WASHINGTON — Cassandra Ford tends to remain on-line late into the night after which sleep in. So when two FBI brokers dispatched by particular counsel Robert Mueller’s workplace pounded on her boyfriend’s door at 10 within the morning in April of this yr, they woke her up.
She stumbled downstairs and opened the door, her jaw dropping after they handed her a subpoena telling her she needed to testify earlier than a Washington grand jury in two weeks. Ford didn’t acknowledge the primary agent, who was tall, bearded, and gruff. “He was like, ‘If you happen to don’t go, it’s not going to be good for you,’ sort of threatening,” she recalled.
However she knew the opposite agent, Scott Halper. Again in August 2016, he’d taken her out for espresso in her native Defiance, Ohio, to speak concerning the uncommon manner she was utilizing Twitter. He was pleasant sufficient on the time — he simply wished to speak a few Twitter account she’d registered that June with the username @Guccifer2.
Cassandra Ford did not hack the DNC. However her Twitter account drew the FBI’s consideration.
She’d created the account as one thing between a joke and an experiment — a riff off the hacktivist persona Guccifer 2.0, who on the time was slowly releasing information stolen from the Democratic Nationwide Committee. It will be months earlier than the US authorities would publicly determine Guccifer 2.Zero as a entrance for Russia’s GRU navy intelligence company, the identical group that now stands accused of hacking into the DNC and taking the emails.
However throughout her first assembly with Halper, she by no means felt like she was being investigated. Halper had even informed her she ought to contemplate becoming a member of the bureau.
“I do assume it’s sort of humorous, as a result of if anyone’s going to stroll into a world hacking incident and haven’t any clue about it, it might be me for certain,” Ford informed BuzzFeed Information.
But it surely apparently wasn’t humorous to Mueller, who’s tasked with discovering crimes tied to international affect on the 2016 election, it doesn’t matter what they could be.
On the time Mueller subpoenaed Ford, he was three months away from charging 12 GRU officers, accusing them of a number of crimes associated to the DNC hack and leak. Echoing one thing journalists and cybersecurity consultants had mentioned for some time, the indictment painstakingly detailed allegations of how the Russians used the Twitter account @Guccifer_2.
That account was an homage to Marcel Lazar, a Romanian who known as himself Guccifer and hacked emails from political figures like Colin Powell and George W. Bush earlier than being arrested in 2014 and extradited to the US, the place he’s now serving a four-year sentence. However in Russia’s fingers, the deal with was repurposed to tweet hyperlinks to stolen materials, attempt to talk with somebody tied to Donald Trump’s marketing campaign, and move a lot of the hacked materials to WikiLeaks.
Cassandra Ford didn’t hack the DNC. She doesn’t know the right way to hack, was by no means charged with against the law, and believes she’s not of curiosity to legislation enforcement. However her story — how a 26-year-old fell sufferer to Russian trolling, confused others in flip, and received swept up in Mueller’s investigation — reveals how fevered some Twitter obsessives received in making an attempt to observe the threads of Russian hacking.
It additionally offers a view into how Mueller’s probe operates and the extent that Mueller has gone to verify he leaves no stone unturned as he appears into Russian meddling and any connection to the Trump marketing campaign.
Ford discovered herself in some bizarre corners of Twitter within the spring of 2016, her last semester in Penn State’s worldwide affairs grasp’s program and some months earlier than the DNC hack. She’d been learning the state of affairs in Syria, swaths of which on the time had been managed by ISIS, when she found #OpISIS, a Twitter recreation of cat and mouse the place pro-ISIS accounts tried to attach with one another and recruit, whereas a community of anti-ISIS activists, figuring out as Nameless regardless of few displaying any hacking prowess, tracked and reported them to Twitter.
Former Twitter staff say #OpISIS wasn’t notably efficient at stopping the militants’ use of their platform. On the time, Twitter, like different social media corporations, was underneath important worldwide stress to discover a approach to algorithmically cease ISIS recruitment, and was tweaking what would turn into a comparatively efficient method to dam ISIS customers from posting or registering new accounts.
However Ford turned obsessive about #OpISIS’s immediacy, its secrecy, and the sense that individuals presenting themselves as each Nameless and ISIS had been interacting straight together with her. She wrote a last paper for her on-line ethnographies course on these experiences and “the world of Nameless that I had discovered myself in the midst of.”
“The writing is coherent,” her professor responded, “however on the finish I’m nonetheless fairly mystified about who’s who and what’s what and the aim of all these cloak-and-dagger communications.” He gave her a B+.
Ford headed again house to Defiance that summer season, listless and spending a variety of time in her on-line world, extra involved with the immediacy of what her pals had been saying and what ISIS fanboys had been doing than with what the media reported. She didn’t take care of that yr’s presidential politics. She was a registered Republican from years in the past, when she’d wished to vote for Ron Paul for president, however she disliked Donald Trump and thought Hillary Clinton’s plan in Syria, to proceed to assist rebels towards each ISIS and Bashar al-Assad, would solely proceed Syria’s cycle of distress. When the DNC introduced on June 14 that it had been hacked, and that the corporate it employed to do cybersecurity response, CrowdStrike, blamed the GRU, she missed the information.
What she did see was what her circle on Twitter was saying the following day: Some man calling himself Guccifer 2.Zero had created a WordPress weblog claiming to be single-handedly behind the entire thing. Writing “DNC’s servers hacked by a lone hacker,” he posted a number of information as proof, together with the social gathering’s opposition file on Trump.
For a lot of who adopted the information, this was an apparent feint. It was telling that the weblog had solely appeared after the DNC’s announcement, and CrowdStrike was a revered firm that was unlikely to stake its repute on a such an enormous declare. As a result of a number of the launched information had been Phrase paperwork, and Microsoft Phrase captures the metadata of customers who make adjustments, the information confirmed that they’d been modified most not too long ago by somebody who used Russian as their default language and had registered their title as Iron Felix, a reference to Felix Dzerzhinsky, who organized the Soviet secret police that will ultimately turn into the KGB.
However Ford didn’t see a Russian operation — she noticed a thriller. Her circle on Twitter talked excitedly about this hacktivist who had disrupted a significant American political social gathering, and she or he noticed chatter that the time period “Guccifer 2” was being censored by Twitter (Twitter declined to remark for this story). She noticed one buddy say it was unusual that Guccifer 2 didn’t have a Twitter account, so she registered one. Skeptical of the individuals who claimed the metadata proved the hack was the work of Russia, and feeling cheeky concerning the on-line debate concerning the Russian metadata on these DNC paperwork, she made the account’s Twitter avatar a googled picture of Dzerzhinsky, registered its time zone as Volgograd, and, after placing a phrase via Google Translate, tweeted, “Не верьте всему, что вы читаете” (“Don’t consider the whole lot that you simply learn”).
The issue with that, after all, is that Russia actually was accountable for the DNC hack. In truth, in line with Mueller’s eventual indictment, the Guccifer 2.Zero persona and WordPress weblog had been swiftly created on June 14 and maintained by a handful of officers in a GRU group known as Unit 74455, which was situated in a Moscow navy constructing on Kirova Road nicknamed “the Tower” and managed by Col. Aleksandr Osadchuk. These guys weren’t the DNC hackers — that was the work of different GRU officers, situated in a unique constructing — however they had been tasked with disseminating Democrats’ information and emails. They lastly did register a Twitter account — @Guccifer_2, as a result of Ford had already taken the cleaner one — a couple of days later.
Ford doesn’t like to think about what she was doing together with her account as trolling, and usually when somebody would ask her if she hacked the DNC, she’d inform them no, that wasn’t her. However she didn’t at all times exit of her approach to inform folks, both, and readily shared the information that the GRU launched regarding Hillary Clinton.
“It was like this typical active-measures account, sowing doubt and confusion,” recalled Adam Parkhomenko, who was the DNC’s nationwide area director in 2016. He spent months after the election obsessing over the account and sparring with Ford with out ever figuring out who she was.
And it was broadly seen. Whereas @Guccifer2 by no means reached 2,000 followers, it was retweeted and cited sufficient that it obtained a whole bunch of 1000’s of impressions within the months after its creation, in line with Twitter’s analytics for the account, which Ford screengrabbed and shared with BuzzFeed Information.
Technically, Twitter acknowledges Ford’s account as being created June 9, and a assessment of her account’s archive — she shared her downloaded account historical past with the pc forensics agency Garrett Discovery, which gave it to BuzzFeed Information with Ford’s permission — says she registered an account that day, and adjusted the username to @Guccifer2 on June 16, although she solely recollects really creating the account on the latter date.
For Parkhomenko, the discrepancy in dates was a smoking gun. Because it appeared the account was created earlier than the WordPress account, he figured whoever was behind it was in some way tied to a secret Russian operation. He obsessed over how the account was registered with a Volgograd time zone and tweeted at bizarre hours — a results of Ford’s tendency to remain up all evening on-line — and figured there should be some unusual connection to the Russian authorities.
@Guccifer2’s inbox — which Ford additionally shared, as a part of her account historical past — quickly turned a honeypot for web weirdos. One man messaged her the e-mail addresses and cellphone numbers of White Home staffers, simply because. One confused journalist messaged her from his verified account: “hello I’m a producer at CNN. I’m making an attempt to achieve Gufficer 2.0 [sic].”
Conspiracy theorists got here in droves, keen to speak about George Soros, or concerning the Seth Wealthy conspiracy, which holds that murdered DNC staffer Wealthy was the precise supply of the stolen emails — despite the fact that if Guccifer 2.Zero had been the true hacker who broke into the DNC, that makes the Seth Wealthy concept nonsensical.
Others requested her outright for hacking providers, a violation of US legislation. “I’m searching for providers for file retrieval,” a Canadian man mentioned. “I am in search of somebody to hak [sic] into a pc.” One other one requested, “Hello, are you able to inform me please is it potential to hack somebody’s twitter acct dms?”
The FBI observed, too. Two months after she made the account, on Aug. 19, Ford obtained a cellphone name from somebody within the FBI’s San Francisco area workplace. She was pleasant, and requested concerning the account. Ford took management of the dialog: She had been harassed rather a lot on-line, she mentioned, and would love to speak about it in individual, and to ask the FBI if she’d been hacked.
4 days later, she met Halper and one different agent. They got here from the Cleveland area workplace to see her at Cabin Fever, a espresso store in downtown Defiance, a northwestern Ohio city simply throughout the Michigan border and 160 miles from Cleveland.
Exhaustively investigating all potential angles of a hacking case is par for the course, former FBI officers say. Wannabe hackers and the true ones alike usually brag, and the web is rife with folks falsely claiming credit score for, or accusing another person of, such exercise. If the FBI finally ends up bringing costs towards a suspect, their whole case file is topic to discovery from the protection. If there’s any trace that another person may be behind a given hack, that’s an excellent software for the protection, so the FBI usually tries to rule out all these different potentialities to extend the prospect of a responsible plea or conviction.
“I got here throughout a variety of these kinds of folks in my profession,” mentioned Austin Berglas, head of cyberforensics on the agency BlueVoyant and the previous assistant particular agent in control of the FBI’s cyber department in New York.
Berglas was among the many FBI brokers who investigated and ultimately took down the Silk Highway, the infamous on-line black market, largely used to promote medication, which on the time was the most important in historical past. It was the brainchild of Ross Ulbricht, who glided by the pseudonym Dread Pirate Roberts. In November 2013, a month after the FBI arrested Ulbricht and shuttered the positioning, a alternative known as Silk Highway 2.0, run by a second Dread Pirate Roberts, appeared on-line to take its place.
“When DPR was taken down, all these faux websites and DPR2 popped up. Folks mentioned this isn’t legit, that DPR is completed,” Berglas mentioned. The next yr, as a part of a large legislation enforcement crackdown on widespread drug websites, Berglas’s staff arrested Blake Benthall for operating the second Silk Highway.
At no level in her espresso date with the 2 brokers did Ford really feel threatened. As a substitute, she mentioned, she felt emboldened. They listened to her discuss concerning the account and the abuse she’d gotten on-line from strangers, and informed her that together with her training and style for investigative work and worldwide affairs, she ought to contemplate the FBI or CIA, or maybe work at a assume tank. She was intrigued, however wasn’t prepared to maneuver to DC, and was spooked that her affinity for marijuana may preserve her from getting a job in authorities intelligence. And he or she dominated it out fully after Trump was elected, she informed BuzzFeed Information, for concern of being seen as endorsing him. (The FBI declined to remark for this story, however didn’t dispute its broad outlines.)
Justice Division investigations are imagined to be apolitical, however that hasn’t stopped pollsters, wanting to take the temperature on a case which may straight influence the president of the US, from often asking Individuals how they really feel about Mueller. His unfavorable scores began rising final yr, in line with a Marist ballot, although in latest months opinion has turned and now 59% of registered voters have determined they approve of his investigation, in line with quite a few polls.
One of many considerations is that the investigation is taking too lengthy with out but making a agency connection between Russian meddling and the Trump marketing campaign. Trump himself has made that declare about Mueller, who was appointed to his job on Might 17, 2017.
However the scope and significance of the investigation are exactly why it’s dragged on for a yr and a half without end, mentioned Alan Rozenshtein, a legislation professor on the College of Minnesota and a former cybersecurity and international intelligence adviser to the Justice Division.
“That is merely them being very thorough. These are Boy Scouts. In the identical manner that the Secret Service tracks down each risk towards the president, regardless of how foolish it could be, I think they’re monitoring each shred of proof associated to potential Russian hacking,” Rozenshtein mentioned.
“I believe there’s an instinct that the extra essential the investigation, the quicker it ought to go. And I believe that’s comprehensible, however in actual fact it’s the opposite manner round. I can’t consider a legal investigation whose stakes are increased, ever, within the historical past of the republic, in a sure sense. So you actually wish to get it proper.”
Ford’s April 2018 subpoena requested for extra info than she may present: all paperwork she may entry regarding not solely the @Guccifer2 account, but additionally @Guccifer_2, the WordPress account, and, for good measure, WikiLeaks and DCLeaks, one other website that the GRU registered to leak hacked US political materials.
After the 2 brokers left her doorstep, Ford talked to her boyfriend, who really helpful she discuss to Cathy Elliott Jones, a lawyer primarily based in Ventura County, California, who considers herself an “earth mom” adviser to Nameless, and who has a behavior of pausing, mid–cellphone name, to yell “fuck you, FBI!” in case her cellphone is tapped. Jones known as a lawyer buddy, who in flip really helpful Jim Klimaski, a 72-year-old DC lawyer who focuses on navy and employment legislation, however who was each skilled and prepared to take her on without cost.
“Some lawyer in San Francisco known as me up, wherever she was, Sacramento or one thing, and begged me to take this on, and I mentioned OK, she will be able to come over right here and I’ll stroll her to the grand jury workplace,” Klimaski informed BuzzFeed Information.
Ford introduced printouts, together with her Twitter affirmation e mail and account particulars, and headed to Klimaski’s workplace the morning of April 20. They shared a cab over to the Division of Justice, and had been seated in a small, windowless convention room throughout from assistant particular counsel Kyle Freeny and senior assistant particular counsel Jeannie Rhee. Alex Kobzanets, an FBI particular agent who has investigated Russian cybercrime instances, sat on the head of the desk and didn’t communicate a lot.
Ford wouldn’t be compelled to testify, Freeny mentioned, however after the assembly, she must hand over extra information from her Twitter account, in addition to some Telegram chats, and reply all their questions. (Freeny directed BuzzFeed Information’ inquiries for this story to the particular counsel’s spokesperson, who confirmed the job titles of the folks on this story however in any other case declined to remark.)
Freeny was pleasant, an excellent cop to Rhee’s accusatory dangerous cop, Ford mentioned. They talked concerning the account, how Ford had thought to register it, and about Jonathan Langdale, an estranged Twitter buddy who had privately messaged her recommendation on the right way to deal with @Guccifer2 in its early days, in line with Twitter direct messages Ford offered to BuzzFeed Information. When emailed for remark, Langdale replied that “For my part, your outlet publishes CNN-type propaganda, just like the so-called-‘file,’ with out verification,” and declined to reply questions.
The prosecutors had printed out a few of @Guccifer2’s tweets on high-quality, shiny paper, which Ford discovered humorous, they usually requested what she had been considering when composing them. One printed tweet was considered one of that account’s first — a retweet of another person speaking about ActBlue, a Democratic fundraising platform. In Ford’s thoughts, the tweet was fascinating as a result of it pertained to a class-action go well with, since dismissed, that accused the DNC of unfairly serving to Hillary Clinton beat Bernie Sanders within the major. However for the particular counsel, ActBlue was a purple flag: GRU officers had hacked the Democratic Congressional Marketing campaign Committee to vary a hyperlink to ActBlue to at least one for Act Blues, a phishing web page GRU hackers had arrange.
Kobzanets, the FBI agent who focuses on monitoring Russian hackers, was extra curious about who Ford knew, asking for particulars about worldwide Nameless associates she had communicated with, however it appeared to Ford that she wasn’t useful.
“They appeared to already know the whole lot earlier than they began,” Klimaski recalled.
Because the dialog dragged on, Kobzanets appeared to know at straws for potential leads, Ford mentioned. “He was like, do you will have any Russian pals? Have you learnt any Russians? I actually sat there and thought of it, and was like, I don’t assume I do.” (Kobzanets didn’t reply to makes an attempt to confirm these feedback.)
Twice, the particular counsel staff excused themselves, left collectively, and returned. After they had been completed with their questions, they informed Ford she wasn’t a goal, however requested her at hand over her cellphone and laptop computer. She hesitated, however Klimaski and Jones, reached by cellphone, each informed her that whereas it was debatable whether or not the subpoena lined her units, it wouldn’t be any bother in any respect for Freeny to write down a brand new one. She acquiesced, and received the units again a couple of days later.
That was the one time Klimaski and Ford met in individual. He went on together with his follow with different professional bono work. Two months later, Mueller filed his indictment towards the GRU officers, together with these accused of operating @Guccifer_2 and those that allegedly hacked the fabric that account disseminated.
“We by no means heard from them once more,” Klimaski mentioned.