We were unable to load Disqus. If you are a moderator please see our troubleshooting guide.

Bubslug • 5 years ago

There's no comment in the article in the Computer Weekly article on Adam Carters forensic analysis of the "Felix Dzerzhinsky/Warren Flood" files which were the original release by Guccifer 2.0, and the reason for his initial and still standing conclusion that Guccifer 2.0 was not likely the GRU, but DNC/Crowdstrike operatives trying to implicate the GRU.

Certainly the DNC/Crowdstrike people had a strong motive to implicate the GRU as it was a way to change the media focus from the content of the WikiLeaks DNC email release to the motives of those who stole the emails,

From the Computer Weekly article comes the statement: "File internal data analysis shows that they were all stale, deadwood information, and of no relevance in 2016.". But that's true of everything G2 released isn't it? (with the exception of the Florida voter demographics research).

It makes no sense that the Russian GRU would create an entity that broadcast fingerprints pointing to Russia and Russians. They would keep their mouth shut and deliver the material to WikiLeaks as invisibly as possible.

I think the final word will come from Assange who claims the DNC emails came from an insider. Right now he's in a quandary since the obvious proof the DNC emails came from an insider is the name of the insider, and the cardinal rule of WikiLeaks is to not reveal sources. That said he might have other forensic irrefutable evidence of an insider he could reveal that wouldn't necessarily reveal the name of the insider.

Ian • 5 years ago

Here's Disobedient Media's response:
https://disobedientmedia.co...

Here is an excerpt from that response:

"The Misquoting Of Bill Binney

Disobedient Media recently spoke with former NSA Technical Director Bill Binney, a co-founder of Veteran Intelligence Professionals for Sanity, who was featured in Campbell’s article.

Binney told us that he stands by the assessment made in the VIPS memorandum to President Trump, published last year. He told us that Duncan misrepresented his statements describing Guccifer 2.0 a fabrication. While speaking with us, Binney utterly refuted Campbell’s dishonest portrayal of Binney having changed his stance on the issue.

Binney told this author that he referred specifically to Guccifer 2.0 as a fabrication, adding that it doesn’t matter where the information was downloaded, or when, or that the information was manipulated, because the point is that it was not hacked, and the who/where does not alter that fact. He said that Guccifer 2.0 was: “Clearly a fabrication, a fake, put out there to confuse. Timing is irrelevant, fake is fake. You can manipulate timing, you can change anything, but it doesn’t matter. It makes no difference.”

He added: “We [VIPS members] were calling it fake from the beginning, and we still do.”

Binney told us: “We agreed it was a download, not a hack, the whole thing was a set up – we can’t prove who is responsible or where they were located, but that is irrelevant because it was still a download, not a hack, which tells us that the Guccifer 2.0 persona was a fabrication.” He added that Julian Assange and Craig Murray can prove the origin of the information, and that both have stated clearly that the Russian state was not their source.

Binney confirmed that, though Campbell captured the essence of what he said in terms of referencing a fraud, Campbell distorted Binney’s view by framing its presentation so as to appear as if he had changed his mind on the matter.

Binney stated that he found Duncan’s article to be ‘long and confusing,’ lacking in evidence, adding that he prefers a “Nice, clear argument, with lots of evidence” Binney explained to Disobedient Media that he also took issue with Duncan’s presentation of the Mueller indictments, and with the vicious doxxing of Adam Carter in what he called some “Some vague attempt to suggest that Carter is an agent of the Russians.”

Binney reminded this writer that if a hack had occurred, the NSA would have been able to show not only that the intrusion took place, but who was responsible, and where the information was went. Binney stated that the lack of such evidence having been produced by the NSA, especially the inability to prove that hacked information was ever sent to WikiLeaks, may have played a role in the NSA’s lukewarm “moderate” confidence in Russian interference, in comparison with the CIA and FBI’s confidence in the matter. Binney added that in this case, the only agency whose opinion matters is the NSA’s."

Mathias Alexander • 5 years ago

Assange is the target here.

ace_in_space • 5 years ago

I don't have a dog in this race, but something I read this morning is directly critical of Duncan Campbell's conclusions:

https://twitter.com/Climate...

Steve McIntyre is a Toronto mathematician of long-standing repute
who has done much work to expose the serious problems in global warming
studies and hypotheses of the last decade. His website "Climate Audit"
has been sharply attacked by global warming
advocates, but not his science or math. He has recently been looking
at the mechanics of the DNC hack and pointing out the anomalies in the
hype surrounding same.

https://climateaudit.org/

Duncan Campbell contacted him for further information regarding
Guccifer2 and the hack and has now published an article that McIntyre
finds lacking. His tweet thread linked above discusses this.

Peter C. • 5 years ago

Based on a cursory look, I am not too sure about McIntyre's credentials. Most of his scant output in the peer-reviewed literature appears in very low-impact scientific journals, and these papers don't seem to add much to the overall endeavor of understanding climate variability - rather than doing much actual research, he seems content to point out shortcomings in the work of others. In other words, it looks more like the output of somebody with an axe to grind rather than someone who seeks genuine understanding. And his scientific claims have been strongly criticized in the literature, contrary to your suggestion.

Bubslug • 5 years ago

You're honest at least about how cursory your look is. I've followed McIntyre since 2006. He has had a large impact on the climate science community and was recognized as a person with significant statistics skills by the IPCC who invited him to participate in the 4th assessment report as an expert reviewer for the paleoclimate chapter. I get it that the "consensus" climate community doesn't like him as he has repeatedly pointed out their errors and bad practices like post hoc data selection, but thank God there's still a few dedicated critical thinkers like McIntyre left to stand as a breakwater against the pervasive tendency to group think in modern western culture.

Peter C. • 5 years ago

Thanks for your thoughts. I don't dispute that there is a "heard instinct" in many areas of science. Also, all studies have limitations and often shortcomings as well, and it is valid to point those things out. While such criticisms may influence the overall discourse, however, they are not really constructive. Pointing out imperfections does not mean that anybody is either right or wrong, it just means that we need sharper tools and better methodology. Scientists would probably be more inclined to treat McIntyre as a peer if he did original research to rigorously test his own hypotheses, rather than just sniping at them from the sidelines.

