New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.

The document supplied to Disobedient Media via Adam Carter was authored by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis indicates the data was almost certainly not accessed initially by a remote hacker, much less one in Russia. If true, this analysis obliterates the Russian hacking narrative completely.

The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title “NGP-VAN.”  This should not be confused with the separate publication of the DNC emails by Wikileaks. This article focuses solely on evidence stemming from the files published by Guccifer 2.0, which were previously discussed in depth by Adam Carter.

Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.

The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” Carter’s website was described by Wikileaks as a useful source of primary information specifically regarding Guccifer 2.0.

Carter recently spoke to Disobedient Media, explaining that he had been contacted by The Forensicator, who had published a document which contained a detailed analysis of the data published by Guccifer 2.0 as  “NGP-VAN.”

The document states that the files that eventually published as “NGP-VAN” by Guccifer 2.0 were first copied to a system located in the Eastern Time Zone, with this conclusion supported by the observation that “the .7z file times, after adjustment to East Coast time fall into the range of the file times in the .rar files.” This constitutes the first of a number of points of analysis which suggests that the information eventually published by the Guccifer 2.0 persona was not obtained by a Russian hacker.

Image via The Forensicator

The Forensicator stated in their analysis that a USB drive was most likely used to boot Linux OS onto a computer that either contained the alleged DNC files or had direct access to them. They also explained to us that in this situation one would simply plug a USB drive with the LinuxOS into a computer and reboot it; after restarting, the computer would boot from the USB drive and load Linux instead of its normal OS. A large amount of data would then be copied to this same USB drive.

In this case, additional files would have been copied en masse, to be “pruned” heavily at a later time when the 7zip archive now known as NGP-VAN was built. The Forensicator wrote that if 1.98 GB of data had been copied at a rate of 22.6 MB/s and time gaps t were noticed at the top level of the NGP-VAN 7zip file were attributed to additional file copying, then approximately 19.3 GB in total would have been copied. In this scenario, the 7zip archive (NGP-VAN) would represent only about 10% of the total amount of data that was collected.

The very small proportion of files eventually selected for use in the creation of the “NGP-VAN” files were later published by the creators of the Guccifer 2.0  persona. This point is especially significant, as it suggests the possibility that up to 90% of the information initially copied was never published.

The use of a USB drive would suggest that the person first accessing the data could not have been a Russian hacker. In this case, the person who copied the files must have physically interacted with a computer that had access to what Guccifer 2.0 called the DNC files. A less likely explanation for this data pattern where large time gaps were observed between top level files and directories
in the 7zip file, can be explained by the use of ‘think time’ to select and copy 1.9 GB of individual files, copied in small batches with think time interspersed. In either scenario, Linux would have been booted from a USB drive, which fundamentally necessitates physical access to a computer with the alleged DNC files.

The Forensicator believed that using the possible ‘think-time’ explanation to explain the time-gaps was a less likely explanation for the data pattern available, with a large amount of data most likely copied instantaneously,  later “pruned” in the production of the Guccifer 2.0’s publication of the NGP-VAN files.

Both the most likely explanation and the less likely scenario provided by The Forensicator’s analysis virtually exclude the possibility of a Russian or remote hacker gaining external access to the files later published as “NGP-VAN.”  In both cases,  the physical presence of a person accessing a containing DNC information would be required.

Importantly, The Forensicator concluded that the chance that the files had been accessed and downloaded remotely over the internet were too small to give this idea any serious consideration. He explained that the calculated transfer speeds for the initial copy were much faster than can be supported by an internet connection. This is extremely significant and completely discredits allegations of Russian hacking made by both Guccifer 2.0 and Crowdstrike.

This conclusion is further supported by analysis of the overall transfer rate of 23 MB/s. The Forensicator described this as “possible when copying over a LAN, but too fast to support the hypothetical scenario that the alleged DNC data was initially copied over the Internet (esp. to Romania).” Guccifer 2.0 had claimed to originate in Romania. So in other words, this rate indicates that the data was downloaded locally,  possibly using the local DNC network. The importance of this finding in regards to destroying the Russian hacking narrative cannot be overstated.

If the data is correct, then the files could not have been copied over a remote connection and so therefore cannot have been “hacked by Russia.”

The use of a USB drive would also strongly suggest that the person copying the files had physical access to a computer most likely connected to the local DNC network. Indications that the individual used a USB drive to access the information over an internal connection, with time stamps placing the creation of the copies in the East Coast Time Zone, suggest that  the individual responsible for initially copying what was eventually published by the Guccifer 2.0 persona under the title “NGP-VAN”  was located in the Eastern United States, not Russia.

