The DNC Leak by Seth Rich: Killed by the Clinton/ASTEROIDS killers

WIKILEAKS SECRET FILE TRANSFER HUB EXPOSED

US Channeling Goebbels Blaming GRU for Failed Democracy

ASIS and WikiLeaks Further Exposure - GRU Indictment a Fake

Jar2

The Murderous Clinton Crime Empire: A Devastating Expose

http://www.jar2.com/Topics/Clinton_Crimes.html

ROTHSCHILDS BUY AN ELECTION

WIKILEAKS PUBLISHES FILES FOR THE ROTHSCHILDS

 WikiLeaks US Election Meddling Goes Back to 2012

http://www.jar2.com/Wikileaks/2012/October/US_Elections.html

 WikiLeaks Main Page

http://www.jar2.com/Topics/WikiLeaks.html

The Arrest of Paul Hawkins

The Arrest of Paul Hawkins

Wikileaks/CIA Malware Discovered and Verified by JAR2/AnonSec and WhiteHats

The CIA WikiLeaks Doomsday Virus 

https://pastebin.com/9FWHgxNp

https://www.youtube.com/watch?v=dFOUgrblPCM

https://www.youtube.com/watch?v=6HNwiEVeR_8

 The Killings of WikiLeaks: MI6 Tied to Seth Rich, Gareth Williams and Other WikiLeaks' Kills: UK Ambassador-MI6 Asset/Officer Craig Murray Met Seth Rich. There Was No Hacker

http://www.jar2.com/Topics/WikiLeaks.html

The Killings of WikiLeaks: MI6 Tied to Seth Rich, Gareth Williams and Other WikiLeaks' Kills

http://www.jar2.com/Files/Downloads/The-Killings-of-WikiLeaks-002.mp3

 The Russia Reports: Real Coverage of US Meddling is Russian Elections

http://www.jar2.com/Topics/Russia/The_Russia_Report_First_Edition.html

http://www.jar2.com/Topics/Russia/The_Russia_Report_Second_Edition.html

http://www.jar2.com/Topics/Russia/The_Russia_Report_Third_Edition.html

http://www.jar2.com/Topics/Russia/The_Russia_Report_Fourth_Edition.html

 Exposing and Outing the CIA/MI6/MOSSAD Shadow Government in Russia

http://www.jar2.com/topics/US_5th_Column_in_Russia.html

 The Technology of Vote Rigging: Installing the POTUS Since 2000

http://www.jar2.com/Topics/Vote_Rigging.html

 Donald Drumpf: Understanding the US Politcal Machine and the Puppet Masters

http://www.jar2.com/Topics/TRUMP.html

 The New World Order: How Rothschilds and the Illuminati Plan to Rule the World

http://www.jar2.com/Topics/NWO.html

 Gyorgy Schwartz - George Soros: The Man Who Stole American Democracy

http://www.jar2.com/Topics/Soros.html

 911 the Catalyst for the New World Order

http://www.jar2.com/Topics/911.html

 WikiLeaks Exposed - Israeli Leaks

"911 was a MOSSAD CIA False Flag used to protect the Zionist entity from any future military threat and expand the parasitic hegemony of the US and the illegitimate Tel Aviv regime throughout the world by the Zionist inspired War on Terror." (Buildings 3, 4, 5, and 6?) - A Fearless Black Hats Film

WATCH IN EXTERNAL PLAYER OR DOWNLOAD FROM JAR2.COM

https://my.mail.ru/list/jar2/video/_myvideo/1.html

WATCH ON VK

DOWNLOAD FROM ONEDRIVE

DOWNLOAD FROM GOOGLE DRIVE

DOWNLOAD FROM THE MAIL.RU CLOUD

DOWNLOAD FROM JAR2.COM

DOWNLOAD FROM JAR2.BIZ

SOURCE https://www.minds.com/TyrannyUnmasked

http://www.jar2.com/Topics/WikiLeaks_Exposed_GRU_Indictment_a_FAKE.html

http://www.jar2.com/Topics/Assange_Arrested_WikiLeaks_Op_Over.html

 

UPDATE: Absolutely Banned Worldwide:

 Operation Snow Den: An Obama Ordered Limited Hangout to Hide 911 Cash Flows

The Russian Hacker Myth Was Started by Edward Greenberg (Snowden)

http://www.jar2.com/Topics/Snowden.html

  The Snowden Files: Snowden/Greenberg is a Clinton/Obama Operative

http://www.jar2.com/Topics/Snowden.html

GREENBERG/SNOWDEN HELPING THE PODESTA GROUP

Greenberg and Assange arguing over Clinton - Despite my work as a WikiLeaks Associate and the fact that I am the first American with asylum in Russia neither Assange nor Greenberg/Snowden have ever spoken to me even when I directly asked Snowden if he was an Operation.

Snowden is a Clinton Operation to Hide 911

 The Liquidation of the VOR: How CIA/MI6/MOSSAD Silenced Russia's Loudest Voice

https://pastebin.com/W3vynnBv

 WikiLeaks: A Rothschilds/MOSSAD/FVEY Global Entrapment/Disinformation Op 

http://www.jar2.com/Topics/WikiLeaks.html

 Pizzagate and the Pedo Files: The WikiLeaks Distractor Op from the DNC Leak

http://www.jar2.com/Topics/Pizzagate_News.htm

 The Meddling by the US into the Sovereign Affairs of the Russian Federation

http://www.jar2.com/Topics/Russia/The_Russia_Report_Third_Edition.html

sJar2

Michael Best Accidentally Outs Self, FBI, WikiLeaks and DDOSSecrets While Attempting to Continue Operations Blaming Russia for FBI Fabricated Hacking

https://emma.best/2019/03/20/the-russian-contractor-who-infiltrated-anonymous/

https://ddosecrets.com/data/researchers/

These Are the Actual Original Untouched Leaks That Exposed the Fake Democracy

http://www.jar2.biz/Files/DNC.zip

http://www.jar2.biz/Files/DCCC/Trove%205/web/doudj0pm.html

The Arrest of Paul Hawkins

The Arrest of Paul Hawkins

Wikileaks/CIA Malware Discovered and Verified by JAR2/AnonSec and WhiteHats

The CIA WikiLeaks Doomsday Virus 

https://pastebin.com/9FWHgxNp

https://www.youtube.com/watch?v=dFOUgrblPCM

https://www.youtube.com/watch?v=6HNwiEVeR_8

What killed the computer hacker who turned in Chelsea Manning still a mystery

http://www.jar2.com/Wikileaks/Wikileaks_Leak_01.txt

http://www.jar2.com/Wikileaks/Wikileaks_Leak_02.txt

Hacker Adrian Lamo, who turned in Chelsea Manning, dies at 37

Four Alleged Associates of Sinaloa Cartel-Linked Encrypted Phone Company Are On the Run

https://www.documentcloud.org/documents/3246424-Stratfor-FBI-tip-about-Barrett-Brown.html

