New Analysis Suggests Guccifer 2.0 Files Copied Locally, Not Hacked by Russia

| |

Top Tier Gear USA

computer-hacker

Files stolen from the Democratic National Committee (DNC) were likely downloaded to a USB drive by someone with physical access to a computer connected to the DNC network, not hacked remotely by Russia, according to a new analysis.

In an interview with Motherboard in June 2016, the hacker who claimed to be Guccifer 2.0 said he used a zero-day exploit to breach the DNC server and steal files he later published under the title “NGP-VAN.”

The leak was quickly attributed to the Russian government. However, a document published Sunday by an individual known as the Forensicator shows how the 7-zip file published by Guccifer 2.0 was transferred at a speed of 23 MB/s, making it “unlikely that this initial data transfer could have been done remotely over the Internet.”

“The initial copying activity was likely done from a computer system that had direct access to the data,” the report from the Forensicator stated. “By ‘direct access’ we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).”

For his analysis, the Forensicator looked at the data from the 7-zip file which showed the .rar files were built on September 1, 2016, while the other files were last modified on July 5, 2016. When the .rar files are unpacked using a program called WinRAR, their timestamps were preserved from the date they were transferred.

The timestamps of those .rar files were relative times, while the times recorded in the 7-zip files are absolute times, recorded in Coordinated Universal Time (UTC). The Forensicator found that if the .rar files were adjusted to Eastern Time, they “fall into the same range as the last modified times for the directories archived in the .rar files.”

Therefore, the Forensicator concludes that the files were built on a computer system where the Eastern Daylight Savings Time (EDT) timezone setting was in force, meaning that the system was most likely located on the East Coast of the US.

The Forensicator then generated a list of the files sorted by the date they were last modified and imported the list into an Excel spreadsheet. Analyzing the files by date last modified, he observed that the last modified times were clustered together in a 14-minute time period on July 5, 2016.

The analysis of the metadata also found a majority of the time it took for the files to be copies, 12 minutes and 48 seconds of the 14 minutes and 15 seconds, was allocated to “time gaps” that appear between several top-level files and directories. The Forensicator concluded that this indicated that the files were chosen from a much larger collection of files.

Estimating the transfer speed of the files published by Guccifer, the Forensicator concluded that if the 1.98 GB 7-zip archive published by Guccifer was copied at a rate of 22.6 MB/s, and all the time gaps were attributed to additional file copying, the initial file copy would be 10 times larger, or 19.3 GB.

Delivered by The Daily Sheeple

We encourage you to share and republish our reports, analyses, breaking news and videos (Click for details).


Contributed by RT.com of RT.com.

Wake The Flock Up! Please Share With Sheeple Far & Wide:
  • g.johnon

    and the shit just keeps on getting deeper for them lying cheating democrats.
    so much for the assange/russia connection.

  • Kendoaz

    This shows it was most likely Seth Rich who copied and leaked the DNC stuff to Wikileaks. This also makes Crowdstrike look like idiots, or worst yet corrupted by the DNC. Worst yet, Comey felt Crowdstrike could be trusted, remember the testimony? It all starts with Comey at the top, thank god he is gone.

  • TrevorD

    Would be a more interesting article if it stated `according to CNN`

  • RandyJ/ProudSurvivor

    And the MSM response to this? “Let’s not allow the facts to get in the way of a good li…er, story…”

    • SP_88

      The MSM will either completely ignore it, or they will try to discredit it, which IMHO will only make them look like a bunch of liars and fake news pushers, which they are.

      • RandyJ/ProudSurvivor

        My bet is they’ll try to discredit it. They’ve come this far using this tactic and I’m not seeing any signs of them cutting bait. At this point they’re committed. They can’t or won’t get out of their own way. If so, it’s probably a good thing since they’ll be exposing themselves further for the frauds they are.

        • Kendoaz

          Well they are ignoring it right now. If Russia is found to not be the one who hacked the DNC, the entire congress will look like idiots.

        • SP_88

          Exposing themselves 🙂 But seriously, they’ve really painted themselves into a corner with this one. Especially CNN. They have really beaten this dead horse to a pulp. And they’re still beating it.
          I was going to say that if any evidence comes out that proves there was no collusion between Trump and the Russians, the mainstream media is going to look like a bunch of idiots. But these fake news hacks already look like a bunch of idiots, plus if there was any evidence whatsoever, you know damn well that the mainstream media would have it plastered all over every news site and on the front page of every newspaper and it would be all you ever heard about for months. They would talk about it on every news channel every day and night, they would have panels to discuss it incessantly and “experts” to analyze it from every angle and talk show hosts to give endless opinions about it, it would be mind numbing. I would want to run a power drill through my ear drums and through my eyeballs just to make it stop.
          But there isn’t. So they haven’t. Thank God.
          And yes, the more they try to save themselves, the more they will be shooting themselves in the foot.

  • SP_88

    This is exactly why the DNC won’t hand over their e-mail server to be investigated. Because they know that it will contain the evidence that corroborates the Seth Rich – Wikileaks connection and the collusion to eliminate Bernie Sanders from getting the nomination, among other things.
    There is a lot of dirt on that server. And if it were ever exposed, a lot of crooked democrats would go down. Whether or not they were ever held accountable for their crimes, I don’t know, but I doubt it. But it would certainly convict them in the court of public opinion.