Jeh Johnson

January 20, 2017 – 2018: James Comey planted spies in the White House to keep an eye on President Trump

(…) “Two U.S. officials briefed on the inspector general’s investigation of possible FBI misconduct said Comey was essentially “running a covert operation against” the president, starting with a private “defensive briefing” he gave Trump just weeks before his inauguration. They said Horowitz has examined high-level FBI text messages and other communications indicating Comey was actually conducting a “counterintelligence assessment” of Trump during that meeting in New York.

Anthony Ferrante speaks at the International Conference on Cyber Security at Fordham College, August 2019. (Credit: Chris Taggart)

In addition to adding notes of his meetings and phone calls with Trump to the official FBI case file, Comey had an agent inside the White House who reported back to FBI headquarters about Trump and his aides, according to other officials familiar with the matter.

Although Comey took many actions on his own, he was not working in isolation. One focus of Horowitz’s inquiry is the private Jan. 6, 2017, briefing Comey gave the president-elect in New York about material in the Democratic-commissioned dossier compiled by ex-British intelligence officer Christopher Steele. Reports of that meeting were used days later by BuzzFeed, CNN, and other outlets as a news hook for reporting on the dossier’s lascivious and unsubstantiated claims.

Comey’s meeting with Trump took place one day after the FBI director met in the Oval Office with President Obama and Vice President Joe Biden to discuss how to brief Trump — a meeting attended by National Security Adviser Susan Rice, Homeland Security Secretary Jeh Johnson, Deputy Attorney General Sally Yates and National Intelligence Director James Clapper, who would soon go to work for CNN.

Jordan Rae Kelly and Robert Mueller (Credit: public domain)

At the same time Comey was personally scrutinizing the president during meetings in the White House and phone conversations from the FBI, he had an agent inside the White House working on the Russia investigation, where he reported back to FBI headquarters about Trump and his aides, according to officials familiar with the matter. The agent, Anthony Ferrante, who specialized in cybercrime, left the White House around the same time Comey was fired and soon joined a security consulting firm, where he contracted with BuzzFeed to lead the news site’s efforts to verify the Steele dossier, in connection with a defamation lawsuit.

Knowledgeable sources inside the Trump White House say Comey carved out an extraordinary new position for Ferrante, which allowed him to remain on reserve status at the FBI while working in the White House as a cybersecurity adviser.

“In an unprecedented action, Comey created a new FBI reserve position for Ferrante, enabling him to have an ongoing relationship with the agency, retaining his clearances and enabling him to come back in [to bureau headquarters],” said a former National Security Council official who requested anonymity.

“Between the election and April 2017, when Ferrante finally left the White House, the Trump NSC division supervisor was not allowed to get rid of Ferrante,” he added, “and Ferrante continued working — in direct conflict with the no-contact policy between the White House and the Department of Justice.”

Through a spokeswoman at FTI Consulting, which maintains the BuzzFeed contract, Ferrante declined to comment.

Another FBI official, Jordan Rae Kelly, who worked closely with Mueller when he headed the bureau, replaced Ferrante upon his White House exit (though she signed security logs for him to continue entering the White House as a visitor while he was working for BuzzFeed). Kelly left the White House last year and joined Ferrante at FTI Consulting.

Working with Comey liaison Ferrante at the NSC in early 2017 was another Obama holdover — Tashina Gauhar, who remains a top national security adviser at the Justice Department.

In January 2017, Gauhar assisted former acting Attorney General Sally Yates in the Flynn investigation. Later, she helped Deputy Attorney General Rod Rosenstein resist, initially, Trump’s order to fire Comey. Gauhar also took copious notes during her meetings with White House lawyers, which were cited by Mueller in the section of his report dealing with obstruction of justice.” (Read more: RealClearInvestigations, 7/22/2019)

November 15, 2016 – Georgia says someone in U.S. government tried to hack state’s computers housing voter data

Georgians vote during the 2016 elections on Nov. 8. (Credit: Jessica McGowan/Getty Images)

“The secretary of state of Georgia is asking the Department of Homeland Security to explain what appears to be an attempted breach of the state’s computer systems that house its voter registration database by someone in the federal government.

In a letter to Department of Homeland Security Secretary Jeh Johnson dated Thursday, Georgia’s Secretary of State Brian Kemp said the state had discovered an unsuccessful attempt to breach the firewall of state computer systems. The attempt occurred on Nov. 15 and was linked to an IP address associated with DHS, he said.

“We are looking into the matter. DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly,” a spokeswoman for DHS said.

“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” wrote Mr. Kemp, a Republican. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network.”

The alleged attempted intrusion by the federal government on a state computer system responsible for election security was detected by a third-party security firm working for the state of Georgia. The attempt was unsuccessful, according to the state. The computers also house information about company incorporations.” (Read more: The Wall Street Journal, 12/08/2016)

September 29, 2016 – The Department of Homeland Security creates a deceptive tale of Russia hacking US voter sites

This “Flash” memo was published three days after Secretary of Homeland Security, Jeh Johnson, offered Illinois state officials assistance in securing election systems. (Credit: Yahoo News)

(…) “On Sept. 29, 2016, a few weeks after the hacking of election-related websites in Illinois and Arizona, ABC News carried a sensational headline: “Russian Hackers Targeted Nearly Half of States’ Voter Registration Systems, Successfully Infiltrated 4.” The story itself reported that “more than 20 state election systems” had been hacked, and four states had been “breached” by hackers suspected of working for the Russian government. The story cited only sources “knowledgeable” about the matter, indicating that those who were pushing the story were eager to hide the institutional origins of the information.

Behind that sensational story was a federal agency seeking to establish its leadership within the national security state apparatus on cybersecurity, despite its limited resources for such responsibility. In late summer and fall 2016, the Department of Homeland Security was maneuvering politically to designate state and local voter registration databases and voting systems as “critical infrastructure.” Such a designation would make voter-related networks and websites under the protection a “priority sub-sector” in the DHS “National Infrastructure Protection Plan, which already included 16 such sub-sectors.

DHS Secretary Jeh Johnson and other senior DHS officials consulted with many state election officials in the hope of getting their approval for such a designation. Meanwhile, the DHS was finishing an intelligence report that would both highlight the Russian threat to U.S. election infrastructure and the role DHS could play in protecting it, thus creating political impetus to the designation. But several secretaries of state—the officials in charge of the election infrastructure in their state—strongly opposed the designation that Johnson wanted.

On Jan. 6, 2017—the same day three intelligence agencies released a joint “assessment” on Russian interference in the election—Johnson announced the designation anyway.

Media stories continued to reflect the official assumption that cyber attacks on state election websites were Russian-sponsored. Stunningly, The Wall Street Journal reported in December 2016 that DHS was itself behind hacking attempts of Georgia’s election database.” (Read more: Consortium News, 8/28/2018)

Early September, 2016 – In response to Brennan’s warnings, Johnson, Comey and Monaco warn congress about a possible Russian attack on the election

Lisa Monaco (Credit: Geert Vanden Wijngaert/The Associated Press)

“In early September, Johnson, Comey and Monaco arrived on Capitol Hill in a caravan of black SUVs for a meeting with 12 key members of Congress, including the leadership of both parties.

The meeting devolved into a partisan squabble.

“The Dems were, ‘Hey, we have to tell the public,’” recalled one participant. But Republicans resisted, arguing that to warn the public that the election was under attack would further Russia’s aim of sapping confidence in the system.

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.” (Read more: Washington Post, 6/23/2017)

August 15, 2016 – In response to Brennan’s warnings, Jeh Johnson floats the idea of designating state voting mechanisms as “critical infrastructure”

Jeh Johnson (Credit: Gage Skidmore)

“Jeh Johnson, the homeland-security secretary, was responsible for finding out whether the government could quickly shore up the security of the nation’s archaic patchwork of voting systems. He floated the idea of designating state mechanisms “critical infrastructure,” a label that would have entitled states to receive priority in federal cybersecurity assistance, putting them on a par with U.S. defense contractors and financial networks.

On Aug. 15, Johnson arranged a conference call with dozens of state officials, hoping to enlist their support. He ran into a wall of resistance.

The reaction “ranged from neutral to negative,” Johnson said in congressional testimony Wednesday.

Brian Kemp, the Republican secretary of state of Georgia, used the call to denounce Johnson’s proposal as an assault on state rights. “I think it was a politically calculated move by the previous administration,” Kemp said in a recent interview, adding that he remains unconvinced that Russia waged a campaign to disrupt the 2016 race. “I don’t necessarily believe that,” he said.

Stung by the reaction, the White House turned to Congress for help, hoping that a bipartisan appeal to states would be more effective.” (Read more: Washington Post, 6/23/2017)

Hackers target the election databases in two US states, but the motives and identities of the hackers are unclear.

In July 2016, the FBI uncovers evidence that two state election databases may have been recently hacked, in Arizona and Illinois. Officials shut down the voter registration systems in both states in late July 2016, with the Illinois system staying shut down for ten days.

160701JehJohnsonpublic

Jeh Johnson (Credit: public domain)

On August 15, 2016,  Homeland Security Secretary Jeh Johnson heads a conference call with state election officials and offers his department’s help to make state voting systems more secure. In the call, he emphasizes that he is not aware of “specific or credible cybersecurity threats” to the November 2016 presidential election.

Three days later, the FBI Cyber Division issues a warning, titled “Targeting Activity Against State Board of Election Systems.” It reveals that the FBI is investigating hacking attempts on the Arizona and Illinois state election websites. The warning suggests the hackers could be foreigners and asks other states to look for signs that they have been targeted too. Out of the eight known IP addresses used in the attacks, one IP address was used in both attacks, strongly suggesting the attacks were linked.

An unnamed “person who works with state election officials calls the FBI’s warning “completely unprecedented. … There’s never been an alert like that before that we know of.” In the Arizona case, malicious software was introduced into its voter registration system, but apparently there was no successful stealing of data. However, in the Illinois case, the hackers downloaded personal data on up to 200,000 state voters.

160701TomKellermannBBCNews

Tom Kellermann (Credit: BBC News)

It is not known who was behind the attacks. One theory is that the Russian government is responsible. A former lead agent in the FBI’s Cyber Division said the way the hack was done and the level of the FBI’s alert “more than likely means nation-state attackers.” Tom Kellermann, head of the cybersecurity company Strategic Cyber Ventures, believes Russian President Vladimir Putin is ultimately behind the attacks, and thinks it is connected to the hacking of the Democratic National Committee (DNC) and other recently targeted US political targets. Kellermann says of Putin, “I think he’s just unleashed the hounds.”

But another leading theory is that common criminals are trying to steal personal data on state voters for financial gain. Milan Patel, former chief technology officer of the FBI’s Cyber Division, says, “It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe.” But he adds, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.” Some cybersecurity experts note that hackers often target government databases for personal information they can sell.

160701RickBarger

Rich Barger (Credit: Threat Connect)

So far, the motive and identity of the hackers remains uncertain. Rich Barger, chief intelligence officer for ThreatConnect, says that one of the IP addresses listed in the FBI alert previously surfaced in Russian criminal underground hacker forums. However, sometimes these groups work alone, and other times they work for or cooperate with the Russian government. Barger also claims the method of attack on one of the state election systems appears to resemble methods used in other suspected Russian state-sponsored cyberattacks. But cybersecurity consultant Matt Tait says that “no robust evidence as of yet” connects the hacks to the Russian government or any other government.

US officials are considering the possibility that some entity may be attempting to hack into voting systems to influence the tabulation of results in the November 2016 election. A particular worry is that all of six states and parts of four others use only electronic voting with no paper verification. Hackers could conceivably use intrusions into voter registration databases to delete names from voter registration lists. However, this is still considered only a remote possibility. But the FBI is warning states to improve their cybersecurity to reduce the chances this could happen.

News of these attacks and FBI alerts will be made public by Yahoo News on August 29, 2016. (Yahoo News, 8/29/2016) (Politico, 8/29/2016)