The Checkered Past of the FBI Cyber Contractor Who ‘Spied’ on Trump Paul Sperry

https://www.realclearinvestigations.com/articles/2022/02/17/the_checkered_past_of_the_fbi_computer_contractor_who_spied_on_trump_816761.html

Long before FBI computer contractor and Clinton operative Rodney L. Joffe allegedly trolled Internet traffic for dirt on President Trump, he mined direct-marketing contact lists for the names and addresses of unwitting Americans to target in a promotional scam involving a grandfather clock.

Not just any clock, mind you, but a “world famous Bentley IX” model, according to postcards his companies mailed out to millions of people in the late 1980s claiming they’d won the clock in a contest they never entered. There was just one hitch: the lucky winners had to send $69.19 in shipping fees to redeem their supposedly five-foot mahogany prize.

Tens of thousands of folks forked over the fees, only to discover the grandfather clock that arrived was nothing as advertised. It was really just a table-top version made of particle board and plastic and worth less than $10. Some assembly was required.

The scheme generated thousands of complaints, sparking federal and state investigations. Joffe and his then-California partner, Linda M. Carella, were eyed by federal postal authorities and several state attorneys general for allegedly operating a multi-state mail-order scheme. Joffe settled several state lawsuits by agreeing to refund hundreds of thousands of dollars mainly to elderly victims, according to several published reports at the time.

Joffe and his attorney did not respond to requests for comment. But in a phone interview, Carella told RealClearInvestigations that Joffe ran the operation. “I was just the secretary, the receptionist,” Carella, 76, said from her home in Florida, where she is now retired. She did say she picked up the returned postcards and checks from mailboxes.

Carella said she quit after the investigation: “I said I don’t want anything more to do with this … I have not seen Rodney since then.” But Joffe pressed on with his direct-mail marketing business before packing up for Arizona a few years later. Federal and state tax lien records reveal Joffe — who also sent out mailers for skin care and other beauty products — owed more than $110,000 in back taxes on his property in Los Angeles in 1995.

St. Joseph News-Press (Mo.), July 1988
A 1988 consumer article in the St. Joseph (Mo.) News-Press citing Joffe’s role in the alleged grandfather clock scam.

Joffe’s checkered past now has national security ramifications after the South African-born computer expert was outed as a key player in Special Counsel John Durham’s ongoing Russiagate probe. To date he has not been charged with a crime. But in a September indictment of former Clinton campaign lawyer Michael Sussmann, and a court filing last week, Durham has suggested that Joffe (identified as “Tech Executive-1”) was at the center of an effort to monitor President Trump’s communications and then share the information with Clinton associates.

Former prosecutor and assistant FBI director Chris Swecker said the credibility issues that cropped up from Joffe’s early career raise questions about how he managed to pass an FBI personal background check and obtain the government’s highest security clearances, although he noted that such background checks were often ridiculed in the bureau as “a joke.” In addition, the federal mail-order probe involving Joffe’s companies might not have raised serious red flags since the case was opened decades earlier and was settled without any charges or judgments against Joffe.

The FBI declined comment.

Another part of the answer as to why Joffe’s past remained buried may involve how successfully he appears to have reinvented himself during the 1990s.

He relocated then to Phoenix from Los Angeles and changed the name of his mass-marketing firm American Computer Group to “Whitehat Data Services.” Instead of targeting consumers, he developed a reputation as a cyber-security expert and, ironically, a champion of consumers battling abusive direct-marketers and spammers.

Perhaps it was a sign of his redemption. But Joffe soon joined the board of PlasmaNet Inc., a marketing network that until recently operated FreeLotto.com, an online sweepstakes game. PlasmaNet has had to pay millions of dollars in fines for deceptive advertising. Echoing the grandfather clock scam, PlasmaNet led consumers to believe they won free prizes when in fact they had to pay $14.99 a month to claim them. RCI has learned that FreeLotto.com was a customer of UltraDNS, an Internet resolution company founded by Joffe. Business incorporation records show Joffe remains a PlasmaNet director.

A decade later, Joffe moved to Washington, where he eventually landed lucrative security-related contracts with the FBI and Pentagon requiring top secret clearance.

In 2006, Joffe joined Neustar Inc., a Beltway computer contractor that, among other things, secures and maintains Internet servers for federal agencies, including the White House. This high-level position gave the alleged former grandfather clock wheedler access to a proprietary archive of Internet traffic records – both public and nonpublic – known as “DNS logs.” These logs reveal the back-and-forth pinging that computers and cellphones generate when they communicate with Internet servers, including ones transmitting emails.

It also put him in the same orbit with political VIPs. Joffe started advising not only FBI brass but White House officials, including President Obama, on cybersecurity matters. By 2016, his access to proprietary internet logs became of interest to operatives for the Hillary Clinton campaign, who appear to have offered him a plum job in a Clinton presidency for help on an opposition-research project against Donald Trump. (Shortly after Clinton’s loss to Trump in November 2016, Joffe said in an email: “I was tentatively offered the top [cybersecurity] job by the Democrats when it looked like they’d win. I definitely would not take the job under Trump.”)

One of those operatives was ex-Clinton attorney Sussmann, indicted by Durham last fall in connection with allegations of lying about his work on the project for the campaign.

In the indictment and recent court filings that widen the case, Durham accused Joffe of exploiting Neustar’s nonpublic data to monitor Trump’s Internet activities even after the 2016 election – through early 2017. He shared the sensitive information with Sussmann, who in turn gave it to the CIA. The prosecutor said Joffe mined data from Trump Tower, Trump’s Central Park West apartment building and even the Executive Office of the President “for the purpose of gathering derogatory information about Donald Trump.”

According to court papers, Joffe cherry-picked data to create a “narrative” that Trump was secretly communicating with the Kremlin as part of the Clinton campaign’s effort to make the GOP nominee look like he was compromised by Russia, a foreign adversary. Before the election, Joffe led a team of computer researchers vying for a major Pentagon contract to link Trump to Russian Alfa Bank through private DNS logs. He handed off their findings to Sussmann who fed the data to the FBI to drive an investigation and bad press against Trump.

“The data was highly manipulated,” said Robert Graham of Atlanta-based Errata Security, an independent cyberforensics expert who examined the logs and debunked the link at the time. He suspects Joffe and his biased crew set out to invent a connection between Trump and Russia.

“A link between Trump and Alfa bank wasn’t something they accidentally found, it was one of the many thousands of links they looked for,” he added. “The purpose was to smear Trump.”

Though Graham as a Clinton supporter shares Joffe’s disdain for Trump, he said the suspicious server data were easily explained as innocent spam traffic. Graham noted that Trump didn’t even have control over the domain in question: trump-email.com. It was created by a hotel marketing firm that inserted Trump’s name in the domain.

“Hints of a Trump-Alfa connection have always been the dishonesty of those who collected the data,” Graham said.

Manos Antonakakis: Joffe’s lead researcher said in an email that “the only thing that drives us is that we just don’t like [Trump].”

Even though Joffe encouraged Sussmann to present the server data to the FBI as possible evidence of foreign espionage, he privately confessed to his reseachers in an August 2016 email obtained by Durham that the host for the trump-email.com domain  “is a legitimate valid [marketing] company” – Boca Raton, Fla.-based Cendyn. “We can ignore it,” Joffe said, “together with others that seem to be part of the marketing world.” He urged his team to keep searching for data that would “give the base of a very useful narrative.”

In previous statements, lawyers for Joffe and the researchers he recruited have said they had no political ax to grind but were monitoring Trump to track a credible national security threat related to Russia. But Joffe’s lead researcher – Manos Antonakakis of the Georgia Institute of Technology – revealed in one email obtained by Durham that “the only thing that drives us is that we just don’t like [Trump].” Other emails, released this week by Judicial Watch through a Freedom of Information Act request, show that Antonakakis believed even the most salacious – and debunked – rumors in the Clinton-commissioned Steele dossier.

Recent court filings indicate Durham and his prosecutors aren’t buying their “concerned patriot” defense. Some see a crime in exploiting high-security government contracts for political purposes.

“In my opinion, Joffe is someone who should be indicted and probably will be,” former FBI official Swecker said in an RCI interview.

Eisenhower Executive Office Building: Anti-Trump spying target?

“As I see it,” Swecker explained, “Joffe, who worked for Neustar at the time, had a contract with either the Executive Office of the President or the [presidential] transition team, and he used information gleaned from his contractual relationship to provide that private information to the Clinton campaign. Depending on the actual facts on the ground, it could constitute mail or wire fraud, and if it were an actual government contract, perhaps fraud against the government – that is, the Executive Office of the President.”

Added Swecker: “There could be other criminal statutes [invoked] as well” — including conspiracy — “but to me, the key issue is his contractual relationship. He also engaged researchers at Georgia Tech who were working on a government contract and being paid by the U.S. government.”

In a public statement, a spokesman for Joffe argued that the then-Neustar executive had authority to mine the White House data: “Under the terms of the contract, the data could be accessed to identify and analyze any security breaches or threats,” including concerns about Russian interference in the election.

Joffe Internet Firms in Durham’s Sights

While not charged with a crime, Joffe, despite being subpoenaed, does not appear to be actively cooperating with Durham’s investigation. He does not show up on a discovery document recently filed by Durham listing people interviewed by investigators or the grand jury. Asked if Joffe has received a target letter, his attorney Steven Tyrrell did not answer. On Twitter, Joffe has removed all his tweets dating back to 2014.

Durham’s office is looking closely at Washington-based Neustar, and firms Joffe founded while working there. Joffe has created more than two dozen startups across several states, some of which have no employees, revenue or even offices.

Sources told RCI that Durham’s office is looking closely at Washington-based Neustar – which Joffe left in September following Sussmann’s indictment – and two Internet firms Joffe operated while still working there: Packet Forensics and Vostrom Ventures, both of which are controlled by Vostrom Holdings Inc. and also have offices in the greater Washington area.

Durham’s investigators have interviewed several current and former employees at all three companies, and obtained thousands of pages of subpoenaed documents from them, recent court filings reveal. In September 2016, Sussmann billed Neustar for “communications regarding confidential project,” a reference to Joffe’s mission to find a “secret hotline” between Trump and the Kremlin via Alfa Bank’s servers. That Sussmann billed Neustar for this work suggests a level of involvement by the company that has not been explained.

A month earlier, Joffe had tasked employees at his two small Internet startups to search for any Internet data (including private DNS holdings) reflecting potential connections or communications between Trump or his associates and Russia. Joffe emailed them a five-page dossier – the “Trump Associates List” – to guide their queries. As RCI first reported, the list included highly personal information on Trump campaign advisers Michael Flynn, Paul Manafort, George Papadopoulos and Carter Page. Steve Bannon appears to have been added to the list later as another target, the emails released by Judicial Watch reveal.

Packet Forensics reportedly landed a recent Pentagon contract to manage a large chunk of Internet domains owned by the military. The bid was awarded the day Joe Biden was inaugurated president. The massive cyberspace will allow Joffe’s firm to set up dedicated digital infrastructure, including servers and software, to comb through private Internet traffic for the purported purpose of monitoring suspicious activity.

Joffe’s company also sells wiretapping equipment that allows federal authorities to spy on private web-browsing through fake Internet security certificates, instead of real ones that websites employ to verify secure connections. Once installed, Packet’s device lets agents see an individual’s online transactions without obtaining a warrant.

Over the past decade, Packet Forensics has landed almost $40 million in federal contracts, according to publicly disclosed contract information. Joffe’s firm counts the FBI and the Pentagon’s Defense Advanced Research Projects Agency, or DARPA, among its customers. The contracts generally involve cybersecurity. Joffe monitors the computers of government officials for threats, including as it turns out, even investigators in the office of Justice Department watchdog Michael Horowitz, recent court filings reveal.

State incorporation records show that Joffe has created more than two dozen startups across 20 states, some of which have no employees, revenue or even offices.

‘Friends in High Places’

Joffe’s second-act success in government seems rooted in a simple fact: “He has friends in high places,” proferred a career Justice Department official. The official, who spoke on condition of anonymity, pointed out that Joffe personally advised President Obama on cybersecurity and other issues, and was also close to former FBI Director James Comey.

Secret Service entrance logs reveal Joffe visited the White House several times during the Obama administration. And in 2013, Comey gave Joffe an award recognizing his work helping agents investigate a cybersecurity case. Sources told RCI that Joffe has also worked as an FBI informant on various cybersecurity cases opened by the bureau over roughly the past 15 years.

Sussmann’s attorneys have pointed to that acclaim to explain why Sussmann trusted the findings from Joffe he shared with the FBI. “Far from being a stranger to the FBI, [Joffe] was someone with whom the FBI had a long-standing professional relationship of trust and who was one of the world’s leading experts regarding the kinds of information that Mr. Sussmann provided to the FBI,” Sussmann’s lead defense lawyer Sean Berkowitz of Latham & Watkins said in a court filing last year.

A recent court paper filed by Durham in the Sussmann case suggests he may be looking into Joffe’s relationship with the FBI. The document, which discloses information to Sussmann’s lawyers as part of the discovery process, reveals that a criminal grand jury in D.C. has obtained “approximately 226 emails from within the FBI’s holding involving a company founded by [Joffe].” Durham does not identify the company, but sources told RCI it is Packet Forensics. The 226 emails were generated in 2016 alone. All told, the FBI has a total of approximately 17,000 emails that reference Joffe’s company – and those are just from a search of the bureau’s unclassified files.

Durham said that his investigators are “also conducting other searches and communicating with other government agencies regarding [Joffe’s] companies.”

The 67-year-old Joffe is commonly described as an award-winning and highly respected computer expert. But colleagues say he is more of an operator.

Graham said he’s “a quite average” computer programmer and network analyst. “He’s more of an executive than an operations guy.”

In a 2015 promotional video by Neustar, Joffe disclosed that his real gift is recruiting other experts, making phone calls to people in high places, and providing the resources needed for projects.

“I’m not the smart guy in the room. I’m really the dumb guy that carries the bags – but fortunately in those bags, I have a lot of money,” Joffe said with a grin. “So my role has really been carrying the bags of money to help whenever I can when folks in the [cyber-security] community want things. I’m really happy to be able to do that kind of thing.”

“So those are the things I really do,” he added. “I’m not really good at actually understanding spam and finding that. I’m not any of those things. I couldn’t have an intelligent conversation about the techniques and methods used.”

Comments are closed.