New Research Shows Guccifer 2.0 Files Were Copied Locally Suggesting DNC Not "Hacked By Russians"

Tyler Durden's picture

Via Disobedient Media

New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.

The document supplied to Disobedient Media via Adam Carter was authored by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis indicates the data was almost certainly not accessed initially by a remote hacker, much less one in Russia. If true, this analysis obliterates the Russian hacking narrative completely.

The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title "NGP-VAN."  This should not be confused with the separate publication of the DNC emails by Wikileaks. This article focuses solely on evidence stemming from the files published by Guccifer 2.0, which were previously discussed in depth by Adam Carter.

Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.

The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” Carter’s website was described by Wikileaks as a useful source of primary information specifically regarding Guccifer 2.0.

Carter recently spoke to Disobedient Media, explaining that he had been contacted by The Forensicator, who had published a document which contained a detailed analysis of the data published by Guccifer 2.0 as  "NGP-VAN."

The document states that the files that eventually published as "NGP-VAN" by Guccifer 2.0 were first copied to a system located in the Eastern Time Zone, with this conclusion supported by the observation that "the .7z file times, after adjustment to East Coast time fall into the range of the file times in the .rar files." This constitutes the first of a number of points of analysis which suggests that the information eventually published by the Guccifer 2.0 persona was not obtained by a Russian hacker.

Image via The Forensicator

Image via The Forensicator

The Forensicator stated in their analysis that a USB drive was most likely used to boot Linux OS onto a computer that either contained the alleged DNC files or had direct access to them. They also explained to us that in this situation one would simply plug a USB drive with the LinuxOS into a computer and reboot it; after restarting, the computer would boot from the USB drive and load Linux instead of its normal OS. A large amount of data would then be copied to this same USB drive.

In this case, additional files would have been copied en masse, to be "pruned" heavily at a later time when the 7zip archive now known as NGP-VAN was built. The Forensicator wrote that if 1.98 GB of data had been copied at a rate of 22.6 MB/s and time gaps t were noticed at the top level of the NGP-VAN 7zip file were attributed to additional file copying, then approximately 19.3 GB in total would have been copied. In this scenario, the 7zip archive (NGP-VAN) would represent only about 10% of the total amount of data that was collected.

The very small proportion of files eventually selected for use in the creation of the "NGP-VAN" files were later published by the creators of the Guccifer 2.0  persona. This point is especially significant, as it suggests the possibility that up to 90% of the information initially copied was never published.

The use of a USB drive would suggest that the person first accessing the data could not have been a Russian hacker. In this case, the person who copied the files must have physically interacted with a computer that had access to what Guccifer 2.0 called the DNC files. A less likely explanation for this data pattern where large time gaps were observed between top level files and directories in the 7zip file, can be explained by the use of 'think time' to select and copy 1.9 GB of individual files, copied in small batches with think time interspersed. In either scenario, Linux would have been booted from a USB drive, which fundamentally necessitates physical access to a computer with the alleged DNC files.

The Forensicator believed that using the possible 'think-time' explanation to explain the time-gaps was a less likely explanation for the data pattern available, with a large amount of data most likely copied instantaneously,  later "pruned" in the production of the Guccifer 2.0's publication of the NGP-VAN files.

Both the most likely explanation and the less likely scenario provided by The Forensicator's analysis virtually exclude the possibility of a Russian or remote hacker gaining external access to the files later published as "NGP-VAN."  In both cases,  the physical presence of a person accessing a containing DNC information would be required.

Importantly, The Forensicator concluded that the chance that the files had been accessed and downloaded remotely over the internet were too small to give this idea any serious consideration. He explained that the calculated transfer speeds for the initial copy were much faster than can be supported by an internet connection. This is extremely significant and completely discredits allegations of Russian hacking made by both Guccifer 2.0 and Crowdstrike.

This conclusion is further supported by analysis of the overall transfer rate of 23 MB/s. The Forensicator described this as "possible when copying over a LAN, but too fast to support the hypothetical scenario that the alleged DNC data was initially copied over the Internet (esp. to Romania)." Guccifer 2.0 had claimed to originate in Romania. So in other words, this rate indicates that the data was downloaded locally,  possibly using the local DNC network. The importance of this finding in regards to destroying the Russian hacking narrative cannot be overstated.

If the data is correct, then the files could not have been copied over a remote connection and so therefore cannot have been "hacked by Russia."

The use of a USB drive would also strongly suggest that the person copying the files had physical access to a computer most likely connected to the local DNC network. Indications that the individual used a USB drive to access the information over an internal connection, with time stamps placing the creation of the copies in the East Coast Time Zone, suggest that  the individual responsible for initially copying what was eventually published by the Guccifer 2.0 persona under the title "NGP-VAN"  was located in the Eastern United States, not Russia.

The implications of The Forensicator's analysis in combination with Adam Carter's work, suggest that at the very least, the Russian hacking narrative is patently false. Adam Carter has a strong grasp on the NGP-VAN files and Guccifer 2.0, with his website on the subject called a "good source" by Wikileaks via twitter. Carter told Disobedient Media that in his opinion the analysis provided by The Forensicator was accurate, but added that if changes are made to the work in future, any new conclusions would require further vetting.

On the heels of recent retractions by legacy media outlets like CNN and The New York Times, this could have serious consequences, if months of investigation into the matter by authorities are proven to have been based on gross misinformation based solely on the false word of Crowdstrike.

Assange recently lamented widespread ignorance about the DNC Leak via Twitter, specifically naming Hillary Clinton, the DNC, the Whitehouse and mainstream media as having “reason” to suppress the truth of the matter. As one of the only individuals who would have been aware of the source of the DNC Leaks, Assange’s statement corroborates a scenario where the DNC and parties described in Adam Carter's work likely to have included Crowdstrike, may have participated in “suppressing knowledge" of the true origins and evidence surrounding the leak of the DNC emails by confusing them with the publication of the Guccifer 2.0 persona.

Despite Guccifer 2.0's conflicting reports of having both been a Russian hacker and having contact with Seth Rich, the work of The Forensicator indicates that neither of these scenarios is likely true.

What is suggested is that the files now known as "NGP-VAN" were copied by someone with access to a system connected to the DNC internal network, and that this action had no bearing on the files submitted to Wikileaks and were most likely unassociated with Seth Rich, and definitively not remotely "hacked" from Russia.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Occident Mortal's picture

But not Seth Rich, anyone but him.

Looney's picture

 

The Forensicator

It’s a cool moniker, although not as cool as The Fornicator.  ;-)

Looney

nmewn's picture

His name was Seth Rich.

American Psycho's picture

Well this hurts the narritive.  Back to the drawing board to illegitimize the POTUS

WTFRLY's picture

Russian hacking is just a Joominati lie, please call it what it is

robertsgt40's picture

The problem here is not finding evidence to prosecute Hitlery and the Obama administration.  The problem is finding someone with cajones tp uphpld the constitution and rule of law that will do something besides scratch their ass.

Four chan's picture

 

His name was Seth Rich.

His name was Seth Rich.

 His name was Seth Rich.

 His name was Seth Rich. 

hillary clinton had john podesta have him murdered.

Yes We Can. But Lets Not.'s picture

Not Seth Rich?

What sayeth you, Kim Dotcom?

jeff montanye's picture

i'm not kim but i put a link on zerohedge some weeks back to this same effect: 

https://www.reddit.com/r/The_Donald/comments/6d9xcm/breaking_ive_found_e...

this guy should get some credit.

Buckaroo Banzai's picture

Seth Rich may not have been the one who copied the files, but he could have easily acted as an intermediary between that person and Wikileaks.

All Risk No Reward's picture

Hillary is a puppet.

John Podest is a puppet.

The PUPPET MASTER are the Money Power Supremacists... currently incarnated as the Debt-Money Monopolists that rule over the Mega-Corporate Fascist Empire system that rules over the rest of us.

Don't be a tool, blame the ROOT CAUSE!

Jack McGriff's picture

It's the filthy fucking Jews and their dirty little Talmud whichh makes them believe they are "the chosen ones" destined to rule the world with each Joo having 1000 goy slaves.  And they not only  believe that shit but they act on it.  It isn't just the usury by the filthy Jews, it's also their monopoly on propaganda and social engineering of all manner of degeneracy via (((MSM))) and almost total control of TV.  If you are not discriminating in your thoughts and what you allow into your mind, then (((they)))) will gladly impute into your mind (((their))) filthy propaganda.  Hitler was right.

Obadiah's picture

Those that SAY they are Jews, but are not and do LIE, but are of the synagog of Satan.  Talmud Cabalist Lucifarians

Manthong's picture

 

All they had to do get evidence/record of any mass copy of Podesta’s Emails was to subpoena Google.

That would put to rest the lie that his Gmail was phished.

All that carping about some hacker shark “Password phishing” Podesta was just a fish story.

They mislead most all of the country on porpoise.

All Risk No Reward's picture

Your Debt-Money Monopolist cognitive overlords appreciate you pushing their false over-generalized narrative that provides cover for the specific ROOT CAUSE CRIMINALS that are running this crime spree. And yes, they are oppressing ordinary Jewish people, too.

