Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked
Disobedient Media ^

Posted on 07/09/2017 2:28:09 PM PDT by TigerClaws

New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.

The document supplied to Disobedient Media via Adam Carter was authored by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis indicates the data was almost certainly not accessed initially by a remote hacker, much less one in Russia. If true, this analysis obliterates the Russian hacking narrative completely.

The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title “NGP-VAN.” This should not be confused with the separate publication of the DNC emails by Wikileaks. This article focuses solely on evidence stemming from the files published by Guccifer 2.0, which were previously discussed in depth by Adam Carter.

Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.

The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” Carter’s website was described by Wikileaks as a useful source of primary information specifically regarding Guccifer 2.0.

Carter recently spoke to Disobedient Media, explaining that he had been contacted by The Forensicator, who had published a document which contained a detailed analysis of the data published by Guccifer 2.0 as “NGP-VAN.”

The document states that the files that eventually published as “NGP-VAN” by Guccifer 2.0 were first copied to a system located in the Eastern Time Zone, with this conclusion supported by the observation that “the .7z file times, after adjustment to East Coast time fall into the range of the file times in the .rar files.” This constitutes the first of a number of points of analysis which suggests that the information eventually published by the Guccifer 2.0 persona was not obtained by a Russian hacker.

The Forensicator stated in their analysis that a USB drive was most likely used to boot Linux OS onto a computer that either contained the alleged DNC files or had direct access to them. They also explained to us that in this situation one would simply plug a USB drive with the LinuxOS into a computer and reboot it; after restarting, the computer would boot from the USB drive and load Linux instead of its normal OS. A large amount of data would then be copied to this same USB drive.

In this case, additional files would have been copied en masse, to be “pruned” heavily at a later time when the 7zip archive now known as NGP-VAN was built. The Forensicator wrote that if 1.98 GB of data had been copied at a rate of 22.6 MB/s and time gaps t were noticed at the top level of the NGP-VAN 7zip file were attributed to additional file copying, then approximately 19.3 GB in total would have been copied. In this scenario, the 7zip archive (NGP-VAN) would represent only about 10% of the total amount of data that was collected.

The very small proportion of files eventually selected for use in the creation of the “NGP-VAN” files were later published by the creators of the Guccifer 2.0 persona. This point is especially significant, as it suggests the possibility that up to 90% of the information initially copied was never published.

The use of a USB drive would suggest that the person first accessing the data could not have been a Russian hacker. In this case, the person who copied the files must have physically interacted with a computer that had access to what Guccifer 2.0 called the DNC files. A less likely explanation for this data pattern where large time gaps were observed between top level files and directories in the 7zip file, can be explained by the use of ‘think time’ to select and copy 1.9 GB of individual files, copied in small batches with think time interspersed. In either scenario, Linux would have been booted from a USB drive, which fundamentally necessitates physical access to a computer with the alleged DNC files.

The Forensicator believed that using the possible ‘think-time’ explanation to explain the time-gaps was a less likely explanation for the data pattern available, with a large amount of data most likely copied instantaneously, later “pruned” in the production of the Guccifer 2.0’s publication of the NGP-VAN files.

Both the most likely explanation and the less likely scenario provided by The Forensicator’s analysis virtually exclude the possibility of a Russian or remote hacker gaining external access to the files later published as “NGP-VAN.” In both cases, the physical presence of a person accessing a containing DNC information would be required.

Importantly, The Forensicator concluded that the chance that the files had been accessed and downloaded remotely over the internet were too small to give this idea any serious consideration. He explained that the calculated transfer speeds for the initial copy were much faster than can be supported by an internet connection. This is extremely significant and completely discredits allegations of Russian hacking made by both Guccifer 2.0 and Crowdstrike.

This conclusion is further supported by analysis of the overall transfer rate of 23 MB/s. The Forensicator described this as “possible when copying over a LAN, but too fast to support the hypothetical scenario that the alleged DNC data was initially copied over the Internet (esp. to Romania).” Guccifer 2.0 had claimed to originate in Romania. So in other words, this rate indicates that the data was downloaded locally, possibly using the local DNC network. The importance of this finding in regards to destroying the Russian hacking narrative cannot be understated.

If the data is correct, then the files could not have been copied over a remote connection and so therefore cannot have been “hacked by Russia.”

