Lion of the Blogosphere

Proof that DNC emails were an inside job, not a remote hack!

with 35 comments

https://theforensicator.wordpress.com/guccifer-2-ngp-van-metadata-analysis/

Do I understand the proof? Maybe not, but it’s ten times more detailed and therefore more believable than anything that the FBI or any other government agency has presented to back up their opinion that the emails were hacked by Russian government agents.

Written by Lion of the Blogosphere

July 10, 2017 at 9:06 pm

Posted in Technology

35 Responses

Subscribe to comments with RSS.

  1. The proof (argument) essentially comes down to an assertion that as the files were copied, their modification dates were changes (using a Linux cp command), date/time stamping of the archive files themselves, and a calculation of what bandwidth (approximately) would be needed to transfer these files. They calculated a transfer rate of about 22 MB/s (megabytes/second). The results are consistent with a local (direct from computer or via LAN) transfer of files to a USB stick.

    ASF

    July 10, 2017 at 9:12 pm

  2. It would be naive to take the FBI’s word for it at this point. I consider the intel agencies to be politically compromised.

    destructure

    July 10, 2017 at 9:44 pm

  3. Do I understand the proof? Maybe not, but it’s ten times more detailed and therefore more believable than anything that the FBI or any other government agency has presented to back up their opinion that the emails were hacked by Russian government agents.

    Is this gonna be one of those posts that are so stupid that you delete it right after you post it?

    Magnavox

    July 10, 2017 at 9:52 pm

    • So you are going down with the conspiracy theory ship that the Russians did it, in spite of the of the lack of forensic evidence, and Assanges’s claim that it was an inside job, not a hack?

      Mike Street Station

      July 11, 2017 at 6:13 am

      • I wouldn’t call the Russian government theory a sinking ship, it seems as strong as ever. But I don’t know where the emails came from. As for assange, I don’t know why I should take seriously anything he says

        Magnavox

        July 11, 2017 at 6:08 pm

    • Whether this particular analysis holds up or not, I think the larger point that Lion is making is that at least this guy made a coherent and detailed argument using the few details he had access to. The government’s argument has been nothing more than “17, I mean 3, Intelligence Agencies say so” and even that is based not on their own investigation but rather reading the summary of an investigation done by a private firm that was hired by the DNC itself.

      PerezHBD

      July 11, 2017 at 7:56 am

  4. “Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.”

    This simply isn’t true. Maybe if he’s imagining a typical home connection, but if it was remote hackers, there is a good chance they would have gone through a compromised server. Most likely the server would be located in a data center with high speed connections. I don’t know what speed connection the DNC has, but this speed of transfer is completely plausible.

    Routing the attack through a compromised server would also explain why the data seems to have originally been copied to a linux system, since linux is a popular server operating system.

    Alex

    July 10, 2017 at 10:04 pm

    • Keep in mind that data transfer rates are measured in mega-bits per second, not mega-bytes per second. There are 8-bits in a byte. The symbol MB/s seems to indicate mega-bytes per second, not mega-bits per second. This means that that is a network connection of 184 mega-bits per second.

      That is very fast. Those are commercial or near T1 line speeds.

      map

      July 10, 2017 at 11:35 pm

      • A T1 is only 1.544 mbps and was designed for voice. The transfer rate would be consistent with a 200 mbps connection which Time Warner offers out here along with higher speed options. A gbps connection would be typical of a colocated server.

        Internet connection speeds and cost can vary enormously by location. I don’t know what speed connection they had but its certainly possible. We had a faster internet connection than this at the last place I worked which is why it stuck out to me. Although yes, this would be a faster connection than most businesses have.

        The idea that an insider used a linux desktop or laptop locally seems odd to me. In addition, usb drives come formatted with a fat32 filesystem which linux supports. But the attacker would have had to reformat the drive as ext4 for this scenario.

        Alex

        July 11, 2017 at 12:56 pm

  5. That was a whole lot of verbiage to indicate basically two things: that the computer doing the copying was set to Eastern Time and that the copy was not over the internet. Setting your computer to a misleading time would be one of the first things someone would think to do, so that isn’t very significant.