Little or nothing in science is ever proven beyond the shadow of a doubt, and there's a chance that the threat of climate change has been overstated. There's also a reasonable chance that I would not get lung cancer if I smoked two packs of cigarettes a day, and a good chance that I would not get into an accident if I had six beers and then went for a drive around town. The logic that says I should do those things anyway is the same logic that says we should ignore evidence that human activity contributes to climate change.

disqus_yLE9LMZY2g • 5 years ago

You observe that negative criticism of defective studies "just means that we need sharper tools and better methodology". I agree entirely. When I first encountered the articles that I subsequently criticised, I did not claim to have an answer; only that the conclusions of criticized articles were not supported by data and methods. I was approached at AGU at height of controversy by a couple of climate scientists who told me - under drop-dead pledge not to identify them (for fear of retaliation) - that only way past my critique was better proxies, development of which might take ten or twenty years or more.

As to my lack of more substantial output in peer reviewed literature, at the time, I had a very large audience at my blog while facing very fierce obstruction to publication in climate journals. As an example of latter, one submission in which I was coauthor was anonymously reviewed by author who was being criticized. (We learned this later.) Eventual review file had over 100 pages, 4 revisions with key points unreasonably forced to be removed. This biased me towards moving on to fresh blog topics, rather than more formal contributions to academic journals.

There's a lot of interesting publishable material at the blog which could have been built up into journal articles. If I'd been younger or an aspiring academic, I'd have worked through such problems.

But I was doing this for my own interest and out of my own resources. I had a very large audience and attracted a lot of attention, so I could hardly complain.

I also felt that the professionals in the field had some responsibility to clean up their own act and properly understand the defects of their preferred proxies and methods. It surprises me that specialists continue to have such poor understanding of how their results are contaminated by data snooping, data mining and ex post selection.

Peter C. • 5 years ago

Thanks, Stephen. I have also occasionally found my data and interpretations to be on the wrong side of the dogma (albeit in a completely different field) and thus can empathize with the challenges you have faced in publishing. The peer review system definitely has its shortcomings, but it's still the best way to move science forward. Perhaps you could find some sympathetic collaborators who are well established, or maybe even try publishing under a pseudonym?

As alluded to above, I think a big part of the problem is a general public that fails to grasp the nuances of science, and contains many individuals who seem to believe that if a thing is unproven then it must also be untrue. The danger is that proponents of the fossil fuel industry start from such a premise and insist that society will be worse off if we use these resources at a reduced rate, which is utter nonsense (and don't get me started on those who claim that regular scientists are somehow getting rich through their climate studies). The prudent thing is to first figure out what's going on, but until then conduct ourselves in a "worst case scenario" manner. The stuff's been in the ground for millions of years, and it's stupid and selfish to be extracting and burning it up indiscriminately.

Skip Folden • 5 years ago

I know he is sincere and a true believer is his world view of Russiagate as historical fact, and that those who find fault with this evidence free set of allegations are probably either Russian agents of dupes. Unfortunately, despite his sincerity, this Duncan Campbell (DC) article is a hit piece and misleading,

No theory alluded to in DC’s article “bit the dust.”

I will summarize some facts at a high level here.

1) You will not find this inconvenient fact in the DC hit piece.

A “pro-Kremlin disinformation campaign” would not have cooperated and supported the request to Rosenstein and Mueller to verify its analysis. Adam and Forensicator did in fact cooperate and support this request, which I submitted. From the list of requested verifications, No. 3: “Recent metadata discoveries by independent cyber forensic experts” Those were identified as Adam Carter and Forensicator with their relevant analysis links included in the report. The receipts of this request by the Offices of Rosenstein and Mueller were acknowledged almost a year ago on August 25, 2017. Further, the request also suggested that the Adam / Forensicator analysis be passed onto the FBI forensic experts for assessment.

It is therefore fallacious that anyone, including DC, could with a straight face accuse or imply that Adam Carter, Forensicator or by implication the VIPS memo (using some Forensicator analysis) is part of a “pro-Kremlin disinformation” campaign”. No-one would ask DoJ, Mueller, and FBI forensics to verify their “pro-Kremlin disinformation.”

2) Nothing of Forensicator’s analysis has been disproved. His actual quotes on the EDT location subject are below.
3) Main point was / is the alleged “hack” was a local copy onto a removable storage device, e.g., thumb drive, and not an international “hack” due the required transfer rate. Some disagree; that’s fine and their right to do so. To call it a “disinformation campaign” is over the line.
4) DC makes several references to “right-wing site Breitbart News,” without disclosing that it was only one of many news sites across the board listed by Adam.
5) DC labels Adam Carter as a “false name,” with implications of something negative. For educational purposes to DC, it is called a pseudonym, as heavily used by authors and others to separate personal from professional writings. DC’s hit piece is an excellent example why such is sometimes necessary.

DC implies that Forensicator’s conclusion of EDT was proven wrong. DC knows this implication is incorrect and misleading. Whereas it cannot be proved, it has not been disproved. Forensicator’s conclusion is a detailed, documented deductive analysis based on all the existing time stamps actually found in the records. Conclusion not proved - not disproved.

Bill Kinney’s actual words summarizing results of his meeting with DC on this subject:
“Third: we could not show that the time stamps were done on the east coast i.e. we can’t show where the time stamps designate “ Correct, I, Ray McGovern, Adam and Forensicator agree. In communications with me Bill said, “When it comes to the time stamps and addressing them, Skip has it right. The time stamps were what they were. We could not prove them to be correct; but, it does not matter ...” (Bill’s most important point, is that the “hack” was a local copy to removable storage, e.g., thumb drive, and not an international “hack” due the required transfer rate.)