The use of a USB drive would also strongly suggest that the person copying the files had physical access to a computer most likely connected to the local DNC network. Indications that the individual used a USB drive to access the information over an internal connection, with time stamps placing the creation of the copies in the East Coast Time Zone, suggest that the individual responsible for initially copying what was eventually published by the Guccifer 2.0 persona under the title “NGP-VAN” was located in the Eastern United States, not Russia.

The implications of The Forensicator‘s analysis in combination with Adam Carter‘s work, suggest that at the very least, the Russian hacking narrative is patently false. Adam Carter has a strong grasp on the NGP-VAN files and Guccifer 2.0, with his website on the subject called a “good source” by Wikileaks via twitter. Carter told Disobedient Media that in his opinion the analysis provided by The Forensicator was accurate, but added that if changes are made to the work in future, any new conclusions would require further vetting.

On the heels of recent retractions by legacy media outlets like CNN and The New York Times, this could have serious consequences, if months of investigation into the matter by authorities are proven to have been based on gross misinformation based solely on the false word of Crowdstrike.

Assange recently lamented widespread ignorance about the DNC Leak via Twitter, specifically naming Hillary Clinton, the DNC, the Whitehouse and mainstream media as having “reason” to suppress the truth of the matter. As one of the only individuals who would have been aware of the source of the DNC Leaks, Assange’s statement corroborates a scenario where the DNC and parties described in Adam Carter’s work likely to have included Crowdstrike, may have participated in “suppressing knowledge” of the true origins and evidence surrounding the leak of the DNC emails by confusing them with the publication of the Guccifer 2.0 persona.

Despite Guccifer 2.0’s conflicting reports of having both been a Russian hacker and having contact with Seth Rich, the work of The Forensicator indicates that neither of these scenarios is likely true. What is suggested is that the files now known as “NGP-VAN” were copied by someone with access to a system connected to the DNC internal network, and that this action had no bearing on the files submitted to Wikileaks and were most likely unassociated with Seth Rich, and definitively not remotely “hacked” from Russia.


TOPICS: Crime/Corruption; Government; News/Current Events; Politics/Elections
KEYWORDS: adamcarter; alperovitch; awanbrothers; brightbluedata; carter; clinton; crowdstrike; dccc; dnc; dncemails; dnchacked; dncleaks; fake; forensicator; fraud; guccifer; guccifer2; guccifer20; haters; hillary; hillaryclinton; ngpvan; obama; podesta; russianhacking; sethrich; shawnhenry; theforensicator; toronto; traitor; warrenflood; wassermanschultz; wikileaks
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-106 next last
To: unixfox

cool, tks for the clarification.


61 posted on 07/09/2017 4:44:41 PM PDT by nicollo (I said no!)
[ Post Reply | Private Reply | To 55 | View Replies]

To: rodguy911

Just as they screwed up translating “Reset Button” to Russian.


62 posted on 07/09/2017 4:49:24 PM PDT by Deaf Smith (There is room at the table for all of God's creatures, right next to the mashed potatoes.)
[ Post Reply | Private Reply | To 39 | View Replies]

To: TigerClaws

I gather from this that the files were not obtained via Russian hacker. Moreover, based on this analysis the likelihood of a Russian hackers is remote. Furthermore, it could not possibly be a Russian hack if this information is true.


63 posted on 07/09/2017 4:49:43 PM PDT by Fester Chugabrew (Lock. Them. Up.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MileHi
Seth Rich may have supplied info that ended up at Wikileaks. Guccifer 2.0 was the DNC attempting to obfuscate.

okay... so Guccifer followed WikiLeaks, got it. A timeline here: https://www.reddit.com/r/WikiLeaks/comments/5zoch9/theory_on_seth_rich_dnc_dncleaks_guccifer_20_cia/
64 posted on 07/09/2017 4:50:55 PM PDT by nicollo (I said no!)
[ Post Reply | Private Reply | To 47 | View Replies]

To: null and void

65 posted on 07/09/2017 4:52:50 PM PDT by SaveFerris (Luke 17:28 ... as it was in the days of Lot; they did eat, they drank, they bought, they sold ....)
[ Post Reply | Private Reply | To 8 | View Replies]

To: wastoute; RushIsMyTeddyBear; metmom; CynicalBear; SkyPilot; tuffydoodle; tang-soo; righttackle44; ..
[ Seems anymore you can’t trust gummint, the media, the church, what’s left? ]


66 posted on 07/09/2017 4:56:18 PM PDT by SaveFerris (Luke 17:28 ... as it was in the days of Lot; they did eat, they drank, they bought, they sold ....)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Deaf Smith

Exactly,the greatest thing about the dirty dems is that sooner or later they wind up self-destructing.


