This is another one of those complicated intrigues. First, what is Guccifer 2.0?
Per Wiki, Guccifer 2.0 is “a person or persona stating they were the hacker(s) that hacked into the Democratic National Committee (DNC) computer network…The U.S. Intelligence Community concluded that some of the genuine leaks that Guccifer 2.0 has said were part of a series of cyberattacks on the DNC were committed by two Russian intelligence groups…The Russian government denies involvement…and Guccifer 2.0 denied links to Russia.”
What could be meant by “some of the genuine leaks”? Well, Guccifer 2.0 published some real material, but also some hoax material; for example, demonstrably fake material about Clinton Foundation corruption. Clinton Foundation corruption is real, but not because of what Guccifer 2.0 published. Exposing Guccifer’s fakes conveniently enabled Clinton supporters to go “Oh, the whole thing is a hoax.”
Guccifer 2.0 also claimed credit, probably falsely, for the main DNC emails published by WikiLeaks. At varying points, they have claimed to be a Romanian hacker, the original hacker(s) of the DNC emails who gave them to WikiLeaks, and the go-between who gave Seth Rich’s leaked DNC emails to WikiLeaks.
In short, at any time, Guccifer 2.0 may put out
- real material – for credibility, perhaps, or when it supports their agenda; but perhaps with a false story of how they got it;
- fake material – that is meant to be believed;
- fake material – that is meant to be rejected, with the rejection indirectly supporting some other (false) narrative;
- a false claim of credit to someone else’s leak or hack.
So everything they do, has to be analyzed to death.
With that, let’s get to this article from Disobedient Media, New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked. The article is packed with interesting links, which you can surf. I’ll quote a little from its main text.
New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that [some real DNC] files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.
As I’ve blogged before, the “Russia hacking” narrative has always been shaky. First, the idea that it was endorsed by “17 intelligence agencies” is a myth. Second, to this day, the DNC has denied the FBI access to the servers/networks that were allegedly hacked. The few U.S. intelligence analysts who did endorse the Russia narrative, did so based on a DNC-paid report from CrowdStrike that has been much-questioned.
To continue from DM’s article:
The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title “NGP-VAN.” This should not be confused with the separate publication of the DNC emails by Wikileaks…
Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers…
[CrowdStrike’s] President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. [An independent researcher, Adam] Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.”
Carter recently spoke to Disobedient Media, explaining that he had been contacted by The Forensicator, who had published a document which contained a detailed analysis of the data published by Guccifer 2.0 as “NGP-VAN.”
And the article goes on to The Forensicator’s technical analysis, which I found plausible from my knowledge of computers.
You can read it yourself. Here is the high-level idea. The NGP-VAN material was real. But Guccifer 2.0 claimed to have hacked it remotely from Romania (and Crowdstrike said it had been hacked from Russia). By analyzing various timestamps embedded in the NGP-VAN material – including the times that elapsed between various computer-y events – it becomes clear that the material had to have been copied in-person, at very high speeds (not possible over a network across the Atlantic – to Romania or Russia), onto a USB device that was operated by a person physically standing at the DNC server, in the Eastern time zone.
I can’t guarantee that Disobedient Media, Adam Carter or The Forensicator tell the truth. But I thought the article to be technically plausible and worth pointing out.