The implications of The Forensicator‘s analysis in combination with Adam Carter‘s work, suggest that at the very least, the Russian hacking narrative is patently false. Adam Carter has a strong grasp on the NGP-VAN files and Guccifer 2.0, with his website on the subject called a “good source” by Wikileaks via twitter. Carter told Disobedient Media that in his opinion the analysis provided by The Forensicator was accurate, but added that if changes are made to the work in future, any new conclusions would require further vetting.

On the heels of recent retractions by legacy media outlets like CNN and The New York Times, this could have serious consequences, if months of investigation into the matter by authorities are proven to have been based on gross misinformation based solely on the false word of Crowdstrike.

Assange recently lamented widespread ignorance about the DNC Leak via Twitter, specifically naming Hillary Clinton, the DNC, the Whitehouse and mainstream media as having “reason” to suppress the truth of the matter. As one of the only individuals who would have been aware of the source of the DNC Leaks, Assange’s statement corroborates a scenario where the DNC and parties described in Adam Carter’s work likely to have included Crowdstrike, may have participated in “suppressing knowledge” of the true origins and evidence surrounding the leak of the DNC emails by confusing them with the publication of the Guccifer 2.0 persona.

Despite Guccifer 2.0’s conflicting reports of having both been a Russian hacker and having contact with Seth Rich, the work of The Forensicator indicates that neither of these scenarios is likely true. What is suggested is that the files now known as “NGP-VAN” were copied by someone with access to a system connected to the DNC internal network, and that this action had no bearing on the files submitted to Wikileaks and were most likely unassociated with Seth Rich, and definitively not remotely “hacked” from Russia.

134 Thoughts on “New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked”

  • Well the forensicator has a couple problems, The major being that my silly home laptop connected to Comcast downloads at over 50 megabytes per second. However, William Binney provides interesting commentary on the subject.

  • Something hidden right out in the open that you should really look at. Something with firm evidence, server logs, lots of witnesses, something that’s been seriously lacking as of late.

    And the archived proof. I’m sure you could dig up the guy who wrote the thing, I did, he’s in the usual places. I’m sure he’d have all the details, and more solid proof.

  • The real Meddling was in the Ukraine By 0bama:
    How the US Ukrainian Embassy & the State Department used Taxpayer Funds to build Propaganda TV (Hromadske) in the Ukraine to overthrow the Government
    “Why Manafort Matters”- Lefty anti-Trump Propaganda, US Ukrainian Embassy Funded TV Channel (Hromadske)
    Franklin Foer, Fellow of New America Foundation anti-Trump Think-Tank Taxpayer Funded by US State Dept., Writer for the Atlantic Lies for the Democrats

    Lee Stranahan 8/20/17

  • From what I’ve seen of their analysis and the metadata, I might reach a slightly different conclusion.

    I would suggest the following: the files were copied to a temporary folder on the DNC system and then compressed before transfer to aid transferring the files over VPN.

    I believe this would satisfy the evidence found in Forensigator’s investigation, including file modification date/times, EST timezone and the data transfer speed, which was correlated solely by size of the data inside the rar file.

    To be clear, If I compress a 1.9GB file on my local computer using winrar, it takes approximately 90 seconds on my core i5 system, and the file(s) inside have an EST time zone, which lines up nicely with his findings.

  • The investigation should begin with DNC crimes committed in the Bernie Sanders campaign.

    Bernie should give back the dollars that he received to support HRC after his campaign was cheated by the DNC.

    Liars and cheaters in the DNC, along with the #Awan brothers should be prosecuted. Our system of government has been compromised…

  • Not a terrible discussion and certainly a possibility, but a flawed premise, I believe.

    The timestamps *do* indicate at that some point a history-destroying-copy was made (ie one where the “created” date gets reset, such as a download or any of several Unix commands|parameters) and that the 7z archives were made on that copy. This may have happened on July 5, 2016; but that’s easy to fake too, so it may not have.

    More importantly, file dates do *not* prove that was the first copy from the DNC, just that it was a history-destroying-copy (example, Unix: cp –no-preserve=timestamps … ). History based on the file date markers is easy to fake and even easier to reset.

    Creating the fingerprint used as a base premise for this entire article only requires physical access *A* machine with the hacked data, not necessarily the source machine. The evidence *does* suggest a temporary work space on a local shared drive was used. Speeds implied by time differences resulted in the author declaring a 22MB/s rate; USB2 runs at nearly 3x that speed (60MB/s) & internal drives are much faster, which supports the local LAN theory.

