The judge presiding over the case against Democratic cybersecurity lawyer Michael Sussmann instructed special counsel John Durham’s investigation not to bring up the fact that “Tech Executive-1” Rodney Joffe had been cut off as an FBI source in 2021.
Sussmann has been charged with concealing his two clients, Neustar chief technology officer Joffe and Hillary Clinton’s 2016 campaign, from FBI General Counsel James Baker when he pushed debunked allegations of a secret line of communication between the Trump Organization and Russia’s Alfa-Bank during a September 2016 meeting.
Sussmann attorney Michael Bosworth said of Joffe on Tuesday that it is “our understanding that he was terminated as a source for cause in 2021 as an outgrowth of this investigation.”
He said it “sounds prejudicial” for the prosecution to be able to bring up that fact and said it wanted to “limit discussion of his status as a source to the time relevant to the indictment,” which it said was 2016 to 2018.
Durham prosecutor Andrew DeFilippis argued that “Joffe’s termination as a source really does concern his conduct in 2016.”
The prosecutor said the reason Joffe was terminated as a source “as we understand it” was connected to his work with Sussmann in pushing Alfa-Bank claims to the FBI and that “rather than bringing it to his source handler,” the claims were brought to the FBI’s top lawyer in a “breach of how a source is supposed to report information.”
The Durham prosecutor argued it would “unfairly hamstring the government” if they couldn’t discuss that breach.
Judge Christopher Cooper urged the prosecution to “steer clear of that topic.” Cooper contended that “what’s at issue is how he was regarded by the FBI at the time, not subsequently,” so “let’s keep that out.”
Bosworth said in his opening statement: “Rodney Joffe is one of the world’s leading cyber experts.”
He also revealed the FBI had asked Joffe to be a “confidential informant” for the bureau years ago and that he was still a source during the 2016 election. He contended that Joffe got tens of millions of dollars from the federal government and sold data to the feds.
FBI agent David Martin, chief of the FBI’s cyber technical analysis unit, testified on Tuesday about domain name system data. When asked what sorts of companies collect such data, Neustar was among those named. The FBI agent stressed that DNS lookups don’t necessarily reflect communications of any kind.
When asked by Bosworth if Joffe was well respected, Martin said, “He’s well known in the cybersecurity community.”
The Sussmann lawyer asked if he was aware Joffe was a confidential source for the FBI, and Martin said he was told “after the fact.”
Durham prosecutor Brittain Shaw followed up by asking if Martin knew whether Joffe was still a confidential source, and he said he had “no idea.” The prosecutor asked Martin if he was aware Joffe had been “closed for cause” as a source, and he said he hadn’t known that.
So far, that is the only indication the jury has been given that Joffe is no longer a source for the bureau, since the judge soon ruled the prosecution must stay away from that topic.
Joffe is not the only prominent FBI source to have been cut off as a confidential human source.
British ex-spy Christopher Steele was dumped by the FBI in November 2016 after he admitted he was a source for a media story on Trump-Russia claims, though the discredited dossier author remained in contact with the bureau through former DOJ official Bruce Ohr.
University of Cambridge professor Stefan Halper was closed as a source in 2011 for “aggressiveness toward handling agents as a result of what [he] perceived as not enough compensation” and “questionable allegiance to the [intelligence] targets,” according to DOJ’s watchdog, yet he was reopened as a source two months later by an FBI case agent.
Halper had recorded discussions with at least three Trump campaign members in 2016: Trump campaign associate Carter Page, campaign foreign policy adviser George Papadopoulos, and campaign co-chairman Sam Clovis. Collusion denials made to Halper were not passed along to the Foreign Intelligence Surveillance Court.
Scott Hellman, an FBI supervisory special agent leading a team investigating cybercrime, said Tuesday that he and a supervisor reviewed the Alfa-Bank claims shortly after the Sussmann-Baker meeting and quickly rejected them.
“We did not agree with the conclusion … that this represented a secret communication channel,” the agent testified. “I thought that the person who had drafted this document may have been suffering from some mental disability.”
Hellman told DeFilippis that when a confidential human source has information, “they’re supposed to give it to their handler.”
Sussmann lawyer Sean Berkowitz contended that Joffe had approached an FBI special agent named Tom Grasso with this information in September 2016, but Hellman said he was not aware of that.
The indictment’s “Researcher-1” was identified as Manos Antonakakis, a computer scientist at Georgia Tech. “Researcher-2” is David Dagon, a data scientist at Georgia Tech. Durham immunized Dagon in July 2021. DeFilippis announced Tuesday morning before the jury entered that Antonakakis was invoking Fifth Amendment rights.
Steve De Jong, an employee at Neustar, testified Tuesday evening about his work for “Ultra DNS” — a product name within Neustar that houses large quantities of customer DNS data. He said Neustar does not do political research.
De Jong said that in 2016, Joffe oversaw “much of engineering and technology” at the company. He said that in the August or September time frame, Joffe “asked me to as a favor run a query over our DNS data logs to see if we saw any queries related to political campaigns and presidential elections.” He said that “in retrospect, it was mostly around the Trump campaign.”
De Jong said Antonakakis was “very well known in the DNS community” and worked with Neustar on threat hunting and malware hunting. He said he shared data with Antonakakis and “had given him access to most of our data” by late 2016.
DeFilippis pointed to an August 2016 email from Antonakakis to De Jong and Joffe with a list of DNS and IP addresses, which said: “Hey Steve, You know that if you are getting an encrypted email with Rodney CC’ed in the middle of the night, something is up.” On the list of domains for which he was instructed to pull and send data was “trump-email.com” along with many instances of “alfa.”
De Jong said he sent Joffe vast amounts of data at his request and that he believed Joffe had access to other sources of DNS data, too.
When asked why he didn’t ask about why Joffe wanted this data, De Jong replied: “It’s not my business. I have a day job.”
Sussmann has pleaded not guilty, and Joffe hasn’t been charged with anything.
Durham’s indictment of Sussmann said that if the FBI had been told the true origins of the Alfa-Bank claims, it might have learned Joffe “had enlisted, and was continuing to enlist, the assistance of researchers at a U.S.-based university who were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract” through DARPA.
Durham revealed this year that he has evidence that Joffe “exploited” DNS internet traffic at Trump Tower, former President Donald Trump’s Central Park West apartment building, and the Executive Office of the President.
Shortly after Clinton’s loss to Trump in November 2016, Joffe said in an email, “I was tentatively offered the top [cybersecurity] job by the Democrats when it looked like they’d win.”
The special counsel said Joffe also tasked researchers with mining internet data to establish “an inference” and “narrative” tying Trump to Russia. Durham said Joffe indicated he was doing this to please certain “VIPs” on the Clinton campaign.
The judge has rejected the Sussmann legal team’s argument that Durham should be forced to grant Joffe immunity. A Durham prosecutor said the special counsel’s team is still “looking closely” at Joffe, including pointing to a law on major fraud against the U.S. government, specifically mentioning the DARPA contract.