Russiagate Exposed: It’s a Fraud
The Truth that’s Being Hidden from the Public
It has now been incontrovertibly proven that the time-stamps and other data in the Democratic National Committee (DNC) files that were leaked to Wikileaks are consistent with those files having been leaked by a person who was inside the DNC and not by an external hacker as has been presumed by all of the ‘news’ reports that this was a ‘hack’ of any sort — not from Russia nor from anywhere else outside the building, much less from outside the east coast time zone. There’s a very real scandal involved in this matter, but it is extremely different from the Russia-hack narrative, and it will be revealed here (for the first time anywhere) at the very end. But, first things first — and that’s what the previous investigators have now proven:
A forensics expert has determined that the DNC computers were hacked locally by someone with physical access to the DNC network and not by someone far away like the Russians. This story was broken online by the hot new investigative website called Disobedient Media. The forensic expert handed over the information to the reporter Elizabeth Vos. Joining me this time out of Iowa City Iowa is the managing editor of Disobedient Media.com, Ethan Lyle; Ethan, welcome to the show.Thank you.Ethan, no one has been sitting on this story you guys are. Tell us how you got this information and what we know.Elizabeth Vos, Disobedient Media’s associate editor — a man named Adam Carter reached out to her. And he had an analysis from somebody online named The Forensicator.Let me ask you: Who was Adam Carter? Adam Carter got this and gave it to you guys; who is he?He’s an independent journalist [who had, in fact, long been working on this case]. And, so, [as Carter called to Vos’s attention] an anonymous blog of a forensic analyst looked at the data, and he had noticed that because of the transfer-speed and the timing of those transfers [it was actually only one transfer], that they were [the person was on the] east coast, and they [the files] had to have been accessed in the east coast. They were initially copied in the east coast, he guaranteed [the person actually demonstrated, not ‘guaranteed’] that … the likelihood of it [the file] being accessed initially from anywhere but the east coast, is impossible [proven so, by that analyst, “the forensicator”].So, what that means in layman’s terms is again that the DNC computer network, which the media tells us and the DNC tells us was hacked by the Russians, … that it was physically accessed by someone within close proximity of the DNC?Correct. Given metadata and … the transfer and the stop times in between them, the only likely scenario is that it was accessed from inside of the Local Area Network of the DNC or with a USB drive into a computer [in] which you would have to be inside the building.Now, I don’t want to sound like a conspiracy theorist because there’s a lot more work to be done here, but … those computers were hacked five days prior to Seth Rich’s untimely demise if I’m not mistake, is that not correct?That’s correct and it’s important to state that this does not indicate that Seth Rich was the person that accessed the files, because they [the DNC] won’t turn over their logs to the FBI. There’s no way to tell which credentials were used to get into the system.Since you have broken this story online, has anyone in law enforcement reached out to you?No, they have not.Anyone from CNN, Fox News, MSNBC, the New York Times?Absolutely not. (3:51)
New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked9 July 2017, Elizabeth VosNew meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.The document supplied to Disobedient Media via Adam Carter was authored by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis indicates the data was almost certainly not accessed initially by a remote hacker, much less one in Russia. If true, this analysis obliterates the Russian hacking narrative completely.The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title “NGP-VAN.” This should not be confused with the separate publication of the DNC emails by Wikileaks. This article focuses solely on evidence stemming from the files published by Guccifer 2.0. …
Guccifer 2.0 NGP/VAN Metadata AnalysisAcknowledgements8 July 2017: Thanks go out to Elizabeth Vos at Disobedient Media who was the first to report on this analysis; her article can be read here. Thanks also to Adam Carter who maintains the g-2.space web site — the one stop shop for information that relates to Guccifer 2.0. You can reach Elizabeth and Adam on Twitter.OverviewThis study analyzes the file metadata found in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2.0 persona. For an in-depth analysis of various aspects of the controversy surrounding Guccifer 2.0, refer to Adam Carter’s blog, Guccifer 2.0: Game Over.Based on the analysis that is detailed below, the following key findings are presented:• On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis). This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.• Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.• The initial copying activity was likely done from a computer system that had direct access to the data. By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).• They may have copied a much larger collection of data than the data present in the NGP VAN 7zip. This larger collection of data may have been as large as 19 GB. In that scenario the NGP VAN 7zip file represents only 1/10th of the total amount of material taken.• This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast.• The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).• A Linux OS may have been booted from a USB flash drive and the data may have been copied back to the same flash drive, which will likely have been formatted with the Linux (ext4) file system.• On September 1, 2016, two months after copying the initial large collection of (alleged) DNC related content (the so-called NGP/VAN data), a subset was transferred to working directories on a system running Windows. The .rar files included in the final 7zip file were built from those working directories.• The computer system where the working directories were built had Eastern Daylight Time (EDT) settings in force. Most likely, this system was located somewhere on the East Coast.• The .rar files and plain files that eventually end up in the “NGP VAN” 7zip file disclosed by Guccifer 2.0 on 9/13/2016 were likely first copied to a USB flash drive, which served as the source data for the final 7zip file. There is no information to determine when or where the final 7zip file was built.AnalysisThe Guccifer 2 “NGP VAN” files are found in a password protected 7zip file; instructions for downloading this 7zip file can be found at https://pastebin.com/fN9uvUE0.Technical note: the size of the 7zip file is 711,396,436 bytes and the MD5 sum is: a6ca56d03073ce6377922171fc8b232d.This .7z file contains several .rar files – one for each top-level directory, as shown below.The times shown above are in Pacific Daylight Savings Time (PDT). The embedded .rar files are highlighted in yellow. The “*” after each file indicates that the file is password encrypted. This display of the file entries is shown when the .7z file is opened. A password is required to extract the constituent files. This aspect of the .7z file likely motivated zipping the sub-directories (e.g. CNBC and DNC) into .rar files; this effectively hides the structure of the sub-directories, unless the password is provided and the sub-directories are then extracted. …
This article focuses solely on evidence stemming from the files published by Guccifer 2.0, which were previously discussed in depth by Adam Carter.Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” Carter’s website was described by Wikileaks as a useful source of primary information specifically regarding Guccifer 2.0.