    But again, what has been proven is that the local LAN share was used when the history-destroying copy was made — not that the copy took place within the DNC.

    The whole concept that most users can set their computer clocks & time zones at will is also ignored. File timestamp data is not secure.

    I’m not saying it couldn’t have happened — I’m saying this evidence doesn’t prove that it did, it is suggestive, but far from conclusive.

    • I completely concur, this proves nothing other it could have happened in this way. We know that the findings of the intelligence agencies are classified, which might be an indication to how they were obtained (God knows what NSA can stick their noses into).
      A interesting point though, is the amount of info/disinfo that has been spread in the wake of this story, this in itself implies we made never get the truth.

  • The first thing you learn about operating servers is that all security is local. If someone has local access to your server, there are no methods to secure the data contained on them. None. You could describe 18 different ways that you think would secure them, and I’ll come up with 18 different methods to counter them.

    See, if you are employed to do disaster recovery at a hardware level/severe data corruption level (you know, those things called backups), you know every trick in the book to overcome a failure. You also know every trick in the book to manage data and walk away without leaving a trace.

    Why? Anyone qualified would attempt to make things as seamless to the endusers one supports, as possible.

    All security is local. If you hire people of integrity, make certain you maintain your integrity – because if you are blatantly doing things that violate not just the integrity of the person you hired, but the integrity of the institution and their patriotism?

    Someone, locally, is going to find that their integrity was pushed too far. Honestly, you are probably going to have two or three that are similarly disturbed, and there is no amount of money in the world you can pay someone to abandon their patriotism and their integrity.

      • In Romania, 200 Mbps internet connections to hosts on the other side of the Atlantic ARE fake news. You’re lucky if you can reach a stable 1 Mbps to a host overseas.
        At least that’s what my friend in Romania tells me.

        • Which is one of the reasons hackers use remote servers. A server to server transfer between two east coast machines is indeed much faster than moving the files directly to another country.

          I’ve also heard that hackers like to do this tning where they hide their identity and location? Proxy servers and such? Could you check with your Romanian friend on that?

          • That is true, but the DNC’s narrative did include “It was this guy because we saw that IP from Romania”.
            If he was using a remote server they would have spotted an IP from an East Coast datacenter.

          • Could you point me to that narrative? I must have been confused since the report by the Director of National Intelligence says that the Romanian identity was fake. Strange that they would have also claimed attribution based on Romanian IPs.

        • My overall impression of the Alfa Bank stuff is that it’s a great example of how hard it is to rely on things like logs and timestamps as definitive evidence.

          I was persuaded by the initial claims that it was a secret communication channel because of the context. If a political campaign were conspiring with a foreign government, of course it would be their most closely held secret, and all contact would be carefully engineered to avoid direct and incidental surveillance. DNS steganography seemed like an interesting possibility.

          I was likewise persuaded by the counter-claim that it was just a spam server malfunction, because who could possibly be stupid enough to use such a blatantly labeled channel for their nefarious deeds? Even if content were well cloaked, sending secret messages directly between a Trump server and the largest private Russian bank? Come on now.

          But both of those assumptions have been blown completely out of the water. The Trump clan weren’t using some clever secret message system — they were writing plain text emails to each other about colluding with Russia. They put it right in the subject line. And then they tweeted the emails. They just… tweeted them out.

          So with Alfa Bank — who the hell knows. I haven’t kept up with the counter-counter claims, or the debunk-debunking, and don’t know if there’s any scenario that still fits all the evidence.

          As a totally wild guess, I could imagine there were actual secret agents / mobsters in contact with each other through some kinda DNS sideband. But I could also imagine that Trump Corp specifically configured a spam server to barf weirdness at Russian oligarchs simply because we live in a fallen universe and nothing matters.

      • You are aware that 200 Mbps is pretty close to the 22.5(MBps) they have suggested, right? Or you don’t have the basic understanding that one Byte has 8 bits, thus 200 Mbps is 25 MBps. You are fn clueless.