    CamelCaseRob

    July 10, 2017 at 10:14 pm

  6. This is unconvincing for the same reason the “evidence” the Russian gov’t was responsible for the hack is supremely unconvincing: it’s stuff that’s trivially faked and doesn’t prove much even if it weren’t.

    The files were probably copied several times between the hack and the release of the archive, so the most recent copying probably wasn’t the one where they were stolen. It’s also a major leap to assume the reason the files report being modified was the Unix `cp` command, because it could be any of an almost infinite number of things. Although I agree that `cp` (or more accurately `scp`) is the most likely cause.

    23 megabytes per second is consistent with copying over a LAN. It’s too low to be copying between folders locally on a new computer with a solid state drive, although possible for an older computer or server with a hard disk.

    It’s on the high side for remote copying by a US-based hacker (both they and the DNC would need very fast connections) and definitely too high for a hacker using Tor, as reported. It could theoretically be achieved between the US and Russia, but it’s very unlikely and orders of magnitude too high for a Tor connection.

    But to reiterate it’s probably just the hacker(s) transferring the files from one computer to another using the `scp` command, over their own LAN.

    Even if the files were stolen over the DNC LAN, that would not prove it was an inside job, just that whomever stole them must have physically entered the DNC offices. OTOH it would make an inside job the most likely explanation, and would also prove it wasn’t Russians-in-Russia.

    snorlaxwp

    July 10, 2017 at 10:41 pm

    • As a non-expert, it seems to me that any trail left behind on a file (i.e., not otherwise recorded by an outside party) can always be faked, with enough skill and diligence. So in the end, it all comes down to our beliefs and prejudices about how diligent the relevant party was about creating a false trail, unless we can find evidence external to the contents of the file itself.

      Am I wrong?

      Wency

      July 11, 2017 at 10:14 am

      • You aren’t wrong, for example mail headers and email are trivial to forge. The analysis in the blog post seems to be looking for details that a faker would overlook. But there are plenty of other possible scenarios that would create these details, including the one snorlaxwp mentioned.

        Alex

        July 11, 2017 at 1:05 pm

  7. This is crazy! I’m really MAD!

    Will the mainstream media report on this?

    GondwanaMan

    July 10, 2017 at 10:50 pm

    • No, the MSM doesn’t care that you’re MAD, so your feelings will go unreported.

      hard9bf

      July 11, 2017 at 3:52 pm

  8. The problem with this analysis is that it based on when the file was actually modified…ie, changes where data was actually added to the existing file. That is what “modified date” is. You would not be able to measure data transfer times using this date field.

    You may have better luck with “Last Access” date but I think windows deactivates this field by default because it makes Windows faster.

    map

    July 10, 2017 at 11:09 pm

  9. Lots of bluster about the DNC emails, but, regardless of how they were obtained, nobody seems concerned about their contents, which include:

    * Huge corporate donations to the Clinton Foundation

    * Calling Bernie Sanders a “doofus”

    * A $12 million donation from Morocco in return for holding a summit there

    * Catholic “bastardization”

    * Collusion with lapdog MSM

    * Hemispheric open borders

    * Justice Department collusion with Clinton campaign

    * $26 million in donations, nmostly from Wall Street

    * Chelsea Clinton a “brat”

    But nooooo, none of this is important. We just need to concentrate on figuring out who did the hacking.

    Black Death

    July 11, 2017 at 9:51 am

    • The Russia thing is a DEFLECTION so people won’t talk about the contents of the emails.

      • Exactly.

        Black Death

        July 11, 2017 at 1:08 pm

      • it’s a lot more than that.

        it’s a deflection so that the clintonite/corrupt dems can stay in power in the dem party.

        Beverly Hills Ninja

        July 11, 2017 at 4:06 pm

    • The fact that Republicans are all of a sudden concerned about corporate donations tells you a lot about what’s motivating the criticism. Overall it’s remarkable how little there is there.