67 posted on 07/09/2017 4:57:24 PM PDT by rodguy911 (Home of the Free because of the brave.MAGA!!)
[ Post Reply | Private Reply | To 62 | View Replies]

To: Fester Chugabrew
I gather from this that the files were not obtained via Russian hacker. Moreover, based on this analysis the likelihood of a Russian hackers is remote. Furthermore, it could not possibly be a Russian hack if this information is true.

No, the time/date stamps of the copied files are so close together that the files appear to have been copied locally at a speed that a remote internet connection could not achieve. But the time/date stamps of those files could have been modified to achieve precisely that effect. A good hacker may very well have done exactly that to obfuscate his fingerprints. This analysis proves nothing - just points out that the most obvious view of the data is that it was copied locally. Without a thorough analysis of the data and the server nothing can be proved. And after this length of time and with the data server being kept out of the hands of the relevant authorities nothing can or ever will be proved. It's good to be a Democrat.
68 posted on 07/09/2017 5:04:12 PM PDT by Garth Tater (What's mine, is mine.)
[ Post Reply | Private Reply | To 63 | View Replies]

To: HLPhat

I am wondering about the Awan family as well. Main reason is why the “msm” has studiously been ignoring the story and refusing to dig into their antics, businesses, real estate schemes, and contact with all the democrat legislators, including the intelligence committee.

Wonder if we will ever know, or if all this will be like the assassination of JFK - speculated on for years without any resolution.


69 posted on 07/09/2017 5:07:28 PM PDT by jacquej ("You cannot have a conservative government with a liberal culture." (Mark Steyn))
[ Post Reply | Private Reply | To 56 | View Replies]

To: Sacajaweau

One would think so.


70 posted on 07/09/2017 5:16:09 PM PDT by OKSooner (Never take a known wise-ass to the shooting range.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: TigerClaws
i agree with and understand all of it except for one thing,

how did they determine the transfer speed of the files, from the timestamps on the files from the UNIX os?

71 posted on 07/09/2017 5:30:32 PM PDT by Chode (My job is not to represent the world. My job is to represent the United States of America-#45 DJT)
[ Post Reply | Private Reply | To 1 | View Replies]

To: wastoute

Excellent choice!


72 posted on 07/09/2017 5:43:39 PM PDT by chris37 (Donald J. Trump, Tom Brady, The Patriots... American Destiny!)
[ Post Reply | Private Reply | To 53 | View Replies]

To: nicollo

rom what I’ve read (here) that was it, Guccifer 2.0 was born of the DNC to try and tamp down the Rich leaks.


73 posted on 07/09/2017 5:48:19 PM PDT by MileHi (Liberalism is an ideology of parasites, hypocrites, grievance mongers, victims, and control freaks.)
[ Post Reply | Private Reply | To 64 | View Replies]

To: Texas Fossil

Guccifer 2.0 is a concoction, a diversion, a pinup of a Russian hacker. Guccifer 2.0 is a fiction written to make it seem like a Russian hack. Guccifer 2.0 is not a real person except for the person behind the scenes that invented it. The Word file metadata showed a ‘Warren Flood’ as the originator of the Guccifer 2.0 document and it was uploaded to a wordpress website before the mistake was discovered, then the metadata was quickly changed to a Russian name in Cyrillic characters.

Word metadata is not visible on its face. To see it requires one to know where to look. A person using the name ‘Warren Flood’ churned out the first Guccifer 2.0 document and uploaded it before catching the mistake, then deleted it, changed the metadata and uploaded again but not before others had downloaded the original.

Guccifer is a real Romanian that was extradited to the US by Hillary in her last months as US Secretary of State. He now sits in a county jail in Fairfax County, Virginia and the report is he has been ‘leaned on’ heavily to confess that Trump paid him to hack everything which is of course untrue and absurd as the timelines do not support it. On the other hand, truth does not matter to the Hillary/Podesta/Comey/Mueller camps.