  • I’ll throw my $0.02 in. I believe the DNC emails were stolen by Seth Rich and sent to WikiLeaks. I’m very sure the Russians had a hand in the Podesta leak, and were for sure reading the traffic in the DNC and related email addresses. If they released the Podesta emails they were just tossing fuel on a large fire already.
    I’m sure there is evidence Russia spied on the DNC and took a wack at the RNC. The DNC security was so stupid/bad a 13 year old script kiddie with determination could of got in between playing Halo online.
    I know that the Russians didn’t use Wikileaks to leak the DNC emails. I think their translators would of missed a lot of the subtlety and derp of the DNC’s traffic anyway. I see no reason for them to release it. It didn’t have any “Grand Secret Strategy” because the lack of any focus other than, “Trump is an incompetent, women abusing, dope”, as their main talking point. There was nothing to release. To a Russian Bernie’s treatment was kind of mild. In Russia he would been found under the ice of a frozen pond. Committed suicide by shooting himself in the back of his head. Three times.
    About two days before the election SOMEONE released a letter online allegedly from an election official in Ohio(?), maybe Illinois, that the state’s voting system had been hacked. Of course within about 4 hours the official who allegedly wrote the public statement saying he did not release this, nobody had hacked anything and we are all puzzled.
    That has all the marks of a ex-KGB/FSB operation. Completely idiotic, heavy handed and a total embarrassment if anyone got caught releasing it.
    So did the FSB try to spy on the election? Hell yes! They’ll spy on anyone. They hoard info for later blackmail on EVERYBODY. This is the KGB’s successor, they’ll never lose that strategy.
    So I’m sure there is evidence Russia spied on the DNC. They tried the RNC but mostly being of business backgrounds they had actual security on their systems.
    If Russia is 100% guilty of ALL the DNC/Podesta leaks I’m a lot more afraid of the cyber attack on Ukraine’s power-grid in 2016 than the emails of DNC Leadership and John Podesta leaking.
    There are thousands of industrial, water treatment, sewer systems, power plants, and chemical operations that could be sabotaged, especially in a coordinated attack to hurt this country.
    As for the DNC? Don’t hire ex-unpaid interns from Butthole Iowa to run your security on your computers and Internet systems and actually have an election strategy next Presidential run. “The other guy is Icky” is not the winning strategy. Find another. After Billy Jeff and the cigar and Anthony “Please don’t whip out your” Weiner you lost gravitas on that front.
    I’m a lot more scared somebody is going to get my Debit Card number and clean out my pathetic bank account than some campaign manager or political candidate will be embarrassed by their personal emails leaking on the net.

    • I’ve upped you for that. Probably closer to truth than most. NSA and CIA are plenty meddling in Russia, so no one is blameless in that department. The ongoing story about possible links between the Trump campaign and Russia is far,far worse stuff if true. if true, that is. because that IS colluding with a foreign power, which is no-no

  • I’m not really sure I feel like putting up with Dob Bobbs. I mean just as a person. Not saying people can’t dissent against a report, etc. But, tone of discussion is something we’d like to at least see remain in the realm of: Respectful, if possible. And, in this case? It’s possible.

    Ban? Or, are you each okay with using Mute/Block as you see fit? I’m leaving it up to you.

    Vote and discuss now. I’ll check back in a while & see what kind of button(s) I need to click.

    • Hi Rob.

      If I’ve been disrespectful, I sincerely apologize. It is vital that we all try to keep the tone of our discussion as honorable to each other as possible.

      In that regard, I’d like to point out that while I focused on the flaws in The Forensicator’s theories, I was personally called a fool, a paid shill, and a sad sick thing of a human.

      If this is the “tone” you wish to maintain and defend here, it is not one I want to be a part of. So my vote is that you ban me and delete my comments.

      • Before I’m banned and our time together is erased from our memories, please consider this –

        If someone were trying to discredit a theory, would it be more effective to take a bunch of abuse as an anonymous account in the comments?

        Or would it be more effective to create an anonymous blog with a deeply flawed version of the facts, which somehow gets picked up as if it were a respected journalistic source, and have the resulting story get repeated all over social media?

        Because if it turns out that “The Forensicator’s” theory of too slow internet + linux on a stick is laughable on its face to any genuine forensics expert, it might have been a good idea to consider that *before* redistributing it so widely.

        All that aside, congrats on the 1k+ shares on Facebook. Good work, everyone!

    • Dob is the only person on this site actually giving a dissenting response. I find it odd that you call out his “tone of discussion” While completely missing the “tone” of those who do not agree with him. I can see why there are only people who agree on this site. Those who do not agree, apparently do not set the right “tone” and must be moderated out of existence. I do not know Dob Bobbs on any sort of level… I was directed to THIS site from someone during a discussion on another board. When you all decide to delete dissenters… you lose any credibility. Just my honest opinion. Good luck.

  • I’m far from convinced on any Seth Rich connection, but what is the basis of this claim?:

    “What is suggested is that the files now known as “NGP-VAN” were copied by someone with access to a system connected to the DNC internal network, and that this action had no bearing on the files submitted to Wikileaks and were most likely unassociated with Seth Rich…”

    Based upon his job, he should have had access to “a system connected to the DNC internal network” and if they doubt his technical expertise to carry this out, he could have simply have been GIVEN a USB drive with the ability to do this all automatically with no user input required.

    • Guccifer 2.0 was created by Comey/Mueller…the intention was to confuse the original Clinton hack via Romanian hacker Guccifer….Guccifer 2.0 would be presented as a Russian agent hired to hack by the Trump campaign. The plan completely backfired…at this point it will be pure insanity to roll out Guccifer 2.0 with a claim he was hired by Trump.

  • So far the only person really trying to challenge this here is screwing up their figures and suggesting unsubstantiated alternate possibilities occurred despite that then making the timestamp/FAT file system indicator become anomalous. 🙂

    • Interesting, huh? There is a second piece of evidence which backs up that the Guccifer2 persona was operating on a US-based machine. The researcher goes by the name of Strontium Dog and their research was added to Adam Carter’s site. Strontium had noticed the EDT timezones contained in the RTF data of Guccifer2’s documents:

          • Apparently a slow speed USB stick with Linux on it, because that’s how you defeat the security wizard, duh.

          • The first thing you learn about operating servers is that all security is local. If someone has local access to your server, there are no methods to secure the data contained on them. None. You could describe 18 different ways that you think would secure them, and I’ll come up with 18 different methods to counter them.

            See, if you are employed to do disaster recovery at a hardware level/severe data corruption level (you know, those things called backups), you know every trick in the book to overcome a failure. You also know every trick in the book to manage data and walk away without leaving a trace.

            Why? Anyone qualified would attempt to make things as seamless to the endusers one supports, as possible.

            All security is local. If you hire people of integrity, make certain you maintain your integrity – because if you are blatantly doing things that violate not just the integrity of the person you hired, but the integrity of the institution and their patriotism?

            Someone, locally, is going to find that their integrity was pushed too far. Honestly, you are probably going to have two or three that are similarly disturbed, and there is no amount of money in the world you can pay someone to abandon their patriotism.

            Copy and pasted to the top. I am interested to see what good ol’ Dob Bobbs will come up with since it is now visible at the top. I really get annoyed by post sliders, which is a favorite amongst his ilk.

          • “Whatever it is youre fighting for…”
            We’re fighting for the expression of a particular dialectic antithesis, the idea that it only takes 20 years for a liberal to become a conservative without changing a single idea.
            Slack-less glorps such as yourself have no idea how pink it is to be cool. Or something.

          • Nice wad of false slack there, pink boy. Have you considered the possibility that you were actually slain in the Rupture and what you’re doing right now is your eternal punishment?

          • Nope. Just gleefully living out the best timeline, acting like a dumbass so’s I’ll be treated like a Equal. Yes, sir, a Equal, sir, a Equal. A Dark Dobbsian, if you will. No more fat ladies in double-knit jumpsuits beating me in Krogers. No sir. Not me.

    • You got me! Transferring files to a server is unsubstantiated crazy talk, and I apologize for even bringing it up.

      But to help me out – could you explain why someone would boot Linux off a slow thumb drive just to transfer files? Apparently you understand how that theory is better substantiated than transferring them to a remote Linux server, and fool that I am, it got past me.

  • So someone physically went up to DNC computer, inserted a very slow flash drive, rebooted the computer into Linux for some reason, and then used command line to move files to the local drive. Because using a mouse or the local OS would have been uncool, I guess?

    Or — someone remotely copied the files to a server in an east coast datacenter.

      • If the local system was actively monitored, logging in with privileges, inserting USB media, booting another OS, and slurping down the entire file tree would have been like repeatedly firing a flare gun in the face of the security team.

          • No fully believe it was done from inside. Just talking through this new info, which I have already proven I lack full understanding of.

          • CNN reported that great number of Russian tech specialist entered US in 2016. so they might have been involved in hacking of DNC’s

          • Dob, the entire U.S. infrastructure is being hacked 24/7 and has been for years. Now how many are successful? Depends who you ask. Has anyone stolen your identity and rang up some $$$ ? If not you are the rare exception. I find the whole “Russia hacking thing” disingenuous. EVERY country does it. Get real.

          • political correctness czar: And no one does it more than the US against every other country in the world!

