Russian Agents Sought Secret US Treasury Records On Clinton Backers During 2016 Campaign

Whistleblowers said the Americans were exchanging messages with unsecure Gmail accounts set up by their Russian counterparts as the US election heated up.

US Treasury Department officials used a Gmail back channel with the Russian government as the Kremlin sought sensitive financial information on its enemies in America and across the globe, according to documents reviewed by BuzzFeed News.

The extraordinary unofficial line of communication arose in the final year of the Obama administration — in the midst of what multiple US intelligence agencies have said was a secret campaign by the Kremlin to interfere in the US election. Russian agents ostensibly trying to track ISIS instead pressed their American counterparts for private financial documents on at least two dozen dissidents, academics, private investigators, and American citizens.

Most startlingly, Russia requested sensitive documents on Dirk, Edward, and Daniel Ziff, billionaire investors who had run afoul of the Kremlin. That request was made weeks before a Russian lawyer showed up at Trump Tower offering top campaign aides “dirt” on Hillary Clinton — including her supposed connection to the Ziff brothers.

Russia’s financial crimes agency, whose second-in-command is a former KGB officer and schoolmate of President Vladimir Putin, also asked the Americans for documents on executives from two prominent Jewish groups, the Anti-Defamation League and the National Council of Jewish Women, as well as Kremlin opponents living abroad in London and Kiev.

In an astonishing departure from protocol, documents show that at the same time the requests were being made, Treasury officials were using their government email accounts to send messages back and forth with a network of private Hotmail and Gmail accounts set up by the Russians, rather than communicating through the secure network usually used to exchange information with other countries.

Got a tip? You can email tips@buzzfeed.com. To learn how to reach us securely, go to tips.buzzfeed.com.

Analysts at an elite agency within Treasury first warned supervisors in 2016 that the Russians were “manipulating the system” to conduct “fishing expeditions.” And they raised fears that the Treasury’s internal systems could be compromised by viruses contained in emails from the unofficial Russian accounts. But staff continued using the Gmail back channel into 2017, despite repeated internal warnings that Russia could be trawling for sensitive financial records — including Social Security and bank account numbers — to spy on, endanger, or recruit targets in the West.

The Treasury Department refused to tell BuzzFeed News why its officials were communicating with unofficial Gmail accounts at the same time that Russia was sending the suspicious requests, or to say whether it eventually turned over any documents in response. Nor would officials answer any other specific questions about the matter.

In a statement, a spokesperson said: “Treasury does not discuss or comment on confidential communications with foreign governments, including to confirm whether or not they have occurred. We have notified our Office of the Inspector General of these allegations.”

Want to support more reporting like this? Become a BuzzFeed News member today.

But documents reviewed by BuzzFeed News reveal that Russia’s attempts to extract information about Western targets triggered alarms inside the Financial Crimes Enforcement Network, or FinCEN, a powerful unit of the Treasury Department with exclusive access to the most comprehensive and sophisticated financial database in the world.

Officials at FinCEN said they reported the use of the back channel to Treasury’s counterterrorism unit and security office, and requested an investigation. They said it was a breach of protocol and that it exposed the Treasury to potential hackers because the Russian messages contained attachments — a common way for intruders to worm inside an organization’s servers.

“If the attachment had a virus it could infiltrate the server,” a senior FinCEN official told BuzzFeed News. This source said insiders have been concerned that their internal records could have been corrupted.

The FinCEN officials reported the incidents in July and August 2016, and claim that there was no substantive investigation of the matter. These sources said that other senior officials continued to use the back channel even after they were told to stop by the Treasury’s office for security.

They suspected that the Russian agency making the requests, called Rosfinmonitoring, set up by Putin in 2001 to combat money laundering and terrorist financing, was closely tied to Russia’s espionage apparatus.

“They are passing information that may have interest to the Russians for other reasons,” a FinCEN official wrote to colleagues in March 2017. “One has to wonder what the heck is going on here.” This official filed for whistleblower protection and quit last year.

“If you are a Russian government entity and you are communicating with Americans, you have an FSB officer sitting right next to you and that officer is probably sending the email.”

In emails reviewed by BuzzFeed News, FinCEN insiders expressed shock that staff in another Treasury office had agreed to communicate with the Russians outside of normal, secure channels. FinCEN uses an encrypted portal called the Egmont Secure Web to exchange information with more than 160 other countries, including Russia, and to keep sensitive financial data out of the wrong hands.

A former US intelligence official who served in Russia for many years told BuzzFeed News that the use of unsecure accounts is a major red flag for espionage activity.