What Forensicator actually said:

July 09 2017: “This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast ... [also] The computer system where the working directories were built had Eastern Daylight Time (EDT) settings in force. Most likely, this system was located somewhere on the East Coast.”“

Between July 17 and Dec 31: “ ... any conclusions reached from an analysis activity will be balance of hard facts and judgments based on experience and perceived probabilities and plausibilities ...” AND “Timezone remained set as Eastern time throughout all dates of transfers and while system clocks and locale settings can, of course, be changed - it would be illogical for someone claiming to be in Romania - to set their timezone to something that would then contradict it.” [my addition: or someone trying to make it look like the GRU to set location to EDT].

TTG • 5 years ago

Please correct me if I’m wrong, but isn’t this the core theory put forth by the VIPS memos concerning the Russian hack?

“Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computer. After examining metadata from the “Guccifer 2.0” July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device."

Even with the Forensicator metadata analysis being largely technically correct, the conclusions made were a bridge too far. Some of the VIPS members, including Thomas Drake and Phil Giraldi, thought that. Stephen McIntyre said that in comments he made here and in his twitter comments and that is the central point of the Campbell piece.

I do agree that calling all this a “pro-Kremlin disinformation campaign” is a bit much. To think that VIPS and even the Forensicator are active members of a Russian information operation (IO) is absurd. However putting the Forensicator metadata analysis, along with the conclusions espoused by VIPS, before the President, CIA Director, DoJ, Mueller and FBI forensics fits perfectly into the Russian IO objectives first mentioned in the January 2017 ICA.

I do wonder what is driving the VIPS insistence that Russia did not hack the DNC and did not conduct an IO against the US. Richardstevenhack, another correspondent here, has said that disproving the Russian hack of the DNC is key to collapsing the whole Russian interference investigation and removing a major threat to the Trump presidency. I sincerely doubt VIPS is driven by any simple adoration of Putin’s Russia or Trump’s presidency. If it is to stop another rush to war, that is a laudable motivation. Those who are screaming that Russian interference in the 2016 election was an act of war are wrong. It was no more an act of war than RFE and VOA. I said as much back in December 2016 when I first opened this can of worms.

http://turcopolier.typepad....

Finally, the VIPS theory that the Forensicator analysis proves the DNC hack was not a Russian hack, but an insider leak is the theory that is biting the dust. You and others have walked back some of the original conclusions surrounding the time stamps and transfer speed, but have left the basic VIPS theory intact. Perhaps you can lift that original theory out of the dust. I enthusiastically invite you to do so, not just in a comment, but in a stand alone post on this forum. I'm sure Colonel Lang will gladly publish it.

Publius Tacitus • 5 years ago

The VIPS dispute the hack story for one simple reason--NO GODDAMN EVIDENCE TO SUPPORT THE CLAIM. The insistence on a hack is based on no evidence whatsoever. It is repeated over and over and, by virtue of repetition, is now supposed to be accepted as fact.

disqus_yLE9LMZY2g • 5 years ago

We agree on nearly all points here, except on Campbell. That the VIPS analysis went "a bridge too far" was also asserted by Forensicator and Carter - you should have pointed that out as well. Campbell incorrectly smeared them for crossing that bridge, when they expressly disassociated themselves from the VIPS analysis.

I acknowledge that there are obiters in Forensicator's earliest analysis that, to further the metaphor, pointed across the bridge, but, when the issue was raised, Forensicator clearly and explicitly said that the bridge should not be crossed. Campbell knew that (as I can vouch from an email from him to me). Campbell's article should be consigned to trash.

Ironically, the Mueller indictment undoes one of my most serious objections to the VIPS copying theory. Prior to Mueller indictment, everyone had thought that Crowdstrike had expelled Fancy Bear by June 10 or so, thus making it implausible that the July 5 copying that was the subject of Forensicator/VIPS analysis was relevant to measurement of exfiltration speeds.

But Mueller reported that Fancy Bear lingered in the DNC-DCCC system until October! Thus, it's not possible to dogmatically say that July 5 wasn't an exfiltration operation - tho it's also impossible to say with high confidence that it was. On public information, we don't know.

In respect to ultra nihilistic questioning of the authenticity of the timestamps in the zipfiles, these seem genuine enough to me. The metadata in G2's original 1.doc seems to have been inserted for some sort of provocation, though the precise intent of the insertion remains very unclear to me.

TTG • 5 years ago

Thanks for fully enlightening me on Forensicator's and Carter's positions on the VIPS use (or misuse) of their analysis. I read through a lot of that today and imagine they are none too thrilled about the VIPS take on their data. Too bad that fact doesn't get the play that the VIPS theory gets.

disqus_yLE9LMZY2g • 5 years ago

"none too thrilled" is rather mild term for Carter's current state of mind. In my experience, he's always tried to interpret available information in complete good faith. I can't say the same about Campbell.

Barbara Ann • 5 years ago

Thanks for your valuable contribution to this discussion Mr Folden. Can I ask if your technical report mentioned in the VIPS memo of July 24th 2017; "Cyber-Forensic Investigation of ‘Russian Hack’ and Missing Intelligence Community Disclaimers" is in the public domain? If not, would you consider posting a link to it here?

Pat Lang • 5 years ago

Folden suggested a response from TTG and I have forwarded the note to TTG.

Pat Lang • 5 years ago

Are you a member of VIPS?

Richard Steven Hack • 5 years ago

As an aside to something I wrote about Guccifer 2.0 some time back based on a DataBreaches.net story about Mark Dougan, a Florida police officer who fled to Russia, Adam Carter (now revealed to be Tim Leonard per the Campbull article) analyzed the Mark Dougan connection to DCLeaks and Guccifer 2.0 back on July 9, 2018

The Man Who Cried Volf
http://g-2.space/badvolf/

Carter pretty much demolishes Dougan's connections to pretty much anything except Dougan's own deceptions, which appear to be monetarily motivated via a book deal.

Worth checking out to eliminate Dougan having any real connection to the alleged "Guccifer 2.0" entity or Seth Rich.

Also, earlier in June, Leonard covered the probability that the CIA's Vault 7 hacking tools might have been used by Guccifer 2.0 and concludes that it is unlikely - although he hints at the end that CrowdStrike might have been involved with the X-Agent package attributed by CrowdStrike to the alleged "Fancy Bear" Group.

Vault 7’s Viability Is Limited When It Comes To The DNC “Hack,” And Guccifer 2.0
https://disobedientmedia.co...

This piece over at ClimateAudit is worth checking out. The article itself leads nowhere, as the author finally admits, since the title is explained by one of the commenters, but the comments themselves are worth reading.

A Russian Spearphishing Domain Is Now Hosted in New York City
https://climateaudit.org/20...

Barbara Ann • 5 years ago

The Computer Weekly article is long on hominem and disappointing short on computer forensics, given it's author is a "recognized computer forensic expert witness". Frankly I couldn't care less if 'Adam Carter' and The Forensicator turn out to be the Putin himself. Until I see evidence disproving The Forensicator's assertion that the "Russian fingerprints" could only have been inserted with deliberate intent into the G2 documents, I remain to be convinced that Adam Carter's core theory about the 'hack' being a false flag is wrong.

Binney's position is clear. He & McGovern republished the VIPS memo of July 24th 2017 addressed to Trump 2 days after the indictment was published. This was many months after supposedly "chang[ing] his mind" when meeting with Campbell.

Again - where is the evidence to show the Russian fingerprints can be explained by opsec error, rather than breadcrumbs?

https://consortiumnews.com/...

https://theforensicator.wor...

TTG • 5 years ago

So the inclusion of "Феликс Эдмундович" in the Guccifer 2.0 data is enough to convince you the Russians are not involved? That was too easy and similar to how I convinced Russians and others i was not a Fed by by deliberately declaring I was an FBI special agent. You don't understand hacker culture.

Bubslug • 5 years ago

What has "hacker culture" to do with professional intelligence? G2 was noisy and incompetent, the opposite of the GRU. Someone badly wanted a narrative of a Russian intelligence source for the Wikileaks DNC emails release. The creation of G2 was a quick response to pre-empt the pending release of communications damaging to the HFA campaign

TTG • 5 years ago

You don't understand the concept of cover in these operations. Here's a story about FBI Special Agent Kieth Mularski who masqueraded as a cybercriminal for two years. I knew him well. That's what it means to carry a "hacker culture" cover.

https://www.cnet.com/news/q...

Bubslug • 5 years ago

I think what your trying to say is the GRU (the same group Crowdstrike described as having "superb tradecraft") were smart enough to cleverly emulate the flamboyant character of a hacker, but stupid enough to leave obvious Russian fingerprints everywhere.

You're claiming the Russian fingerprints were a mistake, because the GRU were rushed into action. I agree the creators of Guccifer 2.0 were rushed, but disagree those creators were the GRU. The DNC/Crowdstrike probably only discovered that damaging documents were leaked on June 12 when Assange noted they had a pending release of material pertinent to the HFA campaign. They likely quickly realized that the Crowdstrike software had missed a significant exfiltration, so they concocted a plan to get in front of the story by creating a false link between WikiLeaks and Russian intelligence.

And it worked. Every time a media commentator interviewed a Democratic representative and asked about anti-Saunders, pro-Hillary bias in the DNC, they changed the channel to "the Russians".

Barbara Ann • 5 years ago

"Felix Edmundovich" could indeed easily be hacker bravado, but something obviously inserted deliberately it is not relevant to this argument.

The 'Russian fingerprint' The Forensicator focuses on is the error message in Cyrillic. This has the appearance of accidentally appearing when a document was printed to pdf in a version sent to Gawker & The Smoking Gun (TSG) just ahead of its release by G2. Matt Tait & many others have assumed as much in fact, as indeed they may have been expected to. However, The Forensicator demonstrates that the only way this error message can in fact be generated is via a series of deliberate measures with the specific intent to create an error message in Cyrillic. He further demonstrates that out of all of the documents available from the Podesta email attachments which could have been used, just one meets the 2 criteria necessary: 1) including a url which would generate the error (4 out of over 2000 fall into this category) and 2) some plausible connection to Trump which would justify being included in the release - 3 of the 4 have none. The fact that this uniquely suitable document was in the very first G2 release and the very one released to Gawker & TSG in pdf form (with the Cyrillic error message, which was bound to be noticed) stretches credulity to breaking point. Rather than coincidence, a much more plausible conclusion is that someone doctored the file to deliberately leave a Russian breadcrumb. The fact that the GRU would choose to do this seems far-fetched, to say the least.

If Campbell is such a forensic whizz, I'd suggest his time may be better spent on an article proving that The Forensicator is wrong. I personally will be happy to abandon Adam Carter's theory as soon as I see proof that this breadcrumb could instead have been accidental opsec error.

Finally, I'd just like to say I greatly appreciate this forum as a place where opposing points of view may be held & argued over, it is a rarity these days. In some ways I hope you are right TTG, as the implications of Carter being right are grave indeed.

TTG • 5 years ago

I share your appreciation of this forum. The spirited give and take is refreshing. It spurs me to read more since otherwise I wouldn't spend near this much effort at this.

I think too much is being made of Guccifer 2.0. The DoJ/IC position as laid out in the indictment of the GRU 12 is that it was hastily cobbled together by the GRU in two days in reaction to the DNC publicly announcing that its systems were hacked and it was probably the Russians. To get ahead of that story line, the GRU created the Guccifer 2.0 entity to knock down the Russian connection. The first released files were probably slapped together quickly and without thorough checking.

As many have pointed out, Forensicator/Carter/Leonard never claimed the metadata research indicated an insider leaked the DNC info. That was others like VIPS, FoxNews and Brietbart who made that leap. Even so, the entire Guccifer 2.0 effort proved valuable in feeding the conspiracy theory that CrowdStrike created it.

Richard Steven Hack • 5 years ago

In other words, TTG, the GRU compounded all the other bad OPSEC they did by creating a guy who would eventually be exposed as a Russian and a fake.

The exact same theory supports the notion that the DNC (or someone else with skin in the game) created this guy as a means of supporting the "Russian hack" narrative.

