Durham Probes Pentagon Computer Contractors in Anti-Trump Conspiracy

John Durham

By Paul Sperry, RealClearInvestigations:

According to sources, cybersecurity professionals who were able to secure lucrative Pentagon and Homeland Security contracts as well as high-ranking security clearances are being investigated for possibly abusing their government privileges in an attempt to help Donald Trump’s 2016 campaign to link him to Russia. This plot was allegedly carried out by Special Counsel John Durham.

Durham is investigating whether they were involved in a scheme to misuse sensitive, nonpublic Internet data, which they had access to through their government contracts, to dredge up derogatory information on Trump on behalf of the Clinton campaign in 2016 and again in 2017, sources say — political dirt that sent FBI investigators on a wild goose chase. The FBI is also being investigated by the prosecution for possible falsification or forgery of some data.

These sources, who spoke on the condition of anonymity to discuss a sensitive law enforcement matter, said Durham’s investigators have subpoenaed the contractors to turn over documents and testify before a federal grand jury hearing the case. Sources said that the investigators were looking into possible criminal charges, including defrauding and giving false information to federal agents.

TRENDINGWATCH: Wyoming 16-year-old student arrested for not wearing mask, school placed under lockdown

Durham outlined the campaign plan in a 27-page Indictment that charged Michael Sussmann, a Clinton campaign lawyer with fabricating a report to FBI. Although the document names eight people who were allegedly involved in Sussmann’s conspiracy, it does not name them.

Sources familiar with the investigation confirmed Rodney L. Joffe was the chief contractor. He has advised the Biden White House regularly on infrastructure and cybersecurity policies. He was, until last month, the chief cybersecurity officer of Washington tech contractor Neustar Inc. Federal civil court records reveal that he was an old client Sussmann At Perkins Coie. Durham recently subpoenaed him. Joffe, who is 66 years old, was not charged.

Neustar has removed Joffe’s blog posts from its website. “He no longer works for us,” a spokeswoman said.

A powerful and influential player in the tech world, Joffe tasked a group of computer contractors connected to the Georgia Institute of Technology with finding “anything” in Internet data that would link Trump to Russia and make Democratic “VIPs happy,” according to an August 2016 email Joffe sent to the researchers. Within a month, Trump was accused by the group of secret backchannel communication to Russia via email servers at Alfa Bank in Russia. These accusations were later proven false by Robert Mueller (FBI Special Counsel), the Justice Department inspector general, and an intelligence panel of the Senate.

The Sussmann grand jury indictment states that the federal contractors, who mined private Internet records to help “conduct opposition research” in coordination with the Clinton campaign, were driven not by data but by “bias against Trump.”

Joffe’s lawyer has described his client as “apolitical.” He said Joffe brought Sussmann information about Trump he believed to be true out of concern for the nation.

Steven Tyrrell, a white-collar criminal defense attorney specializing in fraud cases, has confirmed that his client Joffe is the person referred to as “Tech Executive-1” throughout the Sussmann indictment. “Tech Executive-1 exploited his access to nonpublic data at multiple Internet companies to conduct opposition research concerning Trump,” Durham’s grand jury stated. “In furtherance of these efforts, [Joffe]Had enlisted in the U.S. Army and was still enlisting with the support of researchers at an American university [Georgia Tech] who were receivingAnd analyzing Internet data in connection with a pending federal government cybersecurity research contract.”

The indictment also alleges that the computer scientists knew the Internet data they compiled was innocuous but sent it to the FBI anyway, sending agents down a dead end: “Sussmann, [Joffe] and [Perkins Coie] had coordinated, and were continuing to coordinate, with representatives and agents of the Clinton campaign with regard to the data and written materials that Sussmann gave to the FBI and the media.”

One of the campaign representatives with whom Joffe coordinated was Jake Sullivan, who was acting as Clinton’s foreign policy adviser, as RealClearInvestigations first reported. Now serving in the White House as President Biden’s national security adviser, Sullivan is under scrutiny for statements he made under oath to Congress about his knowledge of the Trump-Alfa research project. In a potential conflict of interest, Attorney General Merrick Garland employed Sullivan’s wife Maggie as a law clerk when he was a federal judge. Garland controls the purse strings to Durham’s investigation and whether his final report will be released to the public.

Joffe was at the time advising President Obama regarding security issues and positioning himself to be a high-ranking cybersecurity officer in the Clinton administration. “I was tentatively offered the top [cybersecurity] job by the Democrats when it looked like they’d win,” he revealed in a November 2016 email obtained by prosecutors.

In the meantime, researchers at Georgia Tech were competing for a Pentagon contract worth $17million to investigate cybersecurity. Federal records show that they won in November 2016.

Government funding in hand, they continued mining nonpublic data on Trump after he took office in 2017 — as Sussmann, Sullivan and other former Clinton campaign officials renewed their effort to connect Trump to Alfa Bank. This time, they enlisted former FBI analyst-turned-Democratic-operative Dan Jones to re-engage the FBI, while Sussmann attempted to get the CIA interested in the Internet data, as RCI first reported. Jones was also subpoenaed by investigators, but he did not reply to any requests for comment.

Joffe is a South African citizen who left Neustar in October after having hired an experienced Washington fraud attorney several months before Durham began to present his case to grand jurors. Tyrrell declined to comment when asked by RCI about his client’s cooperation with the federal grand jury hearing Durham’s broadening case. Tyrrell also had “no comment” when asked whether the Special Counsel’s Office has notified him that his client is a target of the ongoing investigation. However, Tyrrell defended Joffe in a public statement, asserting that the special counsel and the grand jury presented a “misleading picture of his actions” in the so-called “speaking indictment,” which the sources said is a prelude to additional indictments that could culminate in conspiracy charges.

The indictment details a conspiracy that involved widespread deception. It was then followed by an explosion of subpoenas directed at Perkins Coie, rocking Washington’s Democratic political machine. Millions of dollars secretly flowed through Perkins to the Clinton campaign’s opposition-research projects against Trump, leaving an extensive money trail for Durham’s investigators to trace and check for possible Federal Election Commission and other violations, the sources say.

Tyrrell insisted that Joffe had “no idea [Sussmann’s] firm represented the Clinton campaign,” even though he worked closely with Sussmann and another well-known campaign lawyer, Marc Elias — as well as with Glenn Simpson of Fusion GPS, an opposition-research firm hired by the Clinton campaign to dig up dirt on Trump in 2016. He added that his client “felt it was his patriotic duty to share [the report on Trump] with the FBI.”

However, Durham’s investigation uncovered emails revealing that Joffe knew the narrative they were creating about Trump having a secret hotline to Russian President Vladimir Putin was tenuous at best. In fact, Joffe himself called the data used to back up the narrative a “red herring.” In another email, Joffe said he had been promised a high post if Clinton were elected, suggesting he may have had a personal motivation to make a sinister connection between Russia and Trump. He added that he had no interest working for Trump: “I definitely would not take the job under Trump.”

“Joffe was doing what he was doing to get that plum job,” former FBI counterintelligence official Mark Wauck said in an interview. “And Sussmann was working with Joffe because Joffe was needed for the Clinton campaign’s ‘confidential project,’ ” which was the term Sussman used to describe their data research in billing records.

Secret Service logs reveal that Joffe, at the time, was an anonymous cybersecurity advisor to Obama. He visited the White House several more times under his presidency. James Comey (then Director of FBI) presented him with an award to recognize his contribution in investigating a large cybersecurity case.

Joffe is the “Max” quoted in media articles promoting the secret cyber plot targeting Trump, a code name likely given him by Simpson, who has a son named Max. The stories described “Max” as a “John McCain Republican.” In 2017, Joffe, who spent much of his career in the late McCain’s home state of Arizona before moving to Washington, helped rekindle the Trump-Alfa tale by plumbing more data and helping feed the information to the Senate Armed Services Committee, which McCain chaired.

Joffe’s boss during the 2016 campaign was then-Neustar President Lisa Hook, a major Democratic Party donor who publicly endorsed Clinton and contributed to her campaigns. According to records, her contributions totaled more than $249,000. Hook was named to Obama’s National Security Telecommunications Advisory Committee.

Joffe is the founder of several Internet startups. Packet Forensics is one such company. It was awarded a Pentagon contract recently to handle large portions of Internet domains that were owned by the military. Biden received the bid on the same day he was elected president. He also owns a federal law enforcement wiretapping company that allows authorities spy on private Internet browsing via fake Internet security certificates instead of the real ones used by websites to confirm secure connections. Joffe is a cybersecurity expert who has been working with intelligence agencies and federal law enforcement for over 15 years.

Joffe worked closely with another top computer scientist assigned to the Alfa project, who has used the pseudonym “Tea Leaves,” as well as masculine pronouns, in media stories to disguise her identity. The operative has been identified by her attorney as April D. Lorenzen, who supplied so-called Domain Name System (or DNS) logs from proprietary holdings — the foundation for the whole conspiracy charge — and helped compile them for the spurious report that was fed to the FBI, according to the indictment.

Lorenzen is a registered Democrat and was asked by Joffe to create a Trump connection with the data. Lorenzen worked alongside researchers from Georgia Tech where she had been a guest researcher from 2007.

Identified as “Originator-1” in the Durham indictment, she, like her colleague Joffe, is a key subject of the investigation and faces a host of legal issues, the sources close to the case said. Emails the investigators uncovered reveal that Lorenzen discussed “faking” Internet traffic with the Georgia Tech researchers, although the context of her remarks are unclear.

Prosecutors suggested Lorenzen was trying to create an “inference” of Trump-Russia communications from DNS data that wasn’t there.

DNS acts as the Internet’s phonebook, translating website domain names into IP addresses so that Web browsers can easily communicate. The traffic leaves a record known as DNS “lookups,” which is basically the pinging back and forth between computer servers.

Lorenzen has retained white-collar criminal defense lawyer Michael J. Connolly of Boston, who said in a statement that Lorenzen was acting in the interest of national security, not politics, and “any suggestion that she engaged in wrongdoing is unequivocally false.”

The 59-year-old Lorenzen helped found two tech firms operating out of Rhode Island, where she lives — Dissect Cyber Inc. and Zetalytics LLC. Her companies have contracted with the U.S. Department of Homeland Security’s cybersecurity division and other agencies. In that role, she oversees one of the world’s largest and most diverse systems of “passive,” or stored, DNS records, which can be searched to uncover potential security incidents. The year before the 2016 presidential campaign, she boasted, “Massive passive DNS data is what I comb daily, providing the most interesting IPs and domains, real time.”

She specializes in identifying “spoofed domains” used for email phishing scams.

In her bio, Lorenzen also said she currently serves “as the principal investigator for a critical infrastructure supply-chain cybersecurity notification research project.” She did not provide further details about the project. Lorenzen regularly briefs and trains federal law enforcement officers about cybersecurity.

Lorenzen’s friend and colleague L. Jean Camp is indicted for her role in the Russian bank project. She posted the dodgy data online, as well as helping to spread the conspiracy theory via the media. “This person has technical authority and access to data,” she said of “Tea Leaves,” the originator of the data, vouching for her friend Lorenzen while hiding her identity.

Camp is a Democratic activist, major Hillary Clinton donor and booster. Federal campaign records show she contributed at least $5,910 to Clinton’s 2008 and 2016 campaigns, including thousands of dollars in donations around the time she and the Clinton campaign were peddling the Trump-Alfa conspiracy theory.

Camp demanded that the FBI conduct a comprehensive investigation into data she sent to the media. Camp lashed at the FBI for dropping the Trump case after it reopened the Clinton email case. In a March 2017 tweet, she fumed, “Why did FBI kill this story before election to focus on Her Emails?” She also called for people to “join the resistance” against Trump.

Camp has not responded to our request for comment.

Another “computer scientist” tied to the project was Paul Vixie, a colleague of Joffe who, like Joffe, gave $250 in 2000 to Rep. Heather Wilson of New Mexico, who was close to the late Sen. John McCain, who feuded with Trump, federal campaign records show. Vixie, who reviewed the DNS logs and suggested in the media that Trump and Alfa Bank were engaged in a “criminal syndicate,” supported Clinton’s run for president and bashed Trump on Twitter.

“Hillary presented herself as an experienced politician who is prepared to assume the presidency,” he tweeted in 2016. He called Trump a “fake Republican” who “will finish out his life in prison,” he asserted in a 2020 tweet.

Fake Evidence

Sources familiar with the investigation say that Durham also uses the grand jury to investigate whether certain Internet data files Clinton shopped to FBI were faked or made up to give the impression of suspicious Internet communications between Trump and the Russian bank.

False evidence to the FBI is illegal. Former assistant FBI director Chris Swecker told RCI that statutes enforcing mail and wire fraud may be invoked as part of the “criminal conspiracy case” Durham is building.

In September 2016, Sussmann furnished bureau headquarters with materials that included thumb drives and DNS logs. Sussmann, Joffe, and others claimed these DNS logs showed patterns of covert communications between Alfa Bank (Trump Organization) and Sussmann, according to indictment.

The authenticity of the DNS lookup records Sussmann presented to the FBI in the electronic files, along with three “white papers” portraying innocuous marketing pinging between Alfa and Trump servers as a nefarious Russian backchannel, has been called into question by several sources.

Alfa Bank, which also operates in the U.S., commissioned two studies that found the DNS data compiled by Joffe and his computer operatives were formatted differently than the bank server’s DNS logs, and one study posited that the DNS activity may have been “artificially created.”

Independent cyber-forensics specialists found that emails released by researchers had timestamps which did not correspond with actual server activity, suggesting that they might have been altered. Cendyn in Florida, a marketing company, reported that the Trump server was sent by its last email on March 2016. However, the DNS logs, provided by computer experts, showed that the device had received high volumes of traffic between May and September.

Experts noted also that Sussmann’s DNS logs, presented to the FBI as evidence by his group, were copied into a text document. They could possibly have been altered.

The grand jury indicted Sussmann and described DNS logs as real but not always. For instance, it noted that one of the computer researchers — cited as “Tea Leaves,” or Lorenzen — had “assembled purported DNS data reflecting apparent DNS lookups between [the]Russian bank [a Trump] email domain.” The caveats “purported” and “apparent” indicate Durham and his investigators may be skeptical the data are real.

Also, the indictment stated that Joffe “shared certain results of these data searches and analysis” with Sussmann for the FBI to investigate, suggesting he may have cherry-picked the data to fit a preconceived “narrative,” – or “storyline,” as the computer researchers also referred to it in emails obtained by Durham.

Emails the independent prosecutor uncovered reveal that Joffe and the research team he recruited actually discussed “faking” Internet traffic.

“It would be possible to ‘fill out a sales form on two websites, faking the other company’s email address in each form,’ and thereby cause them ‘to appear to communicate with each other in DNS,’ ” Lorenzen suggested.

One Georgia Tech researcher warned Joffe in mid-2016, in the middle of their fishing expedition, of the lack of evidence: “We cannot technically make any claims that would fly public scrutiny. At this point, the only thing driving us is our dislike of fishing. [Trump].”

Tyrrell asserted that his client Joffe “stands behind the rigorous research and analysis that was conducted, culminating in the report he felt was his patriotic duty to share with the FBI.”

The FBI could be tempted to investigate Trump by using nonpublic data obtained from federal research contracts. This would constitute breach of contract or nondisclosure agreements. Swecker worked alongside Durham in past cases involving white collar criminals and said that the special prosecutor could be looking for additional charges related to contract fraud or grants from government.

Washington agencies grant such contractors access to large caches of confidential, non-public Internet traffic information to combat cybercrimes.

Georgia Tech was awarded a $17 Million cybersecurity research contract by the Pentagon on Nov. 17. The project, dubbed “Rhamnousia,” would allow researchers to “sift through existing and new data sets” to find “bad actors” on the Internet. The indictment said the researchers had been provided “early access to Internet data in order to establish a ‘proof of concept’ for work under the contract.” Of course, the government did not pay the researchers to look for dirt on Trump in the sensitive DNS databases.

“The primary purpose of the contract,” the indictment noted, “was for researchers to receive and analyze large quantities of DNS data in order to identify the perpetrators of malicious cyber-attacks and protect U.S. national security.”

Instead the scientists went on the political fishing expedition. According to the indictment, Joffe directed Lorenzen and the two university researchers to “search broadly through Internet data for any information about Trump’s potential ties to Russia.”

The Georgia Tech researchers named as “investigators” on the project included David Dagon and Manos Antonakakis, who the sources confirmed are the two university researchers cited by Durham in his indictment. Antonakakis is the “Researcher-1” referenced in the indictment whom the grand jury said remarked in an email that “the only thing that drives us is that we just do not like [Trump.].”

According to federal contracting records, the $17 million Rhamnousia original contract was approved for five year. But the program was recently renewed and has grown into a more than $25 million Defense Department contract — led by the same Georgia Tech research team.

This RealClearInvestigations article was republished by The Gateway Pundit with permission.

Paul Sperry is the former D.C. bureau chief for Investor’s Business Daily, Hoover Institution media fellow, author of several books, including bestseller INFILTRATION