New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked
A new meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which indicates that the file eventually published by Guccifer 2.0 persona was initially initially downloaded by someone with physical access to a computer that may be connected to an internal DNC. network. Individuals most likely use a USB drive to copy information. Innovative new analysis is inevitably destroying the Russian hacking narrative, and calls the Crowdstrike and DNC actions questionable.
The documents are supplied to a devout Media through Adam Carter written by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis shows that the data is almost certainly not accessed initially by the hackers over long distances, let alone in Russia. If so, this analysis eliminates the full Russian hacking narrative.
Forensicator specifically discusses the data eventually published by Guccifer 2.0 under the heading "NGP-VAN." This should not be equated with a separate publication of DNC emails by Wikileaks. This article focuses only on the evidence that comes from a file published by Guccifer 2.0, previously discussed in depth by Adam Carter.
Disobedient Media previously reported that Crowdstrike is the only group that directly analyzes the DNC server. Other groups including Threat Connect have used information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation is based solely on information ultimately provided by Crowdstrike; this puts the company in a unique position as the only source of direct evidence that hacking takes place.
Group president Shawn Henry is a retired assistant executive director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, who, as we have reported, is linked to George Soros. Carter has stated on his site that "Currently, it looks LOTS like Shawn Henry & Dmitri Alperovitch (executive CrowdStrike), working for either a HRC campaign or a DNC leadership that is quite likely to be behind Guccifer 2.0 operations." Carter's site is described by Wikileaks as a useful primary source of information especially regarding Guccifer 2.0.
Carter recently spoke with Disobedient Media, explaining that he has been contacted by The Forensicator, who has published a document containing detailed analysis of data published by Guccifer 2.0 as "NGP-VAN."
The document states that the file that was finally published as "NGP-VAN" by Guccifer 2.0 was first copied to a system located in the Eastern Time Zone, with this conclusion supported by the observation that ".7z times the file, after the adjustment to the Eastern Time beach goes into time range of files in the .rar file. This is the first of a number of analysis points that indicate that the information eventually published by Guccifer 2.0 persona is not obtained by Russian hackers.
Image via The Fo
Forensicator stated in their analysis that USB drives are most likely used to boot Linux OS to a computer containing suspected DNC files or have direct access to them. They also explained to us that in this situation someone would just attach a USB drive with LinuxOS to the computer and reboot; after restart, the computer will boot from the USB drive and load Linux rather than the normal OS. A large amount of data will then be copied to this same USB drive.
In this case, additional files will be copied in bulk, to be "trimmed" heavily later on when the 7zip archive now known as NGP-VAN is built. The Forensicator writes that if 1.98 GB of data has been copied at the rate of 22.6 MB / s and the time gap t seen at the top level of the NGP-VAN 7zip file is associated with copying additional files, then about 19.3 GB total will be copied. In this scenario, the 7zip archive (NGP-VAN) represents only about 10% of the total data collected.
The very small proportions of files that were eventually selected for use in the creation of the "NGP-VAN" file were then published by the creator of personality Guccifer 2.0. This point is very important, as it indicates the possibility that up to 90% of the information originally copied has never been published.
The use of a USB drive will show that the first person to access the data may not be a Russian hacker. In this case, the person who copies the file must physically interact with a computer that has access to what is called Guccifer 2.0 as a DNC file. Less likely explanations for this data pattern in which large time gaps are observed between top-level files and directories
in 7zip files, can be explained by the use of 'time thinking' to select and copy 1.9 GB of individual files, copied in small batches with thought time interspersed. In any scenario, Linux will boot from a USB drive, which essentially requires physical access to the computer with a suspected DNC file.
Forensicators believe that using a possible 'time-thinking' explanation to explain the time gap is an unlikely explanation for available data patterns, with large amounts of data likely to be copied instantly, then "trimmed down" in the production of Guccifer 2.0 Publications about NGP- VAN.
The two most likely explanations and less likely scenarios provided by The Forensicator's analysis virtually exclude the possibility of a Russian hacker or remote gaining external access to a file then published as "NGP-VAN." In both cases, a person's physical presence accessing the DNC information that contains will be required.
Importantly, The Forensicator concludes that the possibility that the file has been accessed and downloaded remotely over the internet is too small to give this idea serious consideration. He explained that the calculated transfer speed for the initial copy is much faster than that can be supported by an internet connection. This is very significant and completely discredited the Russian hacking allegations perpetrated by Guccifer 2.0 and Crowdstrike.
This conclusion is further supported by an analysis of the overall transfer rate of 23 MB / s. The Forensicator describes this as "possible when copying over a LAN, but is too quick to support a hypothetical scenario that the suspected DNC data was originally copied over the Internet (mainly to Romania)." Guccifer 2.0 claims to be from Romania. So in other words, this figure indicates that the data is downloaded locally, possibly using a local DNC network. The significance of these findings in terms of destroying the Russian hacking narrative can not be overstated.
If the data is true, then the file can not be copied over a remote connection and therefore can not be "hacked by Russians."
The use of a USB drive will also strongly suggest that the person who copies the file has physical access to the computer that is most likely connected to the local DNC network. An indication that an individual uses a USB drive to access information via an internal connection, with a timestamp puts copy creation in the East Coast Time Zone, indicating that the individual responsible for copying was originally eventually published by Guccifer 2.0 persona under the title "NGP-VAN" in the Eastern United States, not Russia.
The implications of The Forensicator's analysis in combination with Adam Carter's work show that at least, the Russian hacking narrative is wrong. Adam Carter has a strong grasp of NGP-VAN and Guccifer 2.0 files, with his website on a subject called "a good resource" by Wikileaks via twitter. Carter says Devout Media which in his opinion the analysis provided by The Forensicator is accurate, but adds that if changes are made to future work, a new conclusion will require further examination.
At a recent retreat by old media outlets such as CNN and The New York Times, this could have serious consequences if months of investigation by the authorities have proven to have been based on dirty information based solely on the fake word Crowdstrike.
Assange recently deplored the widespread ignorance about DNC Leak via Twitter, specifically mentioning Hillary Clinton, DNC, Whitehouse and mainstream media as having "excuses" to suppress the truth of the matter. As the only individual aware of the source of DNC leaks, Assange's statement reinforces the scenario in which DNC and the parties portrayed in Adam Carter's work may have included Crowdstrike, may have participated in "pressing knowledge" of true origin and evidence surrounding DNC email leaks by confusing them with the publication of Guccifer 2.0 persona.
Despite conflicting reports of Guccifer 2.0 as having a Russian hacker and having contact with Seth Rich, The Forensicator's work shows that none of these scenarios is likely to be true. What is suggested is that the file now known as "NGP-VAN" is copied by someone with access to the system connected to the DNC internal network, and that this action has no effect on the files sent to Wikileaks and is unlikely to be associated with Seth Rich, and is definitively not "hacked" from Russia.