIVD has since concluded that Russia tried to influence the 2017 elections by spreading fake news.
41. In Italy, initial concerns about disinformation and hostile influence operations emerged during the constitutional referendum in December 2016, when the rising anti-establishment Five Star Movement proliferated disinformation and pro-Kremlin propaganda. Nonetheless, the report starkly highlights that “the government is still not taking any action to counter these efforts. Italy is also a Kremlin ally when it comes to halting new EU sanctions related to Kremlin-sponsored atrocities in Ukraine and Syria.”
42. The report is clear that the United Kingdom had been “supporting many strategic communications projects in the Eastern Partnership region, but the debate on Kremlin subversion in the UK was very limited before the Brexit referendum in 2016.”
43. “The UK’s close ties to Kremlin-linked money has also not featured on the agenda until recently” the report adds.
44. Recognition of these threats “results in certain efforts to manage the crisis,” but in the fight against fake news, “governments often seek the help of corporations like Google and Facebook in order to protect their elections, but these companies have very limited assistance options,” the authors point out.
45. The conclusion rings true of this investigation’s own findings, in that “most measures undertaken at the last minute turn out to be “too little, too late” and lack necessary coordination. Importantly, policies against hostile foreign influence must be designed and implemented long in advance.”
Page 6 of 70
46. The Information Commissioner’s Office has launched an investigation into British election interference and voter manipulation following the submission of detailed evidence by this investigation.
47. Rightly, the report's authors highlight that Germany’s position could be the game-changer: “with federal elections in September 2017, Germany is currently preoccupied with developing resistance against Russian meddling.”
48. Over the last few months, Germany has begun taking the threat posed by Russia much more seriously than ever before, “actively boosting its cyber defence and also promoting cyber security internationally, even creating a new Bundeswehr command.”
49. “If the next German government tackles this threat with true German precision and intensity,” the authors write, “it will spill over to EU policy and prompt substantive democratic counter-pressure. Until now, the concerns of mostly smaller EU members on the Eastern flank have been insufficient to instigate a shift in EU policy.”
50. The UK is one of the most concerned countries sending a delegate to the summit, only behind Estonia, Latvia, and Lithuania.
51. The report correctly states that MI5 chief Andrew Parker has warned Russia’s threat to the UK is growing and has stated that Russia’s spy activity in the UK is extensive, as is its subversion campaign in Europe in general.
52. The authors also correctly identify that MI6 chief Alex Younger has also highlighted the issue of subversion and the disinformation campaign waged by Russia and that it was the British intelligence services who alerted the US about the Democratic National Committee hacks and the alleged Trump-Russia connection in 2015.
53. The report correctly identifies that the LSE has published a report raising alarms about weak British electoral laws which can allow foreign interference to undermine British democracy by allowing an influx of funds from unknown or suspicious sources to fund political campaigns.
54. The report also states “the UK government appears to be more concerned with the diplomatic and international aspects of Russian influence rather than malign domestic effects,” while “Facebook has warned that the June 2017 British General Election may become a subject of attack by fake news and other disinformation online.”
55. As this investigation has clearly identified there is a serious weakness in the UK system of regulation and countermeasures, a critical threat which is ongoing at this time.
56. The European Union itself is highly engaged on the threat already.
57. Speaking to Maja Kocijančič, Spokesperson for EU Foreign Affairs and Security Policy, she says “The EU coordinates on all substantial threats, such as terrorism, cyber or hybrid attacks, or propaganda, obviously along the competencies it has.”
58. “Cyber-attacks are a growing concern worldwide – including for the European union. Recent attacks experienced in different sectors require a coordinated response. While Member States remain in the front line for much of this work, the EU has an important role
Page 7 of 70
to play,” she adds. “In this regard, we will update our Cybersecurity Strategy and reinforce the regulatory framework at EU level on cybersecurity.”
59. When it comes to hybrid threats, insofar as they relate to national security and defence, and the maintenance of law and order, the primary responsibility also lies with individual EU Member States. However, many of them face common threats, which can also target cross- border networks or infrastructures. “Such threats can be addressed more effectively with a coordinated response at EU level by using EU policies and instruments,” Kocijančič said.
60. The Commission and the High Representative presented a Joint Communication "Joint Framework on countering hybrid threats – a European Union Response" which was adopted in April 2016, just as Britain’s Brexit referendum campaigns officially began.
61. Kocijančič explained the action taken after the framework was launched. “Finland established the Centre of Excellence for countering hybrid threats in April this year. While it is a Finnish national initiative, it constitutes a direct response to one of the 22 actionable proposals made in the Joint Communication.”
62. On the launch, high Representative of the Union for Foreign Affairs and Security Policy and Vice-President of the Commission, Federica Mogherini, said “as the European Union, we will grant our full support to Finland in driving the new Centre of Excellence for countering hybrid threats forward to a full operation capacity and in its future work in delivering expert strategic analysis on countering hybrid threats, which will contribute to security in Europe. The establishment of the Centre in Helsinki will further strengthen EU- NATO cooperation, particularly on one of the greatest challenges in today's world.”
63. Things have moved forwards since then. “Cyber and hybrid threats are part of the new, important cooperation between the EU and NATO, agreed through a set of 42 concrete proposals in seven different areas identified by the Joint Declaration signed in Warsaw,” Kocijančič told me.
64. The EU has also put in place a task force, aimed which Kocijančič says is aimed at “improving the EU's capacity to forecast, address and raise awareness of disinformation activities by external actors.”
65. The EU STRATCOM Task Force was set up specifically to address Russia's ongoing disinformation campaigns. From the outset one of the key focus areas was “analysing disinformation trends, explaining disinformation narratives and myth-busting.”
66. They publish ongoing fact-checks under the banner of the Disinformation Review Team, which can be found on Twitter @EUvsDisinfo.
67. The alternative war had been a live conflict for at least two years before Trump and Brexit began to unravel, despite all the signs being in plain sight.
68. The damage to date will take years to correct without more stringent response.
69. One crucial element of the political manipulation deployed by Russia, notable by its failure in France due to the government responses, and by its success in the UK with Brexit and US with Trump, is the relatively new and still misunderstood technique of psychometrics.
Page 8 of 70
70. Infamously deployed by American company Cambridge Analytica, part of the British SCL Group, in both the Trump campaign and Leave.EU’s Brexit campaign, psychometrics utilises ‘big data’ gathered through social media, surveys and other databases to create a personal profile to which messages can be tailored and targeted. It is a warfare technique.
71. Cambridge Analytica, through ex-board member and special adviser to Trump, Steve Bannon, is believed to be making attempts to woo the Pentagon and another company in the same market is Palantir, already linked to the US Department of Defense.
72. Until it became widely known in 2017, the technique of harnessing big data had been perceived as a risk for a number of years.
73. Back in 2010, cyber security company HB Gary – who worked on Federal contracts – were in friendly talks about integrating with Palantir about social media. Under the heading “Social Media, Exploitation, and Persistent Internet Operations,” senior employees of both companies were discussing “The rise of the social web has created an entirely new set of useful technologies and security vulnerabilities. It is our experience that most individuals and organisations understand there are risks to using social media but don't understand the full extent, from what types of use, what the real risks are, or how the vulnerabilities can be fully exploited.”
74. The emails were dumped on the internet by Wikileaks after one HB Gary employee exposed alleged members of Anonymous to the authorities in 2011, an event which ruined his career.
75. Arron Barr set out in further emails just how significant the development of big data as a weapon could be.
76. “There is an immense amount of information that can be aggregated from social media services to develop competitive intelligence against any target. Take any US defence contractor. If I could harvest a significant amount of data from sites such as FBO, Monster, LinkedIn, Input, Facebook, Twitter. What type of picture could I put together as far as company capabilities, future plans, contract wins, etc. From a targeting perspective could I identify information exposure points that lead to a defensive weakness...I spoke to INSCOM a few weeks ago about their desire to start to incorporate more social media reconnaissance and exploitation into their red team efforts. Such a capability has a broad applicability that will be more significantly needed in the future.”
77. Barr was years ahead of his time in identifying the risks which were subsequently exploited to manipulate both British and American electorates.
78. In one briefing email he wrote, “the explosive growth of social media has created a highly effective channel for the collection and aggregation of personal and organisational information for the purposes of tailoring content for users. To Interact in a social media ecosystem requires some release of personally identifiable information (PII), in fact with most services the more information you provide the more tailored and beneficial the experience. In most cases these are legitimate reasons for providing the information with tangible user benefits, whether it be to more personalise and localise advertising or tailored and real-time information delivery that increases personal productivity. Unfortunately, the same methods are being used to conduct information reconnaissance and exploitation. The most common current examples are spear-phishing attacks. Future social media exploitation tactics will likely be applications and service that provide personal benefit or entertainment,
Page 9 of 70
but serving a dual purpose to collect information that can be used for more insidious purposes. This marks a new class of exploitation, vehicles directly targeting people rather than the machines they use.”
79. HB Gary no longer exists as it was, and Barr is now a recluse. Nonetheless, what they identified many years ago was not only visionary but has become part of the Russian hybrid arsenal via their third-party hacking and disinformation channel, Wikileaks.
80. I tracked down one former employee of HB Gary and asked them how dangerous social media really was and if it had been weaponized. “The Russian stuff kinda proves that out right?” they replied, without hesitation.
81. “There is enough info and interaction purely in the public domain to provide intelligence and to engage in influence. Social media is the perfect mechanism. But we can see that happening right in front of us. Just have to organise and automate,” they added.
82. In the Wikileaks dumps on HB Gary there were a number of mentions about defence from weaponized use of this data, but nothing concrete. Again, the response was stark.
83. “There isn't really a defence of some properly. Not one that can be easily devised. Platforms are of course working to manage "fake info" but that only will take care of the careless and less sophisticated - if done properly. [It’s] taking advantage of people's natural inclinations... but again we can see all this in front of us.”
84. I pressed them on Cambridge Analytica and what they knew through the industry grapevine but the answer confirmed a lot of the rumours about the company’s secrecy. “I haven't heard anything...there are people that obviously have the background and talent and are now, and increasingly going to apply it in the wild. The question is not “is developing the capabilities unethical?” It's what do you do with it.”
85. This all began with a trip to Sweden, to find out the truth about crime and immigration.
86. That investigation opened the door to this one, which has clearly connected the far-right across Europe to both the American alt-right movement and Russia.
87. In turn, the Trump Administration, Brexit, and Russia have become inseparable, along with their third party actors and big data companies adding to the confusion of non-state plausible deniability.
88. I am left in no doubt, however, that the #snowman investigation has exposed the alternative conflict of World War Three. A hybrid battle which, contrary to focus on ballistic tests North Korea as a potential catalyst for future action, has already begun.
89. The dark truth is: Russia never made the official declaration.
Main Evidence: Section 1 – Sweden: The Key To Understanding The Hybrid Threat
90. When President Trump said “last night in Sweden” he had no idea what he was talking about and the right-wing coverage which followed was false. A divisive and deliberate attack on the truth, to serve nefarious ends: creation of fear through propaganda and disinformation.
Page 10 of 70
91. I went to investigate and found a much darker truth.
92. During the course of this investigation I’ve learned Sweden is a liberal, open-minded, forward-thinking country, which believes open democracy and internet access for all are closely interwoven. People feel safe and they share values which have no borders or ethnic definition. The country is strong in its unity, even in the immediate aftermath of terror. (See Appendices for the investigative articles).
93. Sweden has its fair share of criminality but, at the same time, takes one of the most honest approaches to crime recording I’ve ever encountered. The Polisen works constantly on developing innovative strategies to combat high volume crime and, in conjunction with criminologists and other agencies, they strive to address the socio-economic factors driving serious offending. The country also faces challenges of extremism, both foreign and domestic, too.
94. This investigation of the truth in Sweden uncovered the existence of a pattern. Something wrong. There is a thread to untangle and the trip was the key: something seedy is visible in the growth of insular, nationalist politics. Right-wing parties of this ilk are working together globally with a vast machinery of alternative media, ‘cyber attacks’, and data-laundering behind them. And this international network is linked to Russia.
95. People were taken by surprise with Brexit and then Trump. If they’d looked to Sweden, a country where the home-grown nationalist has much clearer Nazi roots, and where the government has acknowledged the political and physical threat posed by Russia, perhaps neither would have taken place.
96. By March 2017 support for the right wing Sverigedemokraterna (Sweden Democrats) party had almost doubled, with polls showing anticipated votes of between 19 and 23% putting them in second place, nationally.
97. Contrary to evidence uncovered in this investigation, the party website claims “the overall net impact of mass immigration from distant countries [is] strongly negative, both economically and socially.”
98. With roots deep in fascism, the party was officially founded in 1988 and rose from the white supremacy movement. The party logo from the 1990s until 2006 was a variant of the torch used by the United Kingdom’s National Front, but was changed to a distinctive blue flower with a yellow centre, the blåsippa (Hepatica).
99. Originally at its politically strongest in the south, the party gained 13% of the vote in the 2006 municipal elections in Malmö. By the 2014 general election, they had gained traction in the north - towards Stockholm - and polled at 12.9%, winning 49 seats in the Riksdag (the Swedish Parliament). They remain, however, isolated due to a policy of the other parties not to enter coalition with them.
100. Gustaf Ekström, a Waffen-SS veteran, was the first auditor of the party and Anders Klarström, once a member of the Nordiska rikspartiet ("Nordic Reich Party"), was an early chair. From the outset, the party sought alliances with the National Democratic Party of Germany and the American National Association for the Advancement of White People – founded by David Duke, Imperial Wizard of the Ku Klux Klan. The early leadership also
Page 11 of 70
sought links with publications such as the Nazi Nation Europa and Nouvelle École, the latter being a newspaper which advocates racial biology.
101. After photographs surfaced of members posing in Nazi regalia, the wearing of any kind of uniform was formally banned in 1996 as the party began to present itself more moderately. The youth branch was expelled due to racism and links to extremist groups in 2015 but has since been re-initiated under the name Ungsvenskarna (Young Swedes).
102. In November 2012 Swedish newspaper the Expressen released a series of videos from August 2010 for the second time. The ‘iron pipe scandal’, as it became known, was recorded by one MP, Kent Ekeroth, and featured his fellow SD MPs Erik Almqvist and Christian Westling. Almqvist was shown arguing with comedian Soran Ismail, and was referring to Sweden as "my country, not your country" before the trio went on to argue with a drunken man. Ekeroth was approached by a woman and called her a whore then pushed her, before the three went on to pick up iron bars in continuance of the argument with Ismail.
103. Almqvist left his position as the party's economic policy spokesperson and resigned from his seat on the executive committee after the publication. The party went on to announce Ekeroth would ‘take a break’ from his position as justice policy spokesman. Before their own expulsion, the youth movement argued the party shouldn’t have bowed to media pressure.
104. Shortly after the departures, another Swedish Democrat MP, Lars Isovaara, left his seat after reporting "two unknown men of an immigrant background" had robbed him of his backpack. The party backed the claim until the Expressen revealed Isovaara had forgotten his backpack at a restaurant and the two innocent men had helped him when he fell out of his wheelchair. The MP was also reported to the police for racial abuse against Riksdag security guards.
105. After the scandals, the party began to rise dramatically in the polls in 2015, at the peak of immigration, seeking rigid controls of those coming in for “the benefit of indigenous Swedish citizens” while simultaneously remaining critical of the special rights given to the indigenous Sami people of northern Sweden. In 2008 they went as far as adopting a motion against the rights to reindeer husbandry, arguing those "who do not involve themselves with reindeer husbandry are treated as second class citizens". They have expressed a desire to abolish funds supporting the Sami and redistribute them "regardless of ethnic identity and business operations” and seek to abolish the Sami Parliament.
106. In a mirror of right-wing part policy across Europe, the Sweden Democrats reject any notions of joining the Economic and Monetary Union of the EU, are opposed to the accession of Turkey, and want to renegotiate Swedish membership in the European Union.
107. Within this background is a key to the global network of purported national parties. The SD have long term links with the extreme right but have shifted - trying to escape this image - and found themselves aligning with the newer, more acceptable face of this politik - what is now known as the ‘alt-right’.
108. The party has found itself in regular scandal situations, being accused of antisemitism, having members expelled for extremism, and having its website blocked by the government for posting anti-Islamic cartoons. They are also boycotted from advertising
Page 12 of 70
space by some Swedish newspapers which has hindered their traditional reach to the electorate.
109. A few weeks prior to the general election of September 2014, the chairman of the Swedish Democrat’s Stockholm branch, Christoffer Dulny, resigned from his position. He was found to have been calling immigrants “shameless” and mocking them on alternative media sites.
110. In December 2016, Anna Hagwall was thrown out of the party after using arguments associated with antisemitism to argue for a bill she introduced in parliament, intended to "reduce the concentration of media ownership" in Sweden. She was attempting to make way for alternative outlets through legislation.
111. Right-wing sites Info Wars and Breitbart have been posting articles with a supporting lean towards the Sweden Democrats since 2015 at least, on a cursory search alone.
112. The link is easy to miss unless you are looking for it specifically.
113. Breitbart was founded by a right-wing journalist who died in 2012 and, though it
retains his surname, was headed up by Steve Bannon (chief advisor to President Donald Trump), who was funded directly by billionaire republican donor Robert Mercer. With the original mission being to “take back the culture”, Breitbart launched careers of a host of controversial ‘alt-right’ figures and came to London in 2014 - with Bannon saying the coming election (and subsequent referendum) were a key focus in their “current cultural and political war.”
114. While some of the back links are more obvious – for example, Duke and the SD have a long history and Bannon’s appointment in the Trump cabinet was hailed a success by Duke – these are only small components of a broader, more complex picture. And this also goes well beyond the established links between the Sweden Democrats and their EU parliamentary associations with Nigel Farage’s UKIP and Marine Le Pen’s Front National.
115. Mercer once worked for IBM designing revolutionary technology which went on to form the basis of today’s artificial intelligence and became CEO of a complex hedge fund which uses algorithms to trade. One of the funds is reported to be the most successful in the world. Since the start of the decade, Mercer has also focused millions on right-wing, “ultra- conservative” political donations.
116. Both he and Bannon are also linked to controversial data analytics firm Cambridge Analytica, which uses big data to focus tailored messaging on voters down to an individual level. (This is the subject of my #snowman investigation which builds a picture of the mass manipulation of the electorate with the aim of controlling not only geopolitics but the financial markets too.)
117. The vital factors in the success of any such campaign is a combination of the use of psychometric data, propaganda/disinformation, artificial intelligence, and hacking. The unifying feature which the strands hang off is the involvement of Russia – who have been found to be involved in state-sanctioned hacking and AI targeting of western elections.
118. The Sweden Democrats do have direct links to Russia and this has raised a significant concern over security within the Riksdag.
Page 13 of 70
119. A Russian-born political secretary for the party resigned in September 2016 after making several million kronor in a suspect property deal with a St Petersburg businessman.
120. Known by a Swedish name in parliament, having changed it on arrival in Sweden ten years before, Egor Putilov had wide access to the Riksdag when he entered a deal with an imprisoned businessman known to have strong ties to the Russian state. The property deal in question made around six million SKE for Putilov.
121. While a property scandal may seem a regular or low-level occurrence in politics, the case was unusual as the Defence Minister, Peter Hultqvist, made a quick public statement that “several people with a high level of competence have declared a potential security risk, therefore, I think that one should take the situation seriously.”
