The following is a brief summary of events and evidence in Attkisson v. DOJ and FBI over the U.S. Government Computer Intrusions
Related Links: Latest summary / Maryland complaint v. Rosenstein / Affidavit from Fmr NSA forensic expert / American Thinker article Jan 29, 2020 / Politico article on lawsuit Jan. 10, 2020 / DOJ Opposition to reopening case / Motion to Reopen case Jan. 9,2020 / Former Govt. Agent admits spying on Attkisson Jan. 9, 2020 / FBI Unit Chief Affidavit confirming govt. computer intrusion Jan. 2020 / Reward Offered (VIDEO) June 2, 2019 / Reward Offered June 1, 2019 / Appeals Court Upholds Dismissal May 17, 2019/ Why is DOJ fighting so hard? (VIDEO) May 12, 2019, Federal Judge calls Govt. “Kafkaesque,” May 6, 2019/ Petition for Full Appellate Hearing May 4, 2019 /Appellate Decision (Video) April 23, 2019 / Update (Video) March 6, 2019 / Full Transcript of Oral Arguments Feb. 19, 2019/ Oral Argument Excerpts (Audio) Feb. 2, 2019 /Oral Arguments (Audio) Feb. 2, 2019
Multiple forensics exams concluded that numerous devices used by Attkisson were remotely compromised including, but not limited to:
- CBS Toshiba Laptop
- Apple iMac Desktop
- MacBook Air
- Mobile devices, including Blackberry
Forensics exams were conducted from 2013 to present by:
- Confidential government source (CBS Toshiba Laptop)
- CBS-hired forensics firm (CBS Toshiba Laptop and iMac Desktop)
- Independent forensic examiner #1 (CBS Toshiba Laptop, iMac Desktop and other devices)
- Department of Justice Inspector General (iMac Desktop, only)
- Independent forensic examiner #2 (CBS Toshiba Laptop, iMac Desktop and other devices)
- Independent forensic firm (CBS Toshiba Laptop, iMac Desktop and other devices)
Table of contents and full details below.
Watch a video update here: https://www.youtube.com/watch?v=tCJVDIhtU-Y&feature=youtu.be
Click the link below and watch the original CBS News announcement confirming the computer intrusions in June 2013.
During the time of the government computer intrusions, Sharyl Attkisson was an investigative journalist at CBS News. Starting in approximately 2011, officials at the White House and various federal agencies began frequently contacting her and CBS management via telephone and email in attempts to controversialize or stop her reporting on a number of topics.
Government officials sometimes attempted to bully Attkisson, demanded to know the identities of her confidential government sources, and emailed one another about the need to stop or control her.
During the same time period, the federal Department of Justice (DOJ) vastly expanded its offensive cyber capabilities in the name of national security, including the extraordinary decision to actively target journalists and news organizations with electronic surveillance as part of leak investigations. The FBI was the primary DOJ agency tasked with carrying out these national security investigations, using a combination of legal and illegal means.
Multiple forensic exams show that numerous electronic devices used by Attkisson and her family during this time frame were hacked or remotely compromised. Unauthorized parties used government Internet Protocol (IP) addresses to access Attkisson’s computers; placed government surveillance spyware on her devices; and illegally accessed her professional and personal information over an extended period of time.
The First Amendment protects the rights of American citizens to engage in free and open discussions, and to associate with persons of their choosing. The Fourth Amendment guarantees that citizens will be free of unreasonable searches and seizures. The government expressly interfered with the Attkissons’ constitutional rights. The responsible government officials deployed surreptitious collection techniques, including highly sophisticated forms of electronic surveillance, to achieve overly broad intelligence targeting and collection objectives in violation of law.
The Genesis: Fast and Furious
On September 21, 2010 executives with Stratfor, a global intelligence firm doing business with government agencies, emailed internally about an alleged Obama administration initiative to target journalists. One email was titled: “Obama leak investigations.” The email stated: “Brennan is behind the witch hunts of investigative journalists learning information from inside the beltway sources…(t)here is a specific tasker from the [White House] to go after anyone printing materials negative to the Obama agenda (oh my.) Even the FBI is shocked.”
A few months later, in early 2011, Attkisson began investigating the “Fast and Furious” gun-walking story involving federal agents from the Bureau of Alcohol, Tobacco, and Firearms (ATF) improperly permitting weapons to pass into the hands of the Mexican drug cartels.
On February 22, 2011, Attkisson’s first Fast and Furious report aired on CBS. The report quoted and relied upon numerous government confidential sources who criticized the Fast and Furious gun-walking strategy deployed by ATF and DOJ. ATF falsely told other reporters who queried that the CBS report was untrue.
On March 3, 2011, Attkisson reported a landmark follow-up to her original story. This report, which appeared on the CBS Evening News, featured an interview with a then-lead ATF special agent on Operation Fast and Furious. He admitted that the allegations against ATF were true, and alleged that government officials were lying about them.
ATF Special Agent John Dodson
Shortly after the CBS report, ATF issued an internal memorandum instigating an orchestrated campaign against Attkisson’s CBS News reporting, including efforts to discredit it; and outlined a strategy for the ATF to push “positive stories” in order to “preempt some negative reporting.”
In response to the February and March 2011 reports, federal officials initiated a longterm campaign to target and harass Attkisson, and to discredit and stop her reporting on the gun walking operations and federal officials’ role in it.
When contacted for comment, DOJ officials persisted in their denial of the allegations and continued efforts to unveil Attkisson’s confidential sources. Sources told Attkisson that the DOJ was actively seeking to identify government insiders who were providing information or “leaking” to her and CBS.
Attkisson continued investigating Fast and Furious, publishing dozens of reports over the course of 2011.
On May 4, 2011, Attkisson published a report revealing that DOJ had authorized a wiretap in the Fast and Furious case indicating top agency officials knew that the controversial tactic was being used, despite their denials.
Seized weapons in Naco, Sonora related to Justice Department’s Operation Fast and Furious
Also in May 2011, the White House assigned political operative Eric Schultz to manage and coordinate pushback on the Fast and Furious story.
On September 9, 2011, Attkisson reported on the Fast and Furious investigation expanding to White House officials.
In September and October of 2011, Attkisson published several FBI-related Fast and Furious stories based on information from confidential informants connected to the government. One report pointed to an alleged discrepancy in the FBI’s handling of evidence in the related murder of Border Patrol Agent Brian Terry. Another story reported on the alleged role of an FBI informant in the Fast and Furious case.
In October 2011, Attkisson reported on evidence contradicting Attorney General Holder’s sworn testimony several months before, wherein he claimed that he had only heard of Fast and Furious for the first time in the past couple of weeks.
Former Attorney General Eric Holder
In December 2011, Attkisson reported on the DOJ’s formal retraction of a letter and misrepresentation DOJ made to Congress the previous February, which had incorrectly stated there had been no gun-walking.
On June 28, 2012, Attorney General Holder became the first sitting member of the Cabinet of the United States to be held in contempt of Congress for refusing to turn over subpoenaed documents about Fast and Furious. President Barack Obama invoked executive privilege for the first time in his presidency to withhold the documents.
Unknown to Attkisson at the time, beginning on approximately February 23, 2011, she and her Fast and Furious reporting became a frequent target of critical private discussions among high-ranking DOJ and ATF officials; and also the White House’s Schultz.
On February 23, 2011, ATF’s chief public affairs officer emailed DOJ officials “We just watched the piece,” referring to Attkisson’s CBS News report, and stated, “We agree that it’s time to go on the offensive.” (p. 79)
On February 24, 2011, DOJ Deputy Asst. Attorney General Jason Weinstein emailed the link to Attkisson’s report to other officials and set up a conference call to discuss it, commenting that the Attkisson report was “very specific which makes it more troubling and likely to get more traction.” (p. 80)
On March 9, 2011, a senior adviser to Attorney General Eric Holder wrote DOJ colleagues on how to “push back” on Attkisson’s reporting. (p.99)
On October 3, 2011, DOJ officials emailed about Attkisson’s upcoming report on documents showing that Attorney General Holder had been sent briefings on Fast and Furious despite his testimony otherwise. “Bad story coming on CBS Evening News tonight,” wrote one official. (p. 232)
Also on October 3, 2011, the Obama administration secretly changed longstanding policy to create a “loophole,” according to Democratic Senator Ron Wyden, allowing the National Security Agency (NSA) to conduct “backdoor searches” of U.S. citizens’ domestic communications. Previously, NSA spying was publicly believed to be confined to foreign terrorist threats and foreign territory.
On October 4, 2011, a Holder senior adviser emailed White House official Schultz. The Holder adviser called Attkisson “out of control” and stated that she, the adviser, was going to call Attkisson’s “editor.” Schultz replied, “Good. Her piece was really bad for the [Attorney General].” (p. 232)
“Her piece was really bad for the [Attorney General]”White House official Eric Schutz, Oct. 4, 2011
The Holder adviser tells Schultz they have to “take over the storyline.” (p. 234)
On October 5, 2011, Holder emailed his senior adviser in response to an Attkisson report about his briefings on Fast and Furious: “Holder briefed!!!???” (p. 238)
In other emails with Attorney General Holder, government officials expressed anger that Attkisson’s Fast and Furious story “is gaining traction. You need to stop it from snowballing now…” and “The coverage is starting to break through.” (pp. 229-230)
During the time of Attkisson’s Fast and Furious reporting and the government’s campaign against her, in mid-to-late 2011, Attkisson began to notice anomalies in numerous electronic devices at their home in Virginia. These anomalies were detected initially on at least two computers: a CBS Toshiba laptop computer and a family Apple iMac desktop computer.
Among other anomalies, the CBS Toshiba laptop and Apple iMac desktop turned on and off at night without input from anyone in the household, the house alarm chirped nightly at different times, often indicating “phone line trouble,” and there were numerous mobile and landline telephone disruptions, and television problems, including interference. All of the referenced devices used the Verizon FiOS line installed in Attkisson’s home. Yet, Verizon was unable to cure the problems, despite multiple attempts over a period of more than a year.
On January 13, 2012, while continuing to cover the Fast and Furious case, Attkisson began a series of reports for CBS News spanning several months, which examined the Obama Administration’s “green energy” initiatives, including the Executive Branch’s failed investment in solar-panel manufacturer Solyndra. Obama administration officials and their partners, including the smear group Media Matters, embarked upon a campaign to controversialize and stop Attkisson’s reporting on the topic.
On January 23, 2012, Attkisson’s intermittent Intenet connectivity and persistent drop offs in the FiOS residential internet service had become so disruptive, she contacted Verizon. Verizon sent a new router, which was immediately installed at the Attkisson’s home but failed to resolve the issues.
In February 2012, Attkisson contacted Verizon yet again to complain about continuing anomalies with her FiOS Internet, voice, and video services.
On Feb. 13, 2012, unknown to Attkisson at the time but later revealed through forensic exams, remote intruders downloaded new spyware into Attkisson’s CBS Toshiba laptop at approximately 10:30 p.m. EDT after she downloaded an mp3 file and clicked on an email. The spyware corrupted Firefox and caused it to crash intermittently thereafter.
In March 2012, a Verizon representative visited the Attkissons home and replaced the router a second time. The representative also replaced the entire outside FiOS service box. Despite Verizon’s efforts, however, the anomalies persisted.
In April 2012, the Attkissons continued to report ongoing issues with TV interference, which Verizon attempted to troubleshoot.
In April and May 2012, the DOJ and FBI publicly announced a new effort to vastly expand cyber-related efforts to address alleged “national security-related cyber issues.”
In May 2012, without notice and in violation of longstanding DOJ practice, DOJ seized personal and business phone records belonging to journalists from the Associated Press news agency. The records seizure was not publicly known at the time, but was later revealed by the media.
In July 2012, the DOJ stepped up cyber efforts in the name of national security, designating U.S. Attorneys’ offices to act as “force multipliers.”
That same month, on July 15, 2012, remote intruders “refreshed” the ongoing surveillance of Attkisson’s CBS Toshiba laptop. Again, the access was unknown to Attkisson at the time, but was revealed later through computer forensic analysis. This remote intrusion was accomplished through use of a B-GAN satellite terminal, according to forensics.
On October 5, 2012, CBS News aired Attkisson’s first Benghazi story, which relied in part on confidential Obama administration sources critical of the Obama Administration’s handling of the security requests at the U.S. compound in Benghazi, Libya, where Ambassador Christopher Stevens and three other U.S. personnel were murdered by terrorists on September 11, 2012.
On October 8, 2012, CBS aired another Attkisson report on Benghazi that included an interview with whistleblower Col. Andrew Wood. During the weeks following the airing of Col. Wood’s interview, Attkisson made personal contact with numerous confidential sources within the Federal government (or who had links to intelligence agencies within the U.S. government). Confidential government sources reported to Attkisson that efforts were being made by the Obama Administration to clamp down on leaks and to track the leaking of information by federal government employees to specific reporters regarding the Benghazi terrorist attacks.
Also in October 2012, the DOJ continued its stepped-up cyber tactics with its National Security Division, providing specialized training at DOJ headquarters for the National Security Cyber Specialists (“NSCS”) network and the Criminal Division’s Computer Crime and Intellectual Property Section (“CCIPS”).
On October 16, 2012, President Obama issued a top secret presidential directive ordering intelligence officials to draw up a list of overseas targets for cyberattacks. According to The Guardian, the directive also “contemplates the possible use of cyber actions inside the U.S.”
Also in October 2012, a month before the presidential election, White House officials began contacting Attkisson directly to tell her that President Obama did not call the Benghazi attacks “terrorist”-related the day after they happened. (Unknown to Attkisson at the time, the President had called the assaults “terrorist” attacks the day after they happened, in an interview with CBS’ 60 Minutes that was not yet public.)
In the latter part of October 2012, the Attkissons began noticing an escalation of electronic problems at their residence in Leesburg, Virginia, including stepped up interference in home and mobile phone lines, computer interference, and digital television signal interference. However, they were still unaware of any intrusion by Defendants.
President Obama was re-elected on November 6, 2012.
From November 7–9, 2012, Attorney General Holder hosted a national training conference at DOJ headquarters regarding the expanded efforts of DOJ’s National Security Cyber Specialists (“NSCS”).
On November 13, 2012, the FBI initiated several cyber security case investigations that Attkissons’ computer intrusion case would later be grouped under.
Also in October and November 2012, White House officials initiated heated exchanges with Attkisson on the telephone and via email regarding her Benghazi reporting, as she continued breaking stories with assistance from multiple government confidential sources.
In November 2012, Attkisson’s phone line became nearly unusable because of anomalies and interruptions. Her mobile phones also experienced regular interruptions and interference, making telephone communications unreliable, and, at times, virtually impossible.
During the same general time frame, several sources with close ties to the U.S. Intelligence Community privately approached Attkisson and informed her that the federal government would likely be monitoring her electronically in an effort to identify her confidential sources, and also to monitor her continued reporting on the Fast and Furious and Benghazi stories. These sources stated that the Obama administration was pushing the limits of surveillance on private citizens in a way that would shock most Americans.
In late November 2012, a contact of Attkisson offered to connect her with a government expert source that could accomplish a thorough forensic examination of her CBS Toshiba laptop. Attkisson accepted the offer. The contact initiated efforts to connect Attkisson with the expert.
In approximately December 2012, Attkisson began discussing her phone and computer issues with friends, contacts, and sources, via her home phone, mobile phones, and email. She decided to begin logging the times and dates that the computers turned on at night without her input. Soon after these phone and email discussions, the computer nighttime activity stopped.
Computer forensic analysis later revealed that in the time frame when Attkisson began discussing the possibility of government intrusions with friends, contacts and sources; in December 2012; the intruders remotely executed actions in an attempt to remove all evidence of the intrusions from Attkisson’s computers, mobile phones, and home electronic equipment.
Also in December 2012, another contact of Attkisson’s with U.S. government intelligence experience offered to conduct an inspection of the Attkisson’s exterior home. During the course of the inspection, the contact discovered an anomaly with Attkissons’ Verizon FiOS box: an extra fiber-optic cable dangling from the exterior of the box.
Based on this odd finding, Attkisson contacted Verizon on December 31, 2012. However, the Verizon customer service representative denied Verizon had installed, or had knowledge of, the extraneous fiber-optics cable affixed to the FiOS equipment at the Attkissons’ home. Furthermore, the Verizon representative directed Attkisson to contact local law enforcement authorities. Shortly thereafter, a person identifying herself as a Verizon supervisor telephoned Attkisson to advise her that Verizon was dispatching a service technician the next day, New Year’s Day, to investigate the fiber-optic cable issue. Attkisson informed the purported Verizon supervisor that it was unnecessary to dispatch a technician on a holiday, and offered to send Verizon a photograph of the fiber-optic cable to save Verizon the trip. However, the supervisor declined the photograph and insisted that a technician would be present on New Year’s Day.
On January 1, 2013, a person representing himself to be a Verizon technician visited the Attkisson’s home and removed the additional fiber-optic cable dangling from the outdoor FiOS box. Attkisson asked the technician to leave the cable for possible forensic analysis. The technician initially objected, but left the cable when Attkisson insisted. He placed it next to the equipment and left the home. When Attkisson’s husband later went to retrieve the extraneous cable to deliver to a forensic expert, the cable was no longer on the premises.
Throughout the month of January 2012, Attkisson repeatedly contacted the Verizon service technician to seek the location of the missing cable. The person representing himself as a technician never returned any of the calls at the number he had provided.
In January and February of 2013, the Attkisson’s continued to experience phone and Internet usage issues, including drop-offs, noises, and other interference. They notified Verizon of these service issues, and technicians and supervisors made additional contacts and visits.
The First Forensic Exam of CBS Toshiba Laptop
On January 8, 2013, Attkisson delivered her CBS Toshiba work laptop to an individual with special expertise in government intelligence computer forensics, as arranged by the contact who offered to connect her in November 2012.
On January 9, 2013, the concerned contact reported to Attkisson that her CBS Toshiba laptop showed clear evidence of outside and unauthorized “intrusion,” and that, based on the sophisticated nature of the technology used and the nature of the software, which was proprietary to the a US intelligence agency, the source of the intrusion and electronic surveillance was likely the US government.
On January 10, 2013, the concerned contact returned Attkisson’s CBS Toshiba laptop and provided a summary of findings. According to the findings, the forensics computer expert found that sophisticated malicious software (“malware”) had been used to accomplish the intrusion, and the software fingerprint indicated the malware was proprietary to the federal government. The intrusion included, among other types of electronic surveillance, keystroke monitoring, exfiltration of data, audio surveillance of Attkisson’s conversations and activities at home through secret activation of Skype, mining of personal passwords, monitoring work and personal email, and likely compromise of Attkisson’s work and personal smartphones.
According to the report, the electronic surveillance by the identified malware spanned most of 2012, at least. The findings also stated the intruders had accessed CBS’s internal networks, computer systems, and enterprise software applications, such as the ENPS program, and that the perpetrator had also placed three (3) classified documents deep in the computer’s operating system. Attkisson thereafter notified her direct supervisor at CBS News.
On February 2, 2013, an independent forensic computer analyst retained by CBS News spent approximately six (6) hours at the Attkisson’s home, during which time he reported finding evidence on both Attkisson’s CBS Toshiba laptop and personal Apple iMac desktop computers of a coordinated, highly-skilled series of actions and cyber-attacks directed at the operation of the computers and the storage and access of data thereon. The analyst also reported finding attempts by the remote intruder(s) to “cover their tracks” and erase files that would reveal their activities.
On February 4, 2013, the CBS-hired forensic analyst notified Attkisson and CBS via email: “It is my professional opinion that a coordinated action (or series of actions) have taken place. I don’t wish to go into details because the integrity of email is now in question. . . . It bothers me that I was not able to leave Sharyl with an increased sense of security Saturday evening, but hopefully we can all work together to remedy this ASAP.”
It is my professional opinion that a coordinated action (or series of actions) have taken place. I don’t wish to go into details because the integrity of email is now in question.CBS-hired forensic examiner, Feb. 4, 2013
CBS engaged the cyber-company to conduct further analysis of the CBS Toshiba laptop in an attempt to recover wiped data and determine the methods used compromise the system.
In March 2013, Attkisson’s Apple iMac desktop computer began malfunctioning and, after several days of it freezing and emitting a burning odor, it shut down. She was unable to turn the Apple computer back on after this event.
On April 3, 2013, Attkisson filed a complaint with the DOJ Inspector General regarding the incidents of suspected government electronic surveillance and cyber-stalking described above.
On May 6, 2013, an official with the DOJ’s Inspector General (“IG”) office called Attkisson in response to her complaint, and stated that he had checked with the FBI, and the FBI denied any knowledge of any operations concerning her computers or phone lines.
The DOJ IG official also stated that there was no Foreign Intelligence Surveillance Act (“FISA”) or PATRIOT Act related order authorizing electronic surveillance against her. (The DOJ IG’s office later refused to provide details as to who it spoke to at DOJ or FBI, or regarding the FISA question and other key details, and each agency has been unresponsive to Attkisson’s Freedom of Information Act requests for this information.)
Coincident with this time frame— the first half of 2013— there were multiple revelations about previously unknown government surveillance activities including the following:
- NSA whistleblower Edward Snowden revealed mass surveillance of American citizens, contrary to the sworn testimony of the Director of National Intelligence James Clapper. (Clapper then corrected his testimony and apologized.)
- News that DOJ had departed from longstanding policy and secretly obtained records of Associated Press journalists the previous years, in an attempt to track down government leakers or whistleblowers;
- News that DOJ had secretly named Fox News reported James Rosen a possible criminal target in another government leak investigation, and had obtained phone records belonging to him and his family. (DOJ ultimately apologized and conducted a review to examine its policies and practices regarding surveillance of journalists.)
On May 21, 2013, Attkisson had not publicly disclosed the computer intrusions, but a radio interviewer asked her whether she thought she, too, had been under government surveilled. She stated that she did think so, but did not provide details.
Subsequently, a news outlet sought a statement from the DOJ regarding Attkisson’s assertions. The DOJ issued a written response stating, “To our knowledge, the Justice Department has never compromised Ms. Attkisson’s computers, or otherwise sought any information from or concerning any telephone, computer or other media device she may own or use.” (The DOJ has refused to provide information as to who drafted its statement and who was consulted, and the agency has failed to provide the information in response to Attkisson’s Freedom of Information requests.)
On June 10, 2013, the independent cyber-security firm hired by CBS issued a formal report to CBS confirming that there was a highly sophisticated intrusion into Attkisson’s CBS Toshiba laptop.
The cyber-security firm also reported the remote intruders had changed the internal clock of the CBS Toshiba computer 1,358 times in an apparent attempt to confuse any forensic efforts.
Moreover, the cyber-security firm confirmed that in December 2012, the perpetrators of the cyber-attacks remotely initiated “clean-up” actions in an attempt to delete all evidence of the intrusion and electronic surveillance.
On June 11, 2013, CBS News issued a public statement, based on the forensics report from the independent cyber-security firm, confirming that Attkisson’s work laptop was accessed by an unauthorized, external, unknown party on multiple occasions in late 2012, and that the party used sophisticated methods to attempt to remove all possible indications of unauthorized activity.
FBI and DOJ Secretly “Investigate”
Though Attkisson was unaware at the time, the DOJ and FBI began conducting inquiries into her computer intrusions under the auspices of a national security issue.
On June 14, 2013, according to an FBI email later obtained by Attkisson, “Cywatch coordinated with CyOS to confirm the reporting” on Attkisson’s computer intrusions. The email states that the FBI’s Washington Field Office “contacted CBS News, and CBS News confirmed the compromise of Attkisson’s computer” and that there would be follow up after CBS Washington “discussed internally with CBS New York.”
On June 20, 2013, an FBI document later obtained by Attkisson listed her as “victim” in an FBI computer intrusion case with the notation: “Victimized from 12/01/2012 to 6/14/2013.” However, both DOJ and the FBI failed to inform, contact or interview Attkisson.
According to the FBI document, Attkisson’s case was assigned a Case ID number and was circulated to the DOJ’s national cyber-security group; included with a set of cases opened in November 2012, during the DOJ’s expansion of its cyber team and the announcement of its intention to use “new tools” in its arsenal.
Attkisson only discovered the FBI inquiry in December 2013, when she appealed the denial of her Freedom of Information Act (“FOIA”) request to the FBI and received a few pages of responsive documents.8 (In response to Attkisson’s multiple Freedom of Information Act requests and a lawsuit, the FBI denies having any further documents, materials, communications or information related to its investigation of Attkisson’s computer intrusions.)
Meantime, on July 9, 2013, Senator Tom Coburn wrote a letter instructing to Attorney General Eric Holder to answer a series of questions regarding Attkisson’s computer intrusions. Senator Coburn’s questions required the DOJ to consult with FBI to obtain answers.
Also on July 9, 2013, Senator Coburn wrote a letter instructing DOJ Inspector General Michael Horowitz to “conduct a thorough and exhaustive investigation whether any personnel within the Department of Justice may have been aware of or involved in any way with the breach and/or monitoring of Ms. Attkisson’s computers. This investigation must encompass all email transmissions of Department of Justice personnel beginning in August of 2011.”
Multiple government officials indicated to Attkisson that inquiries were being conducted as a result of Senator Coburn’s request. However, no known results of any such investigation were provided.
Attkisson’s subsequent FOIA requests for material related to any DOJ, FBI and/or DOJ IG inquiry per Senator Coburn’s instructions were denied.
Meantime, in May of 2013, in response to Attkisson’s complaint, the head of the DOJ IG’s cyber unit requested that CBS provide its forensics report regarding the CBS Toshiba laptop, and make the CBS Toshiba laptop available for analysis. CBS declined.
