Trump Fundraiser Broidy Claims Qatar Used U.S. Firm in Hack

(Bloomberg) -- Elliott Broidy, a top fund-raiser for President Donald Trump who claimed his computers were breached and emails leaked in actions sponsored by Qatar, now asserts that the actual hacks were coordinated by a U.S. company linked to a former CIA spy.

Trump Fundraiser Broidy Claims Qatar Used U.S. Firm in Hack

In an amended lawsuit, Broidy lays out what he says was a coordination between the ex-spy and influential Qataris. One of them, Ahmed al-Rumaihi, has been linked in recent reports to alleged influence-selling efforts involving people close to Trump. In this latest twist, Broidy accuses al-Rumaihi and others of using the hacks to punish him for his behind-the-scenes campaign leading up to a crippling international blockade of Qatar.

Broidy, who runs Los Angeles-based Broidy Capital Management LLC, is a former top fundraiser for the Republican National Committee who resigned after reports that he paid $1.6 million to conceal an affair with a Playboy playmate.

Beginning earlier this year, hackers leaked stolen emails to the Associated Press, New York Times, Wall Street Journal, Bloomberg News and other media outlets, which published unflattering accounts of how Broidy tried to profit from his proximity to Trump, seeking to benefit his defense contracting firm as well as Qatar’s gulf rival, the United Arab Emirates.

In his amended lawsuit, filed Thursday in federal court in Los Angeles, Broidy claims that a U.S.-based security firm, Global Risk Advisors, introduced Qatar to “cyber mercenaries” who executed that hack. Those alleged hackers include Omniscope Ltd., a U.K.-based security and intelligence firm, according to the complaint. The firms didn’t respond to emails seeking comment.

“The evidence is clear that a nation state is waging a sophisticated cyber information campaign against me in order to silence me,” Broidy said in a statement. “I have been targeted because of my strong political views against Qatar’s state sponsored terrorism and double dealing.”

Qatar fired back. “Mr. Broidy’s latest false allegation is yet another desperate attempt to divert attention from his own illegal activities,” Qatar’s spokesman, Jassim Al Thani, said in a statement. “His claims are completely fabricated and without merit. He attempts to portray Qatar as the aggressor, when he knows full well Qatar does not operate in this manner. The facts show it was Mr. Broidy who conspired in the shadows against Qatar -- not the other way around.”

New Defendants

Broidy’s filed his 70-page amended lawsuit after the federal judge overseeing his case questioned its strength.

Among the new defendants named in the amended complaint are Global Risk Advisors; its founder Kevin Chalker; a GRA managing director, David Mark Powell; Mohammed bin Hamad bin Khalifa Al Thani, brother of the emir of Qatar; and al-Rumaihi, who once led the investments division of the country’s sovereign wealth fund.

Al-Rumaihi’s investment group, Sport Trinity, called the allegations "completely meritless" in a statement. "The complaint promotes false and misleading descriptions of Mr. al-Rumaihi," Sport Trinity wrote. "In June 2017, the time identified in the complaint, Mr. al-Rumaihi was no longer employed by the State of Qatar or the QIA."

The other new defendants couldn’t be reached for comment.

The evidence in the lawsuit linking GRA to the attack is laid out in a few paragraphs. Sometime before the Dec. 27 hacks against Broidy, Qatar hired GRA to “coordinate an offensive cyber and information operation” against Broidy, his firm, and his wife, Robin Rosenzweig. Several weeks before the hack, according to the filing, GRA opened a satellite office in Doha.

GRA recruited new employees “within the small community of former U.S. government cyber operatives,” making it clear they had been retained to “conduct or coordinate offensive cyber operations” on behalf of Qatar. GRA introduced Qatar to “known and unknown threat actors to execute the attacks.”

The complaint doesn’t reveal the source of this allegation about recruiting cyber operatives.

A website for Global Risk Advisors says the firm provides “security products and advisory services to governments and corporations.”

The revised complaint claims that the GRA founder, Chalker, had worked as a cyber operative at the Central Intelligence Agency. Beyond using Omniscope, the operation also involved a naturalized Israeli citizen with a history of criminal activity, a retired Moroccan diplomat and a London-based strategic intelligence firm, the complaint alleges, without naming them or providing further details.

Password List

The hackers, using emails purporting to be from Google’s security team, got Broidy’s wife and his executive assistant to provide passwords for their personal Gmail accounts. Rosenzweig kept a Google document with a list of other passwords, including one for her Broidy Capital Management corporate account, which the hackers then used to sign in, according to the complaint.

They were able to get access to several other BCM accounts, including Broidy’s, that used a common password -- a serious security lapse -- according to the complaint. A person familiar with the probe said it was unclear how the attackers obtained that password.

Although the attackers used software to disguise the location of their computers, the lawsuit says that software briefly failed, providing investigators with an Internet Protocol address in Doha, which they allege belonged to the attackers.

$1 Million Ask

Broidy’s allegations are only the latest in recent weeks to touch on al-Rumaihi, who once served as the No. 2 official at the Qatari embassy in Washington. The Intercept reported last week that Trump’s personal lawyer, Michael Cohen, asked him in December 2016 for an upfront fee of $1 million for his services related to potential Qatari investment in U.S. infrastructure. Al-Rumaihi says he declined. Cohen denied his account.

A lawsuit filed in Los Angeles last month claims that al-Rumaihi was among foreign investors who withheld millions of dollars from the Big3 basketball league in an attempt to push out the founders, who include entertainer Ice Cube. Al-Rumaihi suggested he’d bribed Michael Flynn, Trump’s former national security adviser who has pleaded guilty to lying to investigators, one of the plaintiffs alleged in the suit.

Al-Rumaihi’s Sport Trinity called the allegations "pure Hollywood fiction."

Broidy’s initial lawsuit, filed March 26, had named Qatar and one if its Washington lobbyists, Nick Muzin, as defendants. On April 4, U.S. District Judge John Walter refused to grant a temporary restraining order in the case, ruling he has “serious concerns” about whether he had jurisdiction and that Broidy failed to provide any admissible evidence tying Qatar, Muzin or his company to the attacks.

The case is Broidy Capital Management LLC v. State of Qatar, 18-cv-2421, U.S. District Court, Central District of California (Los Angeles).

©2018 Bloomberg L.P.