Wikileaks/This Machine Kills Secrets, How WikiLeakers, Cypherpunks and Hacktivists Aim to  Andy Greenberg.pdf

http://jar2.com/1/Archive/2015/January/Omidyar_Greenwald.html

 CYBER Hijack: A 514 Page Report on How the Deep State Stole American Democracy

http://www.jar2.com/Files/NWO/cyber-hijack-findings.pdf

 The DIEBOLD Files: The Actual Tools to Steal Democracies

http://jar2.com/4/Downloads/16/lists.zip

 The Russia Reports: Files Showing How the West Meddles in Russian Politics

http://www.jar2.com/Topics/Russia/The_Russia_Report_Second_Edition.html

http://www.jar2.com/topics/US_5th_Column_in_Russia.html

 The Bradley Files Leak 55GB+: How the Rothschilds Control America

http://www.jar2.biz/INDEX.html

 The Soros Files: How Soros Attempts to Control the World

http://www.jar2.com/Topics/Soros.html

 The Illuminati List: Who Exactly is Behind the New World Order?

http://www.jar2.com/Topics/Illuminati.html

 The Clinton Foundation Files: A Murderous Pay for Play Political Mafia Machine

http://www.jar2.biz/INDEX.html

http://www.jar2.com/Topics/Clinton_Crimes.html

 The WADA Files: How the Anglo-Saxon Machine Controls World Sports

http://www.jar2.com/Topics/WADA_20.html

 The Macron Leaks: Another Rothschild Installed Puppet in France Exposed

http://www.jar2.biz/INDEX.html

 MEDIA WATCH: Media Frames Ukraine Crisis to Blame Russia

Files/Ukraine/GMC_Ukraine_pre_print.pdf

 Every Single Report, Finding or Indictment Lacks One Thing: PROOF

 

FAKE_INDICTMENT _AGAINST GRU_OFFICERS.pdf

Attributing Cyber Incidents to Russia DNI-ICA

http://www.jar2.com/Files/USGOV/internet_research_agency_indictment.pdf

pdf file of FBI report on Russian hackers

Expose68 Jar2

WIKILEAKS FULLY EXPOSED - (ISRAELI LEAKS) Fearless Black Hats Production

911 BOOM!!! JAR2 REDEEMED!!! "911 was a MOSSAD CIA False Flag used to protect the Zionist entity from any future military threat and expand the parasitic hegemony of the US and the illegitimate Tel Aviv regime throughout the world by the Zionist inspired War on Terror." (Buildings 3, 4, 5, and 6?)

WATCH ON JAR2.COM

WATCH ON YOUTUBE

WATCH ON VK

DOWNLOAD FROM ONEDRIVE

DOWNLOAD FROM GOOGLE DRIVE

DOWNLOAD FROM THE MAIL.RU CLOUD

DOWNLOAD FROM JAR2.COM

DOWNLOAD FROM JAR2.BIZ

https://www.minds.com/TyrannyUnmasked

 

 

https://www.minds.com/TyrannyUnmasked

WE EXPOSE ASIS and WikiLeaks! STOP BLAMING RUSSIA F@CKTARDS!!!!

The DNC Files Were a Leak by Seth Rich, Files Uploaded in "Secret" to Archive Org!  BOOM!!

http://www.jar2.com/INDEX.HTM

http://www.jar2.com/Topics/WikiLeaks.html

THE REAL REASON WIKILEAKS/SNOWDEN CREATED

FAKE_INDICTMENT _AGAINST GRU_OFFICERS.pdf

http://www.jar2.biz/Files/DNC.zip

https://theforensicator.wordpress.com/guccifer-2s-west-coast-fingerprint/

Also published here: https://interceptor369.livejournal.com/14857.html

and here: http://jar2com.blogspot.com/2018/07/100-proof-there-were-no-russian-hackers.html

July 13, 2018 - POST ONE: I have never outed a real source but if the "source" is a fake and carrying out a spook operation or part of one then the rules regarding "sources" do not apply. Forensically it has been proven that the DNC E-Mails were hacked and downloaded onto a USB drive with a portable Linux Operating system installed on it. The computer with the files on it was simply switched off and then rebooted from the USB drive which loaded the Linux OS which of course had root access to the drives. Very simple and anyone with even elementary computer knowledge could have done it.

As a former WikiLeaks associate who knows that all of the real hackers and activists and leakers and truthers have been eradicated except one or two, it gives me great pleasure to expose any of the CIA/NSA spook operators running the fake WikiLeaks Ops, and here I will present one of them to you.

If CIA Twitter had not deleted all of my Twitter accounts and banned me for life you would have been able to correlate and analyze the times and release dates of the Podesta E-Mails and you would have found that on numerous occasions I was uploading the Podesta E-Mails onto JAR2 sometimes as much as several hours BEFORE WikiLeaks.

So what do the Podesta E-Mails have to do with the DNC Leak?

I could not report on this earlier because I was not sure that the person behind the file transfer location was in fact a SPOOK but now it can be stated with almost 100% certainty that the person named "Mike" is probably an MI6 operative connected to the Cambridge Analytic quagmire and the actual real life meddling in the US Election process that they are trying to blame on Russia. I also could not expose this persona earlier because I was not sure if the person may have just been an innocent "associate" like me but since this persona keeps on rolling and is now admitting they were an inside player in the WikiLeaks Limited Hangout you can be certain it is a SPOOK.

Given information I have I would say the person is ASIS and/or MI6 because they are located in the UK but that is going to be for future research and outing the real person behind Mike will be for the LULZSEC people hiding in the shadows, so right now let's meet Mike "the Dyke or something" and then I will share with you where the Podesta E-Mails were actually coming from and where WikiLeaks and I were actually downloading them from.

This persona knows the DNC E-Mails were a leak and not a hack and knows there was no Russian connections because this persona was responsible for uploading the files in question for WikiLeaks, yet this persona does nothing to counter the claims that it was GRU or Russian Intelligence because this persona has to cover their own ass and making Russia the scapegoat is the way of choice these days for every kind of Cyber Spook Operator possible. So here I go again defending Russia as I get screwed left and right but the TRUTH is what matters!

Meet Michael Best aka Mike Best aka Emma Best, another supposedly "sexually challenged" trans figure (could it be Bradley Manning?) I thought of that but no, so according to my research which I will reveal when the time comes this is him, her, it, whatever....

Michael Best aka Mike Best aka Emma Best ASIS/Rothschild/CIA FVEY Agent

Update: We Outed Michael as an ASIS Agent, He Publishes Private Messages - Pre-Arrest Psyop, All Harmless, "Poor Assange" and NO 911/JAR2

Wikileaks/WikiLeaked_Over_11,000_messages_from_private_WikiLeaks_chat_released_Michael_Best.txt

So where and how were the Podesta and DNC files being transferred to WikiLeaks? And thus where is the TOP SECRET WikiLeaks data transfer location? How do I know this. I told you I am the last living and free REAL WikiLeaks Associate and my investigation into the PSYOP freaks is over.....

Don't bother saying hi for me but you can tell them their asses are cooked. So without further ado here are the links and the rest is up to you LULZSEC/ZEROSEC/ANONYMOUS guys to fill in the cyber details:

Michael's Official "Job" is of course a propaganda creator like Joseph Farrell.

https://twitter.com/michaelbesty

Michael's alter personas are Mike Best who turned into Emma Best following the NWO trans agenda.

https://twitter.com/NatSecGeek

https://www.patreon.com/EmmaBest

SO where is this top secret file transfer hub and where was I pulling all of the WikiLeaks' "releases" and the Podesta Files from? First I want to say that now that they know I knew they will wonder how much shit that they deleted and tried to hide I actually already have and intercepted. Tsk tsk tsk. And now for the DRUM ROLL PLEASE!!!!! (I always wanted to say that)

And the SECRET ASIS/WikiLeaks/CIA file transfer hub is............. TA DUM https://archive.org/ 

Can I be more specific? OKAY First the RAW zipped Podesta E-Mails were being uploaded by the user Mike Best, then we downloaded and posted immediately while WikiLeaks was either delayed or doing their little formatting jobs and censoring the really bad stuff... All an investigator or researcher has to do is get access to the upload/download logs I can not help much as all my meta data was primarliy on Twitter but I am sure with the right forensic tools the RAW files on JAR2 can be analyzed to determine donwload, creation and post times... We stopped World War III and if we saved even one child it was worth it so if I am worried about implicating myself in publishing files the publi has a right to know about and expoing the completely fraufulent and fake nature of the US ELection System so be it. As a journalist I fulfilled my responsibility to inform, if mass-murdering Clinton was slowed down that is wonderful.  

https://archive.org/details/@the_mike_best 

https://archive.org/details/nationalsecurityarchive

https://that1archive.neocities.org/

https://archive.org/details/PodestaEmails

OKAY so now what? WIll anyone pay attention to this? Will this go viral as it should? Hell no. We are not an Op and are truly exposing their fakery so therefore of course not but those few survivng WikiLeaks associates in hiding and the Hackers and Hacktivists still fighting in the Shadows now know as well as anyone else who matters. There you go. The big secret. Russian hackers had nothing to do with the DNC but the Australian Secret Intelligence Service and MI6 did. Please spread and PLEASE SUPPORT JAR2!!! We are starving to death over here!!!

http://www.jar2.com/Please/Donate.htm

Articles6802 Jar2

  The US Always Blames Others for What They Do. US Meddling is Historic

http://www.jar2.com/Topics/Russia/The_Russia_Report_Third_Edition.html

THE U.S. INTERFERED IN FOREIGN PRESIDENTIAL ELECTIONS 81 TIMES FROM 1946-2000

February 18, 2018: A Russian parliamentary commission has prepared a report that lists over 100 cases of US interference in other nations’ internal affairs since the end of World War Two. TrendsRussia, US Read more Upper house gives legal definition to foreign interference in Russia’s affairs “We have counted approximately 100, about 101 or 102 absolutely verified and recorded facts of American involvement in the sovereign affairs of over 60 UN member-nations since the approval of this organizations’ charter that bans any such involvement – since 1946 till this day,” the head of the upper house Commission for Protection of State Sovereignty, Senator Andrey Klimov, was quoted as saying on Monday by TASS. The senator named one particular example from the list – the 1973 coup d’état in Chile that installed Augusto Pinochet as a military dictator and as a result of which the country’s parliament was dissolved and numerous human rights violations were committed. “Every such fact has a multitude of episodes of the US interference,” he noted. Klimov told TASS that the annual report would be finalized and released at the end of the month, and added that senators were preparing a different edition which would be distributed among a “closed circle of persons” and which would not be released to the wider public in the foreseeable future. Read more Russia lists 9 media outlets as foreign agents, including Voice of America, Radio Liberty At the same time, Klimov noted that not all cases of US involvement in other nations’ affairs could be formally described as such and thus were not included in the report. As an example, he named Donald Trump’s inauguration speech, in which the US president said that Washington was constantly meddling in other nations’ affairs and called for an end to such practices. “And these were the words of an inaugurated president, the commander-in-chief of the US military forces, who had been briefed through all files,” he said. Another example was the 2003 speech of George W. Bush in which the then-US president urged change in political regimes in between 40 and 50 foreign countries. The upper house commission for monitoring and countering foreign nations’ attempts to influence internal Russian politics was formed in mid-2017. Back then, upper house Speaker Valentina Matvienko said that attempts to meddle in Russia’s internal affairs had been ongoing for years and that up to $100 billion was sent to Russia from abroad annually to sponsor "political activities." "We know the consequences of such meddling... and will not allow anyone to threaten Russia's sovereignty," she said.

  Clapper: John Brennan Fired, CIA Report Rescinded, Russians Did Not “Hack” Election

https://phibetaiota.net/2016/12/james-clapper-john-brennan-is-fired-the-cia-report-is-rescinded-the-russians-did-not-hack-the-election/

FOR IMMEDIATE RELEASE

Office of the Director of National Intelligence

I have demanded the resignation of John Brennan and I am officially rescinding the CIA report on Russian interference in the US election. The CIA has no sources worthy of consideration, and their analysis is without foundation.

There is no question but that the Russians – as well as the Chinese, French, Germans, Israelis, and many others – have been doing cyber-espionage against all US institutions, including political institutions. In no way does this possibly justify the conclusion that the Russians or anyone other than our two political parties – have sought to “hack” our election — or come remotely close to doing so even if they were trying to do so.

I will briefly address the important distinctions among hacking, leaking, and manipulating electronic information.

To hack means to gain unauthorized access. Generally state actors who gain unauthorized access seek to conceal the fact of their access; they do not leak information because it reveals their success.

To leak means to share information – whether accessed as an authorized insider or stolen as an unauthorized outsider – so as to achieve a political, economic, cultural, or social effect.

To manipulate means to alter – either words in the case of emails, creating false impressions; or in the case of electronic voting machines, actually re-directing votes to achieve a predetermined outcome.

Based on my own personal review of all available sources, both classified and unclassified, I believe the following to be true:

01 NSA and CIA have been spying on US politicians and US political organizations with impunity. The loss of integrity by NSA and CIA is a much greater threat to our Constitution and our Republic than any cyber-espionage by the Russians or anyone else.

CONTINUE READING: https://phibetaiota.net/2016/12/james-clapper-john-brennan-is-fired-the-cia-report-is-rescinded-the-russians-did-not-hack-the-election/

  CIA Agents Predicted Brennan Would Lie about Russian Hacking in Election - True Pundit

https://truepundit.com/how-to-tell-a-govt-lie-cia-agents-predicted-three-weeks-days-ago-cia-director-brennan-would-lie-about-russian-hacking-in-election/

True Pundit predicted three weeks ago, via CIA sources, that Obama’s inner circle would lie about Russian hacking before he left office. Totally telegraphed by outgoing bureaucrats who are scrambling to salvage some type of legacy from their scrap heap of misguided ideological policy. Here is what we published on Dec. 16th:

The Washington Post is back today, digging themselves a bigger fake news hole, this time with the help of shovel-ready CIA Director John Brennan.

In a new fable today, the Post quoted Brennan who said The CIA believes the Russians hacked the 2016 election to benefit Donald Trump. However, those assertions directly counter more definitive intelligence leaked to True Pundit by CIA personnel on Monday. In that story CIA officials called the Washington Post’s allegations an “outright lie” and incredibly predicted Brennan was behind the original leaks to the Washington Post and Sen. John McCain.

The CIA analysts on Monday also warned that Brennan would go public with his phony counterintelligence at the behest of the President. This is exactly what transpired Friday afternoon. Verbatim.

CONTINUE READING: truepundit.com/how-to-tell-a-govt-lie-cia-agents-predicted-cia-director-brennan-would-lie-about-russian-hacking-in-election/

  Meet Obama's Russian Hackers - State of the Nation

http://stateofthenation2012.com/?p=62536

 

Russians did not hack the DNC system, a Russian named Dmitri Alperovitch is the hacker and he works for President Obama. In the last five years the Obama administration has turned exclusively to one Russian to solve every major cyber-attack in America, whether the attack was on the U.S. government or a corporation. Only one “super-hero cyber-warrior” seems to “have the codes” to figure out “if” a system was hacked and by “whom.”

Dmitri’s company, CrowdStrike has been called in by Obama to solve mysterious attacks on many high level government agencies and American corporations, including: German Bundestag, Democratic National Committee, Democratic Congressional Campaign Committee (DCCC), the White House, the State Department, SONY, and many others.

CrowdStrike’s philosophy is: “You don’t have a malware problem; you have an adversary problem.”

CrowdStrike has played a critical role in the development of America’s cyber-defense policy. Dmitri Alperovitch and George Kurtz, a former head of the FBI cyberwarfare unit founded CrowdStrike. Shawn Henry, former executive assistant director at the FBI is now CrowdStrike’s president of services. The company is crawling with former U.S. intelligence agents.

Before Alperovitch founded CrowdStrike in 2011, he was working in Atlanta as the chief threat officer at the antivirus software firm McAfee, owned by Intel (a DARPA company). During that time, he “discovered” the Chinese had compromised at least seventy-one companies and organizations, including thirteen defense contractors, three electronics firms, and the International Olympic Committee. He was the only person to notice the biggest cyberattack in history! Nothing suspicious about that.

Alperovitch and the DNC

After CrowdStrike was hired as an independent “vendor” by the DNC to investigate a possible cyberattack on their system, Alperovitch sent the DNC a proprietary software package called Falcon that monitors the networks of its clients in real time. According to Alperovitch, Falcon “lit up,” within ten seconds of being installed at the DNC. Alperovitch had his “proof” in TEN SECONDS that Russia was in the network. This “alleged” evidence of Russian hacking has yet to be shared with anyone.

As Donald Trump has pointed out, the FBI, the agency that should have been immediately involved in hacking that effects “National Security,” has yet to even examine the DNC system to begin an investigation. Instead, the FBI and 16 other U.S. “intelligence” agencies simply “agree” with Obama’s most trusted “cyberwarfare” expert Dmitri Alperovitch’s “TEN SECOND” assessment that produced no evidence to support the claim.

CONTINUE READING: http://stateofthenation2012.com/?p=62536

Jar2

  A Brief History of the “Kremlin Trolls” - The Saker

http://thesaker.is/a-brief-history-of-the-kremlin-trolls/

Saint Petersburg, Savushkina, 55 is the most famous office building in the world, thanks to the relentless promotion of the United States government, the CIA, FBI, and by the powers of the entire Western media, financed by Western governments. VOA, NPR, and Svoboda, by the government of the US; the BBC by the government of the UK; CNN by the governments of Saudi Arabia; the DW, by the government of Germany; and so on and so forth. You name it, they all punched time to promote this office building.

To be specific, it’s not even a building, but several adjoined buildings that cover an entire city block, an urban development plan common for Saint Pete’s. That’s why every business here has the address of Savushkina, 55 followed by a building number. You can take a virtual tour around it, to see for yourself. The buildings are shared by several dozens of private businesses, by the local Police department, and by the newsrooms of half a dozen Russia Media sources like the FAN (Federal News Agency), the Neva News (Nevskie Novosti), Political Russia, Kharkov News Agency, publishing Ukrainian news, and others. They all are privately owned and operated and generate over 55 million unique visitors per month. Overall, several thousand people come to this building to work every morning. But you wouldn’t know this by account of Western media. For over two years now, these people are being harassed and collectively branded as “THE KREMLIN TROLLS.”

The building is very popular because it’s located in a quiet historical neighborhood and is in walking distance from a suburban train station. It’s newly renovated offices offer open floor plans with Scandinavian fleur so very appreciated by the news people. In addition, the rent for this building is less than in center city. Which is why Evgeny Zubarev, a former top editor for the RIA NEWS, chose it for his media startup. He took several offices allowing him to manage his growing media giant without wasting time to commute. Now, the FAN newsroom alone employs about 300 journalists.

This wasn’t always the case.

At the beginning of 2014, the building was still under construction and renovation, when an anti-Russian government group of hackers called first “The Anonymous International” and latter “Shaltay-B0ltay” fingered it as the “Kremlin trolls’ layer.”

Their wordpress blog is still here. It was last updated on November 2016. Its title states: “Anonymous International. Shaltay Boltay/Press Secretary of the group. Creating reality and giving meaning to words.”

November 7, 2014, Khodorkovsky, who acted as an integral part of the CIA “Kremlin trolls” Project, tweeted the picture of one of the entrances to one of the buildings saying: “Savuchkina 55. New home for bots. ID check system. Not a sign there. I won’t say who took the photo.”

CONTINUE READING: http://thesaker.is/a-brief-history-of-the-kremlin-trolls/ 

  DNC Was a LEAK Not a HACK!!!! - Disobedient Media

New evidence shows DNC server files were downloaded directly to USB drive, not hacked by Russians

New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.

The document supplied to Disobedient Media via Adam Carter was authored by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis indicates the data was almost certainly not accessed initially by a remote hacker, much less one in Russia. If true, this analysis obliterates the Russian hacking narrative completely.

The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title “NGP-VAN.” This should not be confused with the separate publication of the DNC emails by Wikileaks. This article focuses solely on evidence stemming from the files published by Guccifer 2.0, which were previously discussed in depth by Adam Carter.

Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.

The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” Carter’s website was described by Wikileaks as a useful source of primary information specifically regarding Guccifer 2.0.

Carter recently spoke to Disobedient Media, explaining that he had been contacted by The Forensicator, who had published a document which contained a detailed analysis of the data published by Guccifer 2.0 as “NGP-VAN.”

The document states that the files that eventually published as “NGP-VAN” by Guccifer 2.0 were first copied to a system located in the Eastern Time Zone, with this conclusion supported by the observation that “the .7z file times, after adjustment to East Coast time fall into the range of the file times in the .rar files.” This constitutes the first of a number of points of analysis which suggests that the information eventually published by the Guccifer 2.0 persona was not obtained by a Russian hacker.

  Indictment Against GRU Officers is a FAKE There is NO Evidence - Moon of Alabama

FAKE_INDICTMENT _AGAINST GRU_OFFICERS.pdf

http://www.moonofalabama.org/2018/07/no-evidence-in-muellers-indictment-of-12-russians-release-now-may-sabotage-upcoming-summit.html

New The Special counsel Robert Mueller issued an indictment (pdf, 29 pages) against 12 Russian people alleged to be officers or personal of the Russian Military Intelligence Service GRU. The people, claims the indictment, work for an operational (26165) and a technical (74455) subunit of the GRU.

A Grand Jury in Washington DC issued 11 charges which are described and annotated below. A short assessment follows.

The first charge is for a "Conspiracy to Commit an Offense Against the United States" by stealing emails and leaking them. The indictment claims that the GRU units sent spearfishing emails to the Hillary Clinton campaign and the Democratic Party organizations DNC and DCCC. They used these to get access to email boxes of John Podesta and other people. They are also accused of installing spyware (X-agent) on DNC computers and of exfiltrating emails and other data from them. The emails were distributed and published by the online personas DCLeaks, Guccifer II and later through Wikileaks. The indictment claims that DCLeaks and Guccifer II were impersonations by the GRU. Wikileaks, "organization 1" in the indictment, is implicated but so far not accused.

Note: There is a different Grand Jury for the long brewing case against Julian Assange and Wikileaks. Assange has denied that the emails he published came from a Russian source. Craig Murray, a former British ambassador, said that he received the emails on a trip to Washington DC and transported them to Wikileaks.

The indictment describes in some detail how various rented computers and several domain names were used to access the DNC and DCCC computers. The description is broadly plausible but there is little if any supporting evidence.

Charge 2 to 9 of the indictment are about "Aggravated Identity Theft" for using usernames and passwords for the personal email accounts of others.

Charge 10 is about a "Conspiracy to Launder Money". This was allegedly done "through a web of transaction structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin". It is alleged that the accused mined bitcoins, channeled these through dozens of accounts and transactions and then used them to rent servers, virtual private network access and domain names used in the operation.

Note: The indictment reinforces the author's hunch that bitcoin and other cryptocurrencies are creations and playgrounds of secret services just like Tor and other 'cool' internet 'privacy' stuff are. Its the very reason why one should avoid their use.

Charge 11 of the indictment is a "Conspiracy to Commit an Offense Against the United States". It claims that some of the accused hacked into state boards of elections and into U.S. companies providing elections related software.

Note: Other reporting found that the alleged attack resulted in no changes to the election results or other damage.

The Unites States will seek forfeiture of the valuables the accused may have within the United States as part of any sentencing of the accused.

Assessment:

It is not by chance that this indictment was published now, a few days before the first summit between Donald Trump and the Russian President Vladimir Putin and shortly before the successful soccer world championship in Russia ends. The release intends to sabotage the talks.
The indictment describes a wide ranging operation but includes zero proof of anything it alleges.
Mueller likely hopes that the indictment will never come in front of a court. The alleged stuff would be extremely difficult to prove. Any decent lawyer would ask how the claimed information was gained and how much of it was based on illegal snooping by the NSA. Something the U.S. would hate to reveal.
It is unlikely that there will ever be a trial of these cases. The indicted persons are all Russians in Russia and none of them is likely to be stupid enough to follow an invitation to Las Vegas or to Disney World.

But who knows?

In February Mueller indicted the Russian Internet Research Agency, a clickbait farm run for commercial purpose, of influencing the U.S. election. The expectation then like now was that there would never be trial. In a surprise move one of the accused Russian companies, Concord Management, took up the challenge and demanded discovery. Mueller then tried to delay the hand over of evidence (which he probably does not have.) A judge rejected the attempt. The case is pending.

Deputy Attorney General Rosenstein, who announced the indictment, also made three points that will likely get little coverage. He said (video) that there are no allegations in the indictment that:

any American knew that they were in contact with Russians or with a Russian operation, any American committed a crime in relation to this, that the operation changed or influenced the election.

The indictment, which may well be made up and is unlikely to ever be tested in court, will reinforce the "Russia is an enemy" campaign which was launched way before the 2016 election. It will reinforce the believe of some Democrats that Russia, and not the selection of a disgusting candidate, cost Hillary Clinton the presidency.

The detente with Russia which U.S. president Donald Trump tries to achieve will now be more difficult to implement and to sustain.

  Guccifer 2’s West Coast Fingerprint - Introduction - The Forensicator

https://theforensicator.wordpress.com/guccifer-2s-west-coast-fingerprint/

 

THE FORNSICATOR'S INFORMATION: In this report, we analyze the time zone offset that was likely in force when Guccifer 2’s first five (5) Word documents were written. We also look at the time of day pattern of the “last modified” times for the 25/so documents that Guccifer 2 modified and then uploaded to his blog site.

Finally, we look at one particular Word document that Guccifer 2 uploaded, which had “track changes” enabled. From the tracking metadata we deduce the time zone offset in effect when Guccifer 2 made that change — we reach a surprising conclusion: The document was likely saved by Guccifer 2 on the West Coast, US.

Summary

Using a technique recently disclosed by another researcher (David Blake), we were able to establish GMT time zone offsets for Guccifer 2’s first five (5) Word documents. Four of those documents (1.doc, 2.doc, 3.doc, and 5.doc) were created with GMT+3 time zone settings in effect. (During the summer of 2016, GMT+3 would have applied to Central Europe, the Middle East, and Western Russia.) One document, 4.doc, was created with GMT+4 time zone settings in force.

We deduce that 4.doc‘s GMT+4 time setting indicates that Russian time zone settings were in force when that document was saved. This conclusion derives from the possible use of an outdated cracked Windows XP OS which did not receive updates to its time zone tables. Hypothetically, this unpatched OS was not updated to reflect the fact that Moscow/Russia dropped Daylight Saving Time for Western Russia in 2014. This conclusion also depends upon the user not adjusting their time zone offset manually for over three months after the time zone should have been corrected.

Given that the user did not manually disable the DST time adjustment, we suggest that 4.doc may have been created on a VM that was purpose-built to “telegraph” the use of Russian time zone settings.

We construct a histogram of the time of day that Guccifer 2 last modified the 25/so documents that he changed mainly for the purposes of manipulating their metadata (such as “last saved by” user, company name, etc). This histogram supports the conclusion that Guccifer 2 operated out of a region with a GMT+3 time zone offset in force.

We analyze the timestamp on an internal “track changes” entry created by Guccifer 2 when he modified a document that was published in his second batch of documents that were uploaded to his WordPress site. We correlate this timestamp to the document’s “modified” (“last saved”) time recorded in the document’s metadata. Based on this analysis, we reach the surprising conclusion that this document was created on a system which had Pacific Daylight Saving Time (PDT) settings in force, when the change was made.
The PDT finding draws into question the premise that Guccifer 2 was operating out of Russia, or any other region that would have had GMT+3 time zone offsets in force. Essentially, the Pacific Time Zone finding invalidates the GMT+3 time zone findings previously described.

Credits

David J. Blake (@HisBlakeness) discovered [archive] a technique that can be used to figure out the timezone offset that was in force when a legacy (.doc) Word document was saved. We use Blake’s method on Guccifer 2’s first five Word documents, in this report.
Matt Tait (@pwnallthings), a security blogger/journalist, began following Guccifer 2, early on and extensively. Matt started a Twitter mega-thread here. In one particular tweet [archive], Tait noticed that “track changes” was enabled for a particular document, and that Guccifer 2 had made a small change under the name “Ernesto Che”. His observation prompted us to analyze the date/time of this change. Based on our analysis, we conclude that this document was likely last modified by Guccifer 2 on the West Coast, US.

Timeline

The following timeline summarizes some key events and developments as they relate to the analysis of Guccifer 2’s early document disclosures. For a much more detailed timeline, consult Adam Carter’s Guccifer 2 timeline.

[2013-07-13] As noted by Thomas Rid (@RidT), the original Guccifer (Marcel Lazăr Lehel) disclosed a similar version of Guccifer 2’s 4.doc in the summer of 2013. Additional metadata analysis indicates that the source document dates back to the time of the Obama administration (2008).

[2016-06-14] Via the Washington Post [archive] the DNC announced it has been hacked. The WaPo article mentions (in its headline and in the body of the article) that they fear that a Trump opposition research document (now known as 1.doc from Guccifer 2) may have been stolen by Russian state-sponsored operatives.

[2016-06-15] The security firm, Crowdstrike, who was hired by the DNC, published a blog [archive] which attributed the alleged DNC hack to Russian state actors.

[2016-06-15] Guccifer 2 arrived on the scene that same day. Guccifer 2 quickly published ten (10) Office documents on his WordPress.com blog [archive]. Five (5) of those are Word documents; they are analyzed in our companion report, Did Guccifer 2 Plant his Russian Fingerprints?. Guccifer 2 initially posed as a Romanian (lone wolf) hacker, but as time went on his story began to deteriorate. Some pundits quickly assigned Russian attribution to Guccifer 2, partly due to Cyrillic artifacts in his first five Word documents. Also, in an online chat, it was observed that Guccifer 2 had weak fluency in Romanian.

[2016-06-15] That same day, two media outlets published stories, covering 1.doc (the DNC sourced “Trump opposition report”), which was apparently pre-disclosed to them by Guccifer 2. Those media outlets were The Smoking Gun [archive] (TSG) and Gawker [archive].

[2016-06-15] Matt Tait (@pwnallthings), a security blogger/journalist, began following Guccifer 2. Matt started a Twitter mega-thread here. Matt’s involvement with Guccifer 2 will cause him to be interviewed by Mueller as part of the Mueller investigation of Michael Flynn [archive] in October, 2017.

[2016-06-16] One day later, a well known online media outlet, Ars Technica [archive], (which covers technology topics) reviewed the PDF [archive] posted by Gawker; this PDF is derived from 1.doc. Ars Technica noticed the presence of error messages located in the last few pages of the 200+ page PDF. Those messages were written in Russian (using the Cyrillic alphabet).

[2016-06-18] Guccifer 2 published his second batch of documents. One document from that batch had “track changes” enabled in Word; we focus on that document in this report.

[2016-06-18] In a tweet [archive], Tait noticed a document with “track changes” that Guccifer 2 had uploaded that same day. He reported on a small change that was made under the name “Ernesto Che”. His observation prompted us to analyze the date/time that this change was made. Based on our analysis, we conclude that this document was likely last modified by Guccifer 2 on the West Coast, US.

[2016-10-07] Wikileaks released their first batch of Podesta emails. Per our analysis, all five of Guccifer 2’s first five Word documents (and an additional document used as a template) can be matched with source documents that were included as attachments to Podesta’s emails. We do not conclude that Podesta’s emails were the actual source of Guccifer 2’s first five Word documents, but note that this conclusion cannot be ruled out.

[2018-02-16] David J. Blake (@HisBlakeness) published his research [archive] that suggests that Guccifer 2’s first two documents were created with GMT+3 time zone offset settings in force.

Analysis The Blake Method: Use the Datastore to Calculate a UTC Offset

Recently, blogger/researcher, David J. Blake (@HisBlakeness) offered some interesting new observations and theories regarding Guccifer 2. Blake made this key discovery [archive].

Blake discovered that some legacy (.doc and .rtf) Word documents contain an internal “datastore” object – this “datastore” object has an internal timestamp that is expressed in UTC (closely equivalent to GMT) time. The containing legacy Word document records times (to the minute) in local time. This means that we can take the “last saved time” (in local time) of the Word document and subtract the datastore time from it (recorded in UTC time) to determine the GMT offset in force at the time that the document was saved.

Blake mentions the “MSODatastore” object; this is a form of “datastore” object introduced by Word 2007.

We observe that some legacy Word documents do not have an MSODatastore objects but still have datastore objects that can be used to determine the GMT offset in force when they were saved. Guccifer 2’s, 4.doc and 5.doc fall into this category.

Using the Blake Method, we Find the GMT Offset for Guccifer 2’s First Five Documents

We augmented Blake’s results by applying his method to 3.doc, 4.doc, and 5.doc – which were not covered in his write up.

A tab-separated file with the data above can be found here.

We will describe a theory that we think explains the GMT+4 time zone offset. First, we need to present some additional facts and observations as support for that theory.

Did Guccifer 2 Disclose Other Documents that Might be Used to Determine their GMT Offsets?

We looked for other .doc files that Guccifer 2 might have modified and published – to confirm our understanding of the time zones where Guccifer 2 may have operated. We were only interested in documents that Guccifer 2 modified and then saved. Guccifer 2 posted approximately 135 separate files to his blog site. Of those, only 25 have internal “last saved” times that indicate that Guccifer 2 saved them some time after acquisition; by now, most of us know of his infamous proclivity to change the “last saved by” names to heroes and/or villains of past cultural revolutions. The 25 files modified by Guccifer 2 were uploaded in three batches (with the number of documents shown in parentheses: 2016-06-15 (11), 2016-06-18 (9), and 2016-07-06 (5).

Based upon a quick review of the 25 files that Guccifer modified, we conclude that [1-5].doc were the only legacy Word documents that Guccifer 2 changed and published. Therefore, we have no other documents upon which we can apply the Blake method to further establish the time zone offset that may have been in force when the documents were generated. (Note: Guccifer 2 did modify and publish some .docx files, but we cannot apply the Blake method to those.)

Did Guccifer 2 Anticipate the Blake Method?

To date, in our analysis, the one thing we have noticed that all five Word documents have in common is that their time zone offset can be calculated using the Blake method. For the first three documents, their source documents use the new .docx Open Office format; that format does not have the information (the “datastore”) needed to retrieve a UTC timestamp, which (per Blake) can then be compared to the wall time (local time) recorded in legacy .doc files. The datastore object was added when the source files were saved as RTF files.

Given that Guccifer 2 went to some trouble to save his first five documents in a legacy Word file format (RTF), which is a seldom used format, and that these legacy Word documents can be dated using the Blake method, we wonder if Guccifer 2 might not have been aware of this aspect of his first five Word documents? In the same sense that his attempts to pose as a Romanian hacker appeared intentional, we wonder if Guccifer 2 might not have known about the Blake method and deliberately saved those first five Word documents in a way that their time zone offsets might be determined?

A Quick Look at Guccifer 2’s Document Metadata

Some relevant metadata for Guccifer 2’s five documents are shown below.

A tab-separated file with the results listed above is here.

The fields highlighted in blue have values that are different from their matching source document.

Note: The “last modified by” value of “user” in 4.doc is different than in the source document – there it is spelled “User”.

The yellow highlighted fields (based on our analysis) were inherited from a file used as a template.

The “Save As (RTF)” operation in Word will reset the version number to “2”; both the Created and Last Modified dates will be identical; the Last Printed date will be inherited from the original. Thus, 4.doc and 5.doc appear to be the result of a “Save As (RTF)” operation with no subsequent edit operations.

Guccifer 2’s 4.doc is an Outlier of Sorts

As we can see from the metadata, 4.doc is a bit of an outlier.

It was created an hour earlier than the other four documents.

The “last saved by” field was not changed to “Феликс Эдмундович” as it was for the other four documents. Rather, it was changed from “user” to “User” and the Company name was changed to “Grizli777”.

The source document for 4.doc relates back to a document created during the Obama administration (2008).

Guccifer 1 disclosed (via The Smoking Gun) the 4.doc source document (as a PDF with an Comic Sans font) back in 2013.

This string, “CONFIDENTIAL DRAFT FOR REVIEW — 9/4/08” was removed from the source document page header; the word “SECRET” was added. See the comparison below.

The original Guccifer 1 disclosure (2013) left the “CONFIDENTIAL DRAFT …” line intact and did not add “SECRET”.

The “last printed” date from the original source document was preserved and appears in the final document. This helps confirm that this particular document was in fact the source document.

What is this Grizzly Doing in my Document?

As we saw above in the metadata tabulation for Guccifer 2’s Word documents, one of the documents (4.doc) had its Company name set to “Grizli777”. One researcher [@_fl01] was quick to notice this.

Mr. Wagner is right, Grizly777 shows up in bootleg copies of Office(tm) [h/t Adam Carter].

As we discuss below, there is another aspect of 4.doc (a +4 GMT time zone offset in force when the document was created) that is consistent with the theory that a separate computer (probably a VM) was used to create 4.doc. A cracked version of Office(tm) may have been installed on that computer, along with an outdated (also cracked) version of Windows XP.

We note in passing that any computer forensics expert who came up through the ranks, starting as a hacker in their misspent teen years, would have quickly noticed Grizli777 as an indication that the document may have been generated on a system where cracked software was installed. Although Wagner suggests that this cracked software is popular with Russians and Romanians, it is more accurate to say that cracked software is popular with hackers (and others) worldwide. Nevertheless, a forensics expert might view this cracked software as an indication that the system where 4.doc was generated was used by a hacker, as Florian did.

Does Grizli777 Also Hack Elections?

Did Grizli777 give up cracking software and then take up hacking elections? Perhaps instead, this unlucky author added his “Company Name” to the cover page? Is he Russian or Romanian? It doesn’t seem so.

Our point, here, with this anecdote is that the cracked version of Windows Office is not reserved for use by Russians and Romanian hackers.

Russia and Ukraine Time Zone Changes, Circa 2014

In 2014, Eastern Ukraine switched to Moscow Standard Time, and Moscow eliminated Daylight Saving Time.

However, Western Ukraine and a big part of Central Europe, including Bulgaria and Romania do honor DST and therefore would have their clocks set to GMT+3 during the summer. In the map below, everything in yellow uses the GMT+3 time offset during the summer months (courtesy, Wikipedia, with enhancements for GMT+2 using DST).

Guccifer 2’s Fourth Document (4.doc) was Likely Created on a VM with Moscow Time Zone Settings

We launched a VM with Windows XP installed on it, and then set the time zone to Moscow Time; we left the “Automatically adjust clock for daylight saving changes” box checked (the default).

We then ran “Cygwin” (a Unix emulation layer that runs on Windows) and ran a few commands to demonstrate that Windows XP used time zone tables that had not been updated to reflect the Moscow time zone changes that were implemented in October, 2014. Windows XP maintenance ended on April 8, 2014; it is a reasonable assumption that they did not update the Moscow time zone information.

In this demonstration, we took advantage of the fact that Cygwin had been updated subsequent to October 2014. There are other ways to demonstrate this anomaly; this serves our purpose and was easy to do given the tools and programs that were already installed.

We ran the Windows commands ‘date /t’ and ‘time /t’ and compared the result to Cygwin’s ‘date’ command. As shown, Windows is an hour ahead of actual time, because Windows XP is using outdated information.

This simple experiment demonstrates that the GMT+4 time zone offset observed for 4.doc was likely the result of creating 4.doc on a VM running Windows XP, perhaps a cracked version of XP, as we might intuit from Grizli777 in the “Company” name metadata value.

4.doc Was Likely Written on a Purpose-Built VM

We think that this VM was likely purpose built, because the user did not manually adjust the time zone offset (the easiest method would be to uncheck the “Automatically adjust clock for daylight saving changes”). The other four documents were written with GMT+3 in force; if we assume that they were written in the MSK time zone, then either a more modern, updated OS was installed, or the user manually adjusted his time zone settings. This manual adjustment would be expected because the incorrect time zone setting would be apparent to the user whenever the DST change occurred. Given that the time zone offset was left uncorrected, we are inclined to think that the VM had not been set up for very long, and therefore was likely purpose built.

Guccifer 2 Telegraphed his Russian Time Zone

The following observations might lead an analyst to conclude that Guccifer was operating in a Russian time zone (and not simply a GMT+3 time zone, which covers a much wider area).

The Blake method indicates that 4.doc was written on a system with GMT+4 time zone settings in force. (In 2016, the Moscow/Western Russia (MSK) time zone no longer implemented Daylight Saving Time – Western Russia was on GMT+3 time.)

The Company Name value of Grizli777 suggests the use of cracked software, in this case a cracked version of Word 2007.

If the Word application is cracked, then the OS might also be cracked. The cracked Windows OS of choice would be Windows XP.

Support for Windows XP was withdrawn in April, 2014 and Western Russia and Eastern Ukraine dropped Daylight Saving Time in October 2014. It is reasonable to assume (and we confirm this in our tests) that this DST change was never made in this cracked version of Windows XP.

This unique collection of observations leads to the conclusion that 4.doc was created on a system with Moscow (Western Russia) time zone settings in force.

Given that Guccifer 2 went to some trouble to create 4.doc on a purpose built VM with settings that suggested the use of cracked software combined with the GMT+4 time zone offset – we wonder if Guccifer 2 intended to “telegraph” the fact that 4.doc was written on a system with Russian time zone settings in effect? If not, why did he bother to make a trivial change to 4.doc on this one particular system (VM)?

Last Saved Time on Guccifer 2’s first 25 Documents Suggest GMT+3 Working Hours

Over the course of about four months (beginning June 15, 2016), Guccifer 2 uploaded approximately 150 documents to his blog site. However, based on “last saved” times, Guccifer only modified and uploaded about 25 documents; the rest were uploaded as is. We can plot the hour that those 25 Office documents were saved in a histogram (shown below).

This histogram seems to support the conclusion that Guccifer worked on those 25 documents during GMT+3 (Central Europe and Western Russia) working hours. However, as we show in the following section, there is at least one important data point that strongly contradicts this conclusion.

Guccifer 2’s West Coast Fingerprint

Matt Tait (@pwnallthings), a security blogger/journalist, noticed [archive] a change revision entry in one of the Word documents published by Guccifer 2; this document was uploaded by Guccifer 2 in his second batch of documents, published on June 18, 2016. That document, named hillary-for-america-fundraising-guidelines-from-agent-letter.docx, had “track changes” enabled in Word; it recorded one of Guccifer 2’s changes that he made under the pseudonym, “Ernesto Che”.

In that tweet, Tait refers to this except from the raw Word document’s XML data.

Before diving into the XML, let’s open the document in Word and have a look at that change made by Guccifer 2.

We can see that Mr. Che inserted some spaces in “Kilroy was here” fashion. This document can be matched with an attachment to this email in the Wikileaks Podesta email collection. There it does not have “track changes” enabled – this is something that Guccifer 2 added.

The time shown is”12:56:00 AM”, or 56 minutes after midnight. The date is June 17, 2016 (two days after Guccifer 2’s debut). This agrees with the XML that Tait noted. Does it really, though? We will investigate further.

Let’s set our system’s time zone to UTC+00 (UTC and GMT are equivalent for our purposes), and have a look at the file’s properties. (After setting the system time zone explicitly, we need to exit Word and restart it for the change to take effect.) We select the “File” tab, then select “Info” and look at the panel on the right of the screen.

The document was last saved at 7:56 AM GMT. Notice that the minutes value is the same as that shown for the tracked change; they are seven (7) hours apart. Now that we have GMT set, we take another look at the ‘track changes” time. It is the same as when we had the Pacific time zone set (“12:56:00 AM”). What this tells us is that the track changes entry is expressed in local time not GMT. The file properties time is, however, expressed in GMT.

With this information, we could stop here and reach our final conclusion, but we will first dig a little deeper into the XML. We analyzed the document further; we correlated the timestamp on this change made by Guccifer 2 with the document’s last modified time. The first thing to know is that Word .docx files are encoded as a normal “Zip” file, that includes among other things several XML files. Our document looks like this after it is unzipped.

We are interested in docProps/core.xml, which has the file’s properties that we just viewed in Word and word/document.xml, which has the document’s main body text; it includes the track changes entry that Tait noticed.

Let’s turn to the document’s properties found in docProps/core.xml.

We notice that the time recorded is 07:56 “Zulu” (GMT). Referring back to the change history properties, we note that it states that the time is 00:56 AM — apparently 7 hours earlier. We note (based on our tests) that the change entry’s time is in local time, not “Zulu” time.

To confirm our observation that the change logs record local time, we ran a test on a VM running Windows XP with the time zone offset set to GMT+3. This is the environment that Guccifer 2 supposedly worked in when he created four of his first five Word documents. As an experiment, we open the same document that Guccifer 2 uploaded and add a single line of text to it. The document’s “modified” (last saved) time is 16:12 (GMT).

Next, we query the document’s XML for the change log information.

Here, we see a (local) time of 19:12 which is 3 hours later, as we would expect for a computer (VM) operating with GMT+3 time zone settings in force. This is how things should have looked if Guccifer 2 had made his change with GMT+3 settings enabled. Instead, we see a -7 (minus seven) hours offset from GMT.

Based on the original change log timestamp, which is 7 hours earlier than the document’s (GMT based) last modified time, we reach the following surprising conclusion.

Guccifer 2’s document, named hillary-for-america-fundraising-guidelines-from-agent-letter.docx, was saved on a computer which had Pacific Daylight Time (PDT) settings in force.

The PDT Finding Invalidates the Prior GMT+3 Findings

In the first part of this report, we documented our analysis, which provided support for the conclusion that Guccifer 2 may have been operating out of a GMT+3 time zone region. However, when we place that conclusion against our finding that a document uploaded by Guccifer 2 (in a similar time frame) was likely last saved in a location on the West Coast, US we have to question our GMT+3 findings.

We must now give serious consideration to the idea that all 25 documents (uploaded in three batches over the course of a month) were all generated on the West Coast, US. Guccifer 2 was possibly working on a VM and/or using a VPN that vectored through Romania or Russia. Here is how that shift will look if all 25 files were last saved on the West Coast (PDT).

For those who might suggest that Guccifer 2 intentionally planted his “West Coast fingerprint”, we ask: what was his motive? His first five documents appear to have been carefully crafted to send the message that they were generated somewhere in Russia, and his working hours appear to be consistent with that conclusion. Why would Guccifer 2 want to undo his hard work?

Closing Thought

SOURCE: The Forensicator

https://theforensicator.wordpress.com/guccifer-2s-west-coast-fingerprint

Attempts to Damage Me Continue Relentlessly

PROOF THE SON OF JOHN ROBLES IS INNOCENT

The bastards never stopping trying to discredit everything I say and do. This attmept has no relation to me or my son. SCUM! This is the ongoing Twitter butt hurt sheeple crap they are doing against us thinking that if I was banned for life from Twitter they could get away with anything, nope!

Jar2

We need lawyers and your support to continue to exist!

http://www.jar2.com/Please/Donate.htm

 

Last Update: 11/19/2023 20:01 -0000

 

LEAKS55A

INtell ButtonJAR2 Blog ButtonARTICLES55BOOKS55A

Interview ButtonIMAGES55CRobles6802

VIDEO55A

  Link to JAR2 Live Journal Account 

 

  Please help keep us going and make a donation Thanks to all supporters!

PayPal, Сбербанк Sberbank Visa 4276 3800 4476 1661

Copyright JAR2 2003-2103 All Rights Reserved

Publishing Banned Truth Since June 06, 2003