          • I understand your viewpoint. That being said, the actual numbers of hackers would place China at #1. The others would of course be Russia and their former satellite countries. Yes, the U.S. is prolific. The total number from any country is fluid.

          • Log of privileged login. Log of making a local copy of the files across the network. Log of reboot while disconnected from the network (if that were even be possible given the system configuration). Log of booting a totally foreign OS off a USB device (insertion logged).

            Why not just copy the files instead of making a big show of it?

          • “Log of booting a totally foreign OS off a USB device (insertion logged).”

            Before I booted my Live USB, I unplugged the LAN cable from the machine. Now what?

            “Log of reboot while disconnected from the network (if that were even be possible given the system configuration).”

            Are you genuinely trying to assert that you can’t power cycle a machine without a network connection if a network admin/wizard deems it necessary? You realise that when the computer boots into its BIOS the resident OS on the HDD (and thus the network privileges managed by whoever) has absolutely no control whatsoever? Booting into a Linux flavour from a USB stick with the Ethernet connection unplugged would leave virtually zero trace on the host machine.

            Your disinfo is showing.

          • Thank you for explaining that all you have to do to defeat The Wizard is boot a foreign OS off external media. Wow! So simple! All the so-called professionals trying to secure their systems against malware and intrusion are going to feel like idiots when they finally raealize this.

            You’re doing the Lord’s work here. Hopefully someday everyone will finally realize that the Internet is just too damn slow to move data around and see the obvious Truth.

          • You either know shit about computers, or you’re being deliberately dense while striking an authoritative tone, in hopes that someone will misinterpret your arrogance and obfuscation as subject matter expertise.

          • Please forgive my density, arrogance, obfuscation, and authoritarian tone.

            Since you are someone whom know shit about computers, could you help someone without any subject matter expertise understand – why is booting linux off a USB stick helpful for copying local files?

          • Because you have root access on the Linux USB stick while you don’t necessarily have root access on the installed OS.
            You need root access to get into files in a different user’s account.

          • I did not know that the DNC only has one computer that everyone shares. I thought they had multiple computers connected with a “network” of some kind. I thought they might even have some kind of file server!

            Well don’t I feel silly. Sorry for the confusion everyone. My bad.

          • Of course they have a network and a file server. But first that doesn’t prevent people from keeping files on their local machine (I usually keep a local copy so I can continue working when there’s a network problem – maybe someone at the DNC does the same?), second we don’t know what machine was rebooted from a USB stick (maybe the file server? That would trigger an alarm in any company with decent IT, but if I was there long past working hours and sure nobody else was there, that would give me some time before I’d have to get out of there…) and third, some network file transfer protocols (such as NFS) rely on the local machine’s authentication data rather than anything else to decide which files can be accessed (that’s exactly the reason why the NFS+YP combination isn’t commonly found anymore – but it still exists in some networks). The DNC isn’t a tech company or something – so it wouldn’t surprise me too much if they were using some rather archaic stuff.

          • So you’re saying that someone with fairly sophisticated technical knowledge managed to get full run of the DNC network. Interesting!

            If they knew their way around that well, do you think may have pulled it off remotely so they wouldnt have to put themselves at physical risk?

          • I’m saying it’s a possibility.

            Ask anyone who knows his way around networks what is easier – getting illicit access to a local machine (that you can boot into an OS that isn’t set up for the security checks present on the machine’s installed, configured OS) or getting illicit access to a remote machine that simply won’t let you boot anything else.

            It’s entirely possible that someone knew his way around there and still didn’t know how to get remote access. There’s no remote equivalent to “insert USB stick, boot OS where you’re an administrator”.

          • ‘No remote equivalent to gaining admin access.’

            Wow. Okay.

            So first off, accessing remote systems is something the kids call “hacking.” You can find out more about their mysterious culture in the film Hackers (1995)

            And if you’ve been assuming gaining remote access over a network wasn’t possible, here’s an interesting factoid — it’s actually a game called “capture the flag.” The CTF competition at defcon has been running annually for about 20 years. And last year, for the first time, an autonomous computer system competed against humans to penetrate and defend networks. It didn’t do so well in the final score, but it was fully functional, better than many human hackers, and similar tools will evolve rapidly.

            Hacking is already pretty automated, relying on increasingly sophisticated tools, but is also still dependent on human expertise, and those without the knowledge behind their tools are specifically derided as script kiddies. But as the systems and the tools to run the systems get ever more complex, and the tools for intrusion and defense become ever more automated, humans are going to be more in the role of observers and managers of processes run by program. Which means that if things progress at the speed they have been, we’re rather close to yet another thing (ICE) that William Gibson described back in 1984.

            Fascinating, right?

            Anyways, here’s the summary report by Director of National Intelligence on the DNC “pnwage” (that’s a term the kids use for “admin access”). Page 2 attributes the July intrusion and data exfiltration to the GRU. Enjoy!

    • I tend to lean your way, someone copied the files directly from the DNC hard drive to the cloud (let’s think icloud or google, samsung) and walked out at days end as normal! This was inside job, not Russia, and it was someone who then could not send out the rest of the data. This leads me to Seth Rich.

          • You mean he concludes FAT file system and then looks at the viability of different possibilities, like someone carrying out a forensic investigation would do.

          • Perhaps not ‘to’ a Linux system, but rather ‘via’ a bootable stick. First let me explain that I’m no geek. I am a retired chap who has developed an interest in PCs more from necessity rather than love. Like changing the disc brakes on my car – I do it because I can’t afford to pay someone else rather than enjoying working on cars. To use my friend’s PC without messing up his Windows 7 (I hate Windows) I use Linux Mint on a stick made with the programme from . This has just 4gb of storage space; useful for installing another browser and so forth, but not for downloading an amount of data. One has to use the Mint OS to download hard-drive data to another USB stick. Even using fast-transfer-rate USB sticks, this process can be painfully slow, so I see your point about timing.

          • It was my understanding that the DNC had an internal network and file servers, but to be honest, I don’t know that for a fact. And a lot of people here seem pretty certain that there is just one unencrypted hard drive on one computer which is shared by everyone at the DNC.

            Thousands of people all using just the one computer seems like kind of a hassle to me. But that said, if there is just the one unencrypted hard drive for the entire DNC to share, I can definitely see your point.

        • Not at that speed. Truthfully, open your phone and upload a file of this size to the cloud. Then walk over to your computer with LAN and upload the same file, tell me which was faster.

          • Okay. I admit it – they paid me to try and make people believe in high-speed Internet and Linux servers. It’s all a lie! Servers don’t exist and gigabit upstream is a fairy tale!

            So that’s it. This account is burned and my paymasters will be after me. But it was worth it. At least the truth is out.

            Remember me. I was the one who came clean. Carry the good word to the masses – there’s no such thing as high speed internet!!

    • Note that “The Forensicator’s” evidence that the files were copied locally is his belief that they were transferred at 23 MB/s which is too fast for the Internet.

      The FCC defines high-speed broadband as a *minimum* of 25 MB/s.

      Conclusion – the Forensicator needs to move off dial-up.

      • Fool… Do you know the difference between “b” and “B” ?????
        No, I won’t explain it to you.
        It’s better you just remain confused. Since yer a fool.

        • Hey, good catch. I missed that the Forensicator gave transfer speeds in bytes.

          23MB/s = 184Mbps. Which means the DNC would have needed a low-medium tier high speed connection.

          And there’s just no way a national organization would spring for a gigabit connection, right? That might set em back a hundred bucks at least!

          • Wrong again. In a big organization, the Internet sharing is done by a load leveling server, so one PC cannot hog all the bandwidth. The speed to WAN would be capped to a “round” number.

          • Fascinating.

            So in your opinion, what might be the upload speed for a national organization that moves a lot of large media files? Slower than premium tier home cable?

        • Hey, thanks so much for that helpful reminder.

          Now could you help me understand why someone would boot linux off a out-of-date thumbdrive just to copy some files?

          • You ONLY understand what your Anti-American leftist zealot masters tell you.
            Your a sad sick thing of a human

          • Jimmy, I’m not sure what you see as sad and sick. Was it my belief in the existence of 200Mbps internet connections? My confusion over why booting Linux is helpful for copying files locally? My heretical belief in these things called “servers”?

            Whatever it was, please accept my apology and go in peace.

          • So, “Dob Bobbs”, I see from your Disqus history that you have a great interest in US election campaigns – State primaries, caucuses, polling, debates, etc. Do you work for, or have you worked on in the past, a party political campaign? Which one?

          • The Forensicator and me put in some time with Jeb! – mostly figuring out secret data about other campaigns by analyzing the font choices in their fundraising emails. We had a falling out when the Steele dossier dropped. He’s a semicolon guy, and I’m big on em-dashes, so our analysis of the true crypto meaning diverged wildly. I still respect Forensi’s work, especially with astrology and tarot. Top notch.