You won't like that fact. Your mind is almost certainly incapable of absorbing or addressing that fact. You will probably down vote reality... because you can't admit that you are actually part of the problem so that you can change for the better...

"They Live" Bearded Man TV Transmission Scene
https://www.youtube.com/watch?v=1V-4JHT2q3w

=================================

Israel: 18 families control 60% corporate equity (2:00m in)
https://www.youtube.com/watch?v=vJrvnM9Thx4

Israeli economy is ready to COLLAPSE, MASS PANIC IN ISRAEL
https://www.youtube.com/watch?v=6TZinAPrIfg

Israelis rally for better economic conditions
https://www.youtube.com/watch?v=X3xXICtSwYE

Israel mass protests over rising living costs | Aug 2011 | BBC News
https://www.youtube.com/watch?v=-VGOO5f8RjA

Resources:

How To Be a Crook
https://www.youtube.com/watch?v=2oHbwdNcHbc

Poverty - Debt Is Not a Choice
https://www.youtube.com/watch?v=t7BTTB4tiEU

Renaissance 2.0 The Rise of [Debt-Money Monopolist] Financial Empire
https://www.youtube.com/watch?v=96c2wXcNA7A

Debunking Money
https://www.youtube.com/watch?v=5iBSBVew-3Y

Krugman (and each MIT economist professor - THEY KNOW AND THEY OCCULT!) is a Goebbelsian propagandist as he covers the crimes of wolves with his fake sheep suit and lisp.

Krugman to Lietaer: "Never touch the money system!"
https://www.youtube.com/watch?v=Q6nL9elK0EY

And don't think Steve Keen is any better. He was called to the carpet for not admitting the system is a fraud when it was explained EXACTLY HOW THAT FRAUD WORKED... and he tucked tail and ran away PRETENDING he was responsive...

The Principal And Interest On Debt Myth (technically correct, but practically reveals inherent fraud as exposed CLEARLY in the comments section)
https://www.forbes.com/sites/stevekeen/2015/03/30/the-principal-and-inte...

Bottom line - Steve Keen won't "touch the money system" either. He learned well from his Debt-Money Monopolist Overlords.

30 sheckels of silver over THE TRUTH.

"The best way to control the opposition is to lead it and/or finance it."
~Yours truly, based upon Vladimir Lenin's quote

GoldRulesPaperDrools's picture

Podesta made arrangements to have Seth Rich killed between slices of `pizza`.

Mother Fletcher's picture

While I don't think that little weasel pissant Eytalian jew  was actually the trigger man, I have no doubt he was the one who commissioned the hit.

Give Me Some Truth's picture

Re: "His name was Seth Rich ..."

Well, according to this story, Rich was not at the center of this story. Nor were "the Russians."

I've always thought the Rich angle should definitely be seriously investigated, but I was skeptical he was the one and only source of WikiLeaks' reporting. Assange, if he thought it proper, could have made a definitive statement about Rich's role (after all, if Rich WAS killed over his role in downloading the emails, this is info of great importance to a homicide investigation. Is not withholding info of importance to a homicide investigation a possible crime? It's at least a moral crime.  

Also, if we are to believe that such "spycraft" would result in the order being given to assasinate someone, it always seemed odd to me that the "hit men" didn't put two bullets into the back of the target's head. Isn't this the way it happens if one really wants to "silence" someone? You certainly don't let the person live (and potentially talk) for some unknown duration of time.

Any "certainty" that Rich was the central figure in this email release could actually prevent consideration of alternative theories.  

 

 

Bendromeda Strain's picture

Assange will not name a source. What part of that statement is unclear to you? Going forward, folks now have the option to put a deadmans switch on their identity. Failing that, Wikileaks will keep your secret unto death. Your bullets speculation reminds me of idiot conservatives and their scenario objections to 911 Truth, as if they could plan a massive conspiracy better. If the assassin wanted to make it look like a hit, he would have... ergo, he didn't.

nmewn's picture

Its always interesting when two people can see the same thing and arrive at different conclusions. So lets separate it out and then maybe you can see what I see...

"What is suggested is that the files now known as "NGP-VAN" were copied by someone with access to a system connected to the DNC internal network,...

Full stop.

...and that this action had no bearing on the files submitted to Wikileaks and were most likely unassociated with Seth Rich, and definitely not remotely "hacked" from Russia."

...that is to say, the original files downloaded by a person inside DNC headquarters, with access to their LAN, had been edited >>>before<<< being given to Wikileaks.

Now do you see it?

Not my downie by the way ;-)

ChanceIs's picture

Mike Cernivich likes to be snarky and bathe in his own wit.  Having said that, every so often he gets off a really good one. 

