Special Counsel Robert Mueller’s case against Russian trolls accused of sowing disinformation to sway the 2016 election has itself fallen victim to what appears to be yet another Russian disinformation campaign, with troves of evidence altered, padded with garbage, and leaked to the internet, according to a new court filing.
Mueller described the disinformation op in a court filing on Wednesday as “an apparent effort to discredit the investigation,” an effort he traced back to evidence shared with a Russian company owned by none other than Yevgeny Prigozhin, a Kremlin ally known as “Putin’s chef” and the reputed puppet-master of both Russian trolls and Russian mercenaries.
The company, Concord Management and Consulting, is accused of funding the Internet Research Agency troll farm, and as part of Mueller’s case against it, prosecutors had turned over about 800,000 pages of non-sensitive evidence to Concord attorneys as part of the legal discovery process. Under a protective order, the discovery material is supposed to be used exclusively for preparing a defense.
ADVERTISEMENT
But traces of that cache showed up in a hoax attempt that targeted journalists last year.
The bizarre episode began in October, when an anonymous Twitter account called “HackingRedstone” reached out to The Daily Beast and other publications and offered a supposed cache of leaked discovery material from Mueller’s troll prosecution. We examined the material and found a hodgepodge of already-public documents and copies of known IRA memes, padded with corrupt ZIP files made from gigabytes of random congressional proceedings. We dismissed the leak as a fake.
When no other reporters took the bait, “HackingRedstone” released the same documents publicly in an announcement on Twitter. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller. You can view all the files Mueller had about the IRA and Russian collusion. Enjoy the reading!”
The FBI investigated and, according to the new filing, also found that the 300,000 files were mostly “junk material that has nothing to do with this case," according to the filing. Mueller believes it was a deliberate attempt to “make it appear as though the irrelevant files... were the sum total evidence of ‘IRA and Russian collusion’ gathered by law enforcement in this matter in an apparent effort to discredit the investigation.”
But Mueller notes that about 1,000 files directly matching real documents from the discovery were sprinkled among the fakes, “apparently randomly.”
“The 1,000+ matching files include images of political memes from Facebook and other social media accounts that, as alleged in the indictment, were posted and reposted online by the Internet Research Agency, and were produced in non-sensitive discovery,” the filing reads. “Many of those images are presumably still available elsewhere on the Internet.”
Perhaps more significantly, the mostly-fake discovery was organized into folders with very similar names and organization as the real files handed over to Concord.
In other words, somebody used the real Mueller discovery material as a template to craft a more convincing fake. “The file names and structure of the material produced by the government in discovery are not a matter of public record,” Mueller noted.
Mueller’s brief was a response to a motion from Concord's lead attorney, Washington, D.C. lawyer Eric Dubelier. Dubelier is asking the court for permission to send another 3.2 million pages of Mueller’s evidence to Russia.
Currently, those pages are designated “sensitive,” allowing the lawyer to review them, but prohibiting him from sharing them with his client. Dubelier has argued they largely consist of emails and files taken from the Russian trolls’ own email and cloud storage accounts, including an undisclosed number of “nude selfies.”
But the HackingRedstone incident perfectly illustrates why the remaining material should stay out of Russia, according to Mueller. “The relief requested by Concord’s motion—the authority to disclose sensitive discovery to unnamed employees and officers in Russia—is particularly unwarranted in light of recent events suggesting that non-sensitive discovery materials have been misused in a manner inconsistent with the terms of the protective order.”
The mostly-fake discovery leak was the first of a rapid-fire string of bizzare hoaxes around the time of the midterm elections linked in some way to the IRA.
A few days after the leak, a former IRA video blogger who went by “Williams Johnson” reached out to The Daily Beast and nearly two dozen other publications with a dramatic YouTube video claiming he’d mounted a desperate “escape from the troll factory” and now feared arrest. (In real life, former IRA workers have discussed their work openly in the press without being thrown in a gulag.)
And days before election a website tited “Internet Research Agency American Division” popped up to declare victory over American democracy and warn the “citizens of the United States of America” that “your intelligence agencies are powerless.” The site at first appeared to be a lampoon, but as polls closed it posted a previously unseen list of 100 IRA Instagram sockpuppet accounts that Facebook confirmed as authentic.
