In early August, Chris Vickery, the director of risk research at the cybersecurity firm UpGuard, was browsing GitHub, an open-source software repository, for references to Cambridge Analytica. Vickery, in March of 2018, had discovered that an obscure Canadian data firm called Aggregate IQ had developed election software that Cambridge Analytica sold to political campaigns—most notably Donald Trump’s. In that case, Vickery found hundreds of pages of code. His August find was less substantial: a read.me file, written in plain English, that said, “Useful, revenue-producing data applications that Cambridge Analytica won’t suggest to you.” Its author, a California-based political operative named Ron Robinson, claimed to have worked on nearly a hundred campaigns, including efforts for Mitch McConnell, Joe (the Plumber) Wurzelbacher, and Newt Gingrich. His post, which went on to say that the actual code has been removed “for NDA privacy,” was hashtagged “#Social Engineering”, “#MAGA,” and “#Hacks.”

After some more digging, Vickery found a series of advertisements, posted by Robinson, selling what he was calling “subpoena resistant” e-mail accounts with the domain name NSAmail.us. Robinson was also offering a second e-mail service, with the domain name innoc.us, for “those who don’t want to taunt the NSA every time they send an email.” The accounts, which were intended to be beyond the reach of U.S. law enforcement, had been hosted in Russia by a company called Mir Telematiki. (In fact, the National Security Agency had been surveilling Mir Telematiki’s servers since 2009.) Coincidentally, perhaps, this was the same hosting service used by WikiLeaks. On August 16th, Vickery contacted the F.B.I. “I have reason to believe that [Robinson] provided email and other online services to US political campaigns, political action committees, and related entities through servers physically located in Moscow, Russia,” Vickery wrote on the F.B.I.’s online tip portal. “It is reasonable to assume [he] knew, or should have known, the in-depth level of access Russian intelligence agencies would have to emails, files, and other data passing through servers located in Moscow.” (Robinson declined to comment for this story.)

On social media, the unmasking of Robinson quickly fed various conspiracy theories, some elaborate, some prosaic. But all of them included a suggestion that Ron Robinson was, in the words of one of Vickery’s Twitter followers, “a Kremlin asset.” All of the dots seemed to connect. Robinson, a Tea Party activist, is Facebook friends with Rhonda Rohrbacher, who is the wife of former Representative Dana Rohrbacher, popularly known as Putin’s favorite congressman. Robinson was also connected on Facebook to David Bossie, Trump’s deputy campaign manager, in 2016, as well as to a number of other prominent right-wing power brokers, including Ned Ryun, the founder and C.E.O. of American Majority, an organization that trains “liberty-minded” candidates and activists. In addition to offering “subpoena resistant” e-mails, he had been recommending that his clients forgo Google for Yandex, the Russian e-mail and search-engine company, because “it is much harder to subpoena from a foreign entity.” “Don’t ever change, Yandex,” Robinson wrote, in June, in a Facebook post that also tagged two California Tea Party officials. “Some of us trust you more than we trust certain agencies on this side of the pond. Thanks for keeping our stuff safe. We knew we made the right choice.”

[…]