Quick and Dirty Durham Explainer

AP Photo/Seth Wenig

You can learn a lot by just listening — unless you’re listening to the legacy media. A recent example is the motion Special Counsel John Durham filed in the case of Michael Sussman on Feb. 11.

Sussman was indicted for lying to FBI General Counsel James Baker when he presented “evidence” suggesting an illicit connection between Trump and the Russian Alfa Bank and said he had no client; we’ll get to the details, but the gist is that Sussman was billing the Clinton campaign and Rodney Joffe when he said he had no client. At the time, Sussman was employed by Perkins Coie, a high-powered Washington law firm.

(The actual motion names “Law Firm 1,” “Tech Executive 1,” and others. All of these people have been openly identified, so I’m just going to translate the names.)

Now, fair notice: I’m heading pretty deep into the weeds here, so here’s the TL;DR:

In paragraphs 2 through 7, under the heading FACTUAL BACKGROUND, Durham details important points about the indictment that show Sussman working with Rodney Joffe and his firm Neustar, who passed information to researchers under a DARPA contract at Georgia Tech and coordinated an effort to build up a falsified case for investigating Trump’s connections to Russia. This also involved the Clinton campaign, and the Clinton campaign’s general counsel — a familiar name, Marc Elias. This data was, to put it gently, massaged in order to make an incriminating case against Trump that fed into the Clinton campaign’s other efforts, like the “dossier,” and thus into the fraudulent FISA warrants and more intelligence operations against the Trump campaign. 

You can see why this caused a lot of agitation on the Democrats’ side: Durham is laying out a case that Perkins Coie, through Sussman and with the active participation of Mark Elias, purposefully manufactured evidence against Trump that factored into the four-year investigation into “Russian collusion”.

I’ve talked to several lawyer friends, and frankly, this appears to indicate many violations of law — too many to list. But plenty that would send mere politically unconnected mortals to Leavenworth for the rest of their lives.

Now, into the weeds.

What the motion is actually about. The actual action Durham is requesting is in paragraph 1 of the motion. Sussman has retained Latham and Watkins, another D.C. law firm, to represent him. The problem: Latham and Watkins has significant conflicts of interest. Sussman has already agreed to waive the conflict of interest concerns for Latham and Watkins, on advice of his counsel — Latham and Watkins. Durham’s motion asks the Court to investigate this and ensure that Sussman is fully informed, including possibly getting external counsel to advise Sussman, so it would be on the record that Sussman was fully informed. 

On the face of it, it’s just dotting the Ts and crossing the Is, cleaning up something that could be a possible reason for appeal if Sussman is convicted. The motion admits they don’t expect a change in representation.

So why the fuss? What Sussman presented Baker was a collection of “data and ‘white papers’” claiming to show that the Trump Organization and some others (including a health care organization) were tied illicitly to Russia through the Alfa Bank. Paragraph 3 alleges that Sussman lied about his client; it also says that the general counsel of the Clinton campaign was in the loop. That would be the infamous Marc Elias.

So where did the data come from? According to Durham, Rodney Joffe and his firm Neustar had a contract to manage Trump’s servers and exploited that access to collect information they then used, through other companies and through researchers at Georgia Tech, to develop an “inference” and “narrative” tying Trump to Russia.

Now, people have been calling this “hacking,” but hacking is usually understood as somehow breaking into a system, gaining unauthorized access. What Durham is saying instead is that Joffe used legitimate access, but used that access to gather proprietary and non-public information to build up this narrative.

When did this happen? Now it gets stranger. This started in July 2016, but — weirdly — after the election, Neustar had a “sensitive arrangement” (paragraph 3) that allowed it to “access and maintain” the servers of the Executive Office of the President. So this surreptitious access was happening under the Obama administration and continued after Trump took over. Here’s the puzzle: How did this company, politically connected to the Democrats, get this contract?

On Feb. 9, 2017, Sussman presented further documents to the CIA making further allegations that Trump had illicit contacts with Russia (and in passing, lied again that he had no client).

How was this done? This is a second way the reporting goes astray. Joffe et al. were not collecting anything like the contents of emails, at least as far as the motion describes. Instead, they were collecting DNS lookups. 

Imagine you go to your browser and type in a URL, like (Amusingly, is a real site, so that when someone wants an example in a book or article, they can go to that as an example.)

We think of “” as an Internet address, but strictly it’s what is called a “domain name.” Real Internet addresses are just 32-bit numbers. They’re usually presented as four “quads” — broken into four 8-bit sections and shown as decimal numbers separated by periods. For example, Google’s IP address is, and you could type and go to the Google home page. But you would need to remember “’,” which is a lot even for the hardest-core nerd. So the Internet gods came up with domain names, which are just a more easily memorable way to keep track of the addresses of computers connected to the web. In the very early days of the internet, we handled this by just keeping a list called “/etc/hosts” matching a domain name and its IP address. So this is like keeping a phone list on your desk.

As you can imagine, as we got more than a couple of hundred sites on the internet, this became unworkable. The answer was the Domain Name Service, where we can remotely retrieve the associated IP address. I’m resisting the urge to explain this in detail because it actually is kind of cool, but basically, you should think of how we used to be able to call Directory Assistance or Information at 411. (I just tried 411 and it no longer works. Another memory of childhood gone.) Anyway, a DNS lookup is the message sent across the Internet to translate a domain name into a real internet address.

Now, this in itself isn’t all that informative. I don’t know how many DNS lookups I’ve made today, but I’d bet it’s dozens or hundreds; there’s no actual data there unless some prig wants to whine about looking at PornHub. (Pro tip: don’t bother.)

But the DNS lookups are just the start of the story. Joffe sent this data on to Georgia Tech where there was already an existing project dealing with “large amounts” of internet data, with the specific task to develop a “narrative” tying Trump to Russia, in order to please “VIPs” that Durham identifies as people at Perkins Coie and the Clinton campaign.

I’ve been exposed to a lot of DARPA research on internet traffic as well as dealing with traffic analysis back when I was in the intelligence community. At least in the civilian world, that kind of captured traffic is normally “anonymized” — transcribed in a way that is supposed to conceal the individuals involved. But give me the DNS lookups from a target of interest and I’d bet money that the anonymization could be reversed.

What Joffe et al. passed to the CIA and FBI was a collection of data that claimed Trump and associates were using special rare Russian cell phones in the vicinity of the White House. The motion mentions noncommittally that “[the] Special Counsel’s Office has identified no support for these allegations.”

There were a few other details that weren’t presented to the government. In particular, Durham obtained more complete DNS information and discovered that between 2014 and 2017, there had been more than 3 million DNS lookups of the Russian IP addresses, of which fewer than 1,000 had any association with Trump. 

Notice the date: this started in 2014, long before Trump was in office — another fact that was omitted from the data presented to the government.

So what does this all mean? The Durham motion on Feb. 11, read with eyes open, does just one thing: it requests the Court to review Sussman’s waiver of any conflict of interest concerns about his attorneys and nail down the waiver in the record for the case. It then restates things that are in the original indictment of Sussman to establish the basis for the motion.

It’s no wonder this is causing some panic because those facts Durham alleges in the motion are incredibly damning. The motion says that — contrary to the way it’s being reported — the Trump servers were not hacked. Instead, Joffe and his company exploited legitimate access they had to servers to collect data and pass it surreptitiously to “Internet researchers” with the explicit purpose of constructing a “narrative” of the Trump organization’s connections to Russia. It alleges, apparently with good information, that this was done to impress “VIPs” in the Clinton Campaign, including the Clinton Campaign General Counsel Marc Elias, and was being paid for by the Clinton Campaign through Perkins Coie. The “narrative” was wholly fraudulent — its main assertions were false, and the narrative was constructed by carefully cherry-picking data that they obtained while being contracted to maintain Trump servers, and then somehow continued through a contract managing the servers of the Executive Office of the President after Trump was inaugurated. Then when they presented the narrative to a (friendly) FBI, they lied about the connection.

How many crimes is this? I honestly don’t know. Perjury? Mail fraud? how many ways does it hit the Espionage Act?

For mere mortals, it would be a long long time in prison. Let’s see what comes of this.


Trending on PJ Media Videos