The redacted version of the Muller report released Thursday surfaces new details about the correspondence between WikiLeaks and Donald Trump Jr. before the 2016 election.
In November 2017, we learned that Trump’s eldest son had exchanged direct messages with the WikiLeaks Twitter account in September 2016, less than two months before Election Day. In those messages, the WikiLeaks account, which is widely suspected to have been primarily operated by WikiLeaks founder Julian Assange, offered Trump’s son a “guessed” password to an “anti-Trump site putintrump.org that is about to launch.”
According to the Mueller report, that password was provided to WikiLeaks by a man named Jason Fishbein, a detail that was previously unknown. A footnote in the report details that Fishbein obtained the password from someone in a chat room for discussing U.S. politics. Fishbein then sent a direct message to WikiLeaks with the login credentials, which were then passed on to Trump Jr.
Hours later, Trump Jr. sent an email to senior campaign officials admitting that he used the “guessed” password to access the site. “I tried the password and it works,” he wrote. That could be an admission that he violated a federal criminal hacking law called the Computer Fraud and Abuse Act, which makes it illegal to access a computer using a stolen password without authorization. WikiLeaks doesn’t appear to have had authorization to access the site, and the person behind the account told Trump Jr. that the password he provided was guessed, which implies pretty clearly that the then-candidate’s son knew he was using a key he wasn’t supposed to have. The email where Trump Jr. admits that he accessed a website knowingly using a hacked password was first published in a report from the House Permanent Select Committee on Intelligence in 2018.
In that email, Trump Jr. goes on to say that he attached screenshots of an About page of the site, thereby demonstrating in pretty clear terms that he obtained information off the site after using a password he wasn’t authorized to use. Orin Kerr, a law professor specializing in computer crime at the University of Southern California, wrote on the blog Lawfare that that may be enough to make his access of the site a violation of the Computer Fraud and Abuse Act.
This wouldn’t be Assange’s first time brushing shoulders with potential violations of federal criminal hacking law. Last week, when he was arrested by British police after spending seven years hiding out in the Ecuadorian Embassy in London on charges of skipping bail, the U.S. District Court for the Eastern District of Virginia unsealed an indictment charging Assange with conspiring to commit computer crime by helping former Army intelligence officer Chelsea Manning crack a password to a government computer. While it’s not yet clear that Assange will ever be brought back to the U.S. to face these charges, it is clear that Assange isn’t shy about encouraging people to break password locks to hack into computers and websites they’re not supposed to access.
The Twitter handle provided for Jason Fishbein in the Mueller report links to a person who claims to be in “edtech marketing,” but I found another account that’s different by one character that belongs to someone with the same name who appears to be a fan of WikiLeaks and a defender of Assange. I reached out to both to ask if they’re at all affiliated with the person named in the report and will update this story if I learn more.
About two weeks after WikiLeaks first messaged Trump Jr., it sent another message to the then-candidate’s son asking for help sharing a link to a website “alleging candidate Clinton had advocated using a drone to target Julian Assange,” the Mueller report reads. A little over a week later, WikiLeaks wrote to Trump Jr. again to “strongly suggest your dad tweets this link if he mentions us wlsearch.tk.” Trump Jr. apparently got the message. Two days later, he tweeted the link.