My favorite:  'You want to work for the DNC?  Here is what you get for working for the DNC.  You get a bicycle rack.'

Cernovich is referring to the fact that while the DNC put a commerative plaque on a bicycle rack near the downtown DC headquarters, it didn't: a) offer a reward leading to Seth's murderer's capture, b) establish a tips hotline, c) interview all of the employees who had daily contact with Seth, or d) cooperate with the FBI, DHS, etc.

His grieving parents think the bicycle rack is really cool.

chubbar's picture

All this proof of a coverup of the hacking meme, internal hacking, crowdstrike malfeasance,  and yet the FBI continues to sit around with their thumb up their ass and Mueller is still bird dogging a false trail.

It's so fucking obvious that the MSM is colluding to obfuscate what happened and the FBI is completely corrupted. Seth Rich is the story and the FBI is doing everything it can to keep it from being investigated, fucking assholes.

BlindMonkey's picture

So, is Dimi @Crowstrike a top-shelf self-loathing Russian or what?  What makes people this way?

PiratePiggy's picture

Pictures?   From the Porensicator or the Pornicator?   ;)

HRClinton's picture

But, but... 17 Intelligence Agencies! 

Winston Churchill's picture

Braverman and Seth Rich.Rich may have been set up as a patsy by Braverman as somehow he's still

alive.He must have an exceptional dead mans switch..

IndyPat's picture

Going by the article, maybe 18 or so GB worth.
That's a lot of dirt.

I totally agree with you. I think Braverman was a second party.
I think that's who Rich met at the gay bar on the way home that night.

PlayMoney's picture

They wouldn't let Homeland Security, FBI and now Mueller look at their computers. Doesn't take an Einstein to figure out there never was anything to their allegations. A bunch of crying wolf liars from the start.

Hail Spode's picture

Worse. I think Guccifer 2.0 was a DNC front to pin it on Russia. Guy did not even show up until after they knew they had been hacked. Never released anything that hurt the dems. First thing released was their oppo research FILE ON TRUMP.

Now why did they go to all that trouble to make it look like a "hack" rather than a leak? Maybe to mis-direct from their having the first leaker Seth Rich murdered?

j0nx's picture

CNN and MSNBC have been reporting on this article all morning. Oh wait, no they aren't...

seek's picture

Actually this particular leak seems to have not been Seth.

There's evidence (not this data) that was published not long after the leak that hinted pretty strongly that Guccifer 2.0 was the DNC itself leaking the information in an attempt to misdirect investigations, taint "hacking" leaks, and also an attempt to derail Trump.Note that a key part of the G2.0 storyline is "it was the Russians" and that G2.0 is an attempt by the Russians to hide their trail under the guise of a fake hacker. So it'd make sense the DNC would make something like this up to further the narrative.

And honestly the G2.0 leak is pretty shitty as far as signal-to-noise goes.

The Seth Rich stuff is much more important. All the more reason to not allow this current story displace the Seth Rich news.

IndyPat's picture

Well said.
The proof is in the pudding.

The data delivered says more about the source then the subterfuge.
G 2.0 data was weaksauce.

Nostradumbass's picture

OyVey.

How can (((we))) spin this to our advantage?

JackMeOff's picture

Ironic that this is released on the one year anniversary of the death of Seth Rich.

small axe's picture

ironic or intended? Release on the one-year anniversary provides a good "lead-in" for the media to bring up Rich's murder, assuming MSM ever deigns to mention either story.

seek's picture

It's a distraction from the murder, not a lead-in. If someone is going to cover a leak story, this is the one everyone wants reported, not Seth.

Cordeezy's picture

Only CNN and MSMS still thinks the Russians did the hacking.

 

www.escapeamazon.com

 

Give Me Some Truth's picture

Re: "Only CNN thinks the Russians did the hacking"

... Plus, 97 members of the U.S. Senate who just voted to punish Russia for said non-hacking.

Troy Ounce's picture

 

Certainly not o/t:

Israel agrees with Hungary that Soros is a threat.

http://mobile.reuters.com/article/idUSKBN19V1J4

lester1's picture

Jeff Sessions get off your mother fucking ass and assign a special prosecutor for the DNC servers and murder of DNC email leaker Seth Rich ! 

 

And if it exposes pedogate, oh fucking well !! Are you part of Pedogate Jeff ??

 

Do your job Jeff Sessions !!! ..Perhaps we need a new AG ??

new game's picture

jeffy tight lips? jeffy is in the witness protection program, apparently...

PlayMoney's picture

What? I always thought they were sexist?

Bavarian's picture

Gunned down 5 days later

my new username's picture

A logical extension of this is that Seth Rich was assassinated to create a Red Herring trail.