Under the Radar Blog Archives Select Date… August, 2020 July, 2020 June, 2020 May, 2020 April, 2020 March, 2020 February, 2020 January, 2020 December, 2019 November, 2019 October, 2019 September, 2019

The court records show prosecutors got a court order in September 2012 to examine data from James Cartwright's Gmail account, such as whom he was emailing and when. | Pablo Martinez Monsivais/AP Photo Court unseals details on Stuxnet leak probe

A federal court has unsealed new details about how investigators tried to track down suspected sources for New York Times reporter David Sanger's book discussing how the U.S. and Israel used a computer virus known as "Stuxnet" to sabotage Iran's nuclear program.

Documents made public Thursday on the order of a federal magistrate judge indicate that investigators obtained court orders in 2012 to receive information about messages sent and received by at least two former officials on their private email accounts: retired Marine Gen. James Cartwright and another official whose name was not disclosed by the court.

Cartwright pleaded guilty in 2016 to a single felony count of lying to the FBI, although he also acknowledged to the court that he had provided and confirmed top-secret information to Sanger as he was reporting for his book, "Confront and Conceal." The former vice chairman of the Joint Chiefs of Staff was facing a potential sentence of up to five years in prison before President Barack Obama issued him a pardon three days before leaving office last January.

The court records show prosecutors got a court order in September 2012 to examine data from Cartwright's Gmail account, such as whom he was emailing and when. The order did not permit investigators to see the content of the messages, but they likely got that information eventually through a search warrant.

"A witness told investigators that General Cartwright communicated with David Sanger concerning Confront and Conceal," then-U.S. Attorney for Maryland Rod Rosenstein and Assistant U.S. Attorney Leo Wise wrote in applying for the order. "The United States obtained, via Grand Jury subpoena, telephone records for a cell phone owned by General Cartwright. Those records show that General Cartwright called Mr. Sanger on January 18, 2012 and spoke to him for 39 minutes and called him on March 9, 2012 and spoke with him for 31 minutes. Both calls occurred prior to publication of Confront and Conceal in June 2012."

A bit more mystery surrounds the second order, which suggests that the target of that directive fell under suspicion in part due to an email exchange with a White House official.

The court records say that on June 1, 2012, the day an excerpt from Sanger's book appeared in the Times outlining the Stuxnet operation against Iran, a former government official emailed an ex-colleague at the White House about the disclosures.

"Sanger clearly says that I would not talk about what happened while I was in government and I frankly didn't know ( until today of course) what happened after I left," the former official wrote.

The White House official forwarded the message to a colleague, who replied, according to the court filing: "That's not what Sanger told me."

While the former official's name and the names of the others involved in the exchange were redacted by the court, the only source cited in Sanger's article saying that he could not talk about what happened while he was in government is former Central Intelligence Agency Director Michael Hayden, a retired Air Force General who also headed the National Security Agency under Presidents Bill Clinton and George W. Bush.

Reached Thursday evening, Hayden declined to comment on whether the email message was his. However, he expressed support for the FBI's work on the matter.

"It looks like the bureau was both thorough and respectful of the rule of law," Hayden told POLITICO.

Sanger declined to comment on the specifics of the FBI's quest to expose his sources and said the redactions obscured both the identities of those involved in the White House email exchange and their meaning.

However, the veteran Times national security reporter said the unsealing of the court filings revealing investigators' focus on his June 1 article, "Obama order sped up wave of cyberattacks against Iran," amounted to the closest the U.S. government has come to owning up to its role in the campaign to disrupt Iran's nuclear infrastructure.

"You can't tell from these legal documents who's talking about what, but it does show you the government was going to extraordinary lengths to find the sources of the story of the first known, sophisticated American cyberattack on a foreign nation — and these documents are about as close as this government has come to acknowledging the facts in the story," Sanger said Thursday night.

POLITICO Playbook newsletter Sign up today to receive the #1-rated newsletter in politics Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Then-Attorney General Eric Holder assigned Rosenstein to conduct the leak investigation into Sanger's Stuxnet reporting, although authorities' public statements at the time about precisely what was being investigated were extremely vague.

Four years elapsed between the issuance of the email-related orders released Thursday and the filing of the charge against Cartwright.

The Trump administration has announced a review of guidelines governing investigations involving the media. Rosenstein, now deputy attorney general, has cited the Cartwright probe as an example of the often-protracted delays in leak cases.

However, published reports suggest that the bulk of the delay in that case stemmed not from protections for journalists, but difficulties coordinating the case with Israeli officials, who were concerned about potential additional public disclosures of intelligence secrets.

The court records were made public as a result of a court application filed last year by the Reporters Committee for Freedom of the Press, which sought more details about how the FBI and prosecutors investigate leak cases.

U.S. Magistrate Judge Deborah Robinson agreed on Tuesday to unseal the records with the concurrence of prosecutors. She issued the 2012 order focused on the former official's America Online account, while U.S. Magistrate Judge Alan Kay issued the order aimed at Cartwright's Gmail.

It is unclear how Robinson determined what portions of the orders should remain sealed or why most names were deleted from the documents made public. Her orders unsealing the filings remain under seal.

DISCLOSURE: Gerstein is a member of the Reporters Committee's steering committee.