Evil Academy

Full Version: IT articles analyzing the claims of Russian DNC Hacking
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Quote:Intel Vets Challenge ‘Russia Hack’ Evidence
July 24, 2017

In a memo to President Trump, a group of former U.S. intelligence officers, including NSA specialists, cite new forensic studies to challenge the claim of the key Jan. 6 “assessment” that Russia “hacked” Democratic emails last year.

Executive Summary

Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computers, and then doctored to incriminate Russia.
Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying and doctoring were performed on the East coast of the U.S.

NOTE: There has been so much conflation of charges about hacking that we wish to make very clear the primary focus of this Memorandum. We focus specifically on the July 5, 2016 alleged Guccifer 2.0 “hack” of the DNC server. In earlier VIPS memoranda we addressed the lack of any evidence connecting the Guccifer 2.0 alleged hacks and WikiLeaks, and we asked President Obama specifically to disclose any evidence that WikiLeaks received DNC data from the Russians
From the information available, we conclude that the same inside-DNC, copy/leak process was used at two different times, by two different entities, for two distinctly different purposes:

-(1) an inside leak to WikiLeaks before Julian Assange announced on June 12, 2016, that he had DNC documents and planned to publish them (which he did on July 22) – the presumed objective being to expose strong DNC bias toward the Clinton candidacy; and

-(2) a separate leak on July 5, 2016, to pre-emptively taint anything WikiLeaks might later publish by “showing” it came from a “Russian hack.”

The Time Sequence

June 12, 2016: Assange announces WikiLeaks is about to publish “emails related to Hillary Clinton.”

June 15, 2016: DNC contractor Crowdstrike, (with a dubious professional record and multiple conflicts of interest) announces that malware has been found on the DNC server and claims there is evidence it was injected by Russians.

June 15, 2016: On the same day, “Guccifer 2.0” affirms the DNC statement; claims responsibility for the “hack;” claims to be a WikiLeaks source; and posts a document that the forensics show was synthetically tainted with “Russian fingerprints.”

We do not think that the June 12 & 15 timing was pure coincidence. Rather, it suggests the start of a pre-emptive move to associate Russia with anything WikiLeaks might have been about to publish and to “show” that it came from a Russian hack.

The Key Event

July 5, 2016: In the early evening, Eastern Daylight Time, someone working in the EDT time zone with a computer directly connected to the DNC server or DNC Local Area Network, copied 1,976 MegaBytes of data in 87 seconds onto an external storage device. That speed is many times faster than what is physically possible with a hack.

It thus appears that the purported “hack” of the DNC by Guccifer 2.0 (the self-proclaimed WikiLeaks source) was not a hack by Russia or anyone else, but was rather a copy of DNC data onto an external storage device. Moreover, the forensics performed on the metadata reveal there was a subsequent synthetic insertion – a cut-and-paste job using a Russian template, with the clear aim of attributing the data to a “Russian hack.” This was all performed in the East Coast time zone.

Quote:New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked
Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.

The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.”

Carter recently spoke to Disobedient Media, explaining that he had been contacted by The Forensicator, who had published a document which contained a detailed analysis of the data published by Guccifer 2.0 as “NGP-VAN.”

The document states that the files that eventually published as “NGP-VAN” by Guccifer 2.0 were first copied to a system located in the Eastern Time Zone, with this conclusion supported by the observation that “the .7z file times, after adjustment to East Coast time fall into the range of the file times in the .rar files.” This constitutes the first of a number of points of analysis which suggests that the information eventually published by the Guccifer 2.0 persona was not obtained by a Russian hacker.

Quote:Guccifer 2.0 NGP/VAN Metadata Analysis

This study analyzes the file metadata found in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2.0 persona. For an in depth analysis of various aspects of the controversy surrounding Guccifer 2.0, refer to Adam Carter’s blog, Guccifer 2.0: Game Over.

Based on the analysis that is detailed below, the following key findings are presented:

On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis). This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.
Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.
The initial copying activity was likely done from a computer system that had direct access to the data. By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).
They may have copied a much larger collection of data than the data present in the NGP VAN 7zip. This larger collection of data may have been as large as 19 GB. In that scenario the NGP VAN 7zip file represents only 1/10th of the total amount of material taken.
This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast.
The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).

good info

Vault 7 also revealed that they would hack state entities and then leave a chinese or russian footprint
So why does everyone play along with the idea that Russia did it.

Even Trump has said that it "was probably Russia" and Putin has also said that maybe it was. This has given the DNC supporters something to carry-on about.
I think by this point most people think that Russia hacking the elections means that they adjusted the voting results. That's how the media works.

Good luck explaining that Russia did not release the democrat emails and have people know what you are talking about.
(07-26-2017 06:26 AM)Redneck Wrote: [ -> ]So why does everyone play along with the idea that Russia did it.

Even Trump has said that it "was probably Russia" and Putin has also said that maybe it was.
I don't remember Putin saying that.
In case it were true that Putin does not resist the infomercials and policies put out by the Western, one possibility could be that he and a big portion of the Russian establishment still want to be on as good terms as possible with the West without giving up sovereignty, while taking into account the asymmetrical power balance internationally.

Sometime in the 1980's probably a major faction in the Soviet government decided that they wanted to be integrated into the West, the US's and EU's economic sphere. For those of you like me who talked with Russian upper class people of the 1990's to mid 2000's, this impression that a portion of Russia's businessmen wanted this can be easily confirmed. Regardless of whatever irony you want to see in it, it looks like their hopes and expectations were very very similar to what about half of Ukrainians have been hoping for in joining the EU's sphere for the last 15 years.

And so to get back to your question, a major portion of Russia's businessmen still want to work closely with the EU's economic sphere and still wants to be a player in organizations like the G20. And having gone over to an intensely "market" economy, especially one oriented to exporting resources, it has a harder time avoiding that status and economic position in its relation to the EU and West. So it is still to a big extent in an integrated status, rather than a more independent one like the USSR or modern China where it can act more independently as well.

The most fundamental baseline between these power blocks is not whether one wants to have independent political talking points or some things like Syria, but one's economic situation. And this gets into the realm of applying legitimate SJW economics to the international level.
Reference URL's