      Magnavox

      July 11, 2017 at 6:14 pm

  10. The circumstantial evidence that Trump and his entourage were cozy with Russia should be enough for anyone with common sense. That was true before the GOP convention and should have disqualified him as the nominee. I agree that the Russian hacks of the DNC and the “dossier” are just noise, and awfully convenient for Trump since they are non-issues and distracting everyone from the real issues. And the real issue with Trump has always been his ties to Russian criminals like Felix Sater, the “fact” (that everyone in London and Wall Street knew before the election) that Trump is deeply in debt to Russian banks, and his obsequious relationship to Putin, a KGB man who hates the United States with a passion. None of those are likely impeachable offenses, but they will continue to handicap Trump politically and he will continue to be ineffective and distrusted by military.

    Peter Akuleyev

    July 11, 2017 at 11:01 am

    • KGB! Russian banks! Felix Lighter! He can’t be trusted I tell you!!

      ineffective and distrusted by military

      ISIS destroyed in under 6 months. All it took was an actual Commander in Chief.

      Andrew E.

      July 11, 2017 at 1:18 pm

      • “ISIS destroyed in under 6 months. All it took was an actual Commander in Chief.”

        LOL.

        The battle to retake Mosul started Oct 16, 2016, before Trump was even elected.

        The early phases of the attack on Raqqa also began before Trump’s election. Syrian Democratic Forces announced the operation Nov 6, 2016 and began operations to isolate Raqqa shortly after.

        It has been reported that the US was ready to arm the YPG (Kurds) to take part in the operation in December 2016, but Michael Flynn objected. This apparently delayed the assault, but it is unclear by how long.

        mikeca

        July 11, 2017 at 3:46 pm

      • Watch Lt. Col Peters rip into Tucker Carlson. That is what most of the military officers think of Trump.

        https://www.realclearpolitics.com/video/2017/07/11/tucker_carlson_vs_ralph_peters_russia_putin_syria_assad_status_of_middle_east_iraq_war.html

        It is funny to see people complain about the “deep state” undermining Trump as if the CIA, CNN the EPA were the deep state while the military are a bunch of god fearing alt-right HBD fans waiting to do Trump’s bidding. Truth is, the military is the heart and soul of the deep state, and probably the number one threat to Trump’s Presidency if he keeps crossing them on Russia.

        Peter Akuleyev

        July 12, 2017 at 6:01 am

  11. So are like half the commenters here IT nerds?

    Peterike

    July 11, 2017 at 12:06 pm

    • The Russians are a major power. Anyone who is anyone will have ties to the Russian government. Half of DC has ties to it.

      map

      July 11, 2017 at 2:24 pm

  12. Can you start talking about Trump Jr’s emails? It has even the stock market spooked even though I think it is totally nothing. The problem with the story is that it reinforces the left’s narrative that the Russians colluded with Trump to win the White House, putting a stain on the presidency.

    johnBeck

    July 11, 2017 at 12:06 pm

    • The Trump Jr. stuff is a very good thing. The more the Left pushes Russia the more insane they look to normies and the more dominant the right will become. Celebrate.

      Andrew E.

      July 11, 2017 at 1:20 pm

      • Four more years of Trump and then in 2024 we can just dispense with pretending and elect Putin president.

        What the Trump Jr. story shows is exactly how dump Trump Jr is and why he has not played a prominent role in the Trump organization.

        mikeca

        July 11, 2017 at 4:21 pm

      • …and then in 2024 we can just dispense with pretending and elect Putin president.

        See what I mean. We can’t lose guys. Rejoice.

        Andrew E.

        July 11, 2017 at 4:56 pm

  13. Lion is right. At least this guy is making his case publicly with the evidence he’s basing his conclusion on. Our intelligence agencies just say they are “very confident it was Putin!” than give no evidence at all. Does anybody believe they have anything about the Podesta fishing scam beyond the Crowdstrike report the DNC paid for? If they do, why don’t they say what it is? Please tell me it’s not all just “profiling” like on those ridiculous TV shows. I mean the shows can be fun, but it’s no way to run an intelligence agency.

    steve@steve.com

    July 11, 2017 at 3:34 pm

  14. a general principle of stupidity is…

    when reality does not conform to my worldview:

    1. blame it on russia.

    2. deny reality.

    3. no true scotsman.

    Beverly Hills Ninja

    July 11, 2017 at 4:10 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: