2015 – 2016: A former Ukrainian Security Service (SBU) employee, claims President Poroshenko and Clinton Foundation donor Victor Pinchuk, diverted IMF funds into Clinton 2016 campaign

(Timeline editor’s note: This is an excerpt from an article written by Vasily Prozorov who is a former employee of the Ukrainian security service SBU. All of his work used to be found at ukr-leaks.org but now appears to have a new owner. You can still access this article via the archived link below. Mr. Prozorov appears to have an active Twitter account.)

Auto-translated in Chrome:

(…) “Manafort is only one of the participants in the drama, called “Ukraine Gate”. Another story is related to the financial support of Hillary Clinton from Ukraine. The intrigue is that during the presidential race in the United States, official Kiev helped the Democratic candidate not only politically and informationally, but also used the money stolen from the IMF tranches, to sponsor your favorite.

So, according to the information available to me, Ukraine is currently continuing investigation of criminal proceedings regarding the theft of IMF funds received by the National Bank of Ukraine (NBU).

It was assumed that foreign aid would be intended to support the financial sector of Ukraine. Under this program, the NBU allocated funds to various private credit organizations of the country. Their owners transferred the received amounts to offshore companies, transferring the agreed kickbacks to the head of the NBU Valeria Gontareva and her patron Petro Poroshenko, for whom she had previously worked in the ICU investment campaign.

Such banks of Ukraine as Tavrika, Pivdenkombank, Avtokrazbank, Moscow Commercial Bank (Converse Bank), Finrostbank, Terra Bank, Kiivska Rus, Vernum Bank participated in this scheme, “Credit Dnipro”, “Delta Bank” and others. Money was transferred from the country to offshore via Austrian bank MeinlBank AG.

The largest volumes of monetary assets were received by two credit organizations – Credit Dnipro and Delta Bank. These banks are closely associated with one of the richest Ukrainian oligarchs – Victor Pinchuk, son-in-law of former President of Ukraine Leonid Kuchma. The Ukrainian billionaire maintained contacts with the former IMF representative in Ukraine, Jerome Wash, and Dominique Strauss-Kahn, the former IMF managing director, was a member of the Credit Dnipro Supervisory Board. It is hard to imagine that these distinguished gentlemen were not aware of the financial transactions of their Ukrainian friends. Therefore, it is possible that an international group was engaged in the theft of billions of foreign aid to Ukraine.

At the next stage, IMF loans went to the offshore companies MelfaGroup LTD (Belize), TandiceLimited (Cyprus), TosalanTradingLimited (Cyprus), AgaluskoInvestmentLimited (Cyprus), WintenTrading LTD (Cyprus), SilistenTradingLimited “NasternoCommercialLimited.” These offices, as it turned out, also associated with Victor Pinchuk.

But this was not the end of the financial chain. Most of the money from these foreign assets of Pinchuk went to the accounts of his main “washing machine” – The Victor Pinchuk Foundation. And already the “laundered money” was transferred to the Clinton Foundation. Since 2012, for almost five years, the family of the former US president has been listed more than 29 million dollars. Moreover, the largest tranches from the Pinchuk Foundation to the Clinton Foundation were held in 2015 and 2016. By a “coincidental” coincidence, it was at this time that Hillary fought for the post of US president.

Obviously, such a scheme was implemented with the direct participation of the head of the National Bank, Mrs. Gontareva, and the assistance of Prime Minister Arseniy Yatsenyuk and President of Ukraine Petro Poroshenko.” (Read more: Ukraine Leaks/Archived, 7/26/2019) (Direct link)

January 2015 – May 25, 2016: There are 14,409 emails in the Wikileaks DNC email archive that are taken after Crowdstrike installs their security software

“Yesterday, Scott Ritter published a savage and thorough critique of the role of Dmitri Alperovitch and Crowdstrike, who are uniquely responsible for the attribution of the DNC hack to Russia. Ritter calls it “one of the greatest cons in modern American history”.  Ritter’s article gives a fascinating account of an earlier questionable incident in which Alperovitch first rose to prominence – his attribution of the “Shady Rat” malware to the Chinese government at a time when there was a political appetite for such an attribution. Ritter portrays the DNC incident as Shady Rat 2.  Read the article.

My post today is a riff on a single point in the Ritter article, using analysis that I had in inventory but not written up.  I’ve analysed the dates of the emails in the Wikileaks DNC email archive: the pattern (to my knowledge) has never been analysed. The results are a surprise – standard descriptions of the incident are misleading.

Nov 7, 2017: story picked up by Luke Rosniak at Daily Caller here 

On April 29, DNC IT staff noticed anomalous activity and brought it to the attention of senior DNC officials: Chairwoman of the DNC, Debbie Wasserman-Schultz, DNC’s Chief Executive, Amy Dacey, the DNC’s Technology Director, Andrew Brown, and Michael Sussman, a lawyer for Perkins Coie, a Washington, DC law firm that represented the DNC. After dithering for a few days, on May 4, the DNC (Sussman) contacted Crowdstrike (Shawn Henry), who installed their software on May 5.

According to a hagiography of Crowdstrike’s detection by Thomas Rid last year, Crowdstrike detected “Russia” in  the network in the early morning of May 6:

At six o’clock on the morning of May 6, Dmitri Alperovitch woke up in a Los Angeles hotel to an alarming email. Alperovitch is the thirty-six-year-old cofounder of the cybersecurity firm CrowdStrike, and late the previous night, his company had been asked by the Democratic National Committee to investigate a possible breach of its network. A CrowdStrike security expert had sent the DNC a proprietary software package, called Falcon, that monitors the networks of its clients in real time. Falcon “lit up,” the email said, within ten seconds of being installed at the DNC: Russia was in the network.

In many accounts of the incident (e.g. Wikipedia here), it’s been reported that “both groups of intruders were successfully expelled from the systems within hours after detection”. This was not the case, as Ritter pointed out: data continued to be exfiltrated AFTER the installation of Crowdstrike software, including the emails that ultimately brought down Wasserman-Schultz:

Moreover, the performance of CrowdStrike’s other premier product, Overwatch, in the DNC breach leaves much to be desired. Was CrowdStrike aware that the hackers continued to exfiltrate data (some of which ultimately proved to be the undoing of the DNC Chairwoman, Debbie Wasserman Schultz, and the entire DNC staff) throughout the month of May 2016, while Overwatch was engaged?

This is an important and essentially undiscussed question.

Distribution of Dates

The DNC Leak emails are generally said to commence in January 2015 (e.g. CNN here) and continue until the Crowdstrike expulsion. In other email leak archives (e.g Podesta emails; Climategate), the number of emails per month tends to be relatively uniform (at least to one order of magnitude).  However, this is not the case for the DNC Leak as shown in the below graphic of the number of emails per day:

There are only a couple of emails per month (~1/day) through 2015 and up to April 18, 2016. Nearly all of these early emails were non-confidential emails involving DNCPress or innocuous emails to/from Jordan Kaplan of the DNC.  There is a sudden change on April 19, 2016 when 425 emails in the archive. This is also the first day on which emails from hillaryclinton.com occur in the archive – a point that is undiscussed, but relevant given the ongoing controversy about security of the Clinton server (the current version of which was never examined by the FBI) The following week, the number of daily emails in the archive exceeded 1000, reaching a maximum daily rate of nearly 1500 in the third week of May. There is a pronounced weekly cycle to the archive (quieter on the week-ends).

Rid’s Esquire hagiography described a belated cleansing of the DNC computer system on June 10-12, following which Crowdstrike celebrated:

Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office. Alperovitch told me that a few people worried that Hillary Clinton, the presumptive Democratic nominee, was clearinghouse. “Those poor people thought they were getting fired,” he says. For the next two days, three CrowdStrike employees worked inside DNC headquarters, replacing the software and setting up new login credentials using what Alperovitch considers to be the most secure means of choosing a password: flipping through the dictionary at random. (After this article was posted online, Alperovitch noted that the passwords included random characters in addition to the words.) The Overwatch team kept an eye on Falcon to ensure there were no new intrusions. On Sunday night, once the operation was complete, Alperovitch took his team to celebrate at the Brazilian steakhouse Fogo de Chão.

Curiously, the last email in the archive was noon, May 25 – about 14 days before Crowdstrike changed all the passwords on the week-end of June 10-12. Two days later (June 14), the DNC arranged for a self-serving article in the Washington Post in which they announced the hack and blamed it on the Russians. Crowdstrike published a technical report purporting to support the analysis and the story went viral.

There were no fewer than 14409 emails in the Wikileaks archive dating after Crowdstrike’s installation of its security software. In fact, more emails were hacked after Crowdstrike’s discovery on May 6 than before. Whatever actions were taken by Crowdstrike on May 6, they did nothing to stem the exfiltration of emails from the DNC. (Read more: Climate Audit/Steve McIntire, 9/02/2017)

2015 – 2016: The IMF money withdrawal and laundering scheme, from Ukraine to the Clinton campaign

Translated:

(…) “In May 2016, according to the decision of the Kiev Pechersk Court, some Ukrainian credit organizations used shadow schemes for withdrawing funds through the correspondent accounts of the Austrian Meinl Bank AG, the damage from their actions amounted to more than $ 800 million.

Another “ingenious scheme” worked smoothly as follows. Ukrainian banks entered into custody and collateral agreements with a non-resident Austrian bank, in which all amounts of funds on correspondent accounts, accrued interest and any future receipts to these accounts were pledged to the foreign bank. The pledge was provided to ensure the fulfillment of obligations under the loan agreements that the non-resident bank, in turn, concluded with third parties – non-resident companies in Ukraine. The latter were associated with the owners of Ukrainian banking institutions. And the borrowers did not fulfill their loan obligations, for which Meinl Bank AG unilaterally extrajudicially charged (i.e., debited from the accounts of Ukrainian banks) all funds in its favor.

And now let’s take a closer look at the list of these Ukrainian banks and using their own reporting documents (by the way, already removed from the Internet, but still recorded by the author before this sad event), we will analyze some of their activities.

Of the 36 banks that were granted loans by the National Bank of Ukraine at the expense of IMF tranches, 11 were closed without returning borrowed funds (June 10, 2014 – March 15, 2018, Chairman of the Board Ms. Gontareva), 11 were closed without returning borrowed funds. It seems not so much in the framework of the “struggle for the purification and improvement of the financial and credit system of the state”.

However, the true scope, excuse my French, the scam becomes clear when it turns out that only eight credit institutions received up to 95% of this money. They strenuously pumped them through the already familiar Austrian Meinl Bank AG with a further withdrawal to private offshore companies in Cyprus and Belize. As a result, six of them have already left the orderly ranks of the banking system of Ukraine. And it happened somehow quietly, almost without ceremony, which suggests the national scale of such “Mummery”. Yes, and the ratio of the numbers 11 to 36, or 6 out of 11, not all the same – 6 out of 8 rather confirms our conjecture that Ms. N. Yaresko who held the post of Minister of Finance from February 12, 2014 to April 14, 2016 owned the situation.

It would not be superfluous to recall that Ms. N. Yaresko, a citizen of the United States treated by the highest presidential power, obtained the citizenship of Ukraine, so to speak, from the hands of Mr. Poroshenko for “special merit.” Was it only for merits to the state and what exactly were her merits?  Maybe in the ability to “correctly” distribute and divide financial flows, primarily taking care of the welfare of Mr. Poroshenko’s “team” and his inner circle?

Two more banks – participants of this scheme are PJSC “Credit Dnipro” and PJSC “Delta Bank” affiliated with it (declared insolvent in 2015, the bankruptcy procedure is not completed) continue to operate. Their owner is oligarch Pinchuk V.M. – son-in-law of the former President of Ukraine Kuchma L.D. Mr. Pinchuk maintained close ties with the former representative of the IMF in Ukraine, Mr. Jerome Vacher. In addition, the supervisory board of the IMF Dominique Strauss-Kahn is on the supervisory board of PJSC “Credit Dnipro”. It should also be noted that Mr. Pinchuk is the founder of the “Victor Pinchuk Foundation”, which is funded, including through some private offshore companies.

Do you think this is another final link in the chain of funds adventure allocated by the IMF? Do not hurry! Since 2012, for almost five years, only through the Pinchuk’s fund, “Clinton Foundation” received more than $ 29 million. Yes, my dear Ukrainian reader, Mr. Pinchuk, in fact, became one of the largest financial donors to the former American presidential candidate Hillary Clinton.

Simultaneously, Mr. Pinchuk did not forget Mr. Poroshenko, paying for his election campaign in the media. Mr. Dudnik A.P. was responsible for this truly significant event for one of the leading Ukrainian oligarchs – yes, exactly the head of the supervisory board of the PJSC “Credit Dnipro” bank.

And this already really looks like a “state level” of the highest standard, especially considering the “State Dept” past of Ms. N. Yaresko. Isn’t it a perfect mediator and “watchwoman” for all interested parties?!

So instead of financing own economy, the current Ukrainian government headed by Mr. Poroshenko in effect, created a corrupt scheme of international scope, replenished its personal reserves “for a rainy day” and pleased the “democrats” ruling in the USA at that time. However, the Ukrainian president is not very successful with the current American “partners”. Violating the laws of at least two countries, as well as all conceivable principles of democracy and decency (yes, they also exist in politics, to put it mildly, are peculiar, but still) the US Democratic Party actually received uncontrollable income at the expense of the world financial organization allocated to support economy of another state – Ukraine. A crime? Yes! And it is very similar to the “payoff”! (Read more: Kate Matberg/Mediapart, 4/15/2019)

(Timeline editor’s note: We hope documents will be released to further verify this information.)

Clinton’s press secretary has “teed-up stories” for a New York Times reporter before and she has “never disappointed.”

Nick Merrill, Clinton’s campaign press secretary, writes an email memo to Clinton’s other core staffers (including John Podesta and Robby Mook) who are developing a strategy that is described as being “designed to plant stories on Clinton’s decision-making process about whether to run for president.”

The email names Maggie Haberman who at the time writes for Politico, but will switch to covering the election for the New York Times one month later. Merrill writes, “We have ha[d] a very good relationship with Maggie Haberman of Politico over the last year. We have had her tee up stories for us before and have never been disappointed. … [F]or this we think we can achieve our objective and do the most shaping by going to Maggie.”

According to a later article by the Intercept, “The following month, when she is at the Times, Haberman publishes two stories on Clinton’s vetting process.”

The Intercept will be given this email and others by the hacker known as Guccifer 2.0 in October 2016. The Intercept will comment that the email is just one of many “Internal strategy documents and emails among Clinton staffers” that “shed light on friendly and highly useful relationships between the campaign and various members of the US media, as well as the campaign’s strategies for manipulating those relationships. … At times, Clinton’s campaign staff not only internally drafted the stories they wanted published but even specified what should be quoted “on background” and what should be described as “on the record.” (The Intercept, 10/09/2016) (Wikileaks, 10/13/2016)

January 26, 2015: Eric Holder, John Carlin and Preet Bharara rely on Carter Page as an intelligence source in the Buryakov Russian spy case

January 26, 2015: The Buryakov indictment is announced by Holder, John Carlin and Bharara. Carter Page is Male-1 in this case:

Over time Male-1 completely disappears from the filings:

In Carlin’s testimony, he is evasive regarding Carter Page, even though he knows him and his role in the Buryakov case:

Carlin didn’t focus in on the name at that time, ONLY that he was a member of the Trump campaign LOL:

Probable cause is the evidentiary standard for FISA Title 1 warrant if the subject is suspected to be an agent of a foreign power:

Dumbwell [Swalwell] asks what this investigation is really about, what crimes are being contemplated by hacking and dissemination of information. Carlin says FARA and then you look for the money:

Remember Carlin was Mueller’s Chief of Staff when he was FBI Director:

Carlin was responsible for NSA surveillance activities when abuses were occurring, among other key roles:

So we know Carlin knows Carter Page from the Buryakov case and we also know he didn’t sign the FISA in October 2016. Carlin had officially resigned on September 26, 2016, it was reported on September 27:

So why did Carlin resign? I believe this is a big reason, the Carter Page September 25, 2016 letter to Comey. Remember the FARA discussion above, read Page’s comments about looking for the money:

Carlin couldn’t sign that FISA, Page had called out the FBI and DOJ about his work with the intel agencies. Also on Sept. 26, 2016, Carlin filed the Government’s proposed 2016 Section 702 certifications, in which he failed to report FISA abuses:

Intel Community IG Atkinson was at the DOJ under Carlin, during this timeframe. Remember him?

After resigning Carlin became a paid consultant for CNBC and ABC News, feeding lies to our corrupt media that were then disseminated to us. He was a direct conduit to the SC. Insidious.

Here is an ABC News article with Brian Ross from Dec. 16, 2016, where Carlin CORRECTLY muses that O’Biden [Obama] will use Treasury sanctions against Russia. These prompted Kislyak to reach out to Gen. Flynn.

Here is an interview on December 1, 2017, the day of Gen Flynn plea agreement that was rammed through by the SC and Van Grack, who WORKED for Carlin, Carlin smears Flynn saying he was NSA at the time of the call:

(Read more: CrossfireJazz@ZZZJazzy, 8/24/2020)  (Archive)

2015-2017: A mini-timeline: The Uncovering – Mike Rogers’ investigation, Section 702 FISA abuse & the FBI

“John Carlin was an Assistant Attorney General – and Head of the Department of Justice’s National Security Division (NSD).

On September 27, 2016, Carlin announced his resignation. He formally left the NSD on October 15, 2016. Carlin had been named Acting Assistant Attorney General in March 2013 and was confirmed in the spring of 2014.

Carlin had previously served as chief of staff to then-FBI Director Robert S. Mueller.

Carlin was replaced with Mary McCord – who would later accompany Acting Attorney General Sally Yates to see White House Counsel Don McGahn regarding General Michael Flynn.

Carlin announced his resignation exactly one day after he filed the Government’s proposed 2016 Section 702 certifications. His signature can be found on page 31.

(…) At the time Carlin’s sudden resignation went mostly unnoticed.

But there was more to the story.

Here is the official explanation as provided by the Office of the Director of National Intelligence:

After submitting its 2016 Certifications in September 2016, the Department of Justice and ODNI learned, in October 2016, about additional information related to previously reported compliance incidents and reported that additional information to the FISC. The NSA also self-reported the information to oversight bodies, as required by law. These compliance incidents related to the NSA’s inadvertent use of U.S. person identifiers to query NSA’s “upstream” Internet collection acquired pursuant to Section 702.

The FISA Court was more direct in a 99-page April 26, 2017 unsealed FISA Court Ruling.

On October 24, 2016  involving queries of data acquired under Section 702 using U.S. person identifiers. The full scope of non-compliant querying practices had not been previously disclosed to the Court. Two days later, on the day the Court otherwise would have had to complete its review of the certifications and procedures, the government made a written submission regarding those compliance problems…and the Court held a hearing to address them.

The government reported that it was working to ascertain the cause(s) of those compliance problems and develop a remedial plan to address them. Without further information about the compliance problems and the government’s remedial efforts, the Court was not in a position to assess whether the minimization procedures would comply with the statutory standards and were consistent with the requirements of the Fourth Amendment.

But that still doesn’t begin to describe the breadth and scope of what occurred.

It wasn’t the Obama Administration that self-disclosed before the FISA Court on October 24 and 26, 2016.

It was National Security Agency Director Admiral Mike Rogers. And he deserves a medal for his efforts.

Here’s what actually happened:

On January 7, 2016, the NSA Inspector General, George Ellard, released a report on NSA Controls & FISA compliance. Starting on page ii:

Agency controls for monitoring query compliance have not been completely developed.

The Agency has no process to reliably identify queries performed using selectors associated with 704 and 705(b) targets.

The rest of the highlights are fully redacted. But more information lay within the report (pages 6-7):

We identified another [redacted] queries that were performed outside the targeting authorization periods in E.O. 12333 data, which is prohibited by the E.O. 12333 minimization procedures. We also identified queries performed using USP selectors in FAA §702 upstream data, which is prohibited by the FAA §702 minimization procedures.

Downstream collection involves the government acquiring data from the companies providing service to the user – like Google or Facebook.

However, some Section 702 collection is obtained via “upstream” collection.

In simple parlance, upstream collection means the NSA accesses the high capacity fiber optic cables that carry Internet traffic and copies all the data flowing through those cables.

The agency is then supposed to filter out any “wholly domestic” communications that are between Americans located in the U.S.

Data collected “incidentally” on U.S. Citizens is generally not destroyed. It is minimized. As we will see later, this became a problem.

Intelligence Agencies can then search the data using “To”, “From” or “About” queries on a target of Section 702 collection.

“About” queries are particularly worrisome.

They occur when the target is neither the sender nor the recipient of the collected communication – but the target’s selector, such as an email address, is being passed between two other communicants.

For more information see FISA Surveillance – Title I & III and Section 702.

“About” queries were abruptly halted by NSA Director Mike Rogers on October 20, 2016. This was formally announced by the NSA on April 28, 2017.

The events leading to this decision are described in this post.

This brings us to a table from the Inspector General’s Report.

Table 3 (page 7) shows four types of violations. The most frequent violation – 5.2% of the total – came from Section 702 upstream “About” queries.”

The Inspector General’s Report is heavily redacted – but even a casual reading indicates there were significant compliance and control issues within the NSA regarding the use of Section 702 data.

It’s unclear if NSA Director Rogers discovered the 702 violations and reported them in early 2015, or if it was the Inspector General who found them. Either way, Rogers became aware of Section 702 violations sometime in 2015.

Following NSA Inspector General Ellard’s report, Rogers implemented a tightening of internal rules at the NSA.

However, the NSA Inspector General’s report and Roger’s tightening of internal rules did not halt the Query Compliance Problems.

Outside Agencies – specifically the DOJ’s National Security Division and the FBI’s Counterintelligence Division – were still routinely violating Section 702 procedures.

In 2015, DOJ Inspector General Michael Horowitz (not to be confused with NSA IG Ellard) specifically requested oversight of the National Security Division. Deputy Attorney General Sally Yates responded with a 58-page Memorandum, that effectively told the Inspector General to go pound sand.

As noted earlier, John Carlin was the Head of the DOJ’s National Security Division and was responsible for filing the Government’s proposed 2016 Section 702 certifications.

This filing would be subject to intense criticism from the FISA Court following disclosures made by NSA Director Rogers. Significant changes to the handling of raw FISA data would result.

Bill Priestap remains the Head of the FBI’s Counterintelligence Division – appointed by FBI Director Comey in December 2015. See FBI Counterintelligence Head Bill Priestap – A Cooperating Witness.

Here is a summary of events taken from the FISA Court Ruling and Senate Testimony.

(Read more: themarketswork, 4/05/2018) (Archive)

(Republished in part with permission)