United States v. Keith Raniere et al.EDNY · 18-cr-204

Back to overview

The Media That Created the “Cult” Narrative Was Linked to Intrusions Into the Defendants’ Servers

This is not a vague claim about media bias.

Computer trespass into the defendants’ servers was IP-traced and forensically tied by the New York State Police to major outlets within the same media ecosystem that, for years before the federal prosecution, drove the public “cult” narrative and the public hatred that came with it.

A 2015 Albany County grand jury indicted three civilian co-conspirators for the hacking. Two later became star “victims” in the federal case.

The issue is not merely hostile coverage. The issue is that entities connected to unlawful intrusion into the defendants’ systems helped shape the narrative presented to the public.

Every implicated outlet is currently litigating against the Trump administration.

Dow Jones / Wall Street Journal — Corporate IPs confirmed on defendants’ servers. See proof

IP addresses from the Dow Jones–Telerate corporate network (New York, NY) were logged accessing NXIVM’s password-protected database without authorization, on specific dates and times captured in the server logs, and forensically confirmed by NYSP.

IP log — Dow Jones-Telerate network and Times Union network accessing NXIVM servers

IP log — Dow Jones-Telerate and Times Union networks accessing the NXIVM database.

Case 1:14-cv-01375, Doc. 86-6.

Trump connection: President Trump is currently in a $10 billion defamation suit against Dow Jones over the “Epstein letter” story.
IP tracing forensic declaration (PDF)
Advance Publications (Condé Nast / Vanity Fair) — IP matched to the writer of the original “cult” exposé. See proof

IP 69.2.120.11 (Advance Publications, NY) was confirmed on NXIVM servers by NYSP. Vanity Fair writer Suzanne Andrews, whose IP (207.237.232.82) was matched via email header to the intrusion log, went on to author “The Heiress and the Cult” (November 2010) — one of the foundational media narratives that drove public perception of the case before charges were ever filed.

IP log — Advance Publications accessing NXIVM servers

IP log — Advance Publications corporate IP on the NXIVM database.

Email-to-IP match — Vanity Fair writer Suzanne Andrews tied to IP 207.237.232.82

Email-to-IP match — Suzanne Andrews tied to the intrusion log.

Vanity Fair, November 2010 — 'The Heiress and the Cult' by Suzanne Andrews

Vanity Fair, November 2010 — the foundational “cult” hit piece.

Trump connection: Vanity Fair has been in a publicly-known feud with President Trump for over three decades.
Criminal referral — Vanity Fair (PDF)
Albany Times Union — IPs confirmed on the servers (the EDNY trial judge later stated on the record that this outlet formed his understanding of the case). See proof

IP address 167.166.23.253, belonging to the Times Union network (Saratoga Springs, NY), was logged accessing NXIVM’s password-protected database and confirmed by NYSP.

IP log — Times Union network (Saratoga Springs, NY) accessing NXIVM servers, alongside Dow Jones-Telerate

NYSP-confirmed IP log — the Times Union (Saratoga Springs, NY) row, alongside Dow Jones-Telerate.

What makes this one especially devastating: at a pre-trial conference on June 12, 2018, Judge Garaufis — the judge who would preside over the entire trial — said on the record that all he knew about the case was what he had read in the New York Times Magazine and the Albany Times Union.

Pre-trial transcript, June 12, 2018, p. 24 — Garaufis: all he knows is from NY Times Magazine and Times Union

Pre-trial conference transcript, June 12, 2018, p. 24.

The federal trial judge openly told the parties, in open court, that his entire prior knowledge of the case came from one of the same outlets whose corporate IP address sits inside the criminal hacking logs. The laundering pipeline confessed on the record, on the way into the trial.

Trump connection: The Albany Times Union has run consistently critical coverage of the Trump administration.
2015 Albany County Grand Jury — Three civilian co-conspirators indicted for the same hacking activity. See proof

A grand jury indictment was returned on February 27, 2015 in Albany County — 7 counts of Computer Trespass under NY Penal Law §156.10(2), a Class E Felony. Three non-media civilians indicted: Toni F. Natalie (4 counts), Barbara J. Bouchey (1 count), Joseph J. O’Hara (2 counts).

Albany County grand jury indictment — 7 counts of Computer Trespass, February 27, 2015

Albany County grand jury indictment — People v. Natalie et al., Feb. 27, 2015.

Earlier in the same investigative line, Times Union blogger John Tighe pleaded guilty to a related computer-hacking charge.

Times Union, Nov. 5, 2014 — Tighe guilty plea.

Albany County indictments (PDF)
Sentencing “Victims” — Two of the indicted civilians later delivered victim impact statements at the federal sentencing. See proof

Toni Natalie and Barbara Bouchey did not disappear after the 2015 indictment. They became star “victims” in the EDNY prosecution: delivered impact statements at Raniere’s sentencing, appeared in HBO’s The Vow and Starz’s Seduced, and served as the media’s go-to “former NXIVM” voices.

The same people indicted for criminally hacking the defendants’ servers were retrofitted into “victims” in the federal sex-crime case built off the narrative those hacks helped seed.

Comprehensive Source Document
Full media-hacking records — IP traces, indictments, and criminal referrals (PDF)

Each finding above is documented and independently verifiable.