Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Roger Stone Allegedly Communicated With Mysterious Hacker Guccifer 2.0

Latest Developments in Mueller and Russian Electoral Meddling

Latest Developments in Mueller and Russian Electoral Meddling

After political consultant Roger Stone was charged in January 2019 on seven counts relating to Special Counsel Robert Mueller’s investigation into Russian electoral interference, he requested that his case be randomly assigned to a judge. Mueller objected to this saying that the case relates to the United States v. Netyksho, 1:18-CR-00215 (ABJ) case, and that under U.S. rules it should be tried by the same judge.

The direct charges against Stone do not immediately appear to be directly related to Russian interference in the 2016 presidential election. The first is that he “falsely and misleadingly” testified at an enquiry by the House Permanent Select Committee on Intelligence (HPSCI); the next five allege that he specifically lied about his involvement or knowledge; and the seventh alleges “Witness Tampering”.

However, in the official objection to Stone’s request for a random court hearing, Mueller has released further information (PDF) on the relationship between Stone and the Netyksho case (PDF). The Netyksho case involves the indictment of 12 Russian intelligence officers in July 2018 (Victor Netyksho is the first named defendant) charged with involvement in the DNC hacks of 2016.

Mueller’s response, filed on February 15, presents two arguments for linking the case under the same judge. The first is that the Stone case and the Netyksho case arise from the same search warrants. While investigating the Netyksho case — specifically investigating Russian involvement in the release of the stolen DNC documents — the same search warrants allegedly discovered “Stone’s communications with Guccifer 2.0 and with Organization 1.”

Guccifer 2.0 is the persona adopted by the Russian hackers to hide their own identity and potentially point the finger at Romania (home of the original Guccifer). “Organization 1” is not specifically named in either the Stone indictment or this response. However, the indictment does say, “The head of Organization 1 was located at all relevant times at the Ecuadorian Embassy in London, United Kingdom.” Throughout the two documents, Organization 1 is WikiLeaks. In Jul 2016, during the 2016 Democratic National Convention, WikiLeaks published 19,252 emails and 8,034 attachments stolen from the DNC by the Russians.

Mueller’s second argument is that the Stone case and “Netyksho Involve Activities That Are Part of the Same Alleged Criminal Event or Transaction”. More specifically, “This case concerns the defendant’s efforts to obstruct a congressional investigation into that conduct. As alleged in the indictment, the defendant made false statements, withheld documents, and tampered with a witness in connection with the efforts of a congressional committee to assess whether any U.S. person or campaign coordinated in or had advance knowledge of the releases of stolen documents.”

In short, the allegations against Roger Stone arise from the same search warrants used to investigate the 12 Russian GRU officers, and include apparent communications between Stone on the one hand and the Russians and WikiLeaks on the other. It must be remembered that these are only allegations.

Advertisement. Scroll to continue reading.

It also became clear over the weekend (the timing is probably coincidental) that Mueller had earlier subpoenaed Brittany Kaiser, former business development director for Cambridge Analytica. Cambridge Analytica was involved in harvesting personal Facebook information for political purposes. The subpoena became known through a Netflix documentary called ‘The Great Hack’ that is expected to be released later in the spring. 

It isn’t clear when the subpoena was issued, but is likely to have been late in 2017 around the time that the Wall Street Journal reported that Mueller had requested Cambridge Analytica staff emails. Misuse of the Facebook information has been linked to fake-news social media campaigns directed by a Saint Petersburg ‘troll factory’ known as the Internet Research Agency, Cambridge Analytica had been hired during the Republican presidential campaign led by digital strategist Brad Parscale and overseen by Jared Kushner.

If the subpoena was indeed at the end of 2017, it was just a few months before the UK Information Commissioner’s Office (ICO) raided Cambridge Analytica’s London offices on March 23, 2018. The ICO has been running its own investigation into the use of personal information for political purposes. It has already fined Facebook £500,000 (the maximum possible for data protection offenses prior to GDPR) for its role in the Cambridge Analytica affair.

SecurityWeek asked the ICO if it had provided any material from the Cambridge Analytica raid to the Mueller inquiry, but got an irrelevant response that concluded, “We’ve nothing further to add at the moment.” However, in its report to the UK parliament in November 2018, title, “Investigation into the use of data analytics in political campaigns”, it does say, “Several disclosures to us suggested offences beyond the scope of the ICO’s legal remit, and we made appropriate referrals to law enforcement in the UK and overseas… We have legal gateways to share and receive information through the DPA 2018…” So, it is possible.

On February 1, 2019, the ICO confirmed fines on Leave.EU (which campaigned for the UK to leave the EU ahead of the Brexit referendum) and Eldon Insurance. Both organizations share the same corporate address. Eldon Insurance is controlled by Aaron Banks, who donated £8 million to the Leave campaign. Brittany Kaiser appeared with Banks at the launch of the Leave.EU campaign. The origin of the £8 million donation is being investigated by the UK Electoral Commission, and the National Crime Agency.

February 18 has also seen publication the UK Department of Culture, Media and Sport (DCMS) final report into ‘disinformation and fake news’. This committee of members of parliament does not have the legal teeth nor global reach of Mueller’s special enquiry. All it can do is make recommendations; and as such it largely focuses on Facebook. “The Cambridge Analytica scandal was facilitated by Facebook’s policies. If it had fully complied with the FTC settlement, it would not have happened,” it states.

Outside of the committee, its chairman Damian Collins is less reticent. Commenting on the news of Kaiser’s subpoena, he said, “her work connected her to WikiLeaks, Cambridge Analytica and [its parent company] SCL, the [U.S. presidential] campaign, Leave.EU and Arron Banks.”

Labour member of parliament Tom Watson added, “This is the first evidence that a significant player in the Leave.EU campaign is of interest to the global Mueller inquiry. People will be bewildered that the British government has no interest in establishing the facts of what happened.”

What we have right now is a complex web of meetings, correspondence and conjecture crossing two continents. The common elements that run through investigations on both sides of the Atlantic appear to Russia, electoral meddling apparently aimed at both the U.S. 2016 presidential election and the UK Brexit referendum, and Cambridge Analytica — and an understanding that any weakening of U.S. political machinery and EU cooperation would benefit Russian foreign policy.

Related: Should Social Media be Considered Part of Critical Infrastructure? 

Related: Would Facebook and Cambridge Analytica be in Breach of GDPR? 

Related: Dutch Spies Watched as Russians Hacked US Democrats: Report 

Related: Industry Reactions to U.S. Indicting 12 Russians for DNC Hack

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...