122. Clarifying the threat and indicating Russia had acquired a ‘hold’ over Putilov by way of the transaction, Lars Nicander, Director for the Center for Asymmetric Threat Studies at Sweden's National Defence College, said: “You can hear intimate conversations, you can hear the different parties' positions on the Nord Stream [gas pipeline], for example, or on NATO and trade agreements. You can even install listening devices.”
123. In August 2016, while debate was underway as to whether Sweden should enter a military partnership with NATO, Swedish social media was flooded with fake news from alternative outlets. The claims included warnings of stockpiling nuclear weapons on Swedish soil, NATO using Sweden to launch attacks on Russia, and sinister claims that NATO soldiers would rape Swedish women without fear of prosecution. Hultqvist faced harsh questioning across the country about the false stories, which also started to trickle into the mainstream media.
124. Analysts and experts in American and European intelligence singled Russia out as the prime suspect in the disinformation campaign, as the likely outcome was tightly aligned with their national objectives. “Moscow views world affairs as a system of special operations, and very sincerely believes that it itself is an object of Western special operations,” said Gleb Pavlovsky, who worked with the Kremlin before 2008. “I am sure that there are a lot of centers, some linked to the state, that are involved in inventing these kinds of fake stories.”
125. By March 2017, the Swedish defence ministry had announced the country was reinstating the military draft and 4,000 men and women would be called up for service beginning in January 2018. "The security environment in Europe and in Sweden's vicinity has deteriorated and the all-volunteer recruitment hasn't provided the Armed Forces with enough trained personnel," a spokesperson said at the time, adding "the re-activating of the conscription is needed for military readiness."
126. Shortly after the reintroduction of military service, Sweden’s Prime Minister, Stefan Löfven, set out measures designed to prevent foreign countries interfering in the 2018 Swedish general election and Anders Norlén, chair of the Riksdag constitutional committee, told Radio Sweden parties should avoid relying on Russian propaganda or other support. “Every party in the Swedish parliament has a responsibility to make sure that the facts they use and the arguments they use are sound and valid and not just a way of repeating propaganda from, for instance, Russia,” he said.
127. Mattias Karlsson, parliamentary leader of the Sweden Democrats gave a statement that Russian interference was “likely” and the security services should be tasked to
Page 14 of 70
investigate, but added “the Social Democratic government are using Russia as a means to try to silence the opposition, and trying to make everybody who doesn't share their political views suspect of being a Russian spy."
128. In June 2016, the European Council on Foreign Relations, chaired by Carl Bildt the former Swedish PM, carried out the first comprehensive survey of so-called ‘insurgent’ parties in Europe and found that “despite their differences, a majority of them are positively inclined towards Putin’s Russia and pursue policies that promote Russia’s interests in Europe.”
129. The council went on to say “parties are useful for Moscow in that they help legitimise the Kremlin’s policies and amplify Russian disinformation. At times they can also shift Europe’s domestic debates in Russia’s favour. Voting patterns in the European Parliament show that on issues such as Ukraine, the human rights situation in Russia, and association agreements with Ukraine, Georgia, and Moldova, the Dutch PVV leads the pack in pro-Russian votes. UKIP, the Sweden Democrats, Italy’s Northern League, and France’s Front National come in a shared second place.”
130. Crucially, the report did not refrain from adding, “But it is not just in matters of policy that these parties’ sympathies with the Kremlin are revealed. In them, Moscow has also found convenient and willing conveyors of its anti-Western, anti-globalisation narratives. Several of the far right leaders, such as Nigel Farage, Geert Wilders and Marine Le Pen, are frequent guests on Russia Today (RT) and Sputnik, with Farage reportedly having been offered his own show on RT.”
131. While the report noted the obvious policy leanings, it was circumspect in saying “it is less clear to what extent there is collusion,” though it made clear “the notion that Russia might be funding agents of influence by providing financing to sympathetic parties in Europe has become more salient as relations between Russia and the West have deteriorated.” This was published a long time before the extent of the Trump/Russia inquiry began to unravel in the US.
132. In their conclusion, the council recommended “European law enforcement agencies should prioritise looking into Russian covert support for populist parties and [take] steps to counter such support. European governments should consider publishing intelligence on this in the public domain. Voters have a right to be informed about whom they are voting for.”
133. What’s clear, from an investigation which began over alt-right narratives that didn’t fit the publicly available crime figures in Sweden, was the shadow of something much larger loomed over much of the western world.
134. The threat to democracy is credible and substantiated, and it is impossible to dismiss the clear and present security risks – for example, no progressive, modern country re- introduces the military draft on a whim.
135. It’s apparent that data, notably ‘big data’, plays a crucial role in what is happening because without it the delivery of often pro-Russian propaganda would not be able to gain such traction through targeting and tailoring. In turn, the globally similar messages – too alike to be coincidental – can be linked locally to nationalist parties in individual countries, while the people behind those parties and alternative media sources can be traced back to each other – internationally once again - without much effort.
Page 15 of 70
136. It’s not hard to study the interaction between shifting geopolitics and the financial markets either, though within this other factors are obviously at play.
137. Reuters reported in April 2017 that “on eight occasions over the past 12 months, the pound has moved against the dollar in the minutes before the release of the retail sales numbers, correctly anticipating the direction the currency took once the figures were published.” Some experts believe the shifts can only be as a result of leaks – the information only being provided to a short list of 41 people, twenty-four hours in advance of publication. Others believe some funds have just become very good at predicting movements working with technology and broader data sets. Publicly available 'big data'.
138. I thought at first this was about skada, damage caused in Sweden by alternative news, but it turns out I was wrong. The truth is more important now than ever and, in Sweden, I saw the shadow of the “snowman” clearly for the first time.
Main Evidence: Section 2 – Brexit: A Flawed Mechanism To Respond To A Hybrid Threat
139. On the 21st of April 2017 the Electoral Commission (EC), the independent body which oversees elections and regulates political finance in the UK, released a statement confirming they had “begun an investigation into Leave.EU’s EU Referendum spending return.”
140. Leave.EU is a limited company created by UKIP donor Arron Banks, who is currently listed as the main shareholder with Companies House, to campaign for Britain’s exit from the European Union in the 2016 referendum.
141. While Leave.EU applied to the Electoral Commission to be the designated official campaign, this was awarded to Vote Leave and an application for judicial review of the decision was never followed through.
142. The Commission’s press release stated their decision “followed an assessment which concluded that there were reasonable grounds to suspect that potential offences under the law may have occurred. The investigation is focused on whether one or more donations – including of services – accepted by Leave.EU was impermissible; and whether Leave.EU’s spending return was complete.”
143. On clarifying the release with the press office, a spokesperson said “we don’t comment on ongoing investigations,” but they were happy to explain that “a service would be a donation in kind.”
144. They could not give a timeframe for the investigation “due to complexities in these cases” and said they are unable to “speculate on sanctions if a finding was [subsequently] made, as this varies on a case by case basis”. The spokesperson recommended referring to the Enforcement Policy on their website, which gives more detail on offences and sanctions.
145. The EC’s powers to investigate offences are granted under the Political Parties, Elections and Referendums Act 2000, known as PPERA, rather than under their statutory supervisory powers. The policy is clear that the EC will only use the PPERA powers as a last resort, and that it is a criminal offence to fail to comply with, obstruct, or provide false information to such an investigation.
Page 16 of 70
146. On the Commission’s publication confirming the commencement of an investigation, Mr Banks made his own statement. “Today’s announcement is politically motivated and the timing is intended to cause maximum damage just before the general election. We will not be cooperating any further with the commission and we will see them in court.”
147. Banks had been set to stand as the UKIP candidate in Clacton-On-Sea following the resignation of the party’s only MP Douglas Carswell but withdrew on the 24th of April 2017.
148. The Electoral Commission spokesperson said there was “no comment to be made on the response of Mr Banks.”
149. Member of Parliament for Aberavon, Stephen Kinnock, welcomed the investigation which appears to relate to the ‘donation in kind’ of services by psychometric data specialists Cambridge Analytica.
150. According to other reports, Kinnock wrote to the Electoral Commission in March, citing concerns the “market rate for a donation of this kind could amount to hundreds of thousands of pounds” and that “any substantial additional spending between 15 April last year and the referendum on 23 June would have pushed Leave.EU over the spending limit for the regulated period. They were allowed by law to spend up to £700,000 but according to the accounts they filed they spent £693,000.”
151. Cambridge Analytica was used by the successful Trump campaign in the US Elections and the British-born CEO, Alexander Nix, has previously stated this earned the company $15 million dollars from this campaign alone.
152. It is known that, also in March, Mr Kinnock voiced his concerns in writing to the Special Crime and Counter-Terrorism Division of the Crown Prosecution Service. He has not, as yet, been reachable for comment.
153. Documents exclusively seen show a significant level of detail in the allegations made to the Electoral Commission, specifically relating to the donation of services by Cambridge Analytica.
1. “In a February Newspaper interview with The Observer, Andy Wigmore, the director of communications for Leave.EU, stated that Cambridge Analytica were “happy to help” with their EU referendum campaign but that they had not “employed” them. However this appears to run contrary to previous claims made by both Leave.EU and Cambridge Analytica.”
2. “In a now deleted post on their website titled The science behind our strategy, Leave.EU stated that: “Cambridge Analytica are world leaders in target voter messaging. They will be helping us map the British electorate and what they believe in, enabling us to better engage with voters. Most elections are fought using demographic and socio-economic data. Cambridge Analytica’s psychographic methodology however is on another level of sophistication.”
3. “And in November 2015, PR Week reported the following comments from Cambridge Analytica’s development programme editor: “Cambridge Analytica director of programme development Brittany Kaiser, who will be spending time split between the UK and US in the coming months, was
Page 17 of 70
speaking today (Wednesday) at a press conference hosted by Leave.EU. She later told PRWeek that the firm had been approached by the campaign several months ago, but only started working with it more recently. She said the firm’s team of data scientists and analysts, some of whom were based full- time in the UK, would be enabling targeted messaging by “understanding why certain things worry people...probing why people care about a certain issue.””
154. The documents point out that “the market rate for a donation of this kind could amount to hundreds of thousands of pounds, based on the previous experience of referendum campaigns and political parties for such analytical tools. Yet Leave.eu have not declared this donation-in-kind at any point in their returns to the Electoral Commission.”
155. The Commission guidelines specifically define a donation as money, goods, or services which is given towards campaign spending without charge or on non-commercial terms and has a value of over £500.
156. The documents state “neither Cambridge Analytica, as a US company, nor Robert Mercer, as a US citizen, fit the Electoral Commission’s list of permissible donors...there is no record that this donation was returned within 30 days as required”.
157. Robert Mercer, an American Billionaire and Trump campaign donor is reportedly linked to the psychographics company.
158. In their ‘expert paper on splitting campaign spending’, the Electoral Commission sets out the circumstances in which the costs of services might need to be divided, which includes items used before or during the regulated period of a referendum. They highlight that campaign groups must make an honest, factual assessment of the proportion of costs to be attributed to their overall expenditure.
159. The documents specify the identification of this as a serious concern
1. “In his interview with the Observer, Mr Wigmore states that the service provided by Cambridge Analytica were Leave.eu’s most “potent weapon...because using artificial intelligence, as we did, tells you all sorts of things about that individual and how to convince them with what sort of advert. And you knew there would also be other people in their network who liked what they liked, so you could spread. And then you follow them. The computer never stops learning and it never stops monitoring.””
2. “Given his stated views on the importance to their campaign of the service which was provided free of charge by Cambridge Analytica it seems inconceivable that the donation was not split and partially included in their returns for expenditure during the regulated period.”
160. The document states that Leave.EU only became a permitted participant in the
referendum on the 15th of February 2016, and so would not have legally been allowed to hold and use the full electoral register for referendum purposes prior to that date.
161. The documents also refer to US election consultants Goddard Gunster being employed by Leave.EU and states “this service has not been included in their returns as an item of split spending.” Again, the Leave.EU ‘the science behind out strategy’ page is cited:
Page 18 of 70
1. “While Cambridge Analytica will be helping with the data, Goddard Gunster, who have fought some of the most contentious referendum campaigns all over the world (with a success rate of over 90%) will be helping us turn that data into a comprehensive strategy. Working alongside them will be Ian Warren, an expert on the issues that matter to people on lower incomes.”
162. The regulated referendum period began on the 15th of April 2016 and the limits on expenditure came into force for the designated official campaigns – the lead campaigns were given higher spending limits of £7 million. The document makes a number of assessments of potential over-spending by the official Vote Leave campaign but there is no current indication of an investigation by the Electoral Commission.
163. In terms of enforcement, the EC may either force compliance of parties with a contempt of court order or prosecute. They can also issue a Stop Notice requiring an individual or organisation not to begin, or to cease their activity. In addition, in the case of impermissible or unidentifiable donations or loans being involved, the Commission may also apply for forfeiture.
164. Prior to an investigation being launched, an assessment is made by the EC and – according to their policy - they robustly dismiss the investigative option without credible evidence. They only open formal investigations where there are reasonable grounds and where the offence is in the public interest.
165. The formal sanction structure is simplistic and consists of a sliding scale: 1. A fixed monetary penalty of £200
2. A variable penalty between £250 and £20,000
3. Compliance and Restoration notices (which set out what not to do and how conduct must be managed, or force the party to restore ‘the position’ to what it would have been before the offence).
4. An Enforcement Undertaking (a binding agreement to conduct matters in a specified fashion).
166. The Electoral Commission has been instrumental in the current electoral fraud
investigations arising from the 2015 General Election, however, these cases are with the Crown Prosecution Service for charging decisions and no further detail is available at this time.
167. Looking at another recent case, reported by the Commission on the 19th of April 2017, it is possible to gain insight into sanctions and financial scales in a more comparable case to the non-party Leave.EU group.
168. Greenpeace and Friends Of The Earth worked as campaign groups during the 2015 General Election. Following an EC investigation, Greenpeace was fined £30,000 for incurring over £111,000 in campaign-related expenditure. Friends Of The Earth were fined a further £1,000 for a £24,000 campaigning spend in conjunction with Greenpeace.
169. Mr Wigmore has not yet replied to a request for Leave.EU’s official response and their press inbox is no longer monitored.
Page 19 of 70
Main Evidence: Section 3 – Data-Laundering, Non-State Actors, And The Hybrid Threat In Action
170. Our personal data is electronically stored on thousands of servers across the world. Our employment records, our personal lives, our medical histories, psychological profiles, political views, and our private communications.
171. When assembled together this forms what’s become known as a big data profile and, in reality, none of us can escape its existence.
172. Scientific research, including that by Michael Kosinski at Cambridge University, has shown that a big data profile can be used to develop targeted marketing or messaging, designed to drive a behavioural response in an individual. The technique is known as either psychographics or psychometrics and has become famous following its use by Cambridge Analytica in the Trump and Brexit campaigns.
173. Data is now the single biggest commodity in the world and can be used to drive electorates in almost every aspect of their decision making. The control of the data subsequently controls geopolitics and the world financial markets.
174. Our data is also unsafe and being deliberately stolen.
175. The largest known hack to date was centred around international technology
company Yahoo, with the data of 1.5 billion users stolen across its platforms. The company believed the attack was “state sponsored” and in March 2017 the FBI and US Department Of Justice announced charges against Russian individuals, including Russian Federal Security Service (FSB) agents Dmitry Dokuchaev and Igor Sushchin.
176. The indictment reads “The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere. In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.”
177. It also highlights that “during the conspiracy, the FSB officers facilitated Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers.”
178. In commenting, the US law enforcement community does not pull punches. “The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” said Acting Assistant Attorney General McCord. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat.”
179. The illegal data trade is well documented across the world, with so-called "Data laundering" now defined as "obscuring, removing, or fabricating the provenance of illegally obtained data such that it may be used for lawful purposes".
Page 20 of 70
180. Security experts are well aware of the huge scale of the problem. New Zealand based expert Andy Prow has previously said turning hacked data into a legitimate commercial asset is "the nature of a maturing industry". He highlights that hacked data is easily made to look legitimate and then sold on to often unsuspecting clients. "It doesn't raise too many warnings."
181. Hackers, traditionally, sell stolen data for Bitcoin payments.
182. In May 2016, one hacker offered the private data of 117 million Linked In users,
including passwords, in exchange for 5 Bitcoin. In September 2016 a further 68 million account details, this time from Dropbox, were offered for sale for 2 Bitcoin. Both offers were made on the ‘dark web’ outlet The Real Deal.
183. Bitcoin are worth £1,040 each at the current exchange rate and their value has increased exponentially over the last five years, though there have been other electronic global currencies before its creation.
184. In 2006, Donald Trump’s advisor Steve Bannon was involved in a company called IGE who, via Goldman Sachs investments, spent $60 million dollars on a ‘gold farming’ enterprise within the online game World Of Warcraft. This involved harvesting virtual gold resources and selling it back to players. Eventually, IGE was confronted with a lawsuit, the gold trade came to an end, and Bannon went on to head up the right-wing news site Breitbart. He also sat on the board at Cambridge Analytica.
185. Bitcoin’s cryptographic, decentralised currency first appeared in 2007 and was developed by what is thought to be a collective of people operating under the pseudonym Satoshi Nakamoto. The patents for bitcoin and its encryption first appeared in 2008 and were registered by Neal Kin, Vladimir Oksman, and Charles Bry, though they have always denied being involved with Nakamoto.
186. Nakamoto disappeared from Bitcoin forums - and then altogether - in December 2010. This came after Wikileaks began to accept the currency for donations despite pleas from the Bitcoin founder for this not to happen. He wrote “I make this appeal to Wikileaks not to try to use bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.”
187. WikiLeaks went on to harness the use of Bitcoin and has also reportedly hidden messages in blockchain code associated with Bitcoin transactions.
188. Russia officially describes Bitcoin as “a virus” but this hasn’t deterred legitimate global investments elsewhere, with China investing hundreds of millions of dollars. What is clear is that the market is heavily masked, unregulated by conventional standards, and is used as the currency of data criminality.
189. In July 2016, British citizen George Cottrell was arrested on 21 charges including attempted extortion, money laundering and fraud. At the time, he was stepping off a plane at Chicago’s O’Hare airport with Nigel Farage.
190. They were on their way to Heathrow at the time of the arrest after attending the Republican party’s Convention in Cleveland, where they appeared on television, met with US senators, and engaged in discussions with aides to presidential candidate Donald Trump.
Page 21 of 70
Cottrell had been working for Mr Farage during the Brexit referendum and is the nephew of Lord Hesketh, a hereditary peer and former Conservative Party treasurer who defected to UKIP in 2011.
191. Cottrell had been offering money laundering services on the ‘dark web’ and met with undercover agents in Las Vegas, where he made arrangements for them to send him £15,500 before threatening to expose them to the authorities unless they transferred him £62,000 in Bitcoin.
192. Following a ‘dump’ of CIA data on the WikiLeaks site in March 2017, analysts have begun to draw conclusions that Assange’s site is, in fact, a Russian interest.
193. Dr Andrew Foxall, director of the Russia Centre at the Henry Jackson Institute says “Wikileaks has secret Russian intelligence but hasn’t disclosed anything remotely sensitive about Russia. He [Assange] has taken a consistently pro-Russia stance.”
194. Though Assange denied the claims, speaking from the Ecuadorian Embassy in London, Foxall added “The documents contained 75,000 redactions. These were codes that would also affect Russia’s security, because some of the data was relatively fresh, it is unlikely it had been in the pipeline for a while. And Assange’s team is small. The logical conclusion is that the data was given already redacted. This was the work of a sophisticated team, and it fits entirely into a pattern of behaviour demonstrated by Russia in the past.”
195. In January 2017, the Office of the Director of National Intelligence confirmed there was a “high confidence that Russian military intelligence relayed material to WikiLeaks.”
196. Former UKIP Leader and instrumental Brexit politician Nigel Farage has documented close links to the Trump administration and in March 2017 personally thanked Steve Bannon for his help in making the trigger of Article 50 a reality. During the same period, the MEP was also seen visiting Ecuadorian embassy.
197. Though Farage said at the time of the embassy visit “I never discuss where I go or who I see,” leaked emails show that UKIP has been supporting Assange since 2011.
198. The Farage-led Europe of Freedom and Democracy group subsequently tabled a motion attacking "the possible abuse of the European Arrest Warrant for political purposes,” and on Russian Today a UKIP representative labelled extradition proceedings against Assange as “legalised kidnap.”
199. Farage also used his LBC radio show to broadcast a repeat Assange's denial of Russian involvement in the hacking of the Democratic National Committee and Democratic presidential nominee Hilary Clinton during the US election. In January 2017 Farage said “[Julian Assange] is absolutely clear that all the information he has got is not from Russian sources.”
200. In the same month as Farage’s Broadcast, senior officials in the CIA confirmed the leaked DNC material had been traced to Russian GRU officials and “handed off” to Assange via a “circuitous route” in an attempt to avoid detection of the original source. The US security service and congressional investigations are continuing.
201. By April 2017, with the French presidential elections underway, right-wing candidate Marine Le Pen had been to Moscow to visit Vladimir Putin and Assange had made a
Page 22 of 70
statement to Russian newspaper Izvestia that WikiLeaks would “throw oil on the fire of the French presidential election.” Le Pen was also interviewed by Farage.
202. After Le Pen successfully passed through the first round in the election race in April 2017, cyber security experts warned that her rival, centrist Emanuel Macron, has been targeted by the same hacking group involved in the US elections.
203. Trend Micro, a Japanese cyber security company, have stated there is evidence “APT 28”, a group of hackers linked by US security services to the GRU (Russia’s military intelligence agency), was directing resources to influence the French contest. The group initially masqueraded as ISIS during previous hacking activities.
204. The hackers are said to have been found setting up a number of phishing sites aimed at duping En Marche! members into attempting to log in, thus giving the group access to their email servers. This was the technique allegedly deployed against the Clinton campaign which led to the release of thousands of emails via Wikileaks. The Macron campaign insists it has not been compromised as yet.
205. Russian election hacking has also been deployed in the UK.
206. In 2015, the general election campaign was targeted by Russian hackers, who GCHQ
believe were state-backed. Former minister Chris Bryant said in February 2017 “There is now clear evidence of Russian direct, corrupt involvement in elections in France, in Germany, in the United States of America, and I would argue also in this country.”
207. And, in April 2017, the Commons Public Administration and Constitutional Affairs Committee concluded foreign states had attempted to target the Brexit referendum. While the committee report focused on a denial of service attack on the "register to vote" site, it also made clear “The U.S. and U.K. understanding of 'cyber' is predominantly technical and computer-network based. For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.”
208. While specific state data can be washed and released through back channels like Wikileaks, aiming to negatively impact individual candidate campaigns, and denial of service or phishing attacks can work crudely towards a similar aim, the exploitation aspect is central to big data’s inherent value.
209. Using big data, companies such as Cambridge Analytica often conduct what’s called an 'Ocean' personality assessment (normally used in psychology). The more expansive the data held the more intricate your individual profile can be and, with the ‘right’ data, it can then be targeted at people you know too.
210. A basic profile, as Michael Kosinski found in his research, can predict your behaviours just based on social media likes. An advanced profile, based on what websites you visit, what news you read, your job, your politics, your purchases, your medical records, would mean such a company knows you better than you know yourself.
211. This allows the people who pay for such services to target you at an individual level with news, information or social media posts which are tweaked to make sure they have the biggest psychological impact on you.
Page 23 of 70
212. Fake news and alternative facts are a central part of this and will be covered as part of this series in more detail, though the Russian terms ‘pokazukha’, which means something like a staged stunt, and ‘zakazukha’, which refers to the widespread practice of planting puff pieces or hatchet jobs, are both terms which are relevant in the broader context of this investigation.
213. Using psychometric profiles, the simplistic creation of AI driven ‘bots’ on social media can push selected messages into more common public view – with the added bonus of the Social Media Echo Chamber ensuring the activity is only seen by the appropriate recipients. This kept much of the activity out of sight and is the core reason the authorities were so late in responding to the threat.
214. Giving evidence to the Senate Intelligence Committee in April 2017, former FBI Agent Clint Watts highlighted the reason the bots are so effective as a delivery mechanism “whenever you're trying to socially engineer them [voters] and convince them that the information is true, it's much more simple because you see somebody and they look exactly like you, even down to the pictures.”
215. AI was originally thought to be primarily a Twitter issue, but Facebook has now recognised that the creation of these bots (false accounts) has also infected their platform. They acknowledge how this impacted on both the US Presidential election and on the UK’s Brexit referendum.
216. Watts says the bot campaign comes via a "very diffuse network" which often competes with its own efforts “even amongst hackers, between different parts of Russian intelligence, and propagandists — all with general guidelines about what to pursue, but doing it at different times and paces and rhythms."
217. Facebook does, now, directly attribute the growth of its false accounts problem to ‘government’ interference. “We recognize that, in today’s information environment, social media plays a sizable role in facilitating communications – not only in times of civic events, such as elections, but in everyday expression,” they said in their latest security report. “In some circumstances, however, we recognize that the risk of malicious actors seeking to use Facebook to mislead people or otherwise promote inauthentic communications can be higher.”
218. In advance of France’s election campaign the company shut down around 30,000 suspicious accounts posting high volumes of material to large audiences, saying: “We have had to expand our security focus from traditional abusive behavior, such as account hacking, malware, spam and financial scams, to include more subtle and insidious forms of misuse, including attempts to manipulate civic discourse and deceive people.”
219. What’s clear is that all of the strands of the hacking web interact to create a whole. A viral organism dependent on each of its elements to work effectively, mutate, and spread. We, people, are little more than the host keeping it alive; like any good virus, it relies on us.
220. This is a natural progression, a computer virus for all intents and purposes, engineered by a malicious enemy to attack humans rather than machines. The next generation of chemical warfare. And, so far, it has proven highly effective.
221. Big data provides the key to the delivery system and the route to infection. Hence the commodity value.
Page 24 of 70
222. What is also clear is that the organism relies on the interactions of key figures across the world - ones who share a common goal. Among them are many who show some signs of having fallen to a much older, cold war technique: provokatsiya.
223. The full meaning of the term is often given as “taking control of your enemies in secret and encouraging them to do things that discredit them and help you. You plant your own agent provocateurs and flip legitimate activists, turning them to your side.” In some cases it can extend to creating extremists and terrorists where none exist, effectively creating a problem in order to solve it, and the Russian services have been known to deploy such tactics since the Tsarist period.
224. As with all classic money-laundering operations, the trick to successful data- laundering to these ends would be to establish a legitimate looking front. And it would make sense to deploy provokatsiya in this context to integrate the business as quietly as possible, this would be especially effective somewhere cash has been successfully cleaned for years.
225. In March it was revealed that $740 million of money from Russian criminal operations was laundered in the UK as part of a global scheme to clean up to $80 billion in illegal funds. One source, while discussing how the financial sector is so complex this could easily go unnoticed, said: “if you are on the back end you are kind of playing whack-a- mole, trying to pick this up.”
226. But this is no longer about following the money - finances are now secondary. The thing to follow is the most valuable commodity of all: the data itself
227. The figures, companies, and groups involved in the UK arm of this operation – which relies on hacking, psychometric targeting, propaganda, and disinformation - are left exposed by the same thing they are using as a weapon: big data.
228. Extraordinarily, those involved received an unveiled warning from the Information Commissioner’s office ahead of June 2017’s general election.
229. The findings of this piece of investigative work were referred to the Electoral Commission – as Leave.EU may have further undeclared donations of services within their complex company structure, taking them well beyond permissible campaign limits – and to the ICO due to the complex of issue of ‘sugging’ across multiple companies.
230. The ICO has now announced an official investigation (details of which are included herein).
231. The Information Commissioner’s Office, known as the ICO, is the UK's independent body set up to ensure information rights in the public interest. They keep a national register of data controllers – people authorised to handle our data – and uphold the laws set out in the Data Protection legislation. Their powers are similar to the Electoral Commission in terms of demanding compliance through orders and agreements, issuing substantial fines, or instigating prosecutions.
232. The data protection regulations are set to change next year and, though this enhancement is an EU initiative, the current government has committed to implementing the new framework. The General Data Protection Regulations is the title of the new law, which will replace the Data Protection 1998 on the 25th of May 2018.
Page 25 of 70
233. The ICO holds information on all companies handling controlled data in the UK and, in the wake of revelations about the use of ‘big data’, has issued starkly worded guidance for political parties ahead of the general election 2017.
234. The ICO were initially approached with three specific questions arising from this investigation:
1) Was Vote Leave (not Leave.EU) ever fined or reported over spam messages sent by US company UCampaign via their app?
2) Is there an official, ongoing inquiry into Cambridge Analytica / SCL Elections and, if so, what is the official comment?
3) Where one company is restricted to transfers of data within the European Economic Area (EEA) and they transfer data to a non-restricted company (who can transfer data anywhere in the world), is it legal?
235. The ICO replied with an unprecedented press release, headed “Information Commissioner warns political groups to campaign within the law,” which confirms just how serious the situation really is as we approach a contentious, snap general election.
236. The ICO has written to all major political parties reminding them of their obligations when contacting potential supporters during the election campaign. Extraordinarily, the Commissioner’s Office has invited every party to a briefing session, to hear details of the “updated guidance on the use of personal data in political campaigning,” which includes “data analytics and associated technologies.”
237. The ICO briefing for political parties wass scheduled for the 4th of May, the same day as local elections across the United Kingdom.
238. Elizabeth Denham was appointed UK Information Commissioner in July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada and Assistant Privacy Commissioner of Canada. In her statement, she said “engagement with the electorate is vital to the democratic process. But, if a party or campaign group fails to comply with the law, it may face enforcement action as well as reputational damage to its campaign. People have a right to expect that their information will be used in line with the law and my office is there to uphold that right.”
239. The ICO make clear the new guidance was issued in response to an “increase in complaints from members of the public about the promotion of political parties, their candidates, and their views during political campaigns.”
240. The Commissioner’s Office has received complaints about “the use of surveys to gain support for campaigns now or in the future” and also “concerns that their personal information has been shared between national and local organisations.”
241. The employment of surveys is broadly cited by controversial company Cambridge Analytica, who use the data gathered to form psychometric profiles which guide targeted messaging and were successfully deployed in both the Brexit and Trump campaigns. Both campaigns are linked to Russia, hacking, and the use of disinformation to drive voter behaviour.
Page 26 of 70
242. The ICO guidance explicitly covers ‘viral’ marketing, stating that it must comply with the same rules as direct marketing and cannot dip around consent to the use of data by simply asking people to pass it on.
243. Leave.EU, the campaign of Arron Banks fronted by Nigel Farage, trading under the name Better For The Country Limited, was fined £50,000 by the ICO for sending 500,000 unsolicited text messages asking people to support Brexit between May and October 2015 – a year before the referendum.
244. The ICO, though specifically asked, have made no comment on the official Vote Leave campaign’s use of American app provider UCampaign, which used phone book access via the application to send unsolicited messages to the relatives of hundreds of thousands of voters. The ICO database shows no registrations for UCampaign, the company behind it, Political Social Media LLC, Vote Leave, Vote Leave Limited, or Get Change Limited.
245. Both of these activities would fall well within the definition of viral marketing set out in the guidance.
246. In terms of the survey data gathering, such as that deployed by Cambridge Analytica, the ICO specifically define this practice as “sugging.” They make clear that using surveys to collect data (whether it is ultimately used by the company conducting the survey, or sold on to others, or intended to gather the information for use in marketing) falls within direct marketing.
247. Even open source data, they say, requires adherence to data protection legislation and this would include your social media likes and posts. There is no access to collection and retention of this data which escapes the legal protections.
248. Leave.EU and Cambridge Analytica worked together during the Brexit campaign, though comments have been made attempting to distance themselves from this.
249. This investigation has already exclusively uncovered that the Electoral Commission are investigating Leave.EU for undeclared and potentially illegal donations of services by Cambridge Analytica, also known in the UK as SCL Elections, during the Brexit campaign.
250. The documents seen point out that “the market rate for a donation of this kind could amount to hundreds of thousands of pounds, based on the previous experience of referendum campaigns and political parties for such analytical tools. Yet Leave.eu have not declared this donation-in-kind at any point in their returns to the Electoral Commission.”
251. Though the ICO have refused to confirm whether they are investigating these companies in tandem with the Electoral Commission, with this investigation revealing a broader picture of Russian-linked data laundering the ICO’s public access database holds valuable information on both companies.
252. It appears both are structurally designed to engage in ‘sugging’ and facilitate transfers of data within and outside of the EEA.
253. The ICO state that ‘sugging’ “attracts a maximum fine of £500,000” as it is a “breach of the Privacy and Electronic Communications Regulations (PECR).”
254. Set against the context of the hybrid threat, the ICO powers alone are insufficient.
Page 27 of 70
255. Leave.EU, the company behind the unofficial Brexit campaign, registered with the ICO on the 29th of February 2016 and this expires in 2018. They give their headline reason for processing data as being to “enable us to promote our goods & services” and state they hold “personal, family, lifestyle, social circumstances, and financial details.”
256. In the sensitive class of information, they are registered to hold “political interests and racial/ethnic origin” data and the company is authorised to share what it holds with affiliate groups, central government, suppliers and service providers, financial organisations, and the Electoral Commission.
257. Despite being a company established specifically to support the domestic Brexit campaign, the register for Leave.EU shows that “personal information is traded as a primary business function” and adds the information may be shared with “business associates, advisers, associates” and “traders in personal data.”
258. The UK based company entry also states “it may sometimes be necessary to transfer personal information overseas” though this is restricted to within the EEA.
259. Cambridge Analytica is slightly different.
260. The company was first registered in November 2015, and the registration expires this
year. The address listed is at the Cooperation Trust Center, Wilmington, Delaware, though it also gives a UK representative, Jordanna Zetter, based in London. She is an Operations Executive at SCL Group.
261. Listed as a “data analytics” company, they state they carry out marketing, advertising, and PR functions, as well as undertaking research. They hold the same classes of primary data as Leave.EU but the sensitive information is much deeper.
262. Cambridge Analytica holds information on people’s physical and mental health, racial and ethnic origin, religious or “other similar” beliefs, trade union memberships and “political opinions.”
263. The other differences from Leave.EU are that the US company includes retained data from survey respondents, and can transfer the data they hold to territories and countries around the world.
264. One of their primary functions is to acquire data through surveys – a method first developed by a Cambridge academic and which bears similarities to aspects of Cambridge Analytica’s psychometric profiling.
265. But Cambridge Analytica is not the principle trading name for the organisation in the United Kingdom, in fact, it is the US brand which became famous as a result of the Trump campaign. In the UK the primary business is SCL Elections Limited, and its registration strengthens the depth of connection to Leave.EU and the businesses (and people) behind it.
266. SCL Elections Limited registered in November 2015, the same month as Cambridge Analytica but trades at a separate London address in E14. The sensitive data classes held
Page 28 of 70
are the same as CA but the headline data is expanded to include “memberships, employment, and education” information.
267. Again the transfer of data is worldwide, not EEA restricted, and the company can share data with business associates. Working with Leave.EU, whose primary business function is the trade of data, this means a legitimate transfer from the UK could reach America or another worldwide territory without the law technically being broken.
268. This also means Leave.EU, via its connection with CA/SCL, could buy in databases created outside of the EEA area where data is regulated, or simply buy ‘sugged’ databases created through CA/SCL surveys hosted outside of the EEA.
269. As this investigation has previously highlighted, Steve Bannon has defined links to Cambridge Analytica by way of his former seat on the board, and the company’s owner, Robert Mercer, was a key donor to Trump’s campaign.
270. In January 2017, Trump signed an executive order exempting non-US citizens from the privacy shield – an EU-US law which defined what data could be shared between businesses on both sides of the Atlantic ocean and how that data can be used. It was designed so data protection laws can be upheld between EU's the member states and the US.
271. Wired reported at the time that “the Privacy Shield was developed by EU and US negotiators in 2015 after the previous data sharing agreement between the two groups was struck down by Europe's highest court. In October 2015, the European Court of Justice ruled the Safe Harbour framework was invalid as data being sent out of the EU was not being properly protected.”
272. Both the EU and the US were aware of the capabilities of data exploitation in circumstances exactly matching the Leave.EU and CA/SCL scenario, and it appears Trump has interfered in enhanced protections while being directly connected to parties benefitting the arrangement.
273. The data laundering trade, also highlighted by this investigation, involves reportedly legitimate purchases of hacked data in exchange for Bitcoin.
274. The arrangements of international transfer available to CA/SCL provide a direct channel for the use of laundered data in the UK.
275. When Leave.EU received it’s £50,000 fine for the 2015 spam campaign, they claimed they obtained the lists from a third-party supplier.
276. In much the same way, the official Vote leave campaign would have avoided data protections – they were not registered themselves and nor was the app provider, UCampaign, who would have retained the data captured by the app in the US.
277. The data wash is clear: whether it is legally or illegally sourced it can enter the country and leave it freely.
278. Looking behind Leave.EU, the mirror of SCL’s registration is much clearer. Better For The Country Limited registered in August 2015 at the same address as Leave.EU but included transfers to countries and territories throughout the world.
Page 29 of 70
279. The company connections are labyrinthine, but finally provide the direct connections which have been missing.
280. While Leave.EU has not yet posted accounts, Better For The Country Limited last filed showing £1.295 million in shareholder funds. The company was registered with Companies House in May 2015, listing its nature as “other information services.”
281. The current directorships show Andrew Wigmore (prominent Leave.EU figure), Maria Ming, Alison Marshall, Elizabeth Bilney, Arron Banks (well-known UKIP Donor), Ranja Abbot, and Dawn Williams.
282. Bilney is interesting, also being listed as a director at Banks’ flagship alternative media outlet Westmonster, and a new venture ‘Big Data Dolphins’ alongside Alison Marshall.
283. Big Data Dolphins is an unknown quantity but was only registered with Companies House in December 2016 giving its nature as “business and domestic software development” and “data processing, hosting and related activities.”
284. The ICO registration is a mirror of SCL’s but is shown as having data transfers restricted to the EEA. The shareholders also link to Rock Services, Banks’ insurance company, though the majority share (91%) shows as being owned by Deep DD Limited which returns no trace on any company searches.
285. Also registered at Lysander House, a development in Bristol and the home of most of Banks’ businesses, Bilney is listed as an active director of Chartwell Political Limited, a company set up in June 2014 to carry out “market research and public opinion polling.”


https://jjpatrickauthor.files.wordpress ... threat.pdf
Mogilevich➡️Fursin➡️Manafort➡️Trump

Erdogan➡️Gulen➡️FlynnJr➡️Flynn➡️Pence

Joseph Mifsud➡️George Papadopoulos➡️Steven Miller➡️Jeff Sessions

Predatortrump-Russia is the most complex political scandal in American history
User avatar
seemslikeadream
 
Posts: 24461
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Hybrid Threats And The Live Russian Hybrid Conflict

Postby seemslikeadream » Fri Jul 14, 2017 9:49 am

286. The company currently shows as owing £339,000.
287. The second director, Bridget Rowe, is listed on the company website underneath a
picture of the back of Banks talking to journalists, and alongside the name James Pryor. Rowe worked in print news, including alongside Rupert Murdoch, and previously worked as the director of communications for UKIP. Pryor has worked on elections all over the world, for the Conservatives at Downing Street, and as a campaign director for UKIP.
288. They claim to be uniquely able to “identify the range of threats that can emerge to destabilise political and election campaigns” and go on to say “it is well known that ‘best intelligence’ wins wars, especially Information Wars. The battle for hearts and minds hinges, crucially, on securing, shaping, re-shaping and controlling the Message.”
289. Bilney is also a director of Westmonster, the ‘Breitbart’ styled news agency launched by Arron Banks, which was incorporated in January 2017 and lists a major shareholder as Better For The Country Limited. The second major shareholder and director is Michael Heaver, previously the communications officer of MEP Nigel Farage and former chair of UKIP's youth arm, Young Independence.
290. In 2014, Heaver was actively writing for Breitbart, the right-wing alternative news outlet then run by Steven Bannon and funded by Robert Mercer. Bannon launched the site in the UK at that time specifically to further his “cultural war” and influence the 2015 general election.
Page 30 of 70
291. While Banks and Farage were openly with each other while in the US, supporting the Trump campaign, Heaver provides a prior connection between Farage, his official office, and Bannon.
292. The background information is of such a complex nature, it’s easy to understand how difficult it has been for media agencies to reduce the available evidence to the short, sharp punches needed for headline-led reporting.
293. For example, both Mercer and Trump have now been linked to Russia’s 12th richest businessman, Dmitry Rybolovlev. Mercer’s yacht was docked near the oligarch in March 2017, and Trump’s plane was seen next to his prior to the US election – though they are also linked by a $95 million property deal in Florida.
294. Rybolovlev has a controversial history, associating with criminals in the 1990s before becoming embroiled in a murder trial relating to a business partner. During his divorce – the most expensive settlement in history, he was implicated in the April 2016 Panama Papers, with reports saying his use of offshore companies in the British Virgin Islands was deemed a “textbook example of the lengths rich people (in most cases men) go to protect their considerable wealth in case of a marital breakup.”
295. He was also implicated in the Football Leaks scandal which revealed he and football agent Jorge Mendes set up a secret system to illegally buy players’ shares. Using a Cyprus- based offshore investment fund named Browsefish Limited, Rybolovlev illegally manipulated the price of his own players through third-party ownerships.
296. Arron Banks was also named in the Panama Papers as a shareholder of PRI Holdings Limited, which Panamanian-based Mossack Fonseca set up as an offshore company in 2013. The British Virgin Islands (BVI), is a UK offshore territory and international tax haven which snubbed an anti-corruption summit held in London by the then prime minister, David Cameron. Another shareholder of PRI was Elizabeth Bilney. (Please also see the Lesotho paragraphs herein).
297. Banks is also more directly linked to Russia.
298. In his own account of the Brexit campaign, Banks describes meeting "a shady
character called Oleg" while at UKIP's annual conference in September 2015. "He was introduced to us as the First Secretary of the embassy – in other words, the KGB's man in London," wrote the UKIP donor, who went on to say he was invited to a private meeting with the Russian ambassador Alexander Yakovenko.
299. “Our host wanted the inside track on the Brexit campaign and grilled us on the potential implications,” Banks wrote in his memoir.
300. Banks’ own directorships at Companies House are relatively straight forward. He’s an active director at Avista Awards (a food award scheme), Parsons Jewellers, Old Down event catering, Rock Services (his insurance company) and Precision Risk Services – an insurance investigator.
301. However, a variant of the Precision Risk company name featured in Bank’s Panama Papers listings under the PRI Holdings umbrella, and was linked back to Gibraltar based STM Fidecs Management Ltd, which acted as secretary to Banks’s PRI Holdings Limited.
Page 31 of 70
The Observer reported at the time that STM Fidecs Ltd was the first to register Leave.EU as a wholly owned subsidiary before its ownership passed to Banks.
302. The international link between the alt-right and far-right parties has already been established. The interference of Russia in western democracy and the substantial and genuine security threat it poses has also been confirmed. The conjoined use and extent of disinformation and propaganda has also been proven.
303. On reviewing the ICO statement and the Electoral Commission documents, it is clear that our own independent bodies are deeply concerned about interference in democracy during the general election, and are alive to the specific risks we face.
304. There is a web of companies, both national and international, linked directly to Arron Banks and these include agencies which are specifically geared towards tailored political messaging and the collection, use, and sale of intricate personal data.
305. Our personal data is being harvested both here and abroad and is bought and sold as a commodity, potentially illegally, while also being used for political purposes – which additionally relies on alternative media outlets to drive specific messages, including from parties directly serving in public offices. The parties who control the alternative media outlets also control the data (and its use) and are indisputably linked to each other on both sides of the Atlantic.
306. Robert Mercer, Donald Trump, Nigel Farage, Arron Banks, Steve Bannon, Michael Heaver and Elizabeth Bilney are now indisputably connected to one another.
307. Whether by data acquisition, personal association or through other linear exposure, all of these parties are linked to Russia – a country which is directly implicated, at a state- sponsored level, in interfering with elections across the western world.
308. Cambridge Analytica has openly sourced data from survey operations too, using it to build psychometric profiles of electorates. This data has either, in part or in full, been sold on or transferred and subsequently used in the direct viral marketing of political messages. Leave.EU has used this data, working with Cambridge Analytica, and it appears this falls within the ICO definition of ‘sugging’ which is against the law.
309. SCL were contacted, asking:
1. If they or Cambridge Analytica have ever been investigated by the ICO for data breaches, or if they are currently under investigation;
2. What is their official comment on the Electoral Commission investigation in the Leave.EU campaign is;
3. Whether they are aware of the ‘sugging’ definition and if they are continuing the practice;
4. And whether they buy (or have bought), from or sell (or have sold) data to, Leave.EU, Better For The Country Ltd, or Big Data Dolphins.
Page 32 of 70
310. At 15.36 hours today, Thursday the 4th of May 2017, I received a reply from Cambridge Analytica's press email address, answering the questions.
311. The subject line read "Complaint" and the email was copied to the ethics team at the National Union of Journalists (of which I am a freelance member), Byline, and Impress (the new press regulator I work to the regulations of).
312. The company wrote "You have published a number of inaccuracies and misrepresentations about Cambridge Analytica in your Byline blogs entitled "Data Laundering: The New Chemical Warfare" (28 April) and "The Big Data Wash" (3 May). Most appear to have been lifted from other blogs or reports and without any attempt at verification."
313. They went on to list a number of points requesting me to "let us know how Byline intends to correct these mistakes" but also provided answers to the original questions I had asked.
314. The specific clarifications requested by Cambridge Analytica are below, but for the sake of clarity and chronology, the original questions and responses from a company spokesperson are shown first.
1. Have SCL Elections / Cambridge Analytica ever been investigated by the ICO for data breaches / are you currently under investigation by the ICO? "No and no. CA/SCL has never been investigated by the ICO for data breaches. We are compliant with data laws. Like a range of organisations, we are in touch, with the ICO, to help them with their ongoing assessment into the use of data analytics."
2. What is your official comment on the Electoral Commission investigation in the LEAVE.EU campaign, which appears to centre around donations of services by yourselves. "We did not do any work (paid or unpaid) for Leave.EU."
3. Are you aware that the practice of data collection by way of surveys for other uses, including the sales of database to others, and viral marketing, falls within the ICO definition of 'sugging'? Are you continuing this practice? "Whenever we conduct research, we have the explicit consent of each respondent for the use of their data."
4. Do you buy from or sell data to Leave.EU, Better For The Country Ltd, or Big Data Dolphins? Have you bought or sold data from these companies in the past? "No we have not."
315. Cambridge Analytica says it did not use psychometrics on the Trump campaign. This point was noted for the record, though a video was filmed at the Concordia Summit in the United States of America in September 2016. The presentation was by Cambridge Analytica's CEO, Alexander Nix.
316. In the video Mr Nix states that Cambridge Analytica had profiled all adult Americans and, before leaving the stage, announced that one of the remaining presidential candidates was using this new technology. At that time there were two candidates left in US election, Donald Trump and Hilary Clinton.
Page 33 of 70
317. In a broadly reported press release from Cambridge Analytica, Mr Nix is quoted as saying "We are thrilled that our revolutionary approach to data-driven communication has played such an integral part in President-elect Trump's extraordinary win."
318. When later reports started to critique the company's technique, Mr Nix was quoted in March 2017, by the New York Times, as saying “We bake a cake, it’s got 10 ingredients in it. Psychographics is one of them,” he said. “It’s very difficult to isolate exactly what the impact of that ingredient is.”
319. Cambridge Analytica states it did not work (paid or unpaid) for Leave.EU and did not work on the work on the EU Referendum. This point was noted for the record, though the Electoral Commission is currently investigating donation-in-kind of services made to Leave.EU and this journalisitic investigation had referred further information to both the Electoral Commission and the Information Commissioner's office.
320. Documents seen by this journalistic investigation, backed up by other reports show that a working link between Cambridge Analytica and Leave.EU did exist.
321. Cambridge Analytica say their psychometric offering is not based on a method developed by a Cambridge academic and that the OCEAN personality model has been around for about 30 years. They also deny any dealings with academic researcher Michael Kosinski of Cambridge University.
322. It is known and accepted that the OCEAN model has been for around thirty years.
323. The sections of the original articles which Cambridge Analytica potentially highlight
say:
1. "Scientific research, including that by Michael Kosinski at Cambridge University, has shown that a big data profile can be used to develop targeted marketing or messaging, designed to drive a behavioural response in an individual. The technique is known as either psychographics or psychometrics and has become famous following its use by Cambridge Analytica in the Trump and Brexit campaigns."
2. "A basic profile, as Michael Kosinski found in his research, can predict your behaviours just based on social media likes. An advanced profile, based on what websites you visit, what news you read, your job, your politics, your purchases, your medical records, would mean such a company knows you better than you know yourself."
3. "One of their primary functions is to acquire data through surveys – a method first developed by a Cambridge academic, upon which the work of Cambridge Analytica’s psychometric profiling is based."
324. In response to the request for clarification, the third sentence has been amended in the original article to read as follows: "One of their primary functions is to acquire data through surveys – a method first developed by a Cambridge academic and which bears similarities to aspects of Cambridge Analytica’s psychometric profiling."
325. Cambridge Analytica states that it does not use Facebook likes. Cambridge Analytica states it has no connection whatsoever with "fake news" or "alternative facts". Cambridge Analytica states that it did not use "bots" on the presidential campaign. These points were noted for the record, though the articles attribute none of these to Cambridge Analytica.
Page 34 of 70
326. Cambridge Analytica states it has never transferred any data to Leave.EU. This point is noted for the record, though concerns raised as a direct result of this journalistic investigation have been referred to the appropriate authority, the ICO, to investigate.
327. The ICO confirmed they had officially logged the details I referred on the 12th of May 2017.
328. The Information Commissioner announced the formal investigation on the 17th of May 2017, saying: "Having considered the evidence we have already gathered I have decided to open a formal investigation into the use of data analytics for political purposes. This will involve deepening our current activity to explore practices deployed during the UK’s EU Referendum campaign but potentially also in other campaigns. Given the transnational nature of data the investigation will involve exploring how companies operating internationally deploy such practices with impact or handling of data in the UK."
329. "Engagement with the electorate is vital to the democratic process. Given the big data revolution it is understandable that political campaigns are exploring the potential of advanced data analysis tools to help win votes. The public have the right to expect that this takes place in accordance with the law as it relates to data protection and electronic marketing. Shining a light on such practices will require detailed investigative work and engagement with a range of organisations – political parties and campaigns, data companies and social media platforms, as well as international cooperation. This investigation is a high priority for my office in our work to uphold the rights of individuals and ensure that political campaigners and companies providing services to political parties operate within UK law. We will provide an update later in the year. I am conscious that opening this formal investigation coincides with ongoing campaigning ahead of the General Election. The timing of my decision is unrelated to the current campaign but I would nonetheless remind all relevant organisations of the need to comply with the law."
Main Evidence: Section 4 – Russian Finance, Non-State Actor Interactions, And The Hybrid Threat In Action
330. Marine Le Pen faced the final round of the French Elections in May, losing to centrist Emanuel Macron. Having just stepped down from her role as leader of the far-right Front National, she continued to be supported by Nigel Farage, Donald Trump, and Vladimir Putin.
331. Aside from public registers, Le Pen is the weakest link in the clandestine operation’s chain – with open investigations and clear financial links to Russia hanging over her.
332. With an established, complex, international network of the far-right and Russia working together on the manipulation of electorates, through psychometrics and disinformation campaigns, France was the next domino which may have furthered their control of geopolitics and the financial markets.
333. Sweden is not alone in its strong response to interference in the democratic process. Working with the EU, Facebook shut down 30,000 fake accounts spreading disinformation ahead of the French election campaigns and teamed up with Google on an initiative to counter disinformation and alternative media sites spreading fake news in favour of Le Pen.
Page 35 of 70
334. Le Pen’s Front National is also historically linked to Sweden in a different way, via the far-right Sweden Democrats – Le Pen’ s party helped fund the SD’s 1998 election brochure.
335. The right across Europe has long established connections, and have also aligned themselves with Russia and the US white supremacy movement, but UKIP under Nigel Farage was a late-comer. In 2014 he ruled out an alliance with the Front National but has since changed tack, giving public backing to Le Pen.
336. UKIP, however, is aligned with the Sweden Democrats having formed an EU parliamentary coalition with them in 2014, along with other groups, including one former Front National MEP, Joëlle Bergeron – who resigned from the party after being asked to stand down, having called for voters rights for European immigrants. She had been a Front National member for 42 years.
337. This period was significant in terms of the shifts of the right-wing parties across Europe. After Russia’s Vladimir publicly declared vision of a functioning “Eurasian Union,” the Kremlin began systematically building bridges with them. At the same time, Marine Le Pen outlined her concept of Europe as independent nation states controlled by a tripartite axis made up of Paris and Berlin and Moscow.
338. Anton Shekhovtsov, of UCL School of Slavonic and East European Studies, made a statement in 2014, saying “There is no doubt that the Kremlin uses the European far right. As things are, Russia cannot compete with the EU in terms of economy, human resources, capital and IT– it's only chance to dominate is if Europe is reduced to separate nation states. While direct financial backing is difficult to prove, there is little doubt that Moscow is holding the purse strings. Ideally, Moscow would like to be funding mainstream politicians, but this is expensive and difficult. It is much easier to focus on MEPs where restrictions are more nebulous. Though I believe Russia has been paying these extreme right parties handsomely for lobbying its interests in Brussels.”
339. Another expert, Prof Mitchell Orenstein of the Department of Political Science at Northeastern University in Boston, made a prescient call for the EU to be alive to the risks back too. “I really do not believe Putin's challenge to Europe is being taken seriously enough. Brussels must begin looking at how these parties are being funded. Putin’s position regarding the Ukraine is one thing, but when it comes to the rest of Europe, he doesn’t need to resort to land-grab tactics. He can just sit patiently on the sidelines and watch as the far right tries to dismantle the EU once and for all,” he said.
340. Over time, the creeping Russian influence became increasingly overt.
341. In 2013, Le Pen was invited to Moscow by State Duma leader and Putin ally Sergei
Naryshkin. She also met with Deputy Prime Minister Dmitry Rogozin. During the 2017 French election campaign, she visited Moscow again, meeting Putin himself, who is reported to have said: “we attach a lot of importance to our relations with France, trying to maintain smooth relations with both the acting power and the opposition representatives.”
342. 2013 was the same year Nigel Farage met Russia’s London Ambassador, Alexander Yakovenko - who later met UKIP and Leave.EU donor Arron Banks after the UKIP conference in 2015. Banks described his contact as being with “the KGB’s man in London” and they held a lengthy discussion about Brexit.
Page 36 of 70
343. After Farage’s first meeting, UKIP MEPs began to appear with increasing frequency on RT, a Russian state media channel, and Farage went on to be offered his own show after Brexit - He was ‘knighted’ on the channel in March 2017.
344. In March of 2014, Nigel Farage named Putin as the world leader he most admired, praising the way the Russian president handled “the whole Syria thing” as “brilliant”.
345. By January 2016, James Clapper, the US Director of National Intelligence, had been instructed by Congress to conduct a major review into Russian clandestine funding of European parties over the previous ten years.
346. The review arose amidst Washington’s significant concerns over Moscow’s exploitation of European disunity which they believed was aimed at undermining Nato, blocking missile defence programmes, and reversing economic sanctions which came about after the annexation of Crimea.
347. A senior government official from the UK told the Telegraph “It really is a new Cold War out there. Right across the EU, we are seeing alarming evidence of Russian efforts to unpick the fabric of European unity on a whole range of vital strategic issues.”
348. Clapper resigned ahead of Donald Trump’s inauguration in November 2016, by which time Brexit had caused a significant shock across the EU and troop movements had begun escalating on Europe’s Eastern borders.
349. In 2014, the Front National under Le Pen confirmed taking Russian money.
350. The First Czech-Russian bank based in Moscow loaned the party 9.4m Euros
(£7.4m) and a further 2m Euros (£1.6m) was borrowed from a company based in Cyprus. At the time, Le Pen responded to the media coverage saying “what is scandalous here is that the French banks are not lending.”
351. Russia correspondent Luke Harding, reporting for the Guardian, wrote “in Soviet times the KGB used “active measures” to sponsor front organisations in the west including pro-Moscow communist parties. The Kremlin didn’t invent Europe’s far-right parties. But in an analogous way Moscow is now lending them support, political and financial, thereby boosting European neo-fascism.”
352. Harding made similar conclusions to the academic experts, reporting “tactically, Russia is exploiting the popular dissent against the EU – fuelled by both immigration and austerity. But as rightwing movements grow in influence across the continent, Europe must wake up to their insidious means of funding, or risk seeing its own institutions subverted.”
353. In May 2017, a joint investigation by French journalists at Mediapart, in collaboration with Latvian colleagues at re:Baltica, revealed that Vilis Dambiņš, a director of an intermediary company managing assets related to the family of Vladimir Putin’s special representative for relations with Russian organisations abroad, Alexander Babakov, personally met with at least two high-ranking officials of Le Pen’s Front National to discuss options for the party to get a further Russian loan.
354. The second loan, reportedly an application for EUR 3 million, was made to an organisation called Strategy Bank which allegedly had its licence revoked and the loan was never completed.
Page 37 of 70
355. The first loan provider, FCRB who issued the EUR 9.4 million, also had its licence to trade removed in 2016 due to “poor asset quality” and a failure to “normalise its work.” The bank was fully owned by billionaire Roman Popov, who had until then managed to maintain a low profile.
356. However, in July 2016, the Czech central bank filed a legal complaint against the financial management of ERB bank, also owned Popov. Corruption police launched an investigation into the suspicious syphoning of funds.
357. First known as the European-Russian Bank, it was set up to fund Czech-Russian trade but, according to insiders, “primarily served as the source of finances for Popov and his influential countrymen.” The inquiry was triggered when a portion of the bank’s finances disappeared. According to sources, “money was flowing from the ERB bank through bonds, mostly fictitious ones.”
358. ERB responded via its website saying it was in a "good condition" and in the Czech press were part of "the anti-Russian rhetoric that has long been used in the EU countries and partially also in the Czech Republic.”
359. Le Pen has also been personally subject to a European Union investigation of her finances which resulted in an adverse finding.
360. The European Anti-Fraud Office (OLAF) is the only EU body mandated to detect, investigate and stop fraud with EU funds.
361. In July 2016, OLAF concluded an investigation concerning the misuse of parliamentary assistance allowances by Marine Le Pen in her official capacity with the Front National. OLAF recommend to the European Parliament they recover the large sum of EUR 336,146.
362. The specific details of the allegation against Le Pen were that she used funds allotted for parliamentary assistants to pay the salaries of her personal assistant, Catherine Griset, and her bodyguard, Thierry Legier, for work unrelated to her EU role. As a result, and in an effort to recoup the funds, the parliament began withholding half of Le Pen's stipend effective from February 2017 and suspended her expense allowances and half of her housing allowance in March.
363. Le Pen denied any wrongdoing yet invoked her immunity as an MEP, refusing to attend questioning by the investigating magistrates. She also asked the EU's General Court to suspend the recovery action while awaiting a primary ruling on a legal request to have the investigation findings thrown out.
364. The General Court rejected Le Pen’s case in April 2017, having already rejected similar requests from three other Front National members. Numerous other party MEPs were targeted in the same inquiry and have also faced salary sanctions. The Parliament is seeking to recover a total of 1.1 million euros and French investigators, probing a ‘fake jobs scam’, raided the party's headquarters outside Paris in March 2017.
365. The French authorities carried out the warrants as they attempt to determine whether the Front National appropriated European Parliament funds to pay for twenty assistants who were presented as parliamentary aides while working for the party in other domestic capacities.
Page 38 of 70
366. Exploring these broader allegations against the Front National, OLAF has provided a broad response, stating “OLAF is investigating suspicions of fraud and irregularities concerning the use of parliamentary assistance allowances by MEPs belonging to the Front National.”
367. “The OLAF investigation is examining possible breaches of the Statute of Members of the European Parliament and its implementing measures, potential conflicts of interest and possible misuse of EU finances. However, as the investigation is on-going, OLAF is not in a position to confirm or deny the alleged involvement of any specific persons in this case, nor make any other comments.”
368. “This is in order to protect the confidentiality of on-going and possible ensuing investigations, subsequent judicial proceedings, personal data and procedural rights,” they added.
369. Having contacted the European Parliament directly, they have provided a comprehensive background to the framework and regulation of MEP expenses.
370. The parliament told me “members of the European Parliament are entitled to assistance from personal staff whom they may freely choose. The parliamentary assistance allowance may not be used to cover personal expenses or for grants or donations of a political nature. Members may not either directly or indirectly employ members of their immediate family (parents, children, brothers, sisters, spouses or stable non-marital partners). In general, contracts with assistants must not give rise to any conflicts of interest.”
371. They also set out the rules relating to the allocation of financial support and how it can be used. “The maximum monthly amount defrayable in respect of all such personal staff is EUR 24 164 (2017 rate). None of these funds are paid to the MEP themselves. A Member’s staff duties must specifically relate to the Member’s work as Member of the European Parliament.”
372. The specific rules under which the Front National are being investigated relate to the impermissibility of using EU funds to “finance contracts concluded with an organisation” and further prohibits funds from being used for “pursuing political objectives, such as a political party, foundation, movement or parliamentary political group.”
373. A list of admissible and non-admissible costs in relation to the assistants has been adopted by the Bureau of the Parliament and clearly mentions as inadmissible expenses “any expenses in relation to elections, referenda or any other campaign whether at national or EU-level.”
374. These rules also triggered a 2016 investigation into UKIP.
375. The Alliance for Direct Democracy in Europe, a Ukip-controlled EU Parliamentary
group, was asked to return EUR 172,655, after officials uncovered a breach of the rules arising from the alliance pouring money into the United Kingdom’s 2015 general election and the Brexit referendum.
376. UKIP spent the EU funds on polling and analysis in constituencies where they hoped to win a seat in the 2015 general election, including in South Thanet - a seat which Farage
Page 39 of 70
contested. The party also funded polls to gauge the public mood on Brexit, months before the official campaigning began.
377. The EU report on the misspending concluded that “these services were not in the interest of the European party, which could neither be involved in the national elections nor in the referendum on a national level. The constituencies selected for many of the polls underline that the polling was conducted in the interest of UKIP. Most of the constituencies can be identified as being essential for reaching a significant representation in the House of Commons from the 2015 general election or for a positive result for the leave campaign.”
378. It has previously been established that Russia interfered in the 2015 general election and foreign powers were involved in cyber-attacks during Brexit.
379. The report also concluded there were “a substantial number of activities for which financing ought to be considered as non-eligible expenditure,” in respect of spending on polls around the Scottish and Welsh elections in 2016.
380. The ADDE group as a whole was to be denied €248,345 in grants for failing to follow the rules.
381. Having already uncovered a substantial labyrinth of companies which utilise surveys and polling to harvest and trade in data, directly linked to UKIP, Donald Trump, and Arron Banks, the conclusions reached by the EU are now set in a much clearer context.
382. The potential data laundering activities and disinformation campaigns used to sway the electorate also tie in with a broader series of links between Farage, Trump, Wikileaks, and Russia, the ongoing Electoral Commission investigation into Leave.EU, and referrals now made to the ICO in respect of the data laundering.
383. Farage responded to the report, then as interim leader of UKIP, saying “we are in an environment where rules are wilfully interpreted as suits. I’ve understood absolutely the rules. This is pure victimisation.”
384. The EU state the ADDE declared itself bankrupt in the wake of the inquiry.
385. UKIP have already faced an OLAF investigation which resulted in one of their MEPs
being sent to prison for fraud offences - mirroring the ongoing Front National investigation.
386. In July 2015, former UKIP MEP Ashley Mote was sentenced to five years in prison having been found guilty of several fraud-related offences committed to the detriment of the European Parliament's budget.
387. The court case was triggered by an OLAF investigation carried out in 2010, which focused on the expenditure of a part of Mr Mote's allowances for hiring parliamentary assistants through a specific service provider. The evidence showed the MEP diverted EUR 355,000 into private accounts.
388. The EU parliament sanctioned the investigation and it was referred to police in the UK who discovered more payments arising from false and misleading documents. The court sentenced Mr Mote to five years in prison.
Page 40 of 70
389. OLAF have kindly provided more information about their structure and powers.
390. OLAF fulfils its mission by carrying out independent investigations into fraud and
corruption involving EU funds: so as to ensure that all EU taxpayers’ money reaches projects that can create jobs and growth in Europe; contributing to strengthening citizens’ trust in the EU Institutions by investigating serious misconduct by EU staff and members of the EU Institutions; and developing a sound EU anti-fraud policy.
391. OLAF can investigate matters relating to fraud, corruption and other offences affecting the EU financial interests concerning all EU expenditure, as well as some areas of EU revenue, mainly customs duties.
392. Based in Brussels, OLAF has roughly 400 staff members, more than 300 of whom are working as either investigators or selectors, or in investigation support (forensics, legal services, etc). The team have diverse backgrounds - some having worked for national police or customs authorities, or as lawyers or judges. The Director-General of OLAF is Mr Giovanni Kessler.
393. OLAF is fully independent in its investigative mandate from any other EU or national institution, body or authority. It neither seeks nor receives instructions from any party.
394. OLAF is not a prosecution body, it carries out administrative investigations. When relevant, OLAF sends the information gathered in its investigations (final case reports) to the competent national authorities for their consideration and possible follow-up.
395. OLAF may recommend financial, judicial, disciplinary and administrative action where it finds any of the following:
1. A misappropriation or wrongful retention of EU funds or an illegal diminution of the EU revenues: OLAF will recommend to the competent authority at EU and/or Member State level to recover the money or prevent the money from being unduly spent.
2. A possible criminal offence in a Member State: OLAF will recommend consideration of judicial follow-up by the judicial authorities in that Member State.
3. A possible disciplinary offence: OLAF will recommend consideration of disciplinary action by the EU Institution, body or agency concerned.
4. A weakness in the management or control systems or in the legal framework: OLAF will recommend that action should be taken by the competent EU Institution, body, office or agency, or authority of the Member State.
396. The Russian-sponsored far right is united in its focus on the destabilisation of the European Union and, in the face of limited capabilities and responses from the authorities, is capitalising on exploiting its advantage over the electorates through underhand financial and political means.
Page 41 of 70
397. Accusations of European interference in the coming general election, made by UK Prime Minister Theresa May, are alarming in the face of clear evidence to the contrary. It is indicative of either a wilful blindness, an abject failure by our domestic security services, or something more sinister.
398. Donald Tusk, President of the European Council, called for moderation by May, saying "The stakes are too high to let our emotions get out of hand because at stake are the daily lives and interests of millions of people on both sides of the Channel."
Main Evidence: Section 5 – The Hybrid Threat, State Hacking, And The Terrorism Narrative
399. In 2000, almost all terror attacks across the world involved the use of bombs. Non- complex, explosive devices.
400. Between 2006 and 2013 the number of terrorist attacks across Europe dropped significantly, including in the highest volume category – separatist violence.
401. During this time the number of arrests increased, as countries introduced updated surveillance and counter-terrorism strategies. The largest increase in arrests related to religious terrorism offences.
402. While there is an argument that efforts of the authorities and the airline industry restrictions on liquids have had an impact, the fact remains that bomb making materials are still broadly available across Europe. As this investigation found in Sweden, ex-military explosive stock is readily available and in active use, and the Brussels bombing underlines the point.
403. 2015, however, saw a significant shift in the style of attack – the method turning to the use of vehicles to mow down pedestrians.
404. When you start to probe these new attacks, set in the context of the development of a global operation with an extensive disinformation network - which has claimed to be ISIS in cyber-attacks – the change takes a different hue.
405. This can also be held up for scrutiny against the quick responses of Alt-Right media sites (and even Donald Trump) who have presumptively claimed incidents as being ‘Terrorism’ often within minutes of the attacks taking place, and use the events to drive their own viral messages through their complex channels.
406. These narratives have been exploited to the advantage of the far-right political parties, often during campaigns, and those parties are clearly linked to Russian destabilisation operations.
407. The lesser known of the vehicle attacks took place in Nantes on the on the 22nd of December 2014, and in Dijon the day before.
408. Sébastien Sarron ran over ten pedestrians at the Christmas market of the French city of Nantes in a van, then attempted suicide with a bladed weapon. Ten people, including the suspect, suffered non-fatal injuries and one person died. French Interior Minister Bernard Cazeneuve is on record as saying the attacker was "unbalanced."
Page 42 of 70
409. While there were some reports at first Sarron had shouted “Allahu Akbar”, police stated a notebook in his van contained "incoherent suicidal phrases" and set out fears of “being murdered by the secret services.”
410. Sarron was an alcoholic French farmer, drunk at the time of the attack, and killed himself in his cell in April 2016.
411. The incident was immediately preceded on the 21st of December 2014 in Dijon, when a was arrested after a vehicle-ramming attack in which he drove into pedestrians in five areas of the city in the space of half an hour. Two people were seriously injured.
412. The forty-year-old man was known to the police for minor of offences committed over the course of twenty years, and had repeatedly been treated for “serious and long- established psychiatric issues”. The local prosecutor said the incident was not linked to terrorism.
413. The New York Times reported speaking to the city prosecutor, who said the driver became “'very agitated' at home after watching a television program about the plight of children in Chechnya.”
414. The next attack took place on Bastille Day, the 14th of July 2016, in Nice.
415. French investigators identified the perpetrator – who was killed during the incident -
as Mohamed Lahouaiej-Bouhlel, a 31-year-old man of Tunisian nationality.
416. He was born in Tunisia but held a French residency permit and lived in Nice where he married a French-Tunisian cousin with whom he had three children. His parents still live in Tunisia and state they rarely heard from him since the move to France in 2005.
417. Lahouaiej-Bouhlel’s father has stated that the attacker underwent psychiatric treatment before he moved to France and, according to his wife's lawyer, he was repeatedly reported for domestic violence. He was known to French police for five criminal offences including threatening behaviour, violence, and petty theft.
418. François Molins, the prosecutor leading the inquiry into the possible involvement of organised Islamist terrorism, has made clear there was no link to Islam except in a very short period before the attack and referred to the attacker as "a young man completely uninvolved in religious issues and not a practising Muslim, who ate pork, drank alcohol, took drugs and had an unbridled sex life."
419. Lahouaiej-Bouhlel regularly sent small sums of money to his family in Tunisia, but only days before the attack persuaded friends to smuggle bundles of cash worth 100,000 euros to his relatives.
420. In the immediate aftermath of the attack social media was virally attacked with false claims of hostage situations, a double attack showing images of the Eiffel Tower exploding, claims of a further attack in Cannes, and images of unrelated persons being named as victims and suspects.
421. Marine Le Pen, currently in the last round of the French elections, condemned immigration and government policy in response to the attacks.
Page 43 of 70
422. On the 19th of December 2016, another truck was deliberately driven into the Christmas market at Breitscheidplatz in Berlin, leaving 12 people dead and 56 others injured. The truck's original driver, Łukasz Urban, who was found shot dead in the passenger seat.
423. The suspect, Anis Amri - a failed asylum seeker from Tunisia - was killed in a shootout with police near Milan four days later.
424. Amri fled from Tunisia to escape imprisonment for stealing a truck and arrived for the first time in Europe in 2011 on a refugee raft at the island of Lampedusa.
425. According to reports he lied about his age, pretending to be a minor, and was sent to the temporary migrants reception center on the island where, according to Italian security officials, he "took part in a particularly violent riot, when the center was set on fire and several people were injured." He was subsequently imprisoned for four years for this and robbery. Amri was released in 2015 and it is believed he went to Germany at this point.
426. In Tunisia, Amri was sentenced in absentia to five years in prison, "reportedly for aggravated theft with violence” and had been arrested several times for possession and use of drugs. According to his family, he drank alcohol, took drugs and was initially not religious.
427. His autopsy found that he frequently consumed drugs.
428. In Germany he was involved in a bar brawl, drug dealing, and a knife attack over
drugs in July 2016. He disappeared after police tried to question him.
429. While Moroccan intelligence warned Germany about an attack planned by Amri, and they did monitor him in Berlin, he showed no signs of planning a terrorist event according to official reports submitted to the German Interior Minister.
430. National and international right-wing politicians and commentators blamed the attack partly on German Chancellor Angela Merkel and her policy of accepting an unlimited number of asylum seekers and migrants. The groups also condemned the lack of border checks under the EU Schengen system for allowing the perpetrator to travel freely through several countries after the attack.
431. Only days before I travelled to Sweden to investigate crime and immigration, on the 7th of April 2017, a hijacked truck was deliberately driven into crowds along Drottninggatan (Queen Street) in Stockholm.
432. The suspect, Rakhmat Akilov, a 39-year-old rejected asylum seeker from Uzbekistan, was apprehended the same day and admitted carrying out the attack at a pre-trial hearing on the 11th of April.
433. Säpo (the Swedish intelligence service) have stated they received some information on the suspect, but were unable to confirm it when they followed up on it. They reportedly deemed him a "marginal figure" on the fringes of extremist groups.
434. Akilov arrived in Sweden on the 10th of October 2014 and claimed asylum, saying he needed refuge from "the Uzbek security services which he claims tortured him and accused him of terrorism and treason". Uzbekistan remains closely tied to Russia.
Page 44 of 70
435. Sweden's Migration Board ruled against Akilov and he was ordered to leave the country within four weeks. He failed to do so voluntarily and did not appear at the Swedish Migration Agency when called, so the case was referred to the police but he went on the run.
436. Akilov was registered at the same address as another person with links to financial crime where a number of people were convicted of false accounting and severe tax crimes. He was also linked to Chechnya and a facebook group which aimed to expose the "terrorism of the imperialistic financial capitals."
437. The Swedish far-right was accused of trying to profit from the attack, producing fake news and circulating fake quotations online. This included tweets and social media posts from officials of the Sweden Democrats.
438. Among all of the suspects, from France, to Germany, to Sweden, the common points are easy to identify: criminal offending histories, limited or no links to terrorism – even under surveillance – and mental health issues. In two cases there are links to suspicious finances and two direct links to Chechnya.
439. I have purposefully avoided all reference to ISIS and ISIL to distil the facts as they are.
440. With almost all suspects killed before questioning, and almost every single connected person arrested released without charge, the evidential links are almost entirely reliant on internet searches.
441. In respect of online radicalisation, some claims of responsibility and activity reported to have been the work of ISIS have been traced back to Kremlin linked hacking group APT28.
442. In April 2015, France's TV5Monde network was knocked off air for around 18 hours in the aftermath of a hack attack which also led to the hijack of the agency’s website and Facebook page.
443. The attackers, who identified as the "CyberCaliphate", also leaked documents they claimed were ID cards of French soldiers involved in anti-ISIS operations. Initially the hack was attributed to sophisticated hackers ideologically aligned to ISIS.
444. French investigators later announced the attack was carried out by Russia-based hackers. Sources close to the investigation and TV5 Monde’s president told France 24 “the finger of blame” pointed at Russia, confirming a report by L’Express.
445. This conclusion is supported by findings from security vendors FireEye and Trend Micro.
446. Computer malware and scripts featured in the attack were typed on a Cyrillic keyboard and were compiled during office hours in Moscow and St. Petersburg. The threats against the families of French soldiers serving overseas and other jihadist propaganda also contained numerous grammatical mistakes.
447. The group, reports say, also “targeted the computer systems of Nato members, Russian dissidents and Ukrainian activists.”
Page 45 of 70
448. FireEye’s security experts said the “website which published leaked information was hosted on the same IP block as other APT28 infrastructure, and used the same name server and registrar that FireEye has seen APT28 use in the past.”
449. "We suspect that this activity aligns with Russia’s institutionalized systematic “trolling” – devoting substantive resources to full-time staff who plant comments and content online that is often disruptive, and always favourable to President Putin.”
450. President of FireEye, Richard Turner, said "what we already suspect is that the group is sponsored by the Kremlin. We now also believe that ISIS was a decoy and APT28 was actually responsible for the attack on TV5Monde. Russia has long history of using information operations to sow disinformation and discord, and to confuse the situation in a way that could benefit them."
451. "The ISIS cyber caliphate could be a distraction tactic. This could be a touch run to see if they could pull off a coordinated attack on a media outlet that resulted in stopping broadcast and news dissemination. We have been watching APT28’s infrastructure very closely and have seen them target other journalists around the same time as the TV5Monde attack," he added.
452. If state-sponsored actors can hack under this guise for this purpose, it’s a credible threat that they may be hosting radicalisation operations too.
453. On the 22nd of March 2017, a terrorist attack took place in Westminster.
454. The attacker, 52-year-old Briton Khalid Masood, drove a car into pedestrians on the
pavement along the south side of Westminster Bridge and Bridge Street, injuring more than 50 people, killing several.
455. After the car crashed into the perimeter fence of Parliament grounds, Masood abandoned it and ran into New Palace Yard where he fatally stabbed an unarmed police officer. He was then shot by an armed police officer and died at the scene.
456. Though the attack was instantly attributed to Islamic terrorism by right-wing figures and media outlets across the world, Police have found no link with any terrorist organisation.
457. Born Adrian Russell Elms, the attacker later changed his name to Adrian Russell Ajao then to Khalid Masood after he converted to Islam. Police said he also used several other aliases, including Khalid Choudry. His background matches the French and German suspects and his profile is otherwise atypical - most jihadi terrorists are under 30, while he was 52.
458. When he was 16, he dropped out of school and by 18 he was described as a heavy cocaine user. In 2000, he was sentenced to two years in prison for grievous bodily harm after a knife attack in a public house in Northiam in Sussex. In 2003, he was sentenced to a further six months in prison for possession of an offensive weapon following another knife attack in Eastbourne in Sussex. As well as these two prison terms, Masood had convictions for public order offences going back to 1983.
459. Analysts monitoring Islamic State activity online said claims of responsibility appeared to be an effort to mask losses in Iraq and Syria, adding that “the lack of
Page 46 of 70
biographical information on the attacker and lack of specifics about the attack suggested it was not directly involved.”
460. Neil Basu, Deputy Assistant Commissioner of the Metropolitan Police and Senior National Coordinator for UK Counter-Terrorism Policing, announced that investigators believed Masood acted alone, adding: "there is a possibility we will never understand why he did this.”
461. Westminster fits the exception pattern of the other events.
462. These attacks have helped drive the disinformation narrative, feeding right-wing
politicians and false reports such as those which led me to Sweden in the first place -the very same investigation which exposed the previously missing links in the chain which definitively connects Russia and the far-right.
463. The change in the pattern of the terror incidents and the surrounding information suggest something very drastic has changed. Not just in the method, but in the suspects too. Petty criminals, drug users, often with mental health issues and who can’t be directly linked to terrorism.
464. False flags have been broadly admitted in the past – actions used to justify another end – and large payments of cash, such as those made in Nice, are not associated with the acts of radicals.
465. And, more to the point, Daesh has been losing financial ground for years. By February 2017, Alessandro Pansa, Director General of the Department of Information Security for the Italian Council of Ministers, said: “ISIS has significantly retreated. Its sources of revenue, primarily smuggling oil products and antiquities, are at the edge of drying out.”
466. Russia, at the heart of everything else we are witnessing, is no stranger to deploying black operations tactics.
467. In September 1999, Russia saw ‘the apartment bombings’ which killed 293 people and injured more than 1,000. Together with the Dagestan War, the bombings led the country into the Second Chechen War.
468. Explosions happened at Buynaksk on the 4th of September, Moscow on the 9th and 13th, and Volgodonsk on the 16th. An explosive device similar to those used in these bombings was found and defused in an apartment block in the Russian city of Ryazan a week later.
469. On the day after the last bomb was found, Vladimir Putin ordered the air bombing of Grozny, which marked the beginning of the Second Chechen War.
470. According to the Moscow City Court, the bombings were acts of terrorism organised and financed by the leaders of armed group the Caucasus Islamic Institute yet, thirty-six hours after this announcement, three FSB agents were arrested by the local police for planting the Ryazan explosives.
471. The incident was declared to have been a “training exercise” and the agents were released on Moscow's orders.
Page 47 of 70
472. Yury Felshtinsky, Alexander Litvinenko, Boris Berezovsky, David Satter, Boris Kagarlitsky, Vladimir Pribylovsky, and the secessionist Chechen authorities claim the the 1999 bombings were a false flag attack coordinated by the FSB in order to win public support for a new full-scale war in Chechnya – which boosted the popularity of former FSB director Putin.
473. The pro-war Unity Party succeeded in the subsequent elections to the State Duma and helped Putin attain the presidency within a few months.
474. The MP Yuri Shchekochikhin filed two motions for a parliamentary investigation of the events, which were rejected and a public commission to investigate the bombings was rendered ineffective by the government's refusal to respond to its inquiries.
475. Two key members of the Kovalev Commission, Sergei Yushenkov and Yuri Shchekochikhin, have since died in apparent assassinations and Litvinenko’s death is probably the most famous execution of a spy in history – he was poisoned with radioactive material in London, and the public inquiry concluded the FSB killed him, and probably on the direct orders of Putin himself.
476. Could it be possible that the changed face of terror in Europe is the darker side of the global destabalisation operation? What if ISIS, as it’s currently understood, is only as real as the Cyber Caliphate?
477. While there is no decisive or definitive evidence available, we are left facing a very credible “what if?”
Main Evidence: Section 6 – Non-State Hybrid Threat Actors And African Activities
478. Within the labyrinthine structure of Arron Banks’ complex business network sits a plain looking company.
479. Parsons Jewellers in Bristol had been in the same family for generations when it hit trouble. It was eventually bought by the man behind Leave.EU and Westmonster and in his autobiography Banks outlined his desire to turn the outfit into a brand.
480. Banks sources his gems from a series of mines he owns in South Africa, under the company name Kophia Diamonds, and is listed as a director alongside Jonathan Ian Banks and James Pryor.
481. Jonathan has a law firm registered to Banks’ primary offices in Bristol, and Pryor – ex-UKIP and Maggie Thatcher communications guru – is linked to another Banks connected company, Chartwell Political.
482. While there is no website for the mining operation, Pryor’s email address is listed as the contact address for any queries. Arron Banks is further linked to the region by lobbying and mining companies unearthed in the Panama Papers.
483. On the 25th of January 2015, ahead of Lesotho’s last election, Leave.EU’s Andy Wigmore and James Pryor were both present in the country, “burning the midnight election oil.”
Page 48 of 70
484. At least one of Banks’ mining operations is located in Lesotho, where early general elections are to be held in June 2017 following a no-confidence vote in the incumbent prime minister, who has led in coalition after a military coup caused the 2012 election to fail and a snap election to be held in 2015. The political landscape is clearly complex.
485. Mr Wigmore and Mr Banks have been asked how the coming election could affect the mining interests in Lesotho. As yet there has been no reply.
486. While there is no indication as to what involvement they had in the election campaign beyond the photograph, Wigmore, along with both Arron and Jonathan Banks, and James Pryor are pictured with the King of Lesotho on the 11th of June 2014 during an apparent trip to visit their mining facilities. (Wigmore can also be found pictured in the infamous gold lift at Trump Tower, and with Senator Bryant in Mississippi – also a recent guest on Farage’s LBC Radio show discussing trade deals).
487. Banks, in his autobiography, describes Pryor as his "fixer in Africa" and states that both Pryor and Wigmore worked together for the conservatives in the late 1980s. Banks goes on to say that he bought two mines in Lesotho, visits them periodically, but Pryor is there most of the time to keep him updated.
488. Mr Wigmore and Mr Banks have been asked what connections they have with the king but have not yet replied.
489. As previously highlighted in the #snowman investigation and in Guardian articles, Banks is shown in the Panama Papers as the director African Strategic Consulting Ltd (“lobbying”), African Strategic Resources Ltd (“mining”), and African Strategic Capital Ltd (“wealth management”). There is no indication of illegality in this structure.
490. Mr Wigmore and Mr Banks have been asked what lobbying, if any, the consulting group does. As yet there has been no reply.
491. On the Chartwell website, Pryor lists his previous experience as including assistance to the Basothu National Party in Lesotho, though it is not clear in which election.
492. The party faces current accusations from incumbent Prime Minister, Pakalitha Mosisili, who says the BNP founder, Lesotho Leabua Jonathan, was a lackey of the British who turned a blind eye to his “atrocities” to undermine Lesotho’s independence.
493. He states a vote for them would be tantamount to returning the country to the “dark era” of nationalist rule. “Chief Leabua, supported by the English, was not ready to accept defeat. He declared a state of emergency and suspended the constitution instead. Basotho entered a dark era in which their basic human rights were violated. A lot of people were killed, while some Basotho were literally buried alive in places like Lipeketheng at Hlotse in Leribe district. Those were the acts of the nationalists.”
494. “Last year, we celebrated 50 years of Lesotho’s independence and we have now begun another journey. Like I said, we started the first journey on a wrong foot under a nationalist regime. We cannot afford to repeat that mistake by starting another 50-year journey under a government of nationalists,” he added.
Page 49 of 70
495. Chief Malapo of the BNP responded with a now internationally familiar, Trumpesque narrative, saying “Ntate Mosisili is a pathetic liar. He believes he can fool every Mosotho with his distorted information and propaganda.”
496. Mr Wigmore and Mr Banks have been asked if there is any financial support given by donation to any of the Lesotho political parties. As yet there has been no reply.

https://jjpatrickauthor.files.wordpress ... threat.pdf
Mogilevich➡️Fursin➡️Manafort➡️Trump

Erdogan➡️Gulen➡️FlynnJr➡️Flynn➡️Pence

Joseph Mifsud➡️George Papadopoulos➡️Steven Miller➡️Jeff Sessions

Predatortrump-Russia is the most complex political scandal in American history
User avatar
seemslikeadream
 
Posts: 24461
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Hybrid Threats And The Live Russian Hybrid Conflict

Postby seemslikeadream » Fri Jul 14, 2017 9:50 am

497. The BNP’s history is colourful, fractious, and deeply tied to Russia.
498. After trips to the People's Republic of China and the Eastern Bloc in May 1983,
Basotho Prime Minister Leabua Jonathan announced that China and the Soviet Union would be establishing embassies in the kingdom. The South African government responded angrily to the announcement and reminded Jonathan of a promise he made in 1965 not to allow an embassy of any communist country in Lesotho so long as he was Prime Minister. Vincent Makhele, the Basotho Minister of Foreign Affairs, visited Moscow in September 1984 for discussions with officials in the Soviet government.
499. In a sign of increased KGB presence in Lesotho, staffing levels in the embassy in Maseru were increased and in May 1985 the Soviets appointed their first resident Ambassador to Lesotho. In December 1985, Makhele returned to Moscow and signed a cultural and scientific co-operation agreement (along with a technical and economic agreement) with the Soviets.
500. Soviet inroads in Lesotho suffered a setback when Jonathan was overthrown in January 1986 in a military coup which was led by Justin Lekhanya. The Russian embassy in Maseru was closed in August 1992 and the Russian Ambassador to South Africa has been allocated to Lesotho since. The two countries have maintained a history of bilateral agreement, however – predominantly with Russia providing scholarships, including to senior government officials.
501. In the summer of 2014, around the time of Banks’ group meeting with the king, Russia began to deliver humanitarian aid to Lesotho.
502. Ahead of the 2017 election, the Construction and Mine Workers Union have accused diamond mines of coercing their workers into signing advance voters applications in violation of their rights. They have lodged a joint call with the Transformation Resource Centre, asking the Independent Electoral Commission to intervene and assure the miners are protected.
503. In a strongly worded attack, they made plain it was a criminal offence to “force workers to provide the IEC false information about employment” or to “prohibit workers from voting” on Saturday the 3rd of June 2017. Tskioane Peshoane of the TRC accused the government of condoning the contravention of the electoral act by foreign companies.
504. Mr Wigmore and Mr Banks have been asked if they are aware of the CAMAU concerns, whether this affects their own operations, and if they have any concerns of their own. As yet there has been no reply.
505. The responses of Mr Wigmore and Mr Banks should shed some interesting light on Lesotho’s forthcoming – and clearly fractious – election.
Page 50 of 70
506. Mr Banks is also involved is charitable work in the country which is currently being explored.
Main Evidence: Section 7 – Overt State and Non-State Hybrid Threat Collaborations (Russia, US, and UK)
507. The extent of the clandestine operation is becoming increasingly easy to trace.
508. On the 12th of January 2017, British businessman Arron Banks, principal backer of
Brexit campaign group Leave.EU, posted a picture of Andrew Wigmore, also of Leave.EU and connected to Banks’ African operations, in Mississippi.
509. The caption read “Andy over in the US this week with Gov. Bryant. & our good friends from Mississippi!”
510. In April 2008 Mississippi Governor Haley Barbour welcomed a delegation headed by Russian Federation Senator Mikhail Margelov and U.S.-Russia Business Council (USRBC) President Eugene Lawson to Jackson.
511. At the time, a Russian investment by SeverCorr was in its first phase and had brought 450 high-paying new jobs to Mississippi. The salaries were $88,000 on average, compared to the state's median income of $38,215, according to reports.
512. Mississippi had $5.2 billion of exports in 2007, and the state's exports to Russia alone grew 52 percent from 2004 to 2007. Over that period, many of the sectors the state government was targeting for growth participated in the increase - for example, non- traditional Mississippi exports of computers and electronic products skyrocketed more than 5,000 percent.
513. Governor Barbour made a public statement that Mississippi looked “forward to a long and thriving relationship with Russia."
514. At a luncheon sponsored by SeverCorr, stated to have been arranged to “enable state business leaders to take a closer look at Russia economically and politically,” USRBC President Eugene Lawson underscored SeverCorr's investment in Mississippi should send a signal to other Russian companies, and the Russian government, that the U.S. was open to and welcomed foreign investment.
515. Lawson pointed out not one Russian investment in the U.S. has been turned down by the U.S. foreign investment review process conducted by the Committee on Foreign Investment in the United States (CFIUS).
516. Senator Margelov emphasized the importance of mutual cooperation in his own remarks, suggesting the two countries put aside the “negative rhetoric” which had emerged in Duma elections and that year's U.S. presidential campaign.
517. Margelov suggested the U.S. needed to take advantage of “a new generation coming of age in Russia that is not bound by Cold War stereotypes.” He asserted that “today's global realities demand pragmatism and an "equal partnership" between the U.S. and Russia.”
Page 51 of 70
518. The delegation also enjoyed private discussions with both Governor Barbour and his deputy, Phil Bryant - parties from the US Russia Business Council attended a dinner at Barbour's private residence and Phil Bryant, then the Lieutenant Governor, hosted a private dinner at his home too.
519. Margelov had worked as an interpreter in the International Department of the Central Committee of the Communist Party of the Soviet Union. He also taught Arabic at the Higher School of the K.G.B and was Senior Editor of the Arab section in the TASS News Agency. He was a spy.
520. Between 1990-1995, he was employed by a number of US consulting companies dealing with investment projects and in 1995 became project director for the publicity campaign of Grigory Yavlinsky and the Yabloko party. In 1996, he was chief co-ordinator for advertising in President Boris Yeltsin's 1996 re-election campaign. He went on to head the President's public relations department and was later a director of the Russian Information Centre (Rosinformcentr), a government agency covering events in the Northern Caucasus.
521. From May 1998 to September 1999, he held a managerial position at RIA Novosti news agency then spent January to March 2000 as a consultant to Vladimir Putin's Electoral Headquarters, in charge of contacts with foreign media.
522. In 2009 Canada refused an entry visa for Mikhail Margelov, then the Kremlin’s special representative to Africa. The reason, according to Canadian sources, was Margelov’s connection to the Soviet intelligence services.
523. Hayley Barbour, Governor of Mississippi at the time of the dinners, founded lobbying company BGR Group in 1991.
524. In 2013 the firm was paid $13.7 million and its three largest clients were the Republic of India, Ukraine Chevron Corporation, and the State of Kazakhstan. The firm employs various former political figures.
525. In April 2015, the Government of South Korea retained BGR for public relations and image building.
526. Barbour was the governor of Mississippi between 2004 and 2012, having previously served under Ronald Reagan before becoming head of the Republican National Committee for a number of years. During his stint as governor BGR monies were held in a blind trust arrangement but this has always attracted media coverage.
527. His filings with the Mississippi Ethics Commission show continued payments from BGR and withdrawals from the trust which had a market value of $3.3 million according to its trustee, the president of the Bank of Yazoo City, Griffin Norquist.
528. Correspondence between Barbour and the trustee from 2008 and 2009 - filed with the Ethics Commission and provided by a source - show Barbour pulling $196,850 out of the trust in 2008, $75,000 of it for an income tax payment and $262,000 out in 2009, an unspecified portion of it for taxes. His state salary was listed at $122,160, so the tax designations of these withdrawals indicate a significant second income.
Page 52 of 70
529. According to Norquist, as of December the 31st 2008, the "aggregate market value of assets” in the trust was $3,317,801.
530. BGR Group represented Alfa Bank from at least 2004 until 2015, while Barbour was governor.
531. Lobbying Disclosure Act papers show they received approximately $5.89 million from the Moscow bank over the period, for lobbying activity related to “Bilateral US- Russian Relations.” The people behind the financial organisation are closely linked to Vladimir Putin.
532. Alfa Bank came to the notice of the media and the FBI when computer experts found its servers communicating with the Trump organisation.
533. A detailed analysis showed a series of DNS look ups between the Alfa Bank server in Moscow and a server owned by the Trump organisation which has been described as being set up in a peculiar fashion – it was designed only to accept communications from a small number of other unique IP addresses. A private channel.
534. From May the 4th until September the 23rd 2016 the Russian bank looked up the address to the Trump corporate server 2,820 times. This was more traffic than from any other source. In fact, Alfa Bank alone represented 80% of the lookups.
535. Indiana University computer scientist, L. Jean Camp, told reporters “the conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. “There were considerably more DNS lookups, for instance, during the two conventions.”
536. According to CNN, “publicly available internet records show that address, which was registered to the Trump Organization, points to an IP address that lives on an otherwise dull machine operated by a company in the tiny rural town of Lititz, Pennsylvania.” The Trump organisation claim it was a marketing server.
537. Christopher Davis, who runs the cybersecurity firm HYAS InfoSec, told reporters “I’ve never seen a server set up like that. It looked weird, and it didn’t pass the sniff test.” Davis won the prestigious FBI Director Award for Excellence for tracking down the authors of one of the world’s nastiest botnet attacks.
538. Internet cyber-security pioneer Paul Vixie told Slate “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.”
539. Four days after New York Times journalists started following the story, on September the 27th 2016, the original server, mail1.trump-email.com, was switched off and the Trump Organization created a new host name, trump1.contact-client.com.
540. This enabled communication to the very same Alfa server via a different route.
541. The new server’s first communication was with Alfa Bank and experts have made
clear “when a new host name is created, the first communication with it is never random. To reach the server after the resetting of the host name, the sender of the first inbound mail has
Page 53 of 70
to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server.”
542. Richard Clayton, a cybersecurity researcher at Cambridge University, commented on a series of objections to evidence of communication between the servers, saying “I think mail is more likely, because it’s going to a machine running a mail server and [the host] is called mail.”
543. Others have also dismissed claims of the communication logs being faked due to an impossibility in recreating random traffic volume.
544. Jeffrey Birnbaum of BGR rejected the allegations, saying “neither Alfa Bank nor its principals, including Mikhail Fridman and Petr Aven, have or have had any contact with Mr. Trump or his organizations. The assertion of a special or private link is patently false.”
545. The bank is owned by a secretive oligarch Mikhail Fridman – one of the richest men in the world – and the Sunday Times has called the parent company, Alfa Group, “one of the most controversial business empires on the planet.”
546. Alfa Bank financed one of the companies involved in building Iran’s Bushehr nuclear power plant, according to corporate documents and lobbying disclosure records.
547. In the mid-2000s, according to its own public reports, Alfa Bank provided financing to Atomstroyexport, a state-controlled Russian company which was a major player in Iran’s developing nuclear energy program. The relationship included “loans and other client services.”
548. Birnbaum of BGR dismissed reports of Alfa having deeper links to Iran’s nuclear ambitions as misguided, saying “just because Alfa bank had a line of credit with an entity that did business with Iran does not make Alfa a financier of Iran’s nuclear program.” Communicating through BGR, the bank’s CEO added contact had ended “after 2008 U.N. sanctions.”
549. At the time, there was no problem with the plant from a US foreign policy perspective.
550. In 2007, around the time Alfa was financing Atomstroyexport, Secretary of State Condoleezza Rice endorsed the plant as a proper component of Iran’s civilian nuclear program and in 2010 Hillary Clinton told the U.N. ”Our problem is not with their reactor at Bushehr. Our problem is with their facilities at places like Natanz and their secret facility at Qom and other places where we believe they are conducting their weapons program.”
551. Fridman freely enjoyed the privilege of visiting the White House twice, in May 2010 and again in May 2011. Each time, according to White House logs, Richard Burt, a former top diplomat who negotiated the 1991 START I nuclear treaty with the Soviet Union, accompanied him.
552. According to Burt, Fridman’s goal was “to strengthen ties between the United States and Russia and to discuss Russian ascension to the World Trade Organization.”
553. Burt has longstanding connections with both BGR Group and Alfa.
Page 54 of 70
554. He was previously executive chairman of Diligence LLC, a corporate intelligence operation which employs former spies, and now holds an advisory role at Fridman’s investment operation, Letter One.
555. In 2005, BGR and Diligence became ensnared in scandal. Working as a BGR contractor it was alleged they attempted to obtain corporate records of an Alfa rival from auditor KPMG. KPMG sued Diligence and the latter settled the case by paying KPMG $1.7 million.
556. Another rival, IPOC Growth Fund, also sued Diligence and BGR Group and the case was settled in 2008.
557. Ed Rogers, BGR chairman, was an early owner of Diligence and according to reports the company was set up inside BGR’s Pennsylvania Avenue office.
558. In the first two quarters of 2016 Burt’s lobbying firm received $365,000 for work he and a colleague did to garner support for a proposed natural-gas pipeline opposed by the Polish government and the Obama administration.
559. The Nord Steam gas connection would have allowed more Russian gas to reach central and western European markets - bypassing Ukraine and Belarus and extending Putin’s leverage over Europe. Burt’s lobbying work for New European Pipeline AG began in February 2016 when Russian state-owned oil giant Gazprom owned a 50 percent stake in the company.
560. In August, five European partners pulled out and Gazprom now owns 100 percent.
561. During the same period Burt says he helped shape Trump’s first major foreign policy
address, recommending the man who is now president take a “more realist, less interventionist approach to world affairs.
562. “I believe an easing of tensions and improved relations with Russia — from a position of strength — is possible,” Trump said in the subsequent speech, adding “common sense says this cycle of hostility must end. Some say the Russians won’t be reasonable. I intend to find out.”
563. Phil Bryant, now the Governor of Mississippi years after his private dinners with the Russians and Barbour, is shown in Arron Banks’ picture of January 2017 with Leave.EU’s Andy Wigmore.
564. Bryant has been close to Vice President Mike Pence for years through the Republican Governor's Association, but his direct ties to Donald Trump are even clearer.
565. By the end of the presidential election campaign Bryant had swapped allegiance from Ted Cruz to become a reliable Trump surrogate, also raising $2 million for Trump’s campaign in short order.
566. Bryant enjoyed a close relationship with Trump including visits to Trump Tower in New York and commentators noted that the President often made a “B-line to Bryant even in a crowded room of VIPs.” According to one source, “Trump even ditched his Secret Service detail to get on an elevator with Bryant in Trump Tower, then gave Bryant a personal tour of his war room.”
Page 55 of 70
567. This also put Bryant in direct connection with Jess Sessions.
568. While being interviewed by reporters in late 2016, Bryant had to cut an interview
short, saying Sessions’ Chief of Staff, Rick Dearborn, had been meeting with Ivanka Trump to “work out calendars” and needed to update his itinerary.
569. Rick Dearborn is now the White House Deputy Chief of Staff for Legislative, Intergovernmental Affairs and Implementation, having been the executive director of the Presidential Transition Team for Trump. He had spent more than twenty-five years working on Capitol Hill and worked on President George W. Bush's Energy Agenda before this.
570. Dearborn worked as Chief of Staff for Senator Jeff Sessions from 2004 until 2016 when he joined the Trump team - the second Sessions staffer to land a senior role in the Trump White House.
571. One of the unresolved issues in the investigation into Donald Trump and Russia relates to Carter Page – a man whose CV had largely consisted of doing financial business with Russia - who was mysteriously hired by the Trump campaign as a foreign policy advisor, despite holding no qualifications for such a role.
572. During the election it became public knowledge the FBI was investigating Page’s ties to Russia and after Trump’s success Page travelled to Moscow for unknown reasons. In February 2017 it was discovered he had “been colluding with Russian intel officials during the election.”
573. Page’s connection to Jeff Sessions is not in doubt and sources have also been clear “the Page connection was Rick Dearborn, Sessions’ chief of staff, who hired Page because Dearborn knew nothing about foreign policy but needed to put together a foreign policy staff for Trump’s Alexandria, Virginia, policy shop and he happened to know Page.”
574. Russian agents have not held back from commenting on Page either, highlighting his ambitions in the energy sector. “He got hooked on Gazprom,” Victor Podobnyy, an officer of the SVR, Russia’s foreign intelligence agency, said. “It’s obvious that he wants to earn lots of money.”
575. Page shares a mutual interest with Burt.
576. Christopher Steele’s controversial intelligence dossier alleges Page met with the head
of Russian oil giant Rosneft, Igor Sechin – a man described as one of President Vladimir Putin’s key deputies.
577. According to Steele’s intelligence report, Page and Sechin discussed “lifting sanctions imposed on Russia as a result of its annexation of the Crimean Peninsula and support of pro-Russian insurgents in eastern Ukraine.”
578. This is where a secondary round of Russian connections manifest, in the form of Nigel Farage.
579. Shadowy advisor to Donald Trump, Steve Bannon, and equally controversial Attorney General, Jeff Sessions, both knew Farage for several years - in 2012, Bannon invited the UK politician to New York and Washington, where he was introduced to Sessions.
Page 56 of 70
580. Sessions himself is now embroiled in a fresh ethics row after President Trump’s firing of FBI Director James Comey in the middle of the Russia inquiry: extraordinarily, the Attorney General had to remove himself from the investigation after undisclosed meetings between him and Russian officials were made public.
581. Those same officials were photographed inside the White House recently and Sessions’ name has become synonymous with others subject to the unprecedented alllegations - Paul Manafort, Michael Flynn, Carter Page, and Roger Stone.
582. Visiting the Republican National Committee in mid-2016, Farage met Bryant aide John Barley Boykin who suggested Farage visit Mississippi - the following day a formal invite from Bryant was sent to Farage.
583. On the 23rd of August 2016, Farage arrived in Mississipi with Leave.EU financial backer Arron Banks.
584. According to reports it was Bryant who asked Farage to speak at the Trump rally and it was Steve Bannon who telephoned Farage to discuss what he would say. When Farage and Trump subsequently met the next day, Donald Trump was so impressed with the speech he wanted to personally introduce Farage to the stage.
585. Jeff Sessions was present at the rally along with another Russia Inquiry figure, former mayor of New York Rudy Giuliani.
586. Russian oil company Rosneft is a client of Rudy Giuliani’s law and consulting firm, Giuliani Partners, and Alfa Bank has previously hired Rudy Giuliani as a paid speaker. Investigative journalist Grant Stern has written “circumstantial evidence strongly indicates that President Donald J. Trump and his campaign associates brokered a massive oil privatization deal, where his Organization facilitated a global financial transaction to sell Russian Oil stock to its Syrian War adversary, the Emirate of Qatar.”
587. The Emirate of Qatar was another Giuliani client.
588. Aside from the deep web of US business links to Russia and speeches by British
politicians, this investigation has already established more substantial collaborative efforts between the so-called “Bad Boys of Brexit”, the Trump campaign, and Russia. Yet the Leave.EU connection is relevant for a further reason: Roger Stone.
589. During the 2016 campaign, Stone was accused by John Podesta of having prior knowledge of the Wikileaks publishing of private emails obtained by a hacker. Before the leak Stone tweeted, "it will soon the Podesta's time in the barrel,” and five days before tweeted again, writing “Wednesday Hillary Clinton is done. #Wikileaks.”
590. Breitbart News, a disinformation channel, published a denial by Stone of any advance knowledge of the Podesta e-mail hack or any connection to Russian intelligence.
591. This investigation has already established a link between Russia, disinformation, Wikileaks, Trump, and Brexit, and has shown Wikileaks is known as a Russian operation by security services.
592. During a speech on August the 8th 2016, Stone said, “I actually have communicated with Assange” and referred to an “October surprise” coming via the site. He also stated
Page 57 of 70
while he had never met or spoken to the Wikileaks founder, the pair had a “mutual friend” who served as an “intermediary.”
593. The same day the speech was given, Stone was tweeting about a dinner he had with Nigel Farage.
594. Farage was seen visiting Assange in March 2017 and has always refused to give reasons for the meeting.
595. In May 2017 Farage told Germany’s Die Zeit newspaper he visited the Ecuadorian Embassy for “journalistic reasons, not political reasons” before cutting the questions short, saying “it has nothing to do with you. It was a private meeting.”
596. This interview came after Wikileaks dumped material aimed at influencing voters in France to go against Emanuel Macron and vote for far-right candidate Marine Le Pen – who this investigation has already established to have deep financial and political ties to Russia. Farage was openly supporting Le Pen during her campaign, backed by Leave.EU and Banks’ alternative media site Westmonster.
597. This investigation has already established substantive links between Farage, Russia, and Julian Assange.
598. There is nothing so simple as a simple financial trail which will expose this global operation. Those days of investigative journalism are dead, along with stories compacted to fit headlines and column inches. We are faced with such a complex web the whole truth may never be known, especially if the assertions of Christopher Steele, that the cover-up operation began as soon as Trump won, are to be given credit.
599. This is also more complex than a question of diplomatic gain, those days are gone.
600. This power play has gone directly for geopolitical and financial dominance which
condemns the politics of independent nations to the past. Renders countries alone impotent. This is the true reason the EU has been targeted – structurally it can defeat this axis, which is why divide and conquer is crucial.
601. The Ecuadorian Embassy was called by this investigation, to ask how many times Nigel Farage had visited Julian Assange. They hung up as soon as the question was asked.
602. Both Assange and Farage have been asked how many times they have met but neither has replied to requests for comment.
603. In January 2017 BGR was hired by the Ukrainian government to “support and help open lines of communication between key Ukrainian officials and U.S. government officials, journalists, non-profit groups and others.”
604. On the 10th of May 2017, Russian Foreign Minister Sergei Lavrov met with U.S. Secretary of State Rex Tillerson and President Donald Trump at the White House.
605. Initial reports stated they discussed cooperation on a range of issues and policy areas, with a central focus on Syria. Lavrov gave a confirmation Trump and Russian President Vladimir Putin would be meeting in July, in the first few days of the G20 summit.
Page 58 of 70
606. One Russian news agency reported that the General Director of Russia’s International Affairs Council, Andrei Kortunov, issued a statement saying the White House meeting was not “simply a polite gesture.”
607. “Regardless of the importance of the Secretary of State’s role, U.S. foreign policy is created by the president. I think that Trump has a certain message for Putin that he wants to send personally, through Lavrov,” he said.
608. Lavrov pressed the point it was necessary to agree on some area of policy in advance, in order to ensure “concrete, perceptible results” when the heads of state meet. He also refused to discuss Russia’s alleged interference in the U.S. elections, referring to them as “bacchanalia,” meaning drunken revelries.
609. Journalists at the conference pressed Lavrov on the dismissal of FBI Director James Comey, asking if it “would influence Russian-American relations,” while Lavrov joked “was he fired? You’re kidding!”
610. On the evening of the meeting, Putin made a statement that Comey’s dismissal was “America’s domestic affair and Russia has nothing to do with it.”
611. Lavrov dedicated most of his press conference to Syria, highlighting Washington could contribute towards the creation of de-escalation zones in the country - reminding journalists both superpowers have “mutual understanding about the location of the zones and how they will function.”
612. “For the U.S. the most important thing is to defeat terror. Here we are in perfect harmony,” he said.
613. According to Lavrov, he and Trump did not discuss unilateral sanctions introduced by the Obama administration in late 2016, adding “Washington understands the seizure of property belonging to Russian diplomats was wrong.”
614. Trump also stated he was “pleased with the meeting” and, according to an official White House Press Service statement, the president impressed the need for Russia to “rein in” Assad. “He also raised the possibility of broader cooperation on resolving conflicts in the Middle East and elsewhere,” the statement says.
615. According to the Washington Post, during the meeting with Lavrov and Kislyak, Trump “went off-script” and began to give specific information on the Islamic State threat related to the use of laptop computers on aircraft.
616. Intelligence officials have subsequently told reporters U.S. agencies are “in the process of drawing up plans to expand a ban on passengers carrying laptop computers onto U.S.-bound flights from several countries on conflict zones due to new intelligence about how militant groups are refining techniques for installing bombs in laptops.”
617. As a measure of the seriousness of the threat assessment, the services are considering banning passengers from several European countries, including Britain, from carrying laptops in the cabin on flights destined for the United States. Washington had, allegedly, informed its allies of these plans.
Page 59 of 70
618. While the president does have legal powers to declassify intelligence and information, the leak of this specific intelligence has had serious ramifications - the meeting with Lavrov and Kislyak came only one day after he fired FBI Director James Comey, the man leading the investigation into links between Trump, his campaign, and the Kremlin.
619. Trump's national security adviser, General H.R. McMaster, also present during the meeting, initially gave a statement which said “no intelligence sources or methods were discussed that were not already known publicly” before declining to comment further.
620. It has since emerged the classified intelligence President Trump disclosed was provided by Israel.
621. According to sources, one a current and one a former American official familiar with the information, the disclosure throws a further diplomatic spanner in the works of an episode which has drawn the reliability of the White House into question.
622. Israel has long been one of the United States’ most strategically important allies, operating one of the most complex and highly active espionage networks in the Middle East. It is feared the incident could inhibit this critical intelligence relationship amidst clear risks information could be passed to Iran, a close ally of Russia and also Israel’s main threat actor.
623. In a statement emailed to The New York Times, Ron Dermer, the Israeli ambassador to the United States, approached the issue politely. “Israel has full confidence in our intelligence-sharing relationship with the United States and looks forward to deepening that relationship in the years ahead under President Trump,” he wrote.
624. Putin has stated today he is "prepared to provide transcript, not audio recording, of Trump and Lavrov meeting" according to a Kremlin aide.
625. General McMaster has since made clear he was not concerned the incident could hinder US Intelligence relations with its partners. “What the president discussed with the foreign minister was wholly appropriate to that conversation and is consistent with the routine sharing of information between the president and any leaders with whom he’s engaged,” he said.
626. Sean Spicer, the White House press secretary, also declined to answer questions as to whether the White House had made efforts to contact Israel and discuss the disclosure.
627. Other US officials have since come forwards and told reporters “the intelligence provided by the spy was so sensitive that it was shared only with the US and was conditioned on the source remaining secret.”
628. One former director of the National Counterterrorism Center, Matt Olsen, spoke on ABC, stating Trump’s disclosures posed “a real threat to future sources of information about plots against us.”
629. “Russia is not part of the ISIS coalition. They are not our partner,” he added pointedly.
Page 60 of 70
630. Dan Shapiro, the Former US ambassador to Israel, also told ABC the “careless handling of sensitive information by Trump and his team would inevitably cause elements of Israel’s intelligence service to demonstrate more caution.”
631. John Sipher, who served in the CIA for almost thirty years, including a Moscow posting in the 1990s and who later ran the agency’s Russia program, commented: “The Russians have the widest intelligence collection mechanism in the world outside of our own.”
632. “They can put together a good picture with just a few details. They can marry President Trump’s comments with their own intelligence, and intelligence from their allies. They can also deploy additional resources to find out details,” he added.
633. It has since emerged that, before dismissing the leading law enforcement official, President Trump asked the F.B.I. director James Comey to shut down the federal investigation into his own administration’s Russia links - initially focused on disgraced national security adviser Michael Flynn.
634. “I hope you can let this go,” the president told Comey, according to a memo shared with close senior colleagues, one of whom read parts of it to a New York Times reporter.
635. “I hope you can see your way clear to letting this go, to letting Flynn go, he is a good guy. I hope you can let this go,” Trump is alleged to have said.
636. In a statement, the White House denied the version of events, though they are already under the shadow of allegations of repeated untruths, and of recording official conversations - with Trump having intimated any such tapes may be leaked.
637. On the 16th of May 2017, Representative Jason Chaffetz, Republican chairman of the House Oversight Committee, demanded the F.B.I. turn over all “memoranda, notes, summaries and recordings” pertaining to Trump and Comey. Such documents, he wrote, “raise questions as to whether the president attempted to influence or impede [the FBI].”
638. Michael Flynn was dismissed after he privately discussed U.S. sanctions against Russia with the country’s ambassador to the United States during the month before President Trump took office, contrary to public denials by Trump officials.
639. Flynn’s communications with Sergey Kislyak were interpreted by some senior U.S. officials as an inappropriate (and potentially illegal) signal to the Kremlin on sanctions issues and a significant investigation was triggered with Comey at the helm.
640. Sally Yates, former Acting Attorney General dismissed by Trump over his immigration measures, told the Trump administration Flynn was compromised. She later told an inquiry hearing she was ignored, and that the Trump team misled the American public over the truth.
641. She pulled no punches, informing a senate committee about illegal conduct and stood by her evidence afterwards, telling reporters “we had just gone and told them [the White House] that the national security adviser, of all people, was compromised with the Russians and that their vice-president and others had been lying to the American people about it.”
Page 61 of 70
642. In March 2017 it was also reported Attorney General Jeff Sessions had spoken twice to Ambassador Kislyak, once in July 2016 and once in September 2016.
643. At the time, Sessions' was still a US senator sitting on the Senate Armed Services Committee.
644. During Sessions' Senate Judiciary Committee confirmation hearing in January, he was questioned under oath about "possible contacts between members of President Trump's campaign and representatives of Moscow" and expressed he had no knowledge of any such contact.
645. The New York Times have also reported that Kislyak met with Michael Flynn and another Trump team member, Jared Kushner, in December 2016 to “establish a line of communication” with the Trump administration.
646. A significant number of officials within the Trump administration have also been linked to Russia through a number of separate direct connections established by this investigation.
647. Russia denies claims Kislyak is a spy and a recruiter of spies, despite repeated allegations from top intelligence officials.
648. Kislyak is pictured with Trump in the Oval Office at the 10th of May meeting.
Main Evidence: Section 8 – Hybrid Threat Actors, Infrastructure Cyber Attacks, And Disinformation
649. The world was plunged into chaos on Friday the 12th of May by a massive cyber attack which crippled the United Kingdom’s National Health Service - as well as a number of other large infrastructure organisations across most nations, including Spain’s Telefonica, Fedex in the US, and reportedly some Russian organisations.
650. A a bewildered media, unequipped to report on the complexities of cyber terrorism, scrambled to push focus on the impact of the hack while adding base level explainers on Ransomware to a confused and scared public.
651. Extraordinarily, the British Home Secretary, Amber Rudd, was quick to make a statement the attack wasn’t targeted and across the British parties – now all electioneering – the focus shifted immediately to arguments about spending.
652. In short order, both Wikileaks and infamous former NSA IT contractor Edward Snowden began to lay the blame at the door of the United State’s National Security Agency as the attack involved the use of Eternal Blue – a spying tool which was designed to exploit a weakness in Microsoft Windows remote access capabilities.
653. Ransomware is a type of virus or malware which, when activated, encrypts the contents of a computer (or computers) so the user or owner can’t access anything. It’s called Ransomware because it offers the opportunity to have the data restored in exchange for a payment – normally in the cryptocurrency Bitcoin.
Page 62 of 70
654. Ransomware is an effective Denial of Service (DoS) attack and there are no guarantees systems will be restored even if the payment is made.
655. This attack used a version of the software called Wanacryptor 2 or “Wannacry” which would normally infect a computer through the standard route of opening an attachment in an email.
656. However, the software also integrated a previously stolen tool from the NSA called Eternal Blue, which allows an infected computer to search for and infect other vulnerable computers on internal or external networks. The tool exploited a mechanism within Windows which Microsoft released a patch for after the theft had occurred.
657. The attack was hindered when a young computer blogger discovered the software communicating with an unregistered domain name (http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com).
658. By registering the domain name himself – sinkholing it – the software stopped interacting. It appears the lack of ability to communicate with the domain made the software decide it was in ‘sandpit’ mode – meaning “not actively deployed.”
659. Vehicle manufacturing plants, power plants, and rail services were among the other institutions and companies shut down as a result of the attack and experts believe the software will continue to attack vulnerabilities over the coming days.
660. The domain itself is human generated keyboard garbage and was sinkholed on the day of the attack. The original registration details are not accessible at this time.
661. While the Ransomware itself is freely available on the internet and is not traceable in any useful sense, Eternal Blue is a different matter.
662. On the 8th of April 2017, a group of hackers known as The Shadow Brokers released a lengthy, rambling statement in seemingly deliberately broken English, which commenced with “Dear President Trump, Respectfully, what the fuck are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.”
663. The group’s reappearance came only days after Trump’s unexpected intervention in Syria with airstrikes targeting a Russian-Syrian airbase.
664. A spokesman for Vladimir Putin responded to the strikes stating the US had violated international law “under a false pretext”, and the country’s UN deputy ambassador, Vladimir Safronkov, warned “extremely serious” consequences could follow the strike. The prime minister, Dmitry Medvedev, said the action had “completely ruined relations”.
665. The shadow brokers statement mentioned Syria repeatedly and also cited disgruntlement at the rumoured removal of Steve Bannon from the National Security Council.
666. They went on to make further statements about Trump’s supporters, saying they “Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF”. Don’t care if the election was hacked or rigged, celebrate it “so what
Page 63 of 70
if I did, what are you going to do about it,”” and that they do “support the ideologies and policies of Steve Bannon, Anti-Globalism, Anti-Socialism, Nationalism, Isolationism.”
667. On the topic of Russia, they openly align themselves, saying “for peoples still being confused about TheShadowBrokers and Russia. If theshadowbrokers being Russian don’t you think we’d be in all those U.S. government reports on Russian hacking? TheShadowBrokers isn’t not fans of Russia or Putin but “The enemy of my enemy is my friend.” We recognize Americans’ having more in common with Russians than Chinese or Globalist or Socialist. Russia and Putin are nationalist and enemies of the Globalist, examples: NATO encroachment and Ukraine conflict. Therefore Russia and Putin are being best allies until the common enemies are defeated and America is great again.”
668. At the end of the statement, the core message of which is an echo of almost all alt- right narrative which has been linked directly to Russia its disinformation by this investigation already, they gave a password to an auction site where the NSA tools were freely available.
669. The original NSA hack took place in August 2016 and drew significant commentary, including from Edward Snowden who tweeted “circumstantial evidence and conventional wisdom indicates Russian responsibility” which he interpreted – according to the New York Times – “as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cyber theft of documents from the Democratic National Committee.”
670. “No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack,” Snowden said.
671. This was around the time Julian Assange’s Russian outfit Wikileaks stated they had files to release.
672. In January 2017 a report jointly compiled by the NSA, CIA and FBI concluded Russia's intelligence services had conducted hacking attacks against organisations involved with the 2016 US presidential election, with the most high-profile target being the Democratic National Committee (DNC).
673. James A. Lewis, a computer expert at the Center for Strategic and International Studies, has previously mirrored this investigation’s concerns about the group’s use of English, saying “this is probably some Russian mind game, down to the bogus accent...some of the messages sent to media organizations by the Shadow Brokers group [were] delivered in broken English that seemed right out of a bad spy movie.”
674. This investigation has previously identified a hacking group known as APT28 as being directly linked to the Russian intelligence services and to hacking operations which also involve significant elements of disinformation.
675. They have previously claimed to be ISIS, again using flawed language patterns.
676. Russia's military intelligence, the GRU, is known to operate under the name APT 28
– also known as Fancy Bears. It is rumoured that a second group with strong links to the FSB, the modern version of the KGB, exists under the name APT 29, or Cozy Bear.
Page 64 of 70
677. Security experts believe the groups have been supporting operations to influence the domestic politics of foreign nations, including by leaking stolen information, since 2014. Attacks on the World Anti-Doping Agency, the DNC, the Ukrainian Central Election Commission are among those attributed to them.
678. Security company FireEye has previously documented that APT 28's software is Russian made, saying “the malware is built during the working day of the GMT + 4 time zone, which includes Moscow and St. Petersburg, and the developers used Russian language settings until 2013.”
679. They also highlight the group has extensive “zero day” attack capabilities – meaning they have deep pockets and have shown they can take on multiple targets at the same time, which is indicative of state-backing.
680. “For example, operations might involve setting up thousands of web domains, and dealing with the massive amount of information they are stealing likely involves the use of trained linguists to understand and evaluate it. All of this means that ATP 28 is likely to involve hundreds of staff directly, if not thousands indirectly,” said Jonathan Wrolstad, a senior threat intelligence analyst working at FireEye.
681. On the 11th of May, the day before the worldwide cyber attack began, Cyberscoop reported the interception of a spear phishing attack by Romanian security services.
682. The attack was attributed to APT28.
683. The attack involved the sending of a barrage of emails, including some purporting to
be from a NATO representative, to diplomatic organisations in Europe, including Romania’s Foreign Ministry of Affairs. The message came from a fake address at the hq.nato.intl domain currently used by NATO employees.
684. The emails carried APT28 malware which exploits "zero day" capabilities also thought to have been stolen from the NSA. In the case of the Romanian Foreign Ministry the infected code was hidden in a word document entitled “Trump's_Attack_on_Syria_English.docx”
685. A NATO spokesman said “As is common practice, whenever we detect spoofed email addresses, NATO alerts the responsible authorities in Allied countries to prevent attacks from spreading. The hacker group APT 28 – which is also called Fancy Bear or Pawn Storm – is well known to the cyber defense community and we track its activities closely.”
686. According to cyber security firms Romania was one of the worst countries affected in the 12th of May ransomware attack.
687. The 11th of May was the same day US spy bosses and the acting FBI chief told the Senate intelligence committee they do not trust software from Kaspersky and as a result were reviewing its use across government.
688. The officials cited concerns the Russian-made Kaspersky system could be used by the Kremlin to attack and sabotage computers used in American government institutions.
Page 65 of 70
689. The unanimous agreement on this, as well as a consensus Putin interfered in the US election, came from Daniel Coats, the Director of National Intelligence, Michael Pompeo, Director of the CIA, Michael Rogers, Director of the NSA, Andrew McCabe, Acting Director of the FBI, Vincent Stewart, Director of the Defense Intelligence Agency, and Robert Cardillo, Director of the National Geospatial-Intelligence Agency.
690. "Only Russia's senior-most officials could have authorized the 2016 US election- focused data thefts and disclosures, based on the scope and sensitivity of the targets," said Coats, adding “Russia has also leveraged cyberspace to seek to influence public opinion across Europe and Eurasia. We assess that Russian cyber operations will continue to target the United States and its allies.”
691. While Kaspersky’s CEO denied any wrongdoing in an open forum, one Redditor asked him why Kaspersky had paid Michael Flynn – Trump's disgraced National Security Advisor, fired for his Russian ties.
692. Eugene Kaspersky said it was “a standard fee for a speech Flynn gave in Washington, DC,” and added, “I would be very happy to testify in front of the Senate, to participate in the hearings and to answer any questions they would decide to ask me.”
693. Also on the same day, President Trump signed an executive order commanding a review of the United States’ cyber security capabilities.
694. The President was initially set to sign the order shortly after his inauguration in January and held a press conference on the issue, but this was delayed.
695. Scott Vernick, a data security lawyer in Philadelphia, said at the time the draft made “no mention of the role that FBI, CIA and other major law enforcement agencies have in protecting the nation from hackers.”
696. The version of the document signed just before the worldwide cyber attack contained significant changes, placing responsibility for cybersecurity risk on the heads of federal agencies rather than the White House, and a stated full report on cyber security concerns regarding critical infrastructure is mandated within six months. The FBI were excluded from the original draft.
697. Greater responsibility for federal cybersecurity is also given to the military - a move which was rejected by the Obama administration. White House homeland security advisor Tom Bossert said: “a lot of progress was made in the last administration, but not nearly enough.”
698. “The Russians are not our only adversary on the internet,” he told Reuters.
699. The change of tack in respect of the FBI came only days after Trump’s controversial
dismissal of its Director James Comey confirmed the scale of his conflict with the agency.
700. Former Director of National Intelligence, James Clapper, told reporters over the weekend “what's unfolded now, here, the leader...of the investigation about potential collusion between Russia and the Trump campaign has been removed. So the Russians have to consider this as a, you know, another victory on the scoreboard for them.”
Page 66 of 70
701. “I think in many ways our institutions are under assault,” Clapper told CNN, adding “Both externally, and that’s the big news here, is Russian interference in our election system. And I think as well our institutions are under assault internally.”
702. On the topic of Comey, Trump himself said “when I decided to just do it I said to myself, I said, “You know, this Russia thing with Trump and Russia is a made-up story, it’s an excuse by the Democrats for having lost an election that they should’ve won.”
703. The cyber attack was not random as Amber Rudd so carelessly suggested. It can easily be directly traced to Russia in two ways, and in less immediately obvious ones too.
704. The accompanying Russian narrative, backed externally by public figures with close ties to the country, is to blame the US Intelligence Services, which will cause (and has already caused) international distrust and discord.
705. Meanwhile, the Trump administration is desperately seeking to cover up its own clear Russia links, and, in doing so, is lashing out at the same security services and law enforcement agencies investigating it. All of whom are damaged by the attack and affected by the burdens and provisions of his order on cyber security.
706. It’s apparent the world has received a very pointed warning shot, apparently coming from two of the most powerful men in it, and the cyber attack’s usefulness to both Donald Trump and Vladimir Putin is impossible to disregard as a coincidence - especially in the broader context of this investigation.
707. Working together, Putin and Trump – along with others – have already spear-phished democracy but the Ransomware they've installed worldwide cannot be fixed by a software patch.
708. Media reports began to surface that the culprit was North Korea, according to Kaspersky Lab.
709. It is now thought North Korea are not responsible for the attacks and it is confirmed that Russian intelligence services have their own "zero day" hacking capabilities which exploit defects in Microsoft Windows.
710. With the assistance of expert Richard Hummel, Principal Analyst, Production & Analysis at FireEye - a company who have been tracking the hacking activity of Russian intelligence services - the truth paints a very different picture.
711. "At this time, multiple potential attribution scenarios for the WannaCry activity are viable. We are continuing to investigate all potential attribution scenarios," Hummel exclusively told me.
712. According to FireEye, financially-motivated cybercriminals are typically responsible for ransomware operations, with many such actors operating independently worldwide. "However," Hummel says, "as of yet, none of these actors have been identified as a strong candidate for attributing the WannaCry operation."
713. Numerous open-source reports allege potential North Korean involvement in this campaign but, based on FireEye’s initial analysis, the code similarities cited between
Page 67 of 70
allegedly North Korea-linked malware and WannaCry "are not unique enough independent of other evidence to be clearly indicative of common operators."
714. The link to North Korea appears, at best, tenuous, arising from lines of code in a version of Wannacry which pre-dates the one used in the worldwide attack.
715. Asked more specifically if the DPRK theory stands up to scrutiny, Hummel says "we often encounter cases in which malicious actors have reused code taken from publicly- available tools or other actors’ tools. Based on our reverse engineering thus far, the similarities that are being cited between WannaCry and tools associated with the “Lazarus group” are not unique or significant enough to strongly suggest a common operator."
716. "For both these reasons, we consider the possibility that WannaCry is attributable to the Lazarus group to be unproven at this time and not necessarily stronger than other attribution scenarios. The primary alternative explanation is that non-state, financially- motivated hackers are responsible for the attackers. However, we are continuing to investigate all possible attribution explanations for these attacks," he added.
717. "Russia and China appeared to be the two of the more heavily infected regions based on sinkhole data that can be obtained publicly," Hummel said.
718. "The sinkhole data essentially identifies machines that have been infected and beaconing out to what the community has deemed the “kill switch”. If the malware successfully reaches this domain and there is an HTTP web server response, the malware will not encrypt files. If, however, the malware is unable to make a connection then it will proceed with encrypting machines."
719. Hummel notes a lack of sophistication in the operation and is clear it's a possibility the culprits "may not have anticipated the malware would spread as widely as it has. One of these aspects is the kill switch functionality." (The attack was halted when a young British IT blogger found a way to stop the malware communicating, though a third generation of the malware has since removed this flaw).
720. Vladimir Putin told a world forum in China that "Malware created by intelligence agencies can backfire on its creators," in the wake of the attack.
721. The impact in Russia, despite the spread, was largely non-disruptive, with infections localised relatively quickly.
722. "Another aspect is that identified ransom payments have been reported to be relatively low thus far, suggesting the operators’ payment system may not have been equipped to handle the outcome," Hummel added.
723. Across the technical and intelligence community, the low 'ransom' demand and lack of withdrawal activity in the Bitcoin wallets receiving payments has raised suspicions of the financial element being little more than a ruse.
724. Following the attack using a series of publicly available cyber threat mapping tools and botnet trackers, this investigation identified a correlation between the locations of computers infected with a peer-to-peer (P2P) worm virus called Sality and the distribution of Wannacry.
Page 68 of 70
725. Hummel reviewed the possibility of the Ransomware using an existing virus network to piggy-back and spread. "At this point, we haven’t ruled out any attack vector as we are still researching initial entry into networks. Sality is a worm and has the ability to download additional payloads but we have not found any evidence to suggest that it is being used as a vehicle to distribute WannaCry at this time."
726. "Sality and other worms like it are heavily distributed and often very difficult to remove as it infects every binary on an infected machine and then auto-propagates. Thus, seeing similarities in distribution or infection patterns isn’t out of the question, but doesn’t mean it is the vehicle being used," he said.
727. As with any virus, there are two ways for it to contaminate a first computer before it spreads - essentially a patient zero must exist. One way to enter a network would be through an infected email document, through a technique known as 'spear-phishing', or another would be through the exploitation of a "zero-day" defect which allows a computer to be infected through its operating system by hackers.
728. "Zero day" defects are unknown to software developers until the attack happens, and are so named because they provide no time for a software patch to be released addressing the weakness.
729. The Wannacry hack also uses a network weakness in Windows software, developed as an espionage tool by the NSA, to spread once it gets into a single networked machine.
730. "We are still investigating the original entry point, but some theories that have been circulating include email, RDP, and direct SMB exploitation. The only spreading technique we have confirmed is that SMB was used to compromise some machines. We believe the particular incidents we have observed are lateral movement or a pivot from a previously compromised device and as such are still searching for the initial intrusion vector," Hummel said.
731. In the days preceding the attack, there was no apparent clue in data traffic which could identify a likely source. Hummel is clear that "based on the evidence and inclusive research into the original entry point, characterising a “potential” distribution vector would likely be misleading."
732. Prior to the worldwide attack, FireEye was instrumental in stopping a spear-phishing threat targeted at NATO, along with other European Defence and Security Agencies. One of the victims was the Romanian Foreign Ministry and the country was one of the worst affected in the subsequent worldwide attack.
733. This spear-phishing incident, which attempted to infect these key infrastructure networks with malware came from a group known as APT28 - who are widely believed to be the GRU, a Russian Intelligence Service.
734. FireEye's technical documents coincide with Micorsoft's - who released two patches to shut down the "zero day" defects exploited by the GRU. "The two recently patched APT28 0-days were used to target European Defense and Security entities. The vulnerabilities were in Microsoft Office and Microsoft Windows," Hummel confirmed.
Page 69 of 70
735. "The APT28 vulnerabilities were not related to ShadowBrokers," he added, making clear that the NSA are not the only intelligence service to have developed and deployed cyber attack weapons.
736. Investigations and disruptions across the world continue.
Conclusion:
737. The United Kingdom, United States, Europe, and Africa are currently fully engaged in a hybrid conflict with Russia and its network of state and non-state actors.
738. The state and non-state far-right and associated parties are actively hostile actors on the Russian side of this conflict.
739. The United Kingdom’s democracy has been directly undermined in this hybrid conflict by Russia and its network of state and non-state hostile actors.
740. The United States’ democracy has been directly undermined in this hybrid conflict by Russia and its network of state and non-state hostile actors.
741. European Union’s democracy has been directly undermined in this hybrid conflict by Russia and its network of state and non-state hostile actors.
742. Lesotho’s democracy is at risk of being directly undermined in this hybrid conflict by Russia and its network of state and non-state hostile actors.
743. The worldwide cyberattack on critical infrastructure in all probability is one front in this hybrid conflict.
744. This hybrid conflict is worldwide, in effect World War Three though it has not been officially declared.
745. The current legislative and agency response framework – reliant on STRATCOM and small government organisation with limited powers – is insufficient to even begin to defend the United Kingdom, United States, Europe, or other allies from Russia’s hybrid conflict.
746. Non-state actors with clear links to this conflict are subject to little or no scrutiny and pose a continued risk at this time.
747. Political institutions at the highest levels have been infiltrated by state actors in this hybrid conflict and are subject to little or no scrutiny and pose a continued risk at this time.
748. A rapid, unified, and decisive response is required to face this hybrid threat.
749. A standard diplomatic response will not be an effective means of responding to this
hybrid threat by design.
750. The risk of escalation is the transition to a hybrid conflict which incorporates the deployment of military personnel and weapons.
James John Patrick 19th May 2017
Page 70 of 70
Appendices:
Please refer to the following links to a series of investigative on Swedish crime and immigration:

https://www.byline.com/column/67/article/1583
https://www.byline.com/column/67/article/1585
https://www.byline.com/column/67/article/1590
https://www.byline.com/column/67/article/1595
https://www.byline.com/column/67/article/1606
https://www.byline.com/column/67/article/1612



https://jjpatrickauthor.files.wordpress ... threat.pdf
Mogilevich➡️Fursin➡️Manafort➡️Trump

Erdogan➡️Gulen➡️FlynnJr➡️Flynn➡️Pence

Joseph Mifsud➡️George Papadopoulos➡️Steven Miller➡️Jeff Sessions

Predatortrump-Russia is the most complex political scandal in American history
User avatar
seemslikeadream
 
Posts: 24461
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)


Return to Data Dump

Who is online

Users browsing this forum: Google [Bot] and 4 guests