I’ve reported on the WaPo story on the security review of the disk drive commonly referred to as the “Hunter Biden” “laptop” a bunch of times.
But in advance of ripping apart this James Comer fan-fiction about Hunter Biden and before the Twitter thread I did disappears into the Elmo dumpster fire, I wanted to repeat it here. The WaPo asked security experts Matt Green (who worked with his Johns Hopkins students) and Jake Williams to review the drive to see what they could authenticate.
They discovered that people had kept adding content to the “laptop,” making it impossible to say what was on the “laptop” when it was provided to the blind computer repairman.
In their examinations, Green and Williams found evidence that people other than Hunter Biden had accessed the drive and written files to it, both before and after the initial stories in the New York Post and long after the laptop itself had been turned over to the FBI.
Maxey had alerted The Washington Post to this issue in advance, saying that others had accessed the data to examine its contents and make copies of files. But the lack of what experts call a “clean chain of custody” undermined Green’s and Williams’s ability to determine the authenticity of most of the drive’s contents.
“The drive is a mess,” Green said.
He compared the portable drive he received from The Post to a crime scene in which detectives arrive to find Big Mac wrappers carelessly left behind by police officers who were there before them, contaminating the evidence.
That assessment was echoed by Williams.
“From a forensics standpoint, it’s a disaster,” Williams said.
Still more important: some of the forensic data that would be necessary to authenticate the drive itself had been deleted.
Analysis was made significantly more difficult, both experts said, because the data had been handled repeatedly in a manner that deleted logs and other files that forensic experts use to establish a file’s authenticity.
“No evidence of tampering was discovered, but as noted throughout, several key pieces of evidence useful in discovering tampering were not available,” Williams’ reports concluded.
Williams was able to authenticate fewer than 10% of the files on the drive, though that included some emails involving CEFC China Energy.
The portable drive provided to The Post contains 286,000 individual user files, including documents, photos, videos and chat logs. Of those, Green and Williams concluded that nearly 22,000 emails among those files carried cryptographic signatures that could be verified using technology that would be difficult for even the most sophisticated hackers to fake.
In particular, there are verified emails illuminating a deal Hunter Biden developed with a fast-growing Chinese energy conglomerate, CEFC China Energy, for which he was paid nearly $5 million, and other business relationships. Those business dealings are the subject of a separate Washington Post story published at the same time as this one on the forensic examinations of the drive.
The “Big Guy” email could not be authenticated.
Some other emails on the drive that have been the foundation for previous news reports could not be verified because the messages lacked verifiable cryptographic signatures. One such email was widely described as referring to Joe Biden as “the big guy” and suggesting the elder Biden would receive a cut of a business deal.
There were authenticated emails from Burisma, but if Burisma was hacked (as a security company, Area 1 Security, said it was before the laptop was disclosed), hackers could have faked cryptographic signatures, including on those from Burisma advisor Vadym Pozharskyi that have been the focus of a lot of attention.
The drive also includes some verified emails from Hunter Biden’s work with Burisma, the Ukrainian energy company for which he was a board member. President Donald Trump’s efforts to tie Joe Biden to the removal of a Ukrainian prosecutor investigating Burisma led to Trump’s first impeachment trial, which ended in acquittal in February 2020.
The Post’s review of these emails found that most were routine communications that provided little new insight into Hunter Biden’s work for the company.
Both Green and Williams said the Burisma emails they verified cryptographically were likely to be authentic, but they cautioned that if the company was hacked, it would be possible to fake cryptographic signatures — something much less likely to happen with Google.
Note, as I understand the timing, these emails could have been altered only if the laptop reaccessed the Burisma server after the hack.
In any case, the “laptop” is a completely unreliable shitshow precisely because Rudy Giuliani and Steve Bannon were in such a rush to make it a political scandal.
And yet the new Republican majority in Congress is sure it is “real.”
James Comer has kicked off his tenure as Oversight Chair by proclaiming that the forensic mess left behind by frothy conspiracy-mongers is, instead, “REAL.”