    • Ultimately, the file creation times tell the story. Someone made 7z archives which apparently create new file date/time if a USB OS is used.

      In ANY case.. if it was a remote process that logged in to initially move the data, then the NSA would have a record in one of their (illegal) repositiories – Utah or Maryland. They could prove it. They haven’t.
      End of story. Get a grip.

        • If they produced evidence to support their assertions and gave you access to a perfect copy of the evidence that you could replicate their research and findings through… like this… sure.

          • The “evidence” presented here is the speculation that the DNC does not have a business-grade internet connection, and that someone wanting to copy files first rebooted their computer into Linux off of a thumb drive.

            Another theory that fits the given information is that the DNC does in fact have a business grade internet connection, and the files were copied to a Linux server.

            You believe what you choose. But let’s not get it confused with facts.

          • Oh crap. I have been outted.

            Look man, I’ll leave you alone. Just don’t dox me. My cats and basements need me.

            I hereby swear that you are super correct about technology. The Internet is too slow for data, hackers do not ever use remote servers, and booting linux off a usb stick is a thing you do to copy files. These things are all completely true and not misdirection of any kind. So say we all.

            There. We cool, dude?

      • The Forensicator actually said the person copied another 18 gigs of files, but decided not to release them – out of privacy concerns, one presumes. And that is what explained the gaps between time stamps. The evidence for this is…. the time stamps. So, airtight.

    • No, someone used a Live USB to bypass the need to boot and login to Windows and all of the security implications and paper-trailing that would entail as a result. This process is as simple as inserting the USB stick, booting into the OS on the stick (Linux flavour) rather than the HDD (Windows), then copying the files directly from the HDD to the USB without being prompted for a Windows login (because Windows is in no way active).

      You’ve been at this for the past 9 hours despite only having a VERY limited understanding of how computers work. Is there something you want to tell us?

      • Copying the files over the network, and then rebooting into a foreign OS with the network disconnected would “bypass paper trailing”

        Ahh. Okay then.

        Clearly you are teh leet haxor. I bow to your skillz and admit defeat,

      • The best programme that I’ve found for doing this is to use ‘pendrivelinux,com’ to install Linux Mint to a good quality ‘fast-transfer-rate’ USB stick, but this only gives 4gb of storage, so one needs to use the Mint OS to transfer files from the hard-drive to another USB stick. I find this transfer can be very slow on the bottom-of-the-range computer that I tried it on.. Perhaps it would be faster on a machine with a more powerful processor and more than 8gb of memory?

        • A faster, more powerful machine with a lot of memory would help. Especially if the machine were dedicated to serving files. We might even call a machine like that a “server”

    • With the right tools all you would need to do is insert the flashdrive reboot the computer and walk away. pick up the drive an hour later. no need to be sitting at the computer and no record of it being done, and it could be done by someone without actual legit login information. So a visitor or a guest could do it. hell a cleaning lady could do it.

      • So you believe the system was accessed by someone with “the right tools” in a way that allowed them to bypass all logs, credentials, and encryption. Huh.

    • It makes perfect sense to reboot the computer into Linux because that allows you to bypass the user account restrictions on the local Windows system.
      Try creating 2 users (none of which are administrators) on your computer (any OS), and try to access User 1’s files while you’re User 2. Won’t work.
      Then boot the computer into an OS on which you have root access (such as your typical bootable Linux USB stick), and you’ll see you can access User 1’s files without knowing User 1’s password or the installed OS’s admin password.

      It also makes sense to use the command line from a bootable Linux USB stick simply because if you know what you’re doing, that’s the easiest and quickest way to copy those files.

      It’s less work to type

      “mount /dev/sda1 /mnt ; cp -a /mnt /LeakMe”

      than to find a GUI to mount that harddisk, open a file manager, and drag the files from the mount point to the destination.

      While I don’t see any conclusive proof that that’s what happened, it certainly makes sense. It’s exactly what I’d do if I wanted to get hold of another user’s files without knowing their password.

      • So you’re saying every single person at the DNC all shared one computer? Oh, okay. I didn’t know that part. I was under the impression they had an internal network, which wouldn’t have been available to any random, uncredentialed USB stick. But yeah, if there’s just the one computer in there, I suppose this checks out.

    • Comments like this, tell me that you have absolutely no clue about how computers work. And by the way, a direct copy doesn’t absolve Russia, since even an inside job could have been done by people associated with Russian intelligence. But the fact, that this information was grossly misrepresented to make the cattle believe this nonsense, is what makes someone with half a brain question it’s authenticity.

Leave a Reply