Because that IS what actually happened. Guccifer 2.0 became the poster boy for the "Russian hack" narrative and that's exactly what Mueller focuses on in his indictment.

So cui bono? Who REALLY benefits from creating G2? I submit it is the DNC who needed someone to cover up the FACT that there was a LEAK.

And we can be pretty sure there WAS a leak, because 1) Wikileaks has said so and they have zero reason to lie about it, and 2) again, we have Sy Hersh...

David Habakkuk • 5 years ago

Barbara Ann,

One small correction to what I wrote about Tait here some days back.

As I noted, the claim – still being made – that he ran a consultancy called ‘Capital Alpha Security’ is patently part of deception operation, as the company only ever filed ‘dormant company accounts’, and last month the ‘Final Gazette notice for compulsory strike-off’ was filed with Companies House.

I was wrong, however, in simply assuming that this was a guarantee that he could not have been funded through the company.

A ‘Reuters’ article from March 2016, entitled ‘Insight – How UK company formation agents fuel fraud was subsequently drawn to my attention.

(See https://uk.reuters.com/arti... .)

Relevant paragraphs:

‘An indication of the scale of fraud through UK companies can be found in data detailing 1.3m transactions that originated in Russia and Eastern Europe and passed through two U.S. banks between April 2006 and November 2008. A Reuters analysis of the data shows that nearly $2 billion (£1.3 billion) was paid into the bank accounts of newly-created UK companies and limited liability partnerships (LLPs) that went on to claim in corporate filings that they were not trading and were dormant.

‘Receiving large sums of money while claiming to be dormant is a breach of UK company and tax laws.’

What the article also made clear was that procedures to check the accuracy of accounts, let alone to punish violations, were practically non-existent. It is not however clear to me -- yet -- whether those who use dormant companies to transfer small quantities of money are automatically engaging in fraud, or exploiting a loophole in the legislation.

The data look as though they were fed to Reuters to highlight the role of British banks in money-laundering out of Russia and Eastern Europe. However, I think there is every reason to suspect the same thing happens with monies originating in the Middle East, and indeed in the West.

Moreover, there are increasing signs that such shenanigans are commonly used to disguise who is really ‘pulling the strings’ in ‘information operations.’

Just one more piece to fit into a jigsaw, suggesting that Tait is a dirty disinformation peddler collaborating closely with others of his kind.

Tolerably Awful • 5 years ago

Except that nothing that article claims about Binney's perspective is true. Sadly, Twitter is posting the wrong post for some reason, rather than the one I'm trying to link to. Here's what was later revealed:
"Update: Binney is standing by his conclusions and says that @dcampbell_iptv has misrepresented him"

From the article that Mate references:
"Binney told us that he stands by the assessment made in the VIPS memorandum to President Trump, published last year. He told us that Duncan misrepresented his statements describing Guccifer 2.0 a fabrication. While speaking with us, Binney utterly refuted Campbell’s dishonest portrayal of Binney having changed his stance on the issue.

Binney told this author that he referred specifically to Guccifer 2.0 as a fabrication, adding that it doesn’t matter where the information was downloaded, or when, or that the information was manipulated, because the point is that it was not hacked, and the who/where does not alter that fact. He said that Guccifer 2.0 was: “Clearly a fabrication, a fake, put out there to confuse. Timing is irrelevant, fake is fake. You can manipulate timing, you can change anything, but it doesn’t matter. It makes no difference.”

He added: “We [VIPS members] were calling it fake from the beginning, and we still do.”

Binney told us: “We agreed it was a download, not a hack, the whole thing was a set up – we can’t prove who is responsible or where they were located, but that is irrelevant because it was still a download, not a hack, which tells us that the Guccifer 2.0 persona was a fabrication.” He added that Julian Assange and Craig Murray can prove the origin of the information, and that both have stated clearly that the Russian state was not their source."

Binney stands by the VIPS work; the ComputerWeek article is a carefully crafted work of deceit.
https://disobedientmedia.co...

Richard Steven Hack • 5 years ago

NOTE: This has turned rather long, so bear with me...

I should point out that the Forensicator analysis was never about the Wikileaks files, but about the alleged Guccifer 2.0 files. But it was Binney who repeatedly argued that the Forensicator's results should apply to the alleged DNC "hacK' in toto, including the Wikileaks files - probably because that is the official US government narrative, i.e, that Guccifer 2.0 hacked the DNC and turned the emails over to Wikileaks - despite the fact that no one has ever proven where Wikileaks got its version of the files.

And of course, Wikileaks continues to deny that the Russian government or any Russians at all, Guccifer 2.o or otherwise, were involved.

And then, of course, we have Sy Hersh...

Now, as to whether Binney is correct that "Adam Carter's" analysis of OTHER aspects of Guccifer 2.0 are incorrect, I'll have to read the article in detail to see whether that's proven.

Having just read the piece, I see no evidence establishing the alleged fact that at least some of the material produced by Leonard (the erstwhile "Adam Carter") is indeed false. None of it appears in the article. The article spends most of its time discussing the alleged time stamp manipulations which are the basis of The Forensicator's analysis which, again, has nothing to do with Wkileaks files, nor does it have anything to do with Leonard's other analyses of Guccifer 2.0.

Again, no one can prove who did what to the files reported on by Leonard and the article doesn't really attempt to. It's merely assumed that "GRU agents" were involved. All that Binney agreed to is that the files appear to have manipulated timestamps, which was always a possibility, albeit considered by Leonard to be "unlikely".

The bottom line, as Binney states, is 'we don't know where and when they were downloaded." Which was also always true, except VIPS - including Binney - previously insisted otherwise. And we still don't know if any of these actually came from the "real" Guccifer 2.0 - assuming he exists, GRU agent or otherwise.

Clearly there is enough here to basically eliminate The Forensicator's analysis as worth much going forward. That much is probably true. But that's about it. There are still a lot of questions about who "Guccifer 2.0" really was and whether he was a disinformation operation to prove Russians hacked the DNC or a disinformation operation to prove they didn't.

The article also insists on stating:

"Guccifer 2.0 claimed credit, tweeting – accurately, it now appears – that WikiLeaks had published documents “I'd given them”. - which is by no means "accurate" UNLESS you accept that the Mueller Indictment is absolutely factual AND that Wikileaks received its DNC documents from Guccifer 2.0 - for which there is NO evidence, let alone proof.

The article also repeats this this claim:

"WikiLeaks founder Julian Assange also planted a public pointer to Rich, after Guccifer 2.0 claimed to have provided the stolen DNC emails to WikiLeaks – a claim also shown to be accurate, according to evidence described in the latest US indictment." Again, IF you assume there is any actual evidence in the Mueller indictment - which there isn't - merely assertions.

The rest of the article is a hit piece on Leonard personally, which is fundamentally irrelevant unless you assume, as the article does, that everything he's said has been made up from whole cloth because he's an "unreliable hacker.". Given that a lot of his articles on the g.2 blog refer to public source information, it's not clear that this is true.

And now we have the rebuttals beginning to appear, starting with Elizabeth Vos's response in Disobedient Media.

Opinion: On The Latest Establishment Attack Launched Against WikiLeaks, Independent Media
https://disobedientmedia.co...

Among other points of interest is the following concerning William Binney:

Quote

Disobedient Media recently spoke with former NSA Technical Director Bill Binney, a co-founder of Veteran Intelligence Professionals for Sanity, who was featured in Campbell’s article.

Binney told us that he stands by the assessment made in the VIPS memorandum to President Trump, published last year. He told us that Duncan misrepresented his
statements describing Guccifer 2.0 a fabrication. While speaking with us, Binney utterly refuted Campbell’s dishonest portrayal of Binney having changed his stance on the issue.

Binney told this author that he referred specifically to Guccifer 2.0 as a fabrication, adding that it doesn’t matter where the information was downloaded, or when, or that the information was manipulated, because the point is that it was not hacked, and the who/where does not alter that fact. He said that Guccifer 2.0 was: “Clearly a fabrication, a fake, put out there to confuse. Timing is irrelevant, fake is fake. You can manipulate timing, you can change anything, but it doesn’t matter. It makes no difference.”

He added: “We [VIPS members] were calling it fake from the beginning, and we still do.”

Binney told us: “We agreed it was a download, not a hack, the whole thing was a set up – we can’t prove who is responsible or where they were located, but that is irrelevant because it was still a download, not a hack, which tells us that the Guccifer 2.0 persona was a fabrication.” He added that Julian Assange and Craig Murray can
prove the origin of the information, and that both have stated clearly that the Russian state was not their source.

Binney confirmed that, though Campbell captured the essence of what he said in terms of referencing a fraud, Campbell distorted Binney’s view by framing its presentation so as to appear as if he had changed his mind on the matter.

Binney stated that he found Duncan’s article to be ‘long and confusing,’ lacking in evidence, adding that he prefers a “Nice, clear argument, with lots of evidence”
Binney explained to Disobedient Media that he also took issue with Duncan’s presentation of the Mueller indictments, and with the vicious doxxing of Adam Carter in what he called some “Some vague attempt to suggest that Carter is an agent of the Russians.”

Binney reminded this writer that if a hack had occurred, the NSA would have been able to show not only that the intrusion took place, but who was responsible, and where the information was went. Binney stated that the lack of such evidence having been produced by the NSA, especially the inability to prove that hacked information was ever sent to WikiLeaks, may have played a role in the NSA’s lukewarm “moderate” confidence in Russian interference, in comparison with the CIA and FBI’s confidence in the matter. Binney added that in this case, the only agency whose opinion matters is the NSA’s.

End Quote

While I suspect Binney is still over-estimating the value of the Forensicator's analysis, he is correct in that Guccifer 2.0 was a "fake". in his terms, of some kind. The question remains: whose fake? Leonard claims one side, Campbell claims another. Neither provides sufficient proof in my opinion.

On the other hand, Jessalyn Radack, who represents Binney, says on Twitter that Campbell did NOT misrepresent Binney's views but that Binney has changed his mind on the DNC being a hack. Someone is either incorrect or misrepresenting his views.

Elizabeth Vos responded to Radack as follows on Twitter today, August 1st, 2018:

Elizabeth Lea Vos‏ @ElizabethleaVos
Hi, @JesselynRadack: I spoke with Bill Binney this morning, and he expressly stated he did not change his mind, and stands by the 2017 VIPS memo. @dcampbell_iptv dishonestly portrayed the Forensicator as the "fabrication" Binney referred to. In fact BB was describing #Guccifer2.0
2:16 PM - 1 Aug 2018

So pick who you believe...I'll wait until I hear Binney's own voice clarifying things...

Which I believe I've now heard on this Youtube interview with Bill Binney published July 16, 2018:

Former NSA Tech Director & Tomi Collins Explosive Report on Russian Lie
https://www.youtube.com/wat...

He reiterates the claim that Guccifer 2.0 fabricated the data used by Mueller in the indictment and reiterates that there is no evidence that Guccifer 2.0 could have transmitted the data described over the Internet as claimed by the Mueller indictment. He also reiterates that the NSA would have evidence of the hack if in fact it was done over the Internet and would have the data if it were transmitted by Seth Rich over the Internet to Wikileaks.

So it would seem that he has NOT changed his mind that the DNC leak was instead a "hack."

Also of note: " (It was after Carter wrote a critique of an article co-authored by Campbell about the VIPS memo that the latter’s doxxing campaign against Carter first began.)

Oh, and then there's Jeffrey Carr's Twitter response to the Mueller indictment:

Jeffrey Carr‏ @jeffreycarr
GRU Covert Election Fuckery TTPs:
1/ use known RU threat actors
2/ use known RU malware,
3/ use RU companies for attack infrastructure
4/ open a stolen document on a work computer named Iron Felix 5/ launch your own website

"Covert" is GRU's middle name.

#MuellerIndictment
3:45 PM - 16 Jul 2018

Publius Tacitus • 5 years ago

TTG,
I shared your article with Bill Binney. He sent me the following comment:

"I’m not sure what theory bits the dust in this article. G-2 is a fake and not a hack from Russia. All the other inconsistencies timing etc. don’t change or modify the fact that G-2 is a fake. Also, I would add that DC article accepts the idea that the data is from NSA. I don’t. They need to prove that as NSA only had moderate confidence that the Russians did it - means they don’t have evidence. Aside from that, if it is NSA data, it would be classified and therefore redacted in any public documents. So, more likely to be from Croudstrike or others but in any case we still would need to know the chain of evidence control."

Clonal Antibody • 5 years ago

Here is an interview with Bill Binney on this topic from yesterday. It is quite consistent with what you are saying.

Bill Binney: It was NOT a Russian Hack

sathearn • 5 years ago

I read the DC article a couple days ago and the following is based only on memories and limited conceptual understandings of what was in that and other articles I've read.

To my mind there were a lot of points in the DC piece that might potentially be marred by uncritical acceptance of the official Russia narrative.

However one point stood out as utterly damning against Carter/Leonard if true, and that is the connection between Leonard's computer server and "Guccifer 2.0's" appearance via internet connection at a conference in England in September 2016. Yet I don't see this explicitly mentioned as a central allegation against Leonard in discussions here or elsewhere.

Based on the quoted statement by Binney, above, is the evidence on which this bombshell allegation against Leonard is based included in what Binney describes as being alleged by DC to have come from NSA? Does Binney have in mind _this_ allegation in his suggestion that Crowdstrike or others are more likely to have been DC's source for the data the latter uses, and hence stressing the need to carefully look at the chain of evidence control, since Crowdstrike or others might have an interest in deflecting suspicion from themselves onto Leonard?

Based on Binney's many recent statements regarding his finding that the Guccifer 2.0 datasets dated Sept 1 and Jul 5 2016 seamlessly merge - as showing that whoever is behind Guccifer 2.0 is tampering with data - must we then conclude that the reason for the matching is that both sets bear the imprint of a basic operation that was carried out on a single date (i.e. at least one of the given dates is fabricated)? Thus, the July 5 date may have nothing to do with when the data was actually copied (Guccifer 2.0 released the data from said alleged hack on Sept 13).

A point already noted by some, but often confused by others, is that Yes, the "July 5" NGP-VAN transfer was a local copy to a thumb drive (wherever and whenever "local" may be), but this is irrelevant to whether the DNC and Podesta Wikileaks troves themselves were leaked or hacked.

Binney is no doubt right to stress the need for care regarding just which which theories bite the dust. Same regarding contentions that he has or has not changed his mind (about which items specifically?). But now it would seem that Leonard is under suspicion as being potentially a participant in the Guccifer 2.0 fabrication (or alternatively as the victim of a viciously manipulative false allegation). Don't know how this will play out, but it seems to me a central issue.

TTG • 5 years ago

The only one claiming G2 was the DNC hacker was G2. The IC and FBI quickly saw it was a fake, a hastily slapped together reaction to the 14 June announcement by CrowdStrike/DNC about the DNC hack and its Russian connections.

I suggest William Binney read the ICA a little more carefully. The NSA only had moderate confidence in the finding that "Russian Government aspired to help President-elect Trump’s election chances." The NSA did not make that distinction for other findings including this one. "We [CIA, NSA and FBI] assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks."

Publius Tacitus • 5 years ago

TTG,
Can you find one consistent story and stick with it? First you write, "The only one claiming G2 was the DNC hacker was G2."
But then you contradict your own statement by citing the ICA comment, i.e., "We [CIA, NSA and FBI] assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks."
So clearly, G2, per the intel community, was the hacker and was a persona used by the GRU.
Bill's point is that NO ONE in the ICA ever examined the server or the computers in the DNC. The disturbing thing about the so-called Intel Community Assessment of January 2017 is totally lacking in any sourcing to support any of the conclusions. You continue in denial.

TTG • 5 years ago

G2 was used to release data, not hack it. G2 didn't exist until mid-June 2016. That fact is spelled out quite clearly in the indictment of the GRU 12.

Per the unclassified ICA, the sourcing was in the classified version. Even Bill Binney says any evidence of the Russian hack would be in NSA's possession. What do you think is in the classified version? The SSCI reviewed the ICA, which undoubtedly included the classified supporting documentation, and fully support the ICA's findings and methodology. Even Forenscator and Carter/Leonard are saying evidence for the VIPS theory is not in the forensic analysis. What other evidence is being offered for the VIPS theory?

Eugene Owens made an astute comment early in this thread "The hard core tin foil hat crowd is going to believe." He may have had you in mind when he said that.

Jack • 5 years ago

TTG

Knowing very little about computer systems let alone computer security, what plausible theories remain?

One point that has struck me about this case is that the contents of the DNC and Podesta emails were truthful. They were not manipulated or falsified. No one has disputed their veracity. Yet the media narrative on this topic has completely excluded this fact. Doesn't that say something?

TTG • 5 years ago

The actual content of the DNC and Podesta emails weren't that explosive. If something explosive was revealed, it would have been well covered in the media. What the emails revealed is that politics and campaigns, Democratic politics and campaigns in this case, are sleazy, backstabbing and underhanded. There's no news there.

Tolerably Awful • 5 years ago

>>> If something explosive was revealed, it would have been well covered in the media.

You're joking--right?

blue peacock • 5 years ago

TTG

The Hillary campaign and the Democratic party leadership (one & the same during the campaign according to Donna Brazile) claim that the disclosure that "Democratic politics and campaigns in this case, are sleazy, backstabbing and underhanded", sunk their campaign. The disclosure that the Democratic primary was rigged and prevented a fair opportunity to Bernie Sanders caused some Bernie supporters to sit out the election in disgust.

The fact that John Podesta, Hillary's campaign chief and Obama's transition team head received the names of all the cabinet appointees from a Wall St executive was very news worthy, since it showed that Wall St not Obama ran his administration. Especially, considering the "Hope & Change" campaign that Obama ran on. Makes sense in hindsight since Wall St got bailed out and no executive was ever prosecuted for the fraud.

Jack Edwards • 5 years ago

Something I have not seen discussed here is the bitcoin trail. I would be curious about TTG's thoughts in this aspect. (I might be hijacking the thread here since I'm moving onto to the 12 Russians mentioned in the Mueller indictment.) https://techcrunch.com/2018... , https://cointelegraph.com/n... , and https://www.coindesk.com/ru... As mentioned in the first article: "The process of laundering, after all, becomes rather difficult when there is an immutable, peer-maintained record of every penny being pushed around. Small slip-ups in the team’s operational security allowed investigators to tie, for example, an email address used to access a given bitcoin wallet with the one used to pay for a VPN." I can't find the reference now but I remember reading something about groups moving away from bitcoin ( given the abilities of black chain analysis) to other cryptocurrencies like monero.

Barbara Ann • 5 years ago

Any half decent digital perp knows (unlaundered) bitcoin itself is a poor choice for illicit activity, there are better alternatives. Check out zcash, for example, which uses crypto wizardry to obfuscate both sender & recipient address and even the sum transferred on its (public) blockchain. This seemingly impossible achievement is a money launderer's wet dream. Alternatively, stolen bitcoin (from a stolen digital wallet) would have no traceable origin, analogous to paying with stolen credit card details.

But if we are to believe the indictment, the US IC seems to be inside the GRU's machines & reading individuals' search history, for example. If this capability predates the scheme, it seems to me questions about how we know how the GRU funded it become moot.

TTG • 5 years ago

Bitcoin apparently leaves a fully auditable trail. I say apparently because i am not an expert in Bitcoin. This audit trail seems likely to be since its value depends on verifiable digital records. Using Bitcoin to establish a clandestine internet infrastructure was a major blunder by the GRU. The operational decision to do that was probably done without consulting true Bitcoin experts. Such things happen. They should have incorporated non-technical means into their infrastructure acquisition. That would have made it harder to track Not impossible, just harder. The use of Bitcoin made it easy for the NSA and FinCEN to identify and track a lot of the GRU's operational infrastructure as was laid out in the indictment of the 12 GRU officers.

Richard Steven Hack • 5 years ago

"Such things happen." Seems to be your go-to explanation for every ridiculous OPSEC failure on the part of the (as Jeffrey Carr notes humorously) "covert" GRU.

Pat Lang • 5 years ago

COMSEC not OPSEC

Richard Steven Hack • 5 years ago

Is not COMSEC a subset of OPSEC? Or not? Seriously, is that a hierarchical relationship or entirely separate? I'm curious.

Pat Lang • 5 years ago

Not. COMSEC is part of the variety of cryptologic functions. Cryptanalysis, Traffic Analysis, SIGSEC, COMSEC, etc. are on the defensive side of cryptology. It involves cypher machines, Signal operating procedures and the like. OPSEC is what the commander does to hide his intentions and plans. It is not an intelligence function and is the responsibility of the operations people on a staff.

Richard Steven Hack • 5 years ago

OK. But in that case, the use of trackable Bitcoin is an OPSEC failure because it is done to hide one's operations. Tracking that Bitcoin use is a defensive COMSEC operation.

FarNorthSolitude • 5 years ago

Good! I always thought something was off with Forensicator and his theories. The copy/download thing especially.

Crowdstrike still strikes me as full of interesting connections to Clinton, the DNC, the Ukraine, the Atlantic Council, Mueller, and the FBI.

"Simply put, the system image obtained though BIOS is wholly unacceptable for forensic analysis and would not be considered for analysis, nor would adhere to proper traceability of the original state of the system during the “hacks.”" ..

https://truepundit.com/a-gr...
---
"Shawn Henry Named Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch
Washington, D.C.
September 15, 2010

FBI National Press Office
(202) 324-3691
Director Robert S. Mueller, III has named Shawn Henry as the executive assistant director (EAD) of the Criminal, Cyber, Response, and Services Branch (CCRSB). Mr. Henry will succeed Assistant Deputy Director T.J. Harrington. Mr. Henry most recently served as assistant director in charge of the FBI's Washington Field Office."

https://archives.fbi.gov/ar...
---
"Shawn Henry is the president of CrowdStrike Services and CSO and a retired executive assistant director of the FBI. Henry, who served in three FBI field offices and at the bureau's headquarters, is credited with boosting the FBI's computer crime and cybersecurity investigative capabilities. "

https://www.crowdstrike.com...
---
"Still, this is not enough to show a conflict of interest. Alperovitch’s relationships with the Chalupas, radical groups, think tanks, Ukrainian propagandists, and Ukrainian state supported hackers do. When it all adds up and you see it together, we have found a Russian that tried hard to influence the outcome of the US presidential election in 2016."

Dmitri Alperovitch is a senior fellow at the Atlantic council and co-founder of Crowdstrike.

http://washingtonsblog.com/...

http://observer.com/2017/01...

We want to trust this guy? Really? Russian tanks are a rolling ...

https://twitter.com/DAlpero...

https://uploads.disquscdn.c...

TTG • 5 years ago

Forensicator's claim that the Guccifer 2.0 metadata proved the DNC was the result of an inside leak always left me cold as well. Way too many holes in his logic and methodology. Maybe there's something out there to lend credence to the theory of an insider leak, but it's not the Forensicator's work.

CrowdStrike and all other network security companies have a lot of people with experience in the FBI, NSA and other government agencies. It's a selling point for these companies and a logical source of experienced personnel. Most of these companies work with government agencies on a daily basis. They are all intimately interconnected.

Alperovitch's anti-Russian feelings are probably baked into his DNA. We just have to keep that in mind. I wouldn't read too much into his comment that the video of a small column of tanks driving through Makeevka presumably being Russian. The column was being led by a vehicle sporting a Russian flag rather than a Novorossiyan flag. It was a logical assumption.