“Rosfinmonitoring is under the command and control of the FSB,” the former intelligence officer said, referring to Russia’s spy agency. “If you are a Russian government entity and you are communicating with Americans, you have an FSB officer sitting right next to you and that officer is probably sending the email.”

The first chapter in this extraordinary chain of communications began in late 2015, when a unit of the Treasury Department called the Office of Terrorist Financing and Financial Crimes entered into an agreement, named the ISIL Project, that called for Russia and the US to share information on financial institutions in the Middle East suspected of supporting ISIS.

According to a senior FinCEN intelligence analyst, Russia’s subsequent actions suggest that was just a cover. “What we were seeing with Russia was the fruition of a long-term strategy to try and compromise Treasury by cultivating civil servants. That’s why we sounded the alarm and reported it.”

It was not the only time that concerns about serious counterintelligence threats were raised at the elite financial intelligence unit during the past two years.

Six sources told BuzzFeed News that at least two FinCEN analysts were reported to Treasury’s inspector general over suspicions that they might have been working against the interests of the US.

One analyst was a man with close family ties to Ukraine. He was tracking the finances of corrupt foreign officials in a job that requires a security clearance. Four sources said they were told by security officials at the agency that the analyst turned out not to have one. He had applied for clearance during his previous posting at the State Department, they were told, but was denied it because of suspicious contacts with foreigners. The sources said the man also had unusual contacts with his colleagues both before and after he was fired. Shortly after he was escorted out of FinCEN early last year, he showed up outside a coworker’s apartment building late at night and asked questions about investigations and internal Treasury databases. The coworker reported the encounter to supervisors.

The man’s uncleared access to sensitive information was considered such a major national security breach that FinCEN was stripped of its authority to grant security clearances for some time, according to these four sources. FinCEN’s security chief was later placed on administrative leave.

A second employee was suspended after he was caught traveling to other countries without informing his supervisors — something that FinCEN analysts are forbidden to do because of the value their data could have to foreign powers. A Treasury spokesperson declined to answer detailed questions about these matters.

These revelations are the latest evidence of the disarray inside America’s financial intelligence system, which a two-year BuzzFeed News investigation has laid bare.

FinCEN is a critical US law enforcement agency that each day collects and analyzes thousands of bank reports about suspicious financial behavior. Analysts have played a key role in current investigations by the FBI and special counsel Robert Mueller, assisting FBI agents with inquiries into the murky finances of President Donald Trump and his associates.

Yet hundreds of internal records and interviews with more than a dozen insiders — from frontline workers to senior leaders — show an agency in turmoil, torn apart by turf battles, sinking morale, and internal chaos. Officials there say that, as a result, the unit struggles to hold the line against global money launderers, terrorist organizations, and drug cartels, and lies vulnerable to foreign threats.

Critical financial records on some Trump associates and Russian figures, collected by FinCEN analysts, have not been turned over to Congress, despite numerous requests. And more than a dozen FinCEN officials say that a rivalry with another unit of the Treasury Department cost them several crucial hours of work to track suspects’ movements in the immediate aftermath of the 2017 London Bridge terror attack.

The disarray bled into FinCEN’s daily output. One analyst wrote an investigative memo last year that was shared with the FBI, falsely connecting a member of Trump’s inner circle to a notorious Kremlin bagman. BuzzFeed News reviewed that memo and quickly debunked it; a spelling error led the analyst to mistake an unrelated person for the Putin financier.

At least 10 FinCEN employees have filed formal whistleblower complaints about the department. The whistleblowers say they tried multiple times to raise concerns about issues they believed threatened national security, but that they faced retaliation instead of being heeded. Some of FinCEN’s top officials quit in anger. One senior adviser has been arrested and accused of releasing financial records to a journalist.

That adviser, a whistleblower named Natalie Mayflower Edwards, first sounded the alarm in the summer of 2016. She went on to speak with six different congressional committee staffers to air her concerns. In July and August 2018, she met again with staffers of one of the Senate committees investigating Russian interference during the presidential campaign. In those meetings, she told the staffers that FinCEN withheld documents revealing suspicious financial transactions of Trump associates that the committee had requested.

Along with a colleague, Edwards wrote a letter last year to six congressional oversight committees. In it, the analysts included documentary evidence and Edwards wrote, “I have brought forward lawful documented evidential disclosures of violations of law, rule, and regulations, gross mismanagement, gross waste of funds, abuse of authority, and substantial and specific danger to public safety and I have NOT been protected against reprisal.”

Edwards added that she reported the “wrongdoing” to her supervisor, the inspector general, Treasury’s general counsel, Treasury security personnel, and the counterterrorism unit, requesting an internal investigation, as well as alerting the Office of Special Counsel, the federal government agency that deals with whistleblower complaints. Despite her disclosures, she wrote, “I continue to be retaliated against.”

“May Edwards took it on herself to try and protect everyone here as well as national security,” a senior FinCEN official told BuzzFeed News. “Nobody listened to her or some of the other brave whistleblowers who came forward. They’re all now paying a high price.”

Over the past two years, BuzzFeed News reporters have spoken at length to 12 individuals inside FinCEN. These men and women asked for anonymity to draw back the curtain on breakdowns inside the world’s most powerful financial watchdog. They described an agency turned upside down, where failures left them vulnerable to foreign threats, hampered their ability to investigate financial crimes, and ultimately put the public in danger.

A high-risk agreement

The foundations of the Treasury Department’s highly unorthodox relationship with its Russian counterpart were built late 2015, sources and internal documents show.

One of FinCEN’s key jobs is to work with other governments to track illicit money networks and shell companies across the globe. Nearly 160 countries, including Russia, have agreements to share bank information through a secure network.

But Russia chose to work outside that system — and it began by building a relationship with a unit of Treasury called the Office of Terrorist Financing and Financial Crimes.

Senior officials from the terror unit had multiple meetings with top officials at Rosfinmonitoring to discuss jointly tracking the financing of ISIS. Among the negotiators was the Russian financial watchdog’s second-in-command, Yuri Korotky. Korotky went to a KGB finishing school the same year that Putin finished his training there, and worked for the KGB’s successor, the FSB, after the collapse of the Soviet Union.

Rosfinomintoring did not return detailed messages seeking comment.

Korotky and other Russian officials proposed that Rosfinmonitoring trade information directly with the US as part of their joint effort to defeat ISIS. But almost immediately, the Russians reneged on their end of the bargain.

Rosfinmonitoring was slow to share data. It sought ways to work around FinCEN, the Treasury office that had sole access to the data it wanted, and whose analysts were skeptical of sharing information directly with Russia. By the summer, Rosfinmonitoring had made a series of requests about individuals and companies seemingly unconnected to ISIS or jihadi terror.

Among them were Alexander Lebedev, a newspaper publisher and Putin critic based in London. The Russians asked for financial tracking documents on a company tied to the Panama Papers, the multinational investigation that embarrassed the Kremlin by revealing Putin’s financial network. Throughout 2016, Rosfinmonitoring asked for documents on nearly two dozen entities that FinCEN insiders believed were enemies of the Kremlin.

Even more concerning: Documents show senior officials within the Terrorist Financing unit were communicating with Hotmail and Gmail accounts set up by the Russians, rather than using the standard secure channels.

“They sent this to a GMAIL account? Is that normal?” 

When she found out, FinCEN’s chief of staff was stunned.

“They sent this to a GMAIL account? Is that normal?” she asked in an email to a half dozen colleagues on Nov. 28, 2016.

The chief of staff was responding to Treasury colleagues who were discussing with Rosfinmonitoring the outlines of their agreement to track terrorism financiers.

“Unfortunately, Rosfin does prefer throwaway gmail accounts as their preferred method to communicate,” a FinCEN intelligence official responded.

In March 2017, this same official wrote to supervisors to warn that Russia was manipulating the system. She said that the Terrorist Financing unit, which set up the collaboration with Russia, wasn’t forthcoming about the extent of its relationship with that country and wouldn’t let FinCEN attend meetings with its representatives.

A power vacuum

Just as the Kremlin started fishing, a new leader took over FinCEN.

Jamal El-Hindi has spent nearly two decades at Treasury. When he was named acting director of FinCEN in June 2016, he assumed control of one of the most important law enforcement bodies in the US.

But during his tenure, FinCEN has withered.

About 70 full-time jobs have gone unfilled, sources said, and El-Hindi canceled popular programs that insiders felt helped them recruit young, talented analysts. Employees grumbled about a laggardly pace inside the building and complained that basic reports once took days to be approved but were now being held in limbo for weeks.

Twelve current and former employees said El-Hindi was notoriously late to meetings. Unlike his predecessors, he did not set yearly priorities, they said. One veteran supervisor said that on El-Hindi’s watch, FinCEN became too cautious and too concerned with the optics of its work rather than the substance.

“El-Hindi’s failure to make decisions is legend at FinCEN,” this official said. “At one point, the previous director had him put together a decision-making seminar in hopes he might learn how to decision-make.” BuzzFeed News sent El-Hindi detailed messages personally and through Treasury, but received no response. The previous director also did not respond to queries.

A new director, Ken Blanco, took over the unit in November 2017.

“Treasury does not comment on personnel actions or matters,” a spokesperson told BuzzFeed News.

By 2017, morale at FinCEN ranked dead last among every unit at the Treasury Department. Frustrated by the dysfunction, seasoned employees started leaving for more lucrative work in the private sector. That’s when officials in a rival department made a lunge for FinCEN’s greatest asset.

Turf war

The unit of Treasury that monitors suspicious bank transactions outside the US is called the Office of Intelligence and Analysis, a sister unit of the terror department that had struck the deal with the Russians. Now, by the fall of 2016, the OIA wanted more authority over FinCEN’s vast database of suspicious financial transactions across the globe.

The unit proposed a “realignment” that would have peeled off FinCEN’s authority over the database, some of its employees, and a piece of its budget. FinCEN staffers were aghast. They worried that El-Hindi was too weak to fend off the incursion and that it would hamper the office’s ability to fight financial crime. They also said the move by OIA was illegal, because it would cross the bright line that is supposed to separate intelligence agencies that collect information abroad from those that collect information on US citizens and residents.

OIA’s maneuver led to an open revolt inside FinCEN. More than a dozen workers reported the matter to their supervisors or to Congress. In September, an attorney from OIA got into a heated exchange with a small group of FinCEN employees, according to eight sources and internal documents.

After BuzzFeed News published a report about the allegations last year, Sens. Ron Wyden and Orrin Hatch sent a letter to the Department of Treasury’s inspector general, Eric Thorson, requesting a briefing about the matter.

After months of investigation, Thorson’s office concluded there was no merit to the complaints, which included the allegation that OIA analysts illegally snooped on the banking records of American individuals and companies.

His office noted, however, that OIA has been working for a decade without proper guidelines on how it handles US citizens’ information. The audit report recommended that OIA “as expeditiously as possible” submit its rules to the Department of Justice for approval, which the agency did earlier this year.

El-Hindi wanted his department to “get along” with OIA, these sources said, and did little to stand in that office’s way. In fact, emails show that he instructed his workers not to take their complaints to Congress — which the whistleblowers viewed as a staggering betrayal.

But the FinCEN employees spoke out anyway.

At least 10 filed formal whistleblower paperwork, many for the first time in their government careers. In meetings with six different congressional committees, two of the whistleblowers described a litany of misconduct at Treasury, including Russia’s attempt to gather intelligence on its enemies during the 2016 election. To this day, the committees have done little to address those whistleblowers’ concerns.

Ultimately, FinCEN won out. The realignment failed and the unit retained control over its records. But its battle with OIA wasn’t over.

Desperate hours

In May 2017, a bomb exploded at an Ariana Grande concert in northwest England and killed 23 people. The following month, knife-wielding terrorists attacked pedestrians near London Bridge.

Because the US has access to the largest set of financial records in the world, the British turned to the Americans for help. In the first frantic moments following an attack, FinCEN’s financial databases can reveal important information about the killers, others in their network, or whether another plot is imminent.

FinCEN analysts sprang into action, racing to their headquarters in Northern Virginia to begin searching for clues on a Saturday night. But when they arrived, they discovered that everyone on duty had been locked out of the classified networks that they depended upon. They couldn’t open links from the FBI about the suspected terrorists they were supposed to be chasing and they couldn’t trace the suspects’ funding.

That night, two dozen FinCEN employees learned that the digital keys they needed to unlock classified data had expired without warning. The suspects remained on the run in London, but FinCEN was unable to help track them.

The office that administered those security keys was OIA, FinCEN's rival department.

Staffers were furious.

“We have escalated the critical problem to key individuals,” one of the whistleblowers wrote in an email, “and we still DO NOT have the ability to complete our mission or fully protect the American people.”

OIA blamed the FinCEN employees for forgetting to update their permissions. But more than a dozen FinCEN officials said they saw the incident as retaliation for their earlier power struggle. OIA had sent its own staffers an email weeks earlier reminding them to apply for new keys, but had not sent that same email to anyone at FinCEN. OIA officials blamed that oversight on “time” and “resource restraints.”

The divide grew, and made its way to Congress, where Republican Steve Pearce, chair of the House Subcommittee on Terrorism and Illicit Finance, demanded answers. The Treasury Department’s inspector general stepped in again to investigate, and concluded that OIA had done nothing wrong — though he did acknowledge the strained relationship between OIA and FinCEN.

The whistleblowers told BuzzFeed News they have largely given up on seeing anyone at FinCEN, OIA, and TFFC held accountable for the chaos that they say has torn the Treasury apart over the past two years.

“It is very hard to measure the sum total of the damage done,” said one of the whistleblowers, a senior FinCEN official. “We are treading water right now.”●

Tanya Kozyreva, Emma Loop, John Templon, and Azeen Ghorayshi contributed to this story.

Skip to footer