74 posted on 07/09/2017 6:36:54 PM PDT by Hostage (Article V)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Hostage

Thanks for the explanation.

I knew a little about the original Guccifer. Friend of mine on twitter knew him. My friend was Romanian. He is not on Twitter any more, but we did discuss the original. Several years ago, before he was actually arrested.

I had read he was being pressured. There were rumors he was dead, and then they were denied.

My friend on Twitter told me that Guccifer2 was not same and phoney. But I had not read anything about the Word meta data. I am familiar with that function. It can be turned off too.

I quit windows long ago. Have been using some form of Linux since 1994. Last 10 years, seldom used Windows machines. Still have some.

There have been several controversies that were exposed by Word or Web meta data. XHTML and XML make it difficult to edit manually.

I once did scripted publishing from a database. For 5-1/2 years I ran a catalog/advertising department for a wholesale distributor. We did the print and web content. Used Xdata and Xtags with a script to bring the data into Quark. Was magic if you did everything right. Finally got to the point I could edit it downstream. Original process prevented that.

The catalog was 47,000 items and 3,000 pages plus indexes and insert pages. A beast.

Promotions were huge projects too.


75 posted on 07/09/2017 7:19:10 PM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 74 | View Replies]

To: null and void

Indeed


76 posted on 07/09/2017 7:37:07 PM PDT by Nifster (I see puppy dogs in the clouds)
[ Post Reply | Private Reply | To 45 | View Replies]

To: TigerClaws
The use of a USB drive would also strongly suggest that the person copying the files had physical access to a computer most likely connected to the local DNC network. Indications that the individual used a USB drive to access the information over an internal connection, with time stamps placing the creation of the copies in the East Coast Time Zone, suggest that the individual responsible for initially copying what was eventually published by the Guccifer 2.0 persona under the title “NGP-VAN” was located in the Eastern United States, not Russia.

CNN will NOT want to cover this story...

77 posted on 07/09/2017 9:35:16 PM PDT by GOPJ ( MSM Snowflakes: if you don't like President Trump's tweets don't read 'em.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cboldt
From your link in #49: "In the Guccifer documents in question, Warren Flood appears to be the original author, while it was last modified by “Феликс Эдмундович,” which translates to Felix Dzerzhinsky, the name of the founder of the Soviet secret police."

("A 200-plus page document titled “Donald Trump Report” was posted online by The Smoking Gun website on Wednesday. The document’s metadata suggests it was written by Warren Flood, president of Bright Blue Data LLC, a Democratic data analytics and strategy firm. Flood was also a staffer at the DNC in 2010 and worked for Barack Obama’s presidential campaigns in 2008 and 2012, according to his LinkedIn page. Flood did not immediately respond to Newsweek’s request for comment.": Hacker Claims to Leak Stolen DNC Trump Files)

78 posted on 07/09/2017 10:57:46 PM PDT by Fedora
[ Post Reply | Private Reply | To 49 | View Replies]

To: Fedora
"I’m Warren. I’m a lucky guy. I’ve had a series of dream jobs I never knew I wanted or could ever attain. What started as a single hour of volunteer work in 2007, turned into data analytics jobs in President Obama’s 2008 and 2012 campaign headquarters. Oh, and in between I worked in the White House as Vice President Biden’s Technology Director. Not bad for a half Canadian—half American, half black—half white, half nerdy—half geeky kid from Toronto, Canada.": Warren Flood: About
79 posted on 07/09/2017 11:06:39 PM PDT by Fedora
[ Post Reply | Private Reply | To 78 | View Replies]

To: laxcoach
The way this reads, we are to believe that every time you touch a file, mysterious meta data is stored. Every time we copy a file mysterious meta data is stored.

Exactly

What is metadata? - Definition from WhatIs.com whatis.techtarget.com › Topics › Storage and Data Mgmt › Data and data management Metadata is data that describes other data. Meta is a prefix that in most information technology usages means "an underlying definition or description." Metadata summarizes basic information about data, which can make finding and working with particular instances of data easier.

Could also be GPS locations of cell phones used to send e-mails.....routine back up systems.....program up-dates...etc.

80 posted on 07/09/2017 11:32:59 PM PDT by spokeshave (The Fake Media tried to stop us from going to the White House, I am President and they are not. DJT)
[ Post Reply | Private Reply | To 15 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-106 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson