On the New (and Not-So New) Claims about Guccifer 2.0

The initial files released by the persona Guccifer 2.0 on June 15, 2016 included — in addition to graffiti paying tribute to Felix Dzerzhinsky, the founder of Russia’s secret police — metadata deliberately set to Cyrillic (the metadata had previously been interpreted, implausibly even at the time, to be a mistake).

And a file later released on September 13, 2016 purportedly from Guccifer 2.0 but released via a magnet site and never linked on his WordPress site, was probably copied, locally, to a Linux drive somewhere in the Eastern time zone on July 5, 2016; the files were then copied to a Windows file on September 1, 2016.

Those are the fairly uncontroversial findings from two separate research efforts that have recently renewed debate over whether the conclusion of the intelligence community, that Russia hacked the DNC, is valid.

I’m going to do a two part post on this issue.

What to Read

As you might be able to figure out, nothing about those two conclusions at all dictates that the Intelligence Community conclusions that Russia is behind the hack of Democratic targets are wrong. The reason they’re so controversial is because they’ve been used, in tandem, to support claims that the IC conclusion is wrong, first in a (to me) unconvincing letter by the Veteran Intelligence Professionals for Sanity (chiefly Bill Binney, Kirk Wiebe, Ed Loomis, and Ray McGovern), and then in some even sloppier versions, most notably at the Nation. In between the original analysis and these reports are some other pieces making conclusions about the research itself that are in no way dictated by the research.

In other words, it’s all a big game of telephone, some research going in the front end and a significantly distorted message coming out the back end.

So before I get into what the two studies do show, let’s talk about what you should read. The first argument has been made by Adam Carter at his G2-space, which is laudable as a resource for documents on Guccifer 2.0, no matter what you think of his conclusions. There’s a ton in there, not all of which I find as persuasive as the argument pertaining to the Russian metadata. Happily, he made two free-standing posts demonstrating the RSID analysis (one, two). I first discussed this analysis here.

The RSID analysis showing that the cyrillic in Guccifer 2.0’s documents was actually intentional relies, in part, on the work of someone else, posting under the name /u/tvor_22. His post on this is worthwhile not just for the way it maps out how people came to be fooled by the analysis,  but for the five alternative explanations he offers. In in no way think those five possibilities are comprehensive, but I appreciate the effort to remain open about what conclusions might be drawn from the evidence.

Between those three posts, they show that the first five documents released by Guccifer 2.0 were all copied into one with certain settings set, deliberately, to the Russian language. That’s the first conclusion.

The forensics on copying was done by a guy posting under the name The Forensicator, whose main post is here. Note his site engages in good faith with the rebuttals he has gotten, so poke around and see how he responds.  He argues a bunch of things, most notably that the first copy of files released in September was copied locally back in July, perhaps from a computer networked to the host server. That analysis doesn’t rule out that the data was on some server outside of the DNC. I raised one concern about this analysis here.

Finally, for a more measured skeptical take — from someone also associated with VIPS who did not join in their letter — see Scott Ritter’s take. I don’t agree with all of that either, but I think a second skeptical view is worthwhile.

All of which is to say if you want to read the analysis — rather than conclusions that I think go well beyond the analysis — read the analysis. Assuming both are valid (again, I think the RSID case is stronger than the copying one), the sole conclusions I’d draw from them is that the Guccifer 2.0 figure wanted to be perceived as a Russian — something he succeeded in doing through far more than just metadata, though the predispositions of researchers and the press certainly made it easy for him. And, some entity that may associated with Guccifer 2.0 (but may also be a proxy)  is probably in the Eastern Time Zone, possibly (though not definitely) close to the DNC (or some other target server). That’s it. That’s what you need to explain if you believe both pieces of analysis.

Whatever explanation you use to explain the inclusion of Iron Felix in the documents (which is consistent with graffiti left in the hacked servers) would be the same one you use to explain why the metadata was set to Cyrillic; the IC and people close to the hack have explained that the hackers liked to boast. And the only explanation you need for the local copy is that someone associated with the Russians was close to DC, such as at the Maryland compound that got shut down.

Guccifer and the DNC … or DCCC … or Hillary

Since we’re examining these claims, there’s another part of the presentation on the RSID data (and Carter’s site generally), that deserves far more prominent mention than the current debate has given, because it undermines the framing of the debate. We’ve been arguing for a year about Russia’s tie to Guccifer 2.0 based on the persona’s claim to have provided DNC documents to WikiLeaks. But the documents originally released in the initial weeks by Guccifer 2.0 were, by and large, not DNC documents. As far as I know/u/tvor_22 was the first to note this. He describes that the Trump document first leaked only appears via other sources as an attachment to a Podesta email, though there are alterations in the metadata, as are three of the others, with the fifth coming from an unidentified source.

Let’s take the very first document posted by Guccifer2.0, which some security researchers have cited as ‘an altered document not properly sanitised.’ If we diff the raw copy — pasted into text documents — of both the original Trump document found in the Podesta emails and the Guccifer 2.0 version, ignoring white-spaces and tabs (diff -w original.txt altered.txt):

  • the table of contents has been re-factored.
  • many of the links are naked in the Guccifer2.0 version. (Naked as in not properly behind link titles, indicating Guccifer2.0’s version may have been an earlier draft.)
  • the error messages are in Russian.
  • None of the above quirks could be found in comparing 2,3, or 5.doc to their originals (100% textually equivalent). 4.doc could not be found on WikiLeaks for a comparison.

None of the textual content in any of these four ‘poorly sanitised’ documents has been altered, removed, or doctored. In other words all the differences you would expect from a copy and paste from one editor to another. So why bother copy and pasting into a new document at all? I wonder.

[1.doc’s original, 2.doc’s original, 3.doc’s original, 5.doc’original. 4.doc could not be found in Wikileaks. The bare texts of 2,3, and 5 are checksum equivalent.]

G2-space has posted an expansion of this analysis, by JimmysLlama. It provides a list for where the first 40 documents (covering Guccifer 2.0’s first two WordPress posts) can — or cannot — be found. The source for (roughly) half remains unidentified, the other half came from Podesta’s emails. At the very least, that reporting makes it clear that even for documents claimed (falsely) to be DNC documents, Guccifer had a broader range of documents than what WikiLeaks published.

That explains reporting from last summer that indicated the FBI wasn’t sure if WikiLeaks’ documents had come from Russia/Guccifer 2.0.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now we know why: because they weren’t the same set of files as had been taken from the DNC (though the FBI did already know some Hillary staffers had been hacked.) See this post from last summer, in which I explore that and related questions.

The detail that Guccifer 2.0 was actual posting Hillary, not DNC, documents is somewhat consistent with what John Podesta has said. He revealed that he recognized an early “DNC” document probably came from his email.

And other campaign officials also had their emails divulge earlier than October 7th. But in one of those D.N.C. dumps, there was a document that appeared to me was– that appeared came– might have come from my account.

Podesta he has always been squirrelly about thus stuff and probably has reason to hide that the Democrats’ claims that Guccifer 2.0 was releasing DNC documents were wrong (indeed, that’s something that would be far more supportive of skeptics’ alternative theories than this Guccifer 2.0 data, but it’s also easily explained by Democrats’ understandable choices to minimize their exposure last summer). Importantly, Podesta also suggests that “other campaign officials also had their emails divulged earlier than October 7th,” without any suggestion that that is just via DC Leaks.

On top of a lot of other implications of this, it shifts the entire debate about whether Guccifer 2.0 was WikiLeaks’ source, which has always focused on whether the documents leaked on July 22 came from Guccifer 2.0. Regardless of what you might conclude about that, it shifts the question to whether the Podesta emails WikiLeaks posted came from Guccifer 2.0, because those are the ones where there’s clear overlap. Russia’s role in hacking Podesta has always been easier to show than its role in hacking the DNC.

It also shifts the focus away from whether FBI obtained enough details from the DNC server via the forensic image it received from Crowdstrike to adequately assess the culprit. Both the DNC and Hillary (as well as the DCCC) servers are important. Though those that squawk about this always seem to miss that FBI, via FireEye, disagreed with Crowdstrike on a key point: the degree to which the two separate sets of hackers coordinated in targeted servers; I’ve been told by someone with independent knowledge that the FBI read is the correct one, so FBI certainly did their own assessment of the forensics and may have obtained more accurate results than Crowdstrike (I’ve noted elsewhere that public IC statements make it clear that not all public reports on the Russian hacks are correct).

In other words, given that the files that Guccifer 2.0 first leaked actually preempted WikiLeaks’ release of those files by four months, what you’d need to show about the DNC file leaks is something entirely different than what has been shown.

New Yorker’s analysis on coordination

That’s a task Raffi Khatchadourian took on, using an analysis of what got published when, to argue that Russia is WikiLeaks’ source in his recent profile of Assange (I don’t agree with all his logical steps, particularly his treatment of the relationship between Guccifer 2.0 and DC Leaks, but in general my disagreements don’t affect his analysis about Russia).

Throughout June, as WikiLeaks staff worked on the e-mails, the persona had made frequent efforts to keep the D.N.C. leaks in the news, but also appeared to leave space for Assange by refraining from publishing anything that he had. On June 17th, the editor of the Smoking Gun asked Guccifer 2.0 if Assange would publish the same material it was then doling out. “I gave WikiLeaks the greater part of the files, but saved some for myself,” it replied. “Don’t worry everything you receive is exclusive.” The claim at that time was true. None of the first forty documents posted on WordPress can be found in the WikiLeaks trove; in fact, at least half of them do not even appear to be from the D.N.C., despite the way they were advertised.

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had. The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

On July 18th, the day Assange originally planned to publish, Guccifer 2.0 released another batch of so-called D.N.C. documents, this time to Joe Uchill, of The Hill. Four days later, after WikiLeaks began to release its D.N.C. archive, Uchill reached out to Guccifer 2.0 for comment. The reply was “At last!”

[snip]

Whatever one thinks of Assange’s election disclosures, accepting his contention that they shared no ties with the two Russian fronts requires willful blindness. Guccifer 2.0’s handlers predicted the WikiLeaks D.N.C. release. They demonstrated inside knowledge that Assange was struggling to get it out on time. And they proved, incontrovertibly, that they had privileged access to D.N.C. documents that appeared nowhere else publicly, other than in WikiLeaks publications. The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.) All the D.N.C. documents that Guccifer 2.0 released appeared to come from those same two departments.

The Podesta e-mails only make the connections between WikiLeaks and Russia appear stronger. Nearly half of the first forty documents that Guccifer 2.0 published can be found as attachments among the Podesta e-mails that WikiLeaks later published. Moreover, all of the hacked election e-mails on DCLeaks appeared to come from Clinton staffers who used Gmail, and of course Podesta was a Clinton staffer who used Gmail. The phishing attacks that targeted all of the staffers in the spring, and that targeted Podesta, are forensically linked; they originated from a single identifiable cybermechanism, like form letters from the same typewriter. SecureWorks, a cybersecurity firm with no ties to the Democratic Party, made this assessment, and it is uncontested.

Now, I’d like to see the analysis behind this publicly. It should be expanded to include all the documents leaked by Guccifer 2.0. It should include more careful analysis of the forensics behind the phishes (security companies have done this, but have not shown all their work). Moreover, it doesn’t rule out a piggyback hack, though given that Guccifer 2.0 was leaking Hillary emails from the start, it’s unclear how that piggyback would work. All that said, it provides a circumstantial case that these were the same two sets of documents.

Khatchadourian doesn’t dwell on something he alluded to here, which is that all the DNC documents were email focused, collected from just 10 mailboxes. That’s the nugget that, I suspect, Assange will point to (and may have shared with Dana Rohrabacher) in an effort to rebut the claims his source was Russia (one thing Khatchadourian gets wrong is what Craig Murray said about two different sources for WikiLeaks, but then he points to a WikiLeaks claim they got the emails in late summer and September 19 date on all of them — not long before Murray picked something up in DC — so that’s another area worth greater focus). For now, I’ll bracket that, but while I suspect it points to really interesting conclusions, I don’t think it necessarily undermines the claim that Russia was Assange’s source. More importantly, none of the things people are pointing to in this new analysis — the metadata in files released by Guccifer 2.0, the metadata in files released on a magnet site but never directly by Guccifer 2.0 — affects the analysis of how completely unrelated emails got to WikiLeaks at all.

All of which is to say that the these two pieces of analysis actually miss the far more interesting analysis that got done with it.

Update: Turns out the Nation issued a correction today, which reads in part,

Subsequently, Nation editors themselves raised questions about the editorial process that preceded the publication of the article. The article was indeed fact-checked to ensure that Patrick Lawrence, a regular Nation contributor, accurately reported the VIPS analysis and conclusions, which he did. As part of the editing process, however, we should have made certain that several of the article’s conclusions were presented as possibilities, not as certainties. And given the technical complexity of the material, we would have benefited from bringing on an independent expert to conduct a rigorous review of the VIPS technical claims.

It added an outside analysis by Nathanial Freitas of the two reports, a rebuttal from VIPS members who did not join the letter, and a response from those who did. Freitas provides a number of other possibilities to get the throughput observed by Forensicator. The VIPS dissenters raise some of the same points I do, including that this server may be somewhere outside of DNC.

It is important to note that it’s equally plausible that the cited July 5, 2016, event was carried out on a server separate from the DNC or elsewhere, and with data previously copied, transferred, or even exfiltrated from the DNC.

However, independent of transfer/copy speeds, if the data was not on the DNC server on July 5, 2016, then none of this VIPS analysis matters (including the categorically stated fact that the local copy was acquired by an insider) and simply undermines the credibility of any and all analysis in the VIPS memo when joined with this flawed predicate.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

30 replies
  1. Craxis says:

    so FBI certainly did their own assessment of the forensics

    Not before they issued the Crowdstrike report as their own.

    This year there was reports a field office in Pennsylvania was reopening it.

    The idea that they would counter the FBI’s previous acceptance of a campaign hired firm’s conclusion that fits perfectly with a theme of that campaign is unlikely. But it’s possible. Trump probably hired his own peeps to look at the evidence.

    VIPS are Johnny Come Lately’s.  The Crowdstrike/FBI report was debunked within a few days by Wordfence and others.

    Guccifer 2.0 was an obvious preening fraud from the inception, whoever delivered the emails to Wikileaks.

    None of the media will even touch the name “William Flood.”

    • Craxis says:

      But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,”

      Which not so curiously fits well with the “Warren Flood” July 5 modification date, not that Guccifer 2.0 hacked or otherwise accessed the data in June or earlier.

       

      Yes, I made a mistake. it’s “Warren Flood,” not William.

       

    • emptywheel says:

      Craxis::

      This is a bunch of gibberish.

      This year there was reports a field office in Pennsylvania was reopening it.

      Where did they do this? Comey said they were credible people, but I’m not aware of where they adopted the report. AS I NOTED, the IC actually made clear that not all public reporting was correct.

      This year there was reports a field office in Pennsylvania was reopening it.

      If this is a reference to what I think it is 1) that’s not the PA investigation was about, at all 2) the PA investigation confirms there was a secondary server, in ET, which would explain the Forensicator stuff.

      The Crowdstrike/FBI report was debunked within a few days by Wordfence and others.

      What Wordfence “debunked” was the significance of a Ukrainian tool reported in the JAR, which came long, long after the Crowdstrike report.

      Do you mean G2.0 was a “fraud,” as in had no tie to this or any parallel operation in spite of having unique documents from it. Or do you mean he was obviously deceptive which makes it difficult to sort through what he was about?

        • Craxis says:

          The FBI’s Pittsburgh field office, which runs many cyber security investigations, is trying to identify the people behind breaches of the Democratic National Committee’s computer systems, the officials said. Those breaches, in 2015 and the first half of 2016, exposed the internal communications of party officials as the Democratic nominating convention got underway and helped undermine support for Hillary Clinton.

          http://www.reuters.com/article/us-usa-trump-russia-cyber-idUSKBN15X0OE

          February 18, 2017

          How’s the popcorn??

          <I>Comey said they were credible people</i>

          Comey is a prosecutor, he’ll use anything to see if it sticks to the wall.

          His little scared me routine in front of Congress was laughable. His word is worthless.

          Wordfence debunked the any certainty of sourcing to Russia or anyone, or whether any hack by a country or business operation was proved. (DNC could have been hacked by numerous actors for all I know.)

          Guccifer 2.0 was a fraud, IMO, because of his words or actions. A hacker does not set up a site so he can be traced to a Russian VPN or set up a site like that at all. A hacker wouldn’t bother knowing and adding Joe Biden’s long ago assistant’s name to meta data. A hacker/leaker of DNC materials would give everything to Wiki, etc., or post everything himself. It would be a matter of pride to post everything, like numerous past hackers did [Climategate for one]. Not just tidbits that actually did not harm the subject of the alleged hack, but her competitor.

           

           

           

          • bmaz says:

            The popcorn is fine, thanks for asking. Your every increasingly idiotic comment makes it all the more tasty.

            Tell me “Craxis”, are you a Seth Rich troofer too, or do you have some bounds of sanity?

            • Craxis says:

              Your point by point correction of me is stunning. I greatly apologize for my errors. You should also contact Reuters and point out some of their reporters are liars.

               

              Assange signaled Seth Rich was the source of the DNC materials. Assange could be a liar, or not. Even if true, Rich could have been randomly murdered on a Wash. DC street in the wee hours of the morning, which seems a lot more likely than a political murder.

              Guccifer 2.0 also later made comments trying to link himself to Seth Rich and made false claims of hacking the Clinton Foundation. The first claim was nuts, the Clinton Foundation claim was likely an attempt to pretend he was not pro-Clinton, or something else. He never came up with the proof.

               

          • SpaceLifeForm says:

            Wordfence debunked the any certainty of sourcing to Russia or anyone, or whether any hack by a country or business operation was proved.

            [Yeah, Wordfense proved a negative. Big deal]

            (DNC could have been hacked by numerous actors for all I know.)

            [Not likely. IC ops are very careful to back out if they detect an op by a different TLA. This is why they typically get a very small foot in the door, and do a recon mission before proceeding further (like implanting a rootkit)]

            Cuccifer 2.0 was a fraud, IMO, because of his words or actions. A hacker does not set up a site so he can be traced to a Russian VPN or set up a site like that at all. A hacker wouldn’t bother knowing and adding Joe Biden’s long ago assistant’s name to meta data.

            [Guccifer2.0 may very well be a fraud. Or a False Flag op. But setting up a VPN (or two or more) in conjunction with Tor can make it look like something happened from ip address a.b.c.d when the ‘leaker’ was really coming from ip address w.x.y.z]

            [But, if you want to make it appear that some event originated via Russia, not a problem]

            [Adding metadata is a tell. Agreed]

            [Assange may have been snookered on Seth Rich. Do not buy random murder BS]

          • emptywheel says:

            Oh. You don’t know about the other investigation in PA. My mistake.

            But that Pittsburgh investigation in no way represents a reopening of the investigation. That’s just where it lived, bc (as I’ve written) that’s where USCERT is, an entity, btw, that backs the RU hack attribution. As for the Wordfence report, here it is. You’ll see it is a response to the JAR and only deals with the PAS malware.

            As for Guccifer 2.0 being “a fraud.” Yes. You lay out lots of reasons to believe he’s not the actual hacker. But if not, then what is he? He’s a propagandist! But for whom? Calling him a fraud actually gets closer to admitting that he’s working for the Russians.

  2. Chris Smith says:

    It still comes down to Assange and Murray to my mind. They had nothing to gain by saying the wikileaks source was not Russian agents. They could have remained silent. But they did say that it wasn’t Russian agents. I have no reason to doubt their credibility. So until someone can show who their contact was, and identify that contact so as to prove Assange and Murray as either liars or dupes, I’ll take them at their words.

    The “intelligence community” (they have been caught lying far too many times), the FBI, and Crowdstrike have credibility issues. Remember that time Clapper perjured himself in front of the Senate? I do. Crowdstrike has already been caught lying about the Russians with respect to Ukraine, so they have zero credibility left. All of the above need to show their evidence in full if they want to discredit Assange and Murray.

    • bmaz says:

      Are you kidding?? There is a LOT to admire about Craig Murray, and his willingness to go against the grain, over the years. But his inherent bonding and relentless defense of a bail jumping accused sex criminal narcissistic jackass like Assange, is not one of them. Yes, people invested in absolute horse manure protect their pile.

      • Chris Smith says:

        Please.  Remember when Ecuador offered to turn Assange over to Sweden if they agreed not to then extradite him to a third party?  (http://www.reuters.com/article/us-ecuador-sweden-assange/ecuador-says-sweden-should-promise-assange-will-not-be-extradited-idUSKBN13C069)

        The rape case in Sweden wasn’t about the rape, otherwise Sweden would have agreed.  I have no reason to doubt Assange.  Further evidence against his credibility would cause me to reevaluate his trustworthiness, but I need more than innuendo.

        • bmaz says:

          Hahahahahaha, you really buy into this Assange driven idiotic drivel?

          Well, okay. You keep right on with that. In spite of the fact that Assange and his Ecudoran stooges were demanding something they KNEW was impossible under international legal norms and constructs. And that anybody who has actually plumbed Swedish and EU law knows. But, hey, you go there.

          Good to see that we have actual rape apologists of demagogic convenience here to defend their favorite creep.

    • emptywheel says:

      I’ve treated Murray’s comments quite respectfully, in this post and earlier. Assange, who lives in a closet, has less ability to suss out who he’s talking to and far more incentive to shade his claims (and has proved every bit as unreliable as Clapper, sadly).

      But the fact that Murray claims he got a handoff from someone seeming to have ties to US Nat Sec in no way rules out the Russians. This entire post is about cut-outs, which even Murray admits his source was. The question is cut-out for whom?

      • Chris Smith says:

        I have no complaint with your treatment of Murray.  I also think that it is possible that the source was a cut out acting on behalf of the Russians.  But if that is the case, then the intelligence community or whomever, should name the cut out and lay out their evidence that he/she/it is in fact a cut out.  Until that happens, whether or not Murray’s source was a cut out is speculative.

        And as the intelligence community has precisely zero credibility, I’ll need more than “trust us.”

    • orionATL says:

      chris [email protected]:02

      leaving murray aside –

      “… It still comes down to Assange… to my mind. [He] had nothing to gain by saying the wikileaks source was not Russian agents…”

      are you kidding? assange had a huge amount to gain by denying that wl’s source was neither the the russian government directly nor one of their cutouts.

      most of the criticism wl/assange has received since the release has focused on whether he was operating as a de facto russian ally, or even as a russian agent. in recent months, wl’s reputation is being hammered by what is slowly coming to be the widespread conviction that wl and the russians colluded to affect the 2016 election and that wikileaks and the russians are joined operationally.

      • Chris Smith says:

        Assange could have said that he’s keeping the source secret.  He could have said that instead of worrying about where the info came from, to focus on its veracity and its content.  (Frankly, I don’t care where it came from, its substance and veracity are the only things I care about.)  Had Assange said that, no one would have cared.

        But, he instead went out on a limb and put his credibility on the line.  If he is lying or was duped, than the intelligence or law enforcement communities should step up with evidence to undercut his credibility.  In the absence of evidence presented by intelligence or law enforcement, all I see is speculation.

  3. greengiant says:

    I am quite out of date and also out of the blame loop.  In the day however, the timezone and time were entered manually.  So on the July 5 forensics of the dump, the EDT zone is not proof that the metadata was done in the EDT,  nor that the dump was done in the EDT,  nor even that it was done on July 5.  To put the hands into the wounds,  if the dumping server was air gapped it could obviously have any date, time, timezone one wanted,  short of some unhackable system call to an unhackable hardware clock.

    What is the formike subdirectory?

    Now I will check out the possibility the metadata was not touched by G2 but was imbedded at the DNC by the crazy hackers counting coup which might line up with the word documents being processed by an executable registered to Biden’s assistant Warren Flood.  The simplest explanation and all that.

    • SpaceLifeForm says:

      Occam’s razor has been abused and used as an excuse for decades. To cover the truth and to distract like a rotting red herring.

  4. earlofhuntingdon says:

    OT, if Donald Trump is so spectacularly wealthy, and he’s promised $1 million “in his own funds” to go toward relief of Harvey’s victims, why would he need to make a “pledge”? Why the wait? Why not show us a check or receipt for a bank transfer? Indeed, why not send it anonymously?

    And why was no answer forthcoming from the White House spokesperson about whether Trump would send the funds – and when – via his personal checking account, the Trump Organization, his election campaign fund, or one of several family trusts?

    The skepticism is warranted, given Trump’s decades of playing fast and loose manipulating charitable gifts – basking in the publicity while funding them with other people’s money.

    And how opportunistic and political of Scott Pruitt to assign opportunism and politicking to those informed enough – unlike NPR – to show the connections between the effects of global warming and the harshness of Harvey. Is it simply a nice diversion from the obvious – that no amount of changeable charitable giving can ever make up for a lack of adequate government programs?

  5. orionATL says:

    i have no idea who guccifer 2.0 is. furthermore, the noisy, self-serving, conspiratorial claims of many anti-democratic party “analysts” has fogged up the who matter even more.

    unrelated 1. as far as tracking down who guccifer 2.0 was, i don’t know when in 2016 (or even 2015) that the political and computer cognescenti in the u. s. (or britain) first became aware of some russian plans, followed up by actual attempts, to influence voter behavior (individual psychology and voting choice) in the 2016 american elections, but from that time forward, it would have been a typical ametican political dirty trick to both steal and release dnc documents and as part of that process to create a false trail of responsibility pointing to russian involvement.

    unrelated 2. when i read the guccifef 2.0 document that ew posted a week or so ago (the one read by an ally at some world meeting), i came away with only one strong impression – the guccifer zombie(s) really, really disliked the dem data firm “ndp/van” (sp?). ndp/van was mentioned repeatedly in four or five of the closing paragraphs of that speech (as read aloud to the assembled by an ally). guccifer 2.0 also disliked that firm’s prez enough to mention him by name in a speech before this group of hackers. if i were deputy inspector snuffle, i would be looking for someone who had a grudge against that firm, as well as scopeing out all the more exotic leads that have been brought up.

  6. Arbed says:

    If Guccifer 2.0 was intended as a distraction after Assange’s announcement on 12th June that WikiLeaks had upcoming publications related to the US election, could the fact that none of Guccifer 2’s early documents are DNC documents be because, IIRC, Assange’s ITV interviewer specifically asked him about “unpublished emails from Hillary Clinton’s private server… not yet public” (Assange was fairly evasive/non-committal in reply: “we have emails related to Hillary Clinton, yes”) so therefore the people behind Guccifer 2 did not know exactly which set of documents they needed to distract from? Could this explain why the first G2 documents come from a variety of places?

    As for the New Yorker info about Guccifer 2’s prediction on July 5th that Wikileaks had DNC documents, is it possible that by then Crowdstrike had actually traced the source of the leak and knew its contents? What date was Seth Rich offered a job on Hillary’s campaign? I know it was a few days before his death on July 10th.

  7. greengiant says:

    What about the metadata of the operatives, spinners and bloggers?   Adam Carter for example is not one stepped removed but directly,and fearlessly connected to the Infowars, anyone but Clinton, defenders of Assange, GamerGate hackers,  Charlottesville protest theater terrorism, putinbot Tweet wars and so on.  Have to assume all the web sites and blogs are honey pots and no matter won’t big data will sell you the ID history,  except you had better have a cut out or three.  I called for checking out Fusion GPS in 2016.

    To tvor_22 you do know that CWA complained about Lorenzo Franceschi-Bicchierai not protecting them?

  8. greengiant says:

    Scott Ritter has a lengthier article google dated Aug 23,  dated Aug 31 at medium.  https://medium.com/homefront-rising/dumbstruck-how-crowdstrike-conned-america-on-the-hack-of-the-dnc-ecfa522ff44f,    suggests Crowdstrike could have inserted the Russian metadata as part of a bait operation.  Quite a number of contrarian viewpoints identified and raised.

Comments are closed.