Security Experts:

Roger Stone Allegedly Communicated With Mysterious Hacker Guccifer 2.0

Latest Developments in Mueller and Russian Electoral Meddling

After political consultant Roger Stone was charged in January 2019 on seven counts relating to Special Counsel Robert Mueller's investigation into Russian electoral interference, he requested that his case be randomly assigned to a judge. Mueller objected to this saying that the case relates to the United States v. Netyksho, 1:18-CR-00215 (ABJ) case, and that under U.S. rules it should be tried by the same judge.

The direct charges against Stone do not immediately appear to be directly related to Russian interference in the 2016 presidential election. The first is that he "falsely and misleadingly" testified at an enquiry by the House Permanent Select Committee on Intelligence (HPSCI); the next five allege that he specifically lied about his involvement or knowledge; and the seventh alleges "Witness Tampering".

However, in the official objection to Stone's request for a random court hearing, Mueller has released further information (PDF) on the relationship between Stone and the Netyksho case (PDF). The Netyksho case involves the indictment of 12 Russian intelligence officers in July 2018 (Victor Netyksho is the first named defendant) charged with involvement in the DNC hacks of 2016.

Mueller's response, filed on February 15, presents two arguments for linking the case under the same judge. The first is that the Stone case and the Netyksho case arise from the same search warrants. While investigating the Netyksho case -- specifically investigating Russian involvement in the release of the stolen DNC documents -- the same search warrants allegedly discovered "Stone's communications with Guccifer 2.0 and with Organization 1."

Guccifer 2.0 is the persona adopted by the Russian hackers to hide their own identity and potentially point the finger at Romania (home of the original Guccifer). "Organization 1" is not specifically named in either the Stone indictment or this response. However, the indictment does say, "The head of Organization 1 was located at all relevant times at the Ecuadorian Embassy in London, United Kingdom." Throughout the two documents, Organization 1 is WikiLeaks. In Jul 2016, during the 2016 Democratic National Convention, WikiLeaks published 19,252 emails and 8,034 attachments stolen from the DNC by the Russians.

Mueller's second argument is that the Stone case and "Netyksho Involve Activities That Are Part of the Same Alleged Criminal Event or Transaction". More specifically, "This case concerns the defendant's efforts to obstruct a congressional investigation into that conduct. As alleged in the indictment, the defendant made false statements, withheld documents, and tampered with a witness in connection with the efforts of a congressional committee to assess whether any U.S. person or campaign coordinated in or had advance knowledge of the releases of stolen documents."

In short, the allegations against Roger Stone arise from the same search warrants used to investigate the 12 Russian GRU officers, and include apparent communications between Stone on the one hand and the Russians and WikiLeaks on the other. It must be remembered that these are only allegations.

It also became clear over the weekend (the timing is probably coincidental) that Mueller had earlier subpoenaed Brittany Kaiser, former business development director for Cambridge Analytica. Cambridge Analytica was involved in harvesting personal Facebook information for political purposes. The subpoena became known through a Netflix documentary called 'The Great Hack' that is expected to be released later in the spring. 

It isn't clear when the subpoena was issued, but is likely to have been late in 2017 around the time that the Wall Street Journal reported that Mueller had requested Cambridge Analytica staff emails. Misuse of the Facebook information has been linked to fake-news social media campaigns directed by a Saint Petersburg 'troll factory' known as the Internet Research Agency, Cambridge Analytica had been hired during the Republican presidential campaign led by digital strategist Brad Parscale and overseen by Jared Kushner.

If the subpoena was indeed at the end of 2017, it was just a few months before the UK Information Commissioner's Office (ICO) raided Cambridge Analytica's London offices on March 23, 2018. The ICO has been running its own investigation into the use of personal information for political purposes. It has already fined Facebook £500,000 (the maximum possible for data protection offenses prior to GDPR) for its role in the Cambridge Analytica affair.

SecurityWeek asked the ICO if it had provided any material from the Cambridge Analytica raid to the Mueller inquiry, but got an irrelevant response that concluded, "We've nothing further to add at the moment." However, in its report to the UK parliament in November 2018, title, "Investigation into the use of data analytics in political campaigns", it does say, "Several disclosures to us suggested offences beyond the scope of the ICO's legal remit, and we made appropriate referrals to law enforcement in the UK and overseas... We have legal gateways to share and receive information through the DPA 2018..." So, it is possible.

On February 1, 2019, the ICO confirmed fines on Leave.EU (which campaigned for the UK to leave the EU ahead of the Brexit referendum) and Eldon Insurance. Both organizations share the same corporate address. Eldon Insurance is controlled by Aaron Banks, who donated £8 million to the Leave campaign. Brittany Kaiser appeared with Banks at the launch of the Leave.EU campaign. The origin of the £8 million donation is being investigated by the UK Electoral Commission, and the National Crime Agency.

February 18 has also seen publication the UK Department of Culture, Media and Sport (DCMS) final report into 'disinformation and fake news'. This committee of members of parliament does not have the legal teeth nor global reach of Mueller's special enquiry. All it can do is make recommendations; and as such it largely focuses on Facebook. "The Cambridge Analytica scandal was facilitated by Facebook's policies. If it had fully complied with the FTC settlement, it would not have happened," it states.

Outside of the committee, its chairman Damian Collins is less reticent. Commenting on the news of Kaiser's subpoena, he said, "her work connected her to WikiLeaks, Cambridge Analytica and [its parent company] SCL, the [U.S. presidential] campaign, Leave.EU and Arron Banks."

Labour member of parliament Tom Watson added, "This is the first evidence that a significant player in the Leave.EU campaign is of interest to the global Mueller inquiry. People will be bewildered that the British government has no interest in establishing the facts of what happened."

What we have right now is a complex web of meetings, correspondence and conjecture crossing two continents. The common elements that run through investigations on both sides of the Atlantic appear to Russia, electoral meddling apparently aimed at both the U.S. 2016 presidential election and the UK Brexit referendum, and Cambridge Analytica -- and an understanding that any weakening of U.S. political machinery and EU cooperation would benefit Russian foreign policy.

Related: Should Social Media be Considered Part of Critical Infrastructure? 

Related: Would Facebook and Cambridge Analytica be in Breach of GDPR? 

Related: Dutch Spies Watched as Russians Hacked US Democrats: Report 

Related: Industry Reactions to U.S. Indicting 12 Russians for DNC Hack

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.