Some Considerations Before Russian to Conclusions on Compromised FBI Investigations

The arrest of New York's former FBI counterintelligence chief raises concerns about compromised investigations. The one into Russia's 2016 election interference likely isn't one of them.

Jan 31, 2023

Trump Blasts Charles McGonigal After Arrest: 'Rot In Hell'

The arrest of the former Special Agent in Charge (SAC) of the FBI’s New York Counterintelligence Division for his ties to foreign nationals, including sanctioned Russian oligarch, Oleg Deripaska, was shocking, to say the least. It also hit very close to home. The New York Office’s counterintelligence division is where I worked when I was in the Bureau; I can still picture the SAC’s office at the head of the 25th floor, where I briefed my SAC on ongoing cases. I can’t imagine what the agents there are feeling right now: I suspect a combination of sadness, betrayal, and anger.

There is also undoubtedly a damage assessment underway, to determine whether any of NYO’s cases have been compromised. As the counterintelligence SAC in New York — which boasts the FBI’s largest CI program — McGonigal would have had a bird’s eye view into all ongoing counterintelligence cases in that office, human sources for those investigations, active FISAs and their targets, and counterintelligence operations. Needless to say, any foreign intelligence service that had a channel to McGonigal would have hit a jackpot. Tim Weiner, author of Enemies of the FBI (and future guest speaker for my Substack class!) remarked on Twitter that “[I]f this guy was dirty going back more than a few years, it’d be as bad as [Robert] Hanssen, which is saying a lot.”

In fact, my Yale friend and colleague

Timothy Snyder

has recently raised the possibility that McGonigal’s betrayal could implicate the FBI’s investigation into 2016 election interference and explain some of the puzzling facets of that investigation. For the reasons I list below, I don’t think his conclusions are supported by the facts of that investigation as we know them. Before getting to that, though, a quick summary of the two (!) indictments against McGonigal:

Indictment #1

The first indictment, filed in the Southern District of New York, alleges that McGonigal illegally received and concealed payments for work done on behalf of Oleg Deripaska, a Russian oligarch and close ally of Vladimir Putin, who was sanctioned by the U.S. government in 2018. Specifically, McGonigal worked closely with a former Russian diplomat, Sergey Shestakov (whom McGonigal knew while in the FBI through Shestakov’s subsequent employment as a translator for the federal courts and New York U.S. Attorney’s offices) to engage in work for Deripaska. In his last year at the FBI, McGonigal helped the college-age daughter of one of Deripaska’s “agents” get an internship at NYPD. Following his retirement from the FBI, McGonigal was a consultant to a law firm engaged in legal work to get sanctions against Deripaska lifted — McGonigal brokered the law firm’s representation of Deripaska through the agent. The consulting gig for the law firm was technically legal. However, in the Spring of 2021, Deripaska’s agent engaged McGonigal and Shestakov to work directly for Deripaska to investigate a rival Russian oligarch who was contesting control over a “large Russian corporation.” McGonigal and Shestakov executed a secret contract with Deripaska’s agent, and received money through payments to a company in New Jersey that was owned by one of McGonigal’s friends (and who appears had no idea what was going on with the Russian scheme — though McGonigal had been secretly participating in the company’s business with the friend’s knowledge while still employed by the FBI, which is a no-no). This whole last part forms the basis of charges against McGonigal for conspiracy to violate U.S. sanctions (under the IEEPA), violation of U.S. sanctions, conspiracy to commit money laundering, and money laundering.

Still with me? Good. Because there’s more.

Indictment #2

The second indictment was filed on the same day in Washington, D.C. and frankly, is even sketchier than the first. This one alleges that McGonigal, while still in the FBI, traveled several times to Europe with a former member of the Albanian intelligence service, where they met, inter alia, with the Prime Minister of Albania, an Albanian businessperson and politician, the former defense minister of Bosnia, and the founder of a Bosnian pharmaceutical company. There is a lot going on in this indictment but basically McGonigal was accepting payments (as well as free lodging during his travel) from the travel companion and not disclosing the payments, nature of the travel (and in some cases the travel itself), or foreign contacts to the FBI as required by the bureau, especially given his position and security clearance. In total, McGonigal accepted $225,000 in payments, including one cash payment of $80,000 while sitting in a parked car outside of a baseball game. McGonigal also personally initiated an investigation into a U.S. citizen who was a lobbyist on behalf of an opposition party of the Prime Minister of Albania (who had been flagged by the Albanian businessperson/politican). Finally, McGonigal attempted to broker an introduction between the Bosnia pharma guy and a U.S. representative to the U.N. in exchange for a $500,000 to be paid to a company owned by his Albanian travel companion. The charges in this indictment include false statements, falsification of records or documents, and concealment of material facts.

Whiskey. Tango. Foxtrot.

Anyway, all of this is obviously highly disturbing, but the link to Russia’s 2016 election interference comes through Indictment #1. That’s because Oleg Deripaska is the former employer of Paul Manafort, Trump’s former campaign manager. Prior to Trump, Manafort had been a consultant to Deripaska on Russia’s political influence campaign in Ukraine going back to 2004. By the time he went to work for the Trump campaign, Manafort, having apparently bought too many ostrich jackets, owed Deripaska money to the tune of, oh, $10 million — raising the question of why, exactly, Manafort agreed to work for the Trump campaign for free. IT IS A MYSTERY. Just kidding, it’s not: In email exchanges with Konstantin Klimnik, a businessman linked to both Deripaska and Russian intelligence and with whom Manafort communicated frequently, Manafort offered to provide “private briefings” about the campaign to Deripaska and asked how he could use his position to “get whole.” The Senate Intelligence Committee’s Report on Russian Active Measures Campaigns and Interferences in the 2016 U.S. Election Part I Vol. 5: Counterintelligence Threats and Vulnerabilities, chaired by Marco Rubio (R-FL), details the nature and extent of Manafort’s relationship to Deripaska and his activities while in the Trump campaign, including passing campaign polling data to Klimnik with the understanding that it would be shared with Deripaska. (Though the report indicates that it was unable to determine what happened to the polling data, this information would have been helpful in targeting Russia’s social media influence campaign to particular geographic areas.)

In short, McGonigal’s connection to Deripaska — whom the indictment indicates had been investigated by the New York Office under McGonigal’s watch prior to the imposition of sanctions against him — may appear at first glance to implicate the investigation into Manafort’s connection to the Trump campaign and, by extension, the FBI’s investigation into Russian election interference more generally. This is Professor Snyder’s hypothesis, which he also suggests may explain the narrowness of the scope of the investigation into the Trump campaign and lack of attention paid by the FBI to Russia’s social media influence campaign leading up to the election, as well as the pressure faced by then-Director Comey from the “Trumplandia” agents in New York to announce the reopening of the Hillary Clinton email investigation on the eve of the 2016 election.

However, this hypothesis is not supported by either the facts of the case, investigative protocols, or first-hand accounts by various members of the FBI, Obama administration, and intelligence community as these events were unfolding. To be clear, I deeply admire and respect Professor Snyder’s work: Everything he says about the danger posed by Donald Trump then and now, the narrowness of the FBI’s investigation, and the intelligence failure in not countering Russia’s active measures operations are spot on. I’m also not an FBI apologist: I have written a highly critical account of the bureau’s response to the events of January 6. But I do think it’s important not to create causal links where none exist or are not supported by the facts, and that it does a disservice to the dedicated FBI agents of the New York office (many of whom would have been charged with investigating their former boss and colleague, and clearly did so without fear or favor) to sweep them with the same broad brush as McGonigal without more evidence. To that end, I’ll answer the main questions raised by Snyder’s observations:

Was McGonigal involved in the investigation into the Trump campaign’s contacts with Russia?

No. As detailed by former FBI agent Peter Strzok in his book, Compromised: Counterintelligence and the Threat of Donald J. Trump (and also explained in footnote 465 of the Mueller Report), the counterintelligence case that became “Crossfire Hurricane” was opened on July 29, 2016 in Washington, D.C. under the authority of Bill Priestap, then Assistant Director of the FBI’s Counterintelligence Division at FBI headquarters (with approval from his then boss, Andrew McCabe). The case was opened based on information provided to the bureau by Alexander Downer, Australia’s ambassador to the U.K., who had overheard the Trump campaign’s foreign policy advisor, George Papadapolous, brag that Russia had obtained dirt on Hillary Clinton. The case was opened because in the wake of the hacking and intrusion against the Democratic National Committee, which had been attributed to Russia, the information suggested that Russia not only intended to weaponize information against a presidential candidate, but potentially enlist the cooperation of members of the Trump campaign. That provided enough information of a potential national security threat to serve as an adequate predicate for the investigation under the Attorney General Guidelines. (That last line is for the benefit of an MAGAs reading this.)

Crossfire Hurricane was therefore outside of McGonigal’s purview. You might wonder whether McGonigal, as SAC in New York, could nevertheless access ongoing counterintelligence investigations elsewhere. I can’t say for sure what else he may have had access to from New York, but Strzok, a lead agent on Crossfire Hurricane, notes the following:

As with our most sensitive investigations, we carefully limited access to our work, setting up a tightly controlled list of individuals with knowledge of the case — known as the ‘bigot list’ in intelligence parlance, a term dating to World War II that denotes the highest level of secrecy — and prohibiting access to the investigation for anyone else in our file and data systems. Essentially, we made it impossible for anyone other than the small group of investigators assigned to the case to learn anything about our investigation, much less see the information it was generating.

It’s worth mentioning that the initial investigative phase in Crossfire Hurricane has been reviewed with a fine-toothed comb not one, not two, but THREE times. First by Special Counsel Robert Mueller when he took over the investigation; then by DOJ’s Inspector General in reviewing whether the investigation was politically motivated (he found that it wasn’t); and then by Special Counsel John Durham, who hasn’t found anything but two nothingburger indictments and a bunch of crickets. I would think that any unauthorized access or outside tampering would have been discovered in one of these reviews, but McGonigal’s name has not surfaced in any of them.

Why was the investigation narrowly focused on contacts between the Trump campaign and Russia?

One of the biggest sources of public misunderstanding about the Russia investigation is a lack of clarity on the differences between counterintelligence investigations and criminal investigations. As noted above, Crossfire Hurricane was initially a counterintelligence investigation — Strzok notes that McCabe wanted it to be handled as such, rather than as a cyber investigation, due its nexus to foreign intelligence activity. Counterintelligence cases use investigative tools that require different (and typically lower) legal standards than for criminal cases, and also involve classified sources and methods. They also provide more streamlined channels for receiving and disseminating information to and from the rest of the intelligence community.

The premise of counterintelligence investigations is based on traditional intelligence tradecraft: The assumption is that, generally speaking, a foreign intelligence service operating in the United States is going to have officers who work under diplomatic cover. These officers will recruit individuals — “agents” — to conduct clandestine intelligence-gathering activities on their behalf. The key to “neutralizing” foreign intelligence activity, then, is to identify the individuals that the intelligence service may be trying to recruit, wittingly or unwittingly, and then to thwart those efforts (by exposing them, “doubling” the agent back, or even just by monitoring them to get more information about the adversary’s tactics). What this all means is that the FBI’s main concern in Crossfire Hurricane would have been figuring out who in Trump’s campaign Russia had connections or contacts with, and what it was trying to do with them. The focus was Russia, not Trump: In fact, Trump himself wasn’t under investigation until he fired Comey — which then resulted in both a criminal and counterintelligence investigation being opened on him. (We never found out what came of the counterintelligence investigation into Trump, resulting in a “counterintelligence gap” on the nature of any ties or leverage Russia has over him specifically.)

The human intelligence-centric approach to counterintelligence investigations can also explain why the FBI was so behind the curve when it came to Russia’s social media campaign. Foreign perception management operations — as they are known within the bureau — have historically involved traditional intelligence methods, like recruiting a journalist to be a witting or unwitting mouthpiece for the foreign country. (In my Substack course, we cover the KGB’s tactics, which often involved intelligence officers posing as journalists themselves.) They were also already among the hardest types of operations to neutralize, because First Amendment concerns create both barriers to investigation and few tools for the government to stop this activity. The advent of social media further exacerbated these asymmetries by removing intermediaries, allowing direct publishing under fictitious personas, and enabling operations to be conducted almost entirely abroad. In 2017 I wrote about how Facebook fundamentally changed the spy game, leaving the FBI practically powerless to investigate this type of activity.

The nature of Russia’s social media influence campaign was bigger than the tools available to the FBI to detect and counter it. There was no law being broken; and to investigate it from the counterintelligence angle would require a clear nexus to foreign intelligence, which it did not have at the time. The FBI is primarily internal-facing; it depends on its sister agencies, the CIA and NSA in particular, to alert it to external intelligence threats which may have an impact here at home. In his book, Rigged: America, Russia, and One Hundred Years of Covert Electoral Interference, author David Shimer interviewed senior members of the Obama administration and intelligence community about why they were caught flat-footed by Russia’s influence operation. He quotes Michael Morrell, former Deputy Director of the CIA, explaining why this was a failure of the larger intelligence community:

There were Russians in Russia doing this, and you didn’t see that, you didn’t have an asset, a human spy, or a technical penetration of the Kremlin, or of these organizations that were doing this, so that you could have told the president here is what they are doing.

We must also remember that the one private U.S. entity that could have also alerted the FBI — Facebook — initially denied that its platform was being manipulated by foreign actors. Mark Zuckerberg did not even acknowledge that Russia had fake accounts on the site until September 2017, and even then downplayed the true extent of the activity, which would not be known until much later. By 2020, the Cybersecurity and Infrastructure Security Agency (created in 2018 to monitor cyber threats, including disinformation), the use of pre-emptive offensive cyber operations against the Internet Research Agency by U.S. Cyber Command (undoubtedly informed by intelligence gathered by the CIA and NSA), and the direct communication channels between the FBI and social media platforms all worked in concert to foil Russian influence operations — illustrating the breadth and coordination necessary to detect and counter this type of intelligence activity.

[By contrast, Russia’s hack of the DNC was a clear violation of federal law, took place on American soil, and left a digital trail. The FBI’s criminal and counterintelligence methods were therefore a much better fit for this aspect of Russia’s cyber operations, which is why it was investigated earlier and more aggressively.]

In short, the narrowness in the scope of the FBI’s counterintelligence investigation was because of a huge blind spot created by its counterintelligence approach and existing investigative tools, not because it was being handcuffed by compromised supervisors.

What About Pressure on James Comey to Announce the Reopening of the Hillary Clinton Investigation?

I’m not sure what to say about this except that 1) Comey screwed up big time, especially if he felt that he needed to make this announcement because of leaks from the New York Office; and 2) there is really no evidence that the leaks were connected to McGonigal. In particular, the DOJ’s Inspector General investigated the leaks from that office and there is no mention of McGonigal playing a role (or evidence that the leaks were coming specifically from counterintelligence agents). I also think it gives these rogue agents too much credit (and cover) to suggest that their behavior was somehow the result of being swept up in some type of complex active measures operation, as though without pressure from some external source they wouldn't have engaged in this behavior. Sadly, I think in this case Occam’s razor applies: The leaks were quite simply a combination of (as Professor Snyder notes) misogyny, hatred of Hillary Clinton, and full-throated support of Trump…and a willingness to flout the rules about outside contact. (As I’ve written, the media leaks have continued on the January 6 investigations since McGonigal left, demonstrating that this is a wider bureau problem.)

Thank you for reading The Freedom Academy with Asha Rangappa. This post is public so feel free to share it.

As I initially noted, there is no question that McGonigal arrest raises some serious concerns about any investigation in which he may have played a role, especially counterintelligence investigations. That he initiated an investigation on a U.S. citizen at the behest of a foreign contact and for financial reasons is alone cause for alarm and a black eye on the bureau. But the shortcomings of the investigation into Russia’s 2016 election interference can’t be pinned on McGonigal. They were, unfortunately, the result of a larger perfect storm consisting of the poor fit of counterintelligence tools to the digital era, missteps in critical decisions by leadership, and — to quote the 9/11 Report — a “failure of imagination.”

The Freedom Academy with Asha Rangappa