Durham Filing Detailing Spying on Trump White House Raises National Security Implications

News Analysis

A Feb. 11 filing from special counsel John Durham raised major national security concerns over access to White House internet traffic.

The filing, which was submitted in connection with the indictment of Michael Sussmann, a former attorney to Hillary Clinton’s 2016 campaign, reveals that Rodney Joffe, a tech executive who was working with Sussmann, had exploited access to domain name system (DNS) internet traffic pertaining to the Executive Office of the President of the United States (EOP) as well as Trump Tower and Donald Trump’s Central Park West apartment building.

The filing also discloses that Joffe, a private individual who has been implicated in mail order scams in the past, had access to the White House’s DNS internet traffic since at least 2014.

Joffe gained this access when his firm, Neustar, was hired by the government to “access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services” to the Executive Office of the President.

Durham doesn’t state whether Joffe’s access to the President’s Office was abused between 2014 and 2016 when Barack Obama was president. However, Durham alleges that when Trump became president, Joffe “and his associates exploited this arrangement by mining the EOP’s DNS traffic” in order to gather “derogatory information about Donald Trump.”

DNS functions as a phone book of the internet. By monitoring DNS internet traffic, Joffe would have had access to information about which websites were being accessed from the White House. But according to Durham, the DNS data was “among the Internet data” mined and exploited by Joffe, suggesting that Joffe had access to additional data about Trump’s internet activities.

Durham’s filing states that Joffe tasked a small group of university researchers to mine internet data to establish “an inference” and “narrative” tying Trump to Russia. Durham said that in doing so, Joffe “was seeking to please certain ‘VIPs.’” According to Durham, Joffe identified these VIPs as individuals at Sussmann’s law firm, Perkins Coie, and the Clinton campaign.

While Durham’s filing doesn’t state whether Joffe was directly paid for spying on Trump’s internet activities, an earlier Durham filing stated that in addition to Joffe’s intent to please “certain VIPs,” Joffe claimed to have been offered a high-ranking position in a Clinton administration. An earlier Durham filing had noted that Joffe was also monitoring the internet traffic of an unknown employee at the office of the Inspector General of the Department of Justice.

In response to Durham’s filing, a spokesperson for Joffe told media outlets that: “Contrary to the allegations in this recent filing, Mr. Joffe is an apolitical Internet security expert with decades of service to the U.S. Government who has never worked for a political party, and who legally provided access to DNS data obtained from a private client that separately was providing DNS services to the Executive Office of the President (EOP).”

It is noteworthy that—despite the new information disclosed regarding Joffe—Durham’s latest filing nominally pertains to a potential conflict of interest for Sussmann’s current counsel, Latham and Watkins. Latham previously represented other parties who are included in Durham’s investigation whose interests may conflict with Sussmann’s. In addition, Latham also represented Perkins Coie “in connection with events that likely will be relevant at trial,” and was cited by Durham as having “maintained professional and/or personal relationships with individuals who could be witnesses.”

Durham is requesting an on-the-record waiver by Sussmann, which would preclude him from challenging a conviction on the grounds of having had conflicted counsel. While requesting a waiver isn’t out of the ordinary (Durham similarly requested a waiver from Igor Danchenko, Christopher Steele’s source who was indicted by Durham in November 2021), Durham effectively updated the public on the progress of his investigation.

Role of Biden National Security Adviser Jake Sullivan

Durham has implied that the efforts of Sussmann and Joffe’s team likely began sometime in April 2016. The initial indictment of Sussmann specifically notes that data had already been aggregated from “on or about May 4, 2016, through on or about July 29, 2016.”

But there may have also been some earlier coordination that possibly involved members of the Clinton campaign in the leadup to the data collection efforts. On Feb. 26, 2016, Jennifer Palmieri, communications director for the Clinton campaign, was asked in an email by former Bill Clinton adviser Joel Johnson, “Who was in charge of the Trump swift boat project?”—a reference to smear campaigns initiated against political opponents.

That early exchange is all the more notable given that Palmieri’s name appears in Durham’s Sussmann indictment. The reference is made in connection with an email exchange regarding the allegations of a secret communications channel between the Trump Organization and Russia’s Alfa Bank. That email exchange involved former Perkins Coie attorney Marc Elias and three Clinton campaign officials: communications director Palmieri, Clinton campaign manager Robbie Mook, and Jake Sullivan, who at the time was the senior foreign policy adviser to the Clinton campaign. Sullivan now serves as President Joe Biden’s national security adviser.

The email exchange about the now-disproven Alfa Bank allegations took place on Sep. 15, 2016, only four days before Sussmann took the Alfa information to the FBI. Sussmann is charged with having misrepresented who his client was when he took the false Alfa allegations to the FBI.

When questioned by the House Intelligence Committee on Dec. 21, 2017, Sullivan implied he had no direct knowledge of these matters, telling House investigators that Elias would “occasionally give us updates on the opposition research they were conducting.” Sullivan testified that he “didn’t know what the nature of that effort was” or “who was funding it.” He also downplayed any specific insights from Elias, telling House investigators that the information provided by Elias “tended to be pieces of information that I’d heard from reporters as well.”

Despite these claims, Sullivan played a material role in disseminating information regarding the Alfa Bank allegations, a fact that undoubtedly hasn’t escaped Durham’s attention.

Alfa Bank would gain national attention on Oct. 31, 2016, when three separate articles were published. The most cited of these was an article in Slate by Franklin Foer that detailed many of Sussmann’s allegations to former FBI general counsel James Baker. Foer was one of the journalists with whom Sussmann had been in contact during the same period that he was speaking with the FBI.