The False “Stuck Back Space Key” Narrative
In 2014, after initial forensic exams revealed remote government intrusions into the operative computers, the CBS Toshiba Laptop and the iMac Desktop; Attkisson was working on a new computer— a MacBook Air— and managed to captured a brief video of deletions of data being made remotely on that device.
After Attkisson posted the video, a disinformation campaign was launched by the Obama and Clinton-affiliated smear group “Media Matters.” Assisted by their media associates and affiliates they maliciously and with reckless disregard for the truth claimed a Department of Justice Inspector General exam disproved the allegations of government intrusions into Attkisson’s computers. They further alleged that the signs of intrusion were simply due to a “stuck back space key.” This is demonstrably false on multiple levels:
Importantly, the DOJ IG never examined Attkisson’s MacBook Air pictured in the video.
There is no “back space key” on the MacBook Air.
The MacBook Air was wiped remotely at speeds not possible with a “stuck” or held down key.
Neither did the DOJ IG examine the main computer at issue: the compromised CBS Toshiba laptop.
Therefore, it is false to state or imply that the DOJ IG ruled out or was in a position to rule out the remote intrusions into Attkisson’s computers, which were proven through multiple forensic exams. Details follow.
The DOJ IG iMac Exam
In late 2013, Attkisson asked the DOJ IG to examine her personal Apple iMac desktop even though CBS would not permit the office to examine the main computer, the CBS Toshiba laptop.
Meantime, Attkisson had retained a separate independent computer forensics expert to conduct further analysis of her CBS Toshiba laptop, Apple iMac, and other devices; in addition to the ongoing CBS firm’s analysis of the CBS Toshiba laptop.
In 2014, on January 16, January 27, and April 2; the head of the DOJ IG Computer Forensics unit and a colleague visited Attkisson’s home as part of their investigation, which included analysis only of the Apple iMac desktop, but not the CBS Toshiba laptop or any of the other compromised devices.
Attkisson also showed the IG investigators a short video recording she made in September 2013 while working on the Benghazi story at her home using a third computer, her personal Apple MacBook Air, as it was accessed remotely, controlled by unknown attackers, and data accessed and deleted at hyper speed despite no local input. (It is significant to note the DOJ IG investigators never examined this third computer.)
Attkisson also showed the DOJ IG investigators photographs of the extra fiber optics cable found dangling on the back of her house. However, they did not examine the actual cable since someone had removed it from Attkisson’s home.
During the DOJ IG investigation of the iMac only:
- The IG investigators reported finding “a lot of suspicious activity” on the computer in 2012 and 2013, and stated there was “no doubt about it.”
- They noted “potential nefarious activity” in the “February 13-16” 2013 time frame.
- They showed Attkisson at least two pages of examples of the suspicious commands run on the Apple in the February 13-16 time frame.
- They stated that the commands were run in the computer’s Advanced Mode, something that the Attkissons did not do and do not know how to do.
- They noted that the intruders searched through the iMac computer’s Trash, among other activities.
- They discovered “a lot of unusual time date setting changes” during the February 13-16 period on the iMac’s internal clock. Specifically, the DOJ IG investigators said intruders changed the date 12 or 15 times to dates such as 1969, 2021, and 2022.
- Previous forensic analyses had likewise noted suspicious date changes in the iMac and CBS Toshiba laptop internal clock not executed by Attkisson.
- The DOJ IG investigators said the intruders executed commands in the background while routine tasks were being performed on the computer, such as browsing the web and viewing photos.
- The DOJ IG investigators discovered that in 2012, there was “a lot of logs deleted or overwritten.” Again, this matched up with Attkisson’s forensic analyses of the iMac and CBS Toshiba laptop, which determined the intruders attempted to delete files to cover up their activities.
- The DOJ IG investigators mentioned a December 9, 2012 date that “kept popping up.” Attkisson informed them that the CBS forensic analyst had also found suspicious deletions of 24 hours of key logs on the iMac during his initial visit.
- The DOJ IG investigators reported to Attkisson that “someone used host file which can tell you about remote compromise…and overwrote the last access date and changed it to February16, 2013.” In other words, they said, intruders erased evidence of any remote intrusion.
- The DOJ IG investigators stated that on February 16, 2013 at 1:05 p.m., the intruders downloaded MacKeeper cleaning software utility via Firefox to the local desktop and executed it.
- The DOJ IG investigators stated that, “Prior to that somebody visited ziobit.com” on the computer. They further stated that after the intruders installed MacKeeper on the iMac desktop, they “overwrote some important logs,” and that was one of the last events recorded.
- The DOJ IG investigators told Attkisson that the last “drive” on the iMac was recorded on February 17, 2013 and speculated that was the date Attkisson stopped using that computer. However, Attkisson informed IG investigators that the family continued to use the iMac until the first week of March 2013. The DOJ IG investigators could not explain the absence of all records of that use.
- The DOJ IG investigators additionally stated that someone executed “data recovery 6.12” from the desktop locally and deleted logs; but stated that their IG forensics expert had been able to recover them.
On the April 1, 2014 visit to Attkissons’ home, the DOJ IG investigators repeatedly insisted that their forensics determined that suspicious activity in February 2013 had been conducted by someone in Attkisson’s home working at the computer for several hours (rather than remotely).
The Attkissons’ told the DOJ IG investigators this was highly unlikely, if not impossible, based on the dates the DOJ IG presented. The Attkisson’s were certain that intruders did not come into their home on the operative dates to work at the family computer for several hours.
(The Attkissons’ forensic analyst stated that the DOJ IG investigators may have misinterpreted their own forensics, since they were not fluent with Apple computers.)
On the April 1, 2014 visit, the lead DOJ IG investigator asked Attkisson if she was familiar with “virtualization technology,” which is defined as a way to interact with a host computer “using another desktop computer or a mobile device by means of a network connection such as a LAN, Wireless LAN or even the Internet” making the host computer “capable of hosting multiple virtual machines at the same time for multiple users.” Attkisson was unfamiliar with this technology.
At the April 1, 2014 visit, the lead DOJ IG investigator promised to follow up on Attkisson’s request to provide the times of certain suspicious commands executed in the February 13-16, 2013 time frame identified by the DOJ IG forensics examiner.
On May 14, 2014, Attkisson asked the DOJ IG about the status of the investigation and again asked to be provided the times of the suspicious commands identified in the February 13-16, 2013 time frame.
On May 22, 2014, the lead investigator from the DOJ IG’s office responded to Attkisson’s query by stating that the forensics exam was now complete and that it was “lengthy and detailed with about a dozen attachments.” He stated he needed to review it. He also stated that he would provide the requested information on times of suspicious commands “when I review everything.” However, the DOJ IG never provided the information.
On June 12, 2014, after three weeks passed with no report being issued, Attkisson asked the DOJ IG lead investigator to talk with her on the telephone. In a telephone call the following day, the lead DOJ IG investigator told Attkisson:
- The report’s gone gone back and forth a little with the examiner to clarify a few things.
- There is a technical review process, then another examiner does a detailed review.
- The investigation was “pretty much done.”
- The DOJ IG recovered a lot of logs that someone had deleted. One attachment to the forensics report “is pretty much every log file the [i]Mac has but it doesn’t tell you who deleted it.”
- It is “entirely possible” that logs giving more information about remote logins were deleted and overwritten but they were unable to see that information.
- An ASL.log, apple system log, should have an early creation date as one of the first files in the computer. However, the one found by the DOJ IG analyst had an implausible creation date of February 16, 2013 when it should have been somewhere around 2005. Someone deleted the ASL.log and recreated one “fresh and new.”
- The fourth newest file created February 16, 2013 recorded multiple date and time changes.
- The “live analysis” conducted earlier by the CBS-hired forensic technician “is not best practices” because it “changed the log files and caused some overriding of data so…it hurt our ability to drill down as far back.”
- The most unusual activity the DOJ IG forensic technician saw was mid-February 2013, including a lot of date and time changes on the computer clock within two or three days, changing dates from far in the future to some in the past. But the technician reported finding “no concrete evidence that was done remotely…no hard evidence shows remotely intruded.”
- The CBS Toshiba laptop is still “up in the air” but CBS still was not permitting the DOJ IG to analyze it.
- He would ask DOJ IG General Counsel Bill Blier if it would be okay to release the report to Attkisson. He (the DOJ IG investigator) “did not have a problem with it.”
On June 18, 2014, the lead DOJ IG investigator contacted Attkisson and asked if the CBS-hired analyst had made a report regarding his analysis of the iMac computer. Attkisson replied that he had, and that Attkisson’s forensic experts had found evidence of remote intrusions.
The DOJ IG asked for the CBS-hired technician, or the other expert who examined the iMac, to provide the DOJ IG with their reports or get on the phone to discuss. Due to the possibility of the DOJ’s potential role in the remote intrusions, and of pending litigation, Attkisson declined to share forensics information with the DOJ IG.
The lead DOJ IG investigator replied that the DOJ IG report “cannot speculate or rely on hearsay, we need direct evidence. If your examiner’s conclusion is that remote access occurred because log files are missing we can’t rely on that.”
Attkisson replied that the log file deletions were not the evidence that Attkisson’s forensic experts had relied on in concluding there were remote intrusions.
On June 25, 2014, Attkisson again asked DOJ IG for a copy of the DOJ IG report.
The DOJ IG’s Obstruction
Meantime, Senator Coburn notified Attkisson that the DOJ IG’s office had notified him that “someone” had inexplicably “narrowed their [investigative] task” to simply identifying whether they could locate “hard evidence” of a remote intrusion of her iMac computer. Coburn told Attkisson he did not support the idea of “narrowing” the probe.
On July 30, 2014, more than two months after the DOJ IG investigator first informed Attkisson that the computer examination was finished, the DOJ IG report was still not available to her. The DOJ IG told Attkisson he “still want[ed] to finalize our forensic report on your personal iMac,” and that “when finalized” the IG General Counsel would determine whether she could see it.
The DOJ IG investigator further stated that he would “ask [the DOJ IG General Counsel] again and let you know. If there is some rule/policy saying we cannot provide it, you could always go the FOIA [Freedom of Information Act] route. I will re-approach the question this week.”
On September 28, 2014, after two additional months, Attkisson notified the lead DOJ IG investigator that she was filing a Freedom of Information Act request for the DOJ IG report on her iMac. The DOJ IG did not respond to Attkisson’s FOIA request within the 20-day statutory deadline or in subsequent months.
In mid-January 2015, the office of Senator Charles Grassley, who was then Chairman of the Senate Judiciary Committee, intervened and asked DOJ IG to provide the forensic report on Attkisson’s computer intrusions. Senator Grassley’s office told Attkisson it had threatened to hold up the confirmation hearings of Attorney General Loretta Lynch if the DOJ IG did not release the report.
On the eve of the Lynch hearings, on January 23, 2015— and after withholding the report and failing to respond to Attkisson’s FOIA request— the lead DOJ IG investigator suddenly emailed Attkisson to say that the office had completed its investigation into her complaint about the computer intrusions. He stated that “our investigation was unable to substantiate that an intrusion occurred.”
The DOJ IG further stated that his office was going provide the report to Senator Grassley, but that if the Attkisson’s wished to receive a copy, they could file a Freedom of Information request for it.
Although the DOJ IG’s brief, released summary noted a great deal of advanced-mode and unauthorized computer activity not attributable to the Attkissons, it nonetheless concluded, paradoxically, that DOJ IG found no evidence of unauthorized or remote intrusion into the Attkisson’s personal Apple iMac computer. (The DOJ IG made no comment or conclusion about Attkisson’s other devices, which it did not examine.)
This DOJ IG’s reported finding was contrary to previous communications in which the DOJ IG investigators reported to Attkisson extensive evidence of activities not conducted by or authorized by the Attkissons, including but not limited to: suspicious commands run on the iMac in the February 13-16, 2013 time frame, operation of the iMac in “Advanced Mode,” searches through the iMac computer’s Trash, “a lot of unusual time date setting changes,” execution of commands in the background while routine tasks were being performed on the computer, “a lot of logs deleted or overwritten” in 2012, changed host file date from an original date in 2005 to 2013, deletion of files that could typically reveal remote access, downloading and execution of MacKeeper cleaning software utility via Firefox to the local desktop, overwriting of important logs, execution of “data recovery 6.12” from the desktop locally, and deletion of logs.
While the DOJ IG summary excluded most of the forensic information; and excluded the actual report and its attachments; it also contradicted itself by noting time and date changes not made by the Attkissons, even as it claimed there was no unauthorized access.
Though the DOJ IG investigators did not examine the Attkissson’s MacBook Air, the summary report speculated that a video clip showing deletion of information was the result of a “stuck back space key.” However, there is no back space key on the MacBook Air. Even a theoretically “stuck” delete key cannot delete information at the speeds shown in the recorded video.
The DOJ IG summary also further stated that the fiber optics cable pictured in the photo Attkisson showed DOJ IG investigators was “a common cable…and could not be used to monitor or otherwise affect the phone or internet service at her residence.” However, it’s unclear how the DOJ IG could form such a conclusion having not examined the cable, and the DOJ IG summary did not explain how and why an extra cable could have come to be placed on the exterior of the Attkisson’s home.
Attkisson requested and filed Freedom of Information requests for the full DOJ IG report and drafts, as well as notes and information as to how the DOJ IG had arrived at its conclusions regarding a nonexistent back space key on a computer it did not examine, and the extra fiber optics cable, but the DOJ IG never responded to the requests.
Though the DOJ IG only examined the iMac, not Attkisson’s CBS Toshiba laptop or any other devices; and although the DOJ IG summary noted unexplained activity in the iMac not attributed to Attkisson; the DOJ IG summary was widely misrepresented in the media as proof that Attkisson had imagined or fabricated the computer intrusions and that all anomalies were simply the result of a “stuck back space key.”
On January 24, 2015, after the DOJ IG issued its summary, Attkisson contacted the lead DOJ IG investigator and asked whether it was true, as Senator Coburn had told Attkisson, that someone had narrowed the DOJ IG’s investigation into her iMac midstream to limit it to only identifying any “hard evidence” of a “remote intrusion,” although the DOJ IG had had already determined evidence of potential remote intrusion had been deleted by somebody other than the Attkissons without their knowledge or permission.
Further, Attkisson’s attorney informed the DOJ IG that its conclusion was “contrary to multiple forensic examinations of the computers done well before you became involved.”
The lead DOJ IG investigator replied that he would check with the DOJ IG General Counsel the following Monday, two days later, and get back to Attkisson on the answer to the question about the allegedly narrowed investigation. He stated, “I don’t think they [the DOJ IG General Counsel] will have a problem with letting you know what the scope of our investigation was. It might help clarify many of your questions.”
However, the lead DOJ IG did not follow up with Attkisson the following Monday.
On February 7, 2015, the attorney for Attkisson contacted the DOJ IG to follow up on the January 24 query about the allegedly narrowed scope of the investigation. The lead DOJ IG investigator declined further respond stating: “I am unable to comment on the accuracy of your description of reported communications with congressional staff because I have no knowledge of any such communications. I hope this provides some clarification.”
The iMac Evidence
In contrast to the DOJ IG summary, factual evidence demonstrates that unauthorized surveillance efforts of the Attkissons included prolonged ongoing surveillance of the family’s iMac. From artifacts remaining on the iMac, the intrusions were shown to have occurred as early as June 2011.
Forensic analysis likewise revealed direct targeting of Attkisson’s Blackberry mobile device when it was connected to her iMac computer.
Operating system log files reveal an unauthorized intruder performed a file recovery process and used it to transfer large numbers of Attkisson’s records off the BlackBerry.
Forensic analysis also detected unauthorized changes to the Virtual Privacy Network (VPN) settings on Attkisson’s iMac. These changes enabled the computer’s built in Ethernet connection, which had not been used for years.
Further evidence of uninvited, remote surveillance was found with issuance of the “smbclient” command; along with recovered records that show the iMac was mounted as a network shared resource. This enabled the intruder(s) to easily view and export the contents of the iMac.
Available forensic evidence reveals the unauthorized intruder(s) maintained complete control of Attkisson’s systems and accessed e-mails, personal files, Internet browsing, passwords, execution of programs, financial records, and photographs of not only Attkisson but also of her family members.
The CBS-hired computer forensic examiner detected an abnormal and unexplained “gap” in the Attkisson’s iMac from December 8, 2012, 10:12:11 p.m. to December 9, 2012, 3:18:39 p.m., which matched up with a similar gap he had found in the CBS Toshiba laptop. At the time of the analysis, he stated to Attkisson, “That’s not normal. Someone did that to your computer. Two separate instances showing the same MO. That shows knowledge of the event logging and it shows skill. Somebody’s deleting days of messages . . . That shows skill.”
The CBS-hired forensic examiner also stated that he found suspicious abnormalities in a key file on the iMac.
“It should be bigger than that. It should be huge. Somebody deleted the file on December 11 . It’s not supposed to be like that. It’s supposed to have lots of data in it and it doesn’t.”
When asked about the meaning of such a finding, the analyst stated, “Someone was covering their tracks,” and that it was done remotely. He added, “We have a deletion temp log that actually begins Saturday, December 11. Suggests the log was deleted on that day.”
The CBS Toshiba Laptop Evidence
On June 10, 2013, the CBS-hired forensic firm issued a “priority report” to CBS warning it found “evidence of at least two (2) successful attempts of unauthorized access of the primary subject computer between 12 December and 31 December 2012.”
According to the report:
- This evidence shows execution of system profiling commands.
- These commands are not normally run and are reserved for learning about a system configuration.
- Evidence suggests these commands were run directly from the account of the customer primary subject, not a customer administration account.
- No party should have performed these actions until at least 8 – 11 January 2013.
- This evidence has been deliberately and securely removed from the primary computer hard drive.
In an email to CBS officials, the CBS-hired cyber firm issued an email entitled “URGET [sic] Update” stating: “[M]y wrap-up analysis of Sharyl’s computer has revealed that someone attempted to run commands during the time frame of concern (12 December 2012 – 8 January 2013). If we assume that an authorized CBS support entity did not execute these commands (based on Sharyl’s responses), then this was the result of an unauthorized third party. What’s even more concerning to me is:
1. These commands are standard fare for a remote user trying to learn about the network configuration of a system.
2. At least two (2) of these commands were run referencing Sharyl’s user account.
3. This history has been securely removed (NOT by CCCleaner) in the most recent version of Sharyl’s hard drive.
I am now concerned about the integrity of your employee machines…
To be clear:
1. I have definitive evidence that shows commands were run from Sharyl’s user account that she did not personally authorize during the timeframe of concern.
2. These commands are not overtly malicious, but unfortunately are a common precursor to more malicious activities.
3. This history has been deliberately removed from Sharyl’s hard drive…”
Between 2015 and 2018, experts for Attkisson conducted additional forensic analyses of Attkisson’s CBS Toshiba laptop. These analyses revealed the remote attackers leveraged a previously unknown software vulnerability in Intel Corporation’s Active Management Technology (“AMT”) software to exploit Attkisson’s CBS Toshiba laptop remotely.
With regard to attribution, information recovered by certified forensic experts directly from Attkisson’s CBS Toshiba laptop proves that remote communication with the system was executed via at least three Internet Protocol (“IP”) addresses owned, controlled, and operated by the United States Postal Service (“USPS”).
The IP addresses were used in the Advanced Persistent Threat (“APT”) cyber-attacks, electronic surveillance, data exfiltration, and cyber-stalking against Attkisson by the US government between 2010 and 2014.
These government-controlled IP addresses did not appear randomly or accidentally, nor were they present because Attkisson “might have purchased stamps online.” The IP addresses were not associated with any web server or website used by the USPS, and forensic attempts to communicate with the IP addresses were rejected.
Analysis demonstrated that the intruder(s) used the USPS IP addresses to open an illicit communications channel between an assigned computer on the Internet and Attkisson’s Toshiba CBS laptop in her home. This establishes indisputable evidence that a person or persons using IP addresses under the federal government’s control communicated directly with Attkisson’s CBS Toshiba laptop on an ongoing basis during the relevant times in question.
Specifically, USPS-owned IP version 4 (“IPv4”) addresses 126.96.36.199 and 188.8.131.52, and IP version 6 (“IPv6”) address 385b:8f09:80fa:ffff:385b:8f09:80fa:ffff, were used as part of a “zero-day” attack against Attkisson’s CBS Toshiba laptop (running Microsoft’s Windows 7 Professional).
Only the FBI has both the necessary legal authorities and the resources to conduct an APT-style cyber-attack such as this in the United States focusing on Attkisson, a US person (“USP”) and member of the news media using a zero-day vulnerability in combination with multiple IP addresses owned by the USPS.
Moreover, during the entire period of the APT cyber-attack, Verizon was also providing bulk metadata to the FBI, including metadata from Attkisson’s CBS mobile phone, personal home phone, and personal home Internet connection.
Analysis conducted by Attkisson’s forensic experts also indicates that the FBI’s Digital Collection System (“DCS”) electronic surveillance capabilities deployed on Defendant Verizon Business Services’ landline networks and Defendant Verizon Wireless’ wireless networks by the FBI’s Telephone Telecommunications Intercept and Collection Technology Unit (“TICTU”) of the Operational Technology Division (“OTD”) including TICTU’s DCS-3000, NG–DCS–5000, and DCS–6000 platforms—were subverted and compromised by the government intruders as part of the overall APT cyber-attacks, electronic surveillance and cyber-stalking against the Attkissons.
According to the Obama Administration’s 2014 budget submission to Congress, the TICTU’s DCS platforms “will continue to collect 100% of Title 50 and Title III collection data, as well as support all new and existing Title 50 and Title III collection system users.”
From an operational perspective, TICTU’s DCS platforms support, among other things, the “incidental” collection of metadata and content related to US persons.
Here, TICTU’s DCS platforms, including service-oriented architecture (“SOA”) middleware interfacing, respectively, with Defendant Verizon Business Services’ and Defendant Verizon Wireless’ switches, routers, and network elements—were subverted and compromised by DOJ and the FBI as part of the overall APT cyber-attacks and cyber- stalking against the Attkissons.
The forensic analyses likewise confirms that agents or employees of the government were likewise involved in the tapping of the Attkissons’ FiOS fiber-optic telecommunication line, and a mobile WiFi hot-spot (Verizon MiFi 4510L) provisioned on Verizon Wireless’ network was used to connect to Attkisson’s CBS Toshiba laptop for surveillance and data exfiltration by the U.S. government Verizon Wireless’ resources; and an Inmarsat BGAN mobile satellite terminal was used to connect to Attkisson’s CBS Toshiba laptop for surveillance and data exfiltration.
Between January 4, 2013, and January 8, 2013, among other relevant time periods, the government used a remote system, assigned with US Postal Service (“USPS”) IPv4 address 184.108.40.206 and USPS IPv6 address 385b:8f09:80fa:ffff:385b:8f09:80fa:ffff, to communicate using transmission control protocol (“TCP”) with Attkisson’s CBS Toshiba laptop.
The remote system was used for both command and control and data exfiltration in the electronic surveillance and cyber-stalking against Attkisson.
The USPS IP addresses were logged automatically on Attkisson’s CBS Toshiba laptop by a software application called evteng.exe, a component of Intel’s wireless networking management software.
In October 2017, during deposition testimony by USPS technical representative Cliff Biram, USPS testified that IP address 220.127.116.11, among others, was never advertised by USPS—using BGPv4 or any other EGP method—on the Internet.
Forensic analyses indicate that, between 2007 and 2014, BGP hijacking incidents occurred at U.S. and European Internet service providers (“ISPs”) involving the unauthorized advertising on the Internet of USPS’s entire Class A block of 16,777,216 IPv4 addresses, or USPS’s entire 18.104.22.168/8 IPv4 prefix.
Thus, although in January 2013 USPS was not advertising the IP addresses that were logged on Attkisson’s CBS Toshiba laptop, these IP addresses were in fact being used by government resources.
As mentioned above, Attkisson’s forensic analyses discovered that malware files running on Attkisson’s CBS Toshiba laptop, including while it was connected via a Juniper VPN link to CBS’s internal corporate network at her home in Leesburg, Virginia, were using the USPS IPv4 and IPv6 addresses to communicate across Verizon’s FiOS network with one or more remote systems controlled by the Defendants.
The malware files were recovered from a forensic image of the CBS Toshiba laptop’s internal hard drive by using Arsenal Recon software to carve the hiberfil.sys file, and, subsequently, by using Volatility 2.6 software to carve the ActiveMemory.bin file that was extracted from the hiberfil.sys file. These operating system files were created by Microsoft’s Windows 7 Professional operating system on January 8, 2013, when the laptop went into hibernation mode.
Between 2011 and 2014, Attkisson logged numerous events during which her work mobile phone or her personal mobile phone were subjected to severe radio-frequency (“RF”) interference. These events were likewise attributable to government surveillance by virtue of the same modes and methods described above.
The Lawsuit Latest
In March of 2019, an appellate panel of three judges determined the former Attorney General Eric Holder has immunity from Attkisson’s claims.
Two of the three judges ruled Attkisson’s claims should be dismissed because she took too long, three years— and without success—to determine the names of the “John Doe” federal agents involved in the intrusions of her computers.
A third judge rightly dissented, understanding that Attkisson consistently attempted to identify the John Does but the Department of Justice continuously blocked discovery, filed protective orders and filed motions to dismiss in an attempt to obstruct. The government did not turn over a single piece of paper in response to more than a dozen subpoenas.
The dissenting judge called the government’s actions “Kafkaesque” for obstructing Attkisson and then blaming her for “taking too long.”
Attkisson continues to move forward with the lawsuit.
The Department of Justice continues to spend tax money to fight her.