When John Durham, the Trump-era special counsel investigating the inquiry into Russia’s 2016 election interference, filed a pretrial motion Friday night, he slipped in a few extra sentences that set off a furor among right-wing outlets about purported spying on former President Donald Trump.
But the entire narrative appeared to be mostly wrong or old news — the latest example of the challenge created by a barrage of similar conspiracy theories from Trump and his allies.
Upon close inspection, these narratives are often based on a misleading presentation of the facts or outright misinformation. They also tend to involve dense and obscure issues, so dissecting them requires asking readers to expend significant mental energy and time — raising the question of whether news outlets should even cover such claims. Yet Trump allies portray the news media as engaged in a cover-up if they don’t.
The latest example began with the motion that Durham filed in a case he has brought against Michael Sussmann, a cybersecurity lawyer with links to the Democratic Party. The prosecutor has accused Sussmann of lying during a September 2016 meeting with an FBI official about Trump’s possible links to Russia.
The filing was ostensibly about potential conflicts of interest. But it also recounted a meeting at which Sussmann had presented other suspicions to the government. In February 2017, Sussmann told the CIA about odd internet data suggesting that someone using a Russian-made smartphone may have been connecting to networks at Trump Tower and the White House, among other places.
Sussmann had obtained that information from a client, a technology executive named Rodney Joffe. Another paragraph in the court filing said that Joffe’s company, Neustar, had helped maintain internet-related servers for the White House, and that he and his associates “exploited this arrangement” by mining certain records to gather derogatory information about Trump.
Citing this filing, Fox News inaccurately declared that Durham had said he had evidence that Hillary Rodham Clinton’s campaign had paid a technology company to “infiltrate” a White House server. The Washington Examiner claimed that this all meant there had been spying on Trump’s White House office. And when mainstream publications held back, Trump and his allies began shaming the news media.
“The press refuses to even mention the major crime that took place,” Trump said in a statement Monday. “This in itself is a scandal, the fact that a story so big, so powerful and so important for the future of our nation is getting zero coverage from LameStream, is being talked about all over the world.”
There were many problems with all this. For one, much of this was not new: The New York Times had reported in October what Sussmann had told the CIA about data suggesting that Russian-made smartphones, called YotaPhones, had been connecting to networks at Trump Tower and the White House, among other places.
The conservative media also skewed what the filing said. For example, Durham’s filing never used the word “infiltrate.” And it never claimed that Joffe’s company was being paid by the Clinton campaign.
Most importantly, contrary to the reporting, the filing never said the White House data that came under scrutiny was from the Trump era. According to lawyers for David Dagon, a Georgia Institute of Technology data scientist who helped develop the Yota analysis, the data — so-called DNS logs, which are records of when computers or smartphones have prepared to communicate with servers over the internet — came from Barack Obama’s presidency.
“What Trump and some news outlets are saying is wrong,” said Jody Westby and Mark Rasch, lawyers for Dagon. “The cybersecurity researchers were investigating malware in the White House, not spying on the Trump campaign, and to our knowledge, all of the data they used was nonprivate DNS data from before Trump took office.”
In a statement, a spokesperson for Joffe said that “contrary to the allegations in this recent filing,” he was apolitical, did not work for any political party and had lawful access under a contract to work with others to analyze DNS data — including from the White House — for the purpose of hunting for security breaches or threats.
After Russians hacked networks for the White House and Democrats in 2015 and 2016, it went on, the cybersecurity researchers were “deeply concerned” to find data suggesting Russian-made YotaPhones were in proximity to the Trump campaign and the White House, so they “prepared a report of their findings, which was subsequently shared with the CIA.”
A spokesperson for Durham did not respond to a request for comment.
Durham was assigned by the attorney general at the time, William Barr, to scour the Russia investigation for wrongdoing in May 2019 as Trump escalated his claims that he was the victim of a “deep state” conspiracy. But after nearly three years, he has not developed any cases against high-level government officials.
Instead, Durham has developed two cases against people associated with outside efforts to understand Russia’s election interference that put forward unproven, and sometimes thin or subsequently disproved, suspicions about purported links to Trump or his campaign.
Both cases are narrow — accusations of making false statements. One of those cases is against Sussmann, whom Durham has accused of lying during a September 2016 meeting with an FBI official about Trump’s possible links to Russia.
(Durham says Sussmann falsely said he had no clients, but was there on behalf of both the Clinton campaign and Joffe. Sussman denies ever saying that, while maintaining he was only there on behalf of Joffe — not the campaign.)
Both Sussmann’s September 2016 meeting with the FBI and the February 2017 meeting with the CIA centered on suspicions developed by cybersecurity researchers who specialize in sifting DNS data in search of hacking, botnets and other threats.
A military research organization had asked Georgia Tech researchers to help scrutinize a 2015 Russian malware attack on the White House’s network. After it emerged that Russia had hacked Democrats, they began hunting for signs of other Russian activity targeting people or organizations related to the election, using data provided by Neustar.
Sussmann’s meeting with the FBI involved odd data the researchers said might indicate communications between the Trump Organization and Alfa Bank, a Kremlin-linked institution. The FBI dismissed suspicions of a secret communications channel as unfounded. In the indictment of Sussmann, Durham insinuated that the researchers did not believe what they were saying. But lawyers for the researchers said that was false and that their clients believed their analysis.
The meeting with the CIA involved odd data the researchers said indicated there had been communications with Yota servers in Russia coming from networks serving the White House; Trump Tower; Trump’s Central Park West apartment building; and Spectrum Health, a Michigan hospital company that also played a role in the Alfa Bank matter. The researchers also collaborated on that issue, according to Westby and Rasch, and Dagon had prepared a “white paper” explaining the analysis, which Sussmann later took to the CIA.
Durham’s filing cast doubt on the researchers’ suggestion that interactions between devices in the United States and Yota servers were inherently suspicious, saying that there were more than 3 million such DNS logs from 2014-17 — and that such logs from the White House dated back at least that long.
But Westby and Rasch reiterated that YotaPhones are extremely rare in the United States and portrayed 3 million DNS logs over three years as “paltry and small relative to the billions and billions” of logs associated with common devices such as iPhones.
“Yota lookups are extremely concerning if they emanate from sensitive networks that require protection, such as government networks or people running for federal office,” they said.