Immediately following the publication of Foer’s article, Hillary Clinton sent a tweet stating that “computer scientists have apparently uncovered a covert server linking the Trump Organization to a Russian-based bank.” Clinton’s tweet included a statement from Jake Sullivan that claimed, “This could be the most direct link yet between Donald Trump and Moscow.”

Both Sullivan and Palmieri took the lead in briefing the media on the Trump–Russia collusion allegations in 2016. Palmieri wrote about their efforts in March 2017, noting that she and Sullivan “were on a mission to get the press to focus on … the prospect that Russia had not only hacked and stolen emails from the Democratic National Committee, but that it had done so to help Donald Trump and hurt Hillary Clinton.”

CIA Relayed Early Warnings on Clinton Plot to Vilify Trump

Sullivan’s role as a major promoter of the false Alfa Bank allegations is all the more notable in light of a declassified CIA memo that was sent to former FBI Director James Comey and then-Deputy Assistant Director of Counterintelligence Peter Strzok in September 2016.

That memo detailed the intercept of information that Hillary Clinton had purportedly approved “a plan concerning U.S. presidential candidate Donald Trump and Russian hackers hampering U.S. elections as a means of distracting the public from her use of a private email server.”

The contents of the memo were buttressed by the release of handwritten notes taken by then-CIA Director John Brennan at a July 28, 2016, meeting with then-President Barack Obama. The notes show that Brennan shared intelligence with Obama that Clinton had approved “a proposal from one of her foreign policy advisers to vilify Donald Trump by stirring up a scandal claiming interference by the Russian security service.” Comey appears to have been present at the briefing.

The CIA memo and Brennan’s briefing to Obama regarding claims about Clinton’s plan to invoke potential Russian interference are all the more significant as Brennan would just over a month later start to create the Intelligence Community Assessment (ICA) which alleged that Russia interfered in the 2016 election. Published in January 2017, Brennan’s assessment would become a cornerstone of the false allegation that Trump colluded with Russia. 

Durham’s indictment of Sussmann, along with his subsequent court filings, now confirm that the intelligence Brennan shared with Obama was correct—there was a plan to vilify Trump and that plan was being carried out by Clinton associates such as Sussmann and Joffe. And the CIA’s description of Clinton’s “foreign policy advisor” would appear to match Sullivan’s working title at the time.

The timing of Brennan’s briefing is significant because it came only three days before the FBI officially opened its Crossfire Hurricane investigation into the alleged ties between the Trump campaign and Russia. This also raises questions as to why the Clinton campaign wasn’t investigated by the FBI.

Durham’s indictment also notes that Sussmann took the Alfa Bank allegations, along with “additional allegations” which stemmed from Joffe’s surveillance of Trump’s internet activities at the White House, to the CIA on Feb. 9, 2017. That meeting, which appears to have involved several agency employees, is all the more notable given the CIA’s memo to the FBI regarding allegations that Clinton had approved the plan to vilify Trump.

It doesn’t appear that the CIA opened its own investigation or prompted the FBI to do so in the aftermath of the meeting with Sussmann. Curiously, by this time, the Alfa Bank allegations were public and had been investigated by the FBI, which had quickly refuted them. The “additional allegations” comprised DNS lookups that allegedly “demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations.”

In fact, as Durham explains, Sussmann and Joffe failed to disclose that there were millions of such lookups from U.S. internet addresses and that some of them occurred in the vicinity of the White House was meaningless.

Given the FBI’s earlier dismissal of Sussmann’s Alfa Bank data and the easily debunked Russian phone allegations, it seems surprising that the CIA didn’t contact the FBI or instigate an investigation into who was behind the false allegations—particularly when Sussmann was known within the intelligence community circles to be tied to the Clinton campaign.

The fact that the Feb. 9 allegations included information gleaned from Trump’s White House DNS traffic should have alerted the intelligence community that the allegations originated with Joffe. This matter is particularly unsettling. If the FBI or CIA became aware that the data had originated with Joffe, it would seem equally likely that they would have been aware of the manner by which Joffe came by the data.

Joffe’s Access to Highly Sensitive Data Disregarded by FBI, CIA

In the 1980s, Joffe, who is originally from South Africa, was involved in a mail scam in which people across the United States received notices by mail that they had “won” a grandfather clock. They were then asked to pay $70 to cover shipping and handling. Iowa’s then-Attorney General Tom Miller reached a settlement with Joffe, noting that at least 10,000 residents had been scammed. Miller said that the victims of the scam “were merely buying a cheap, battery-powered, pressed wood and plastic clock at an inflated price.”

Historical news clippings show that the scam extended to other states, including Arizona, Missouri, New Mexico, Rhode Island, and Tennessee.

Despite his forays into mail scams, Joffe went on to found UltraDNS, an internet directory services company that was eventually taken over by another IT company, Neustar, in 2006. It was while he was senior vice president and head of security at Neustar that Joffe is alleged to have exploited his access to private internet data, including data from the EOP.

While it isn’t known how Joffe was able to gain the security clearance sufficient to access highly sensitive data that included information on the president’s internet activities, the fact that he was able to do so raises serious national security concerns. According to Durham, the data went beyond DNS lookups, and could potentially encompass any number of sensitive files, including personal medical or tax information.

Although Durham is alleging that Joffe abused his access to this sensitive data to find derogatory information on Trump on behalf of the Clinton campaign, there is no way of knowing what else he might have done with the information. In addition to those affiliated with the Clinton campaign, any number of foreign adversaries or members of the media would have been very keen to access the data themselves. The fact that the FBI and CIA apparently weren’t disturbed by Joffe’s access and his efforts to exploit that access for political purposes is equally alarming.

During the tenure of former FBI Director James Comey, Joffe received the FBI’s Director’s Award for Cybersecurity for 2013.