Last year, Disobedient Media broke coverage of the groundbreaking findings published by the Forensicator, which suggested that the files published by the Guccifer 2.0 persona had not been hacked from Eastern Europe, but were instead accessed locally. Recently, the Forensicator published a new analysis, the first of three articles which will comprise a series centered once again on the work of Guccifer 2.0.    

The Forensicator’s article, Did Guccifer 2 Plant his Russian Fingerprints?, analyzes the first five Word documents that Guccifer 2.0 published on his blog the day after the DNC alleged that it had been hacked by Russian state-sponsored operatives. The first of those documents, which Guccifer 2.0 labeled 1.doc, also known as the “Trump opposition report,” received a substantial amount of corporate media attention.

One particular aspect of this document was highlighted by Ars Technica the day after Guccifer 2.0 published it; towards the end of the document there were error messages written in Russian, using the Cyrillic alphabet. These error messages were dubbed “Russian fingerprints” by Ars Technica.

Ars Technica found these “Russian fingerprints” in a PDF posted by Gawker the previous day. Apparently both Gawker and The Smoking Gun (TSG) had received pre-release copies of Guccifer 2.0’s first batch of documents; Guccifer 2.0 would post them later, on his blog site. Although neither Gawker nor TSG reported on these Russian error messages, some readers noticed them and mentioned them in social media forums; Ars Technica was likely the first media outlet to cover those “Russian fingerprints”.

Although almost two years have passed since the day (June 15, 2016) that Guccifer 2.0 published his first batch of documents, very few voices (with the important exception of Adam Carter) have questioned the method by which Russian error messages were embedded within the persona’s version of the Trump opposition report. The Forensicator’s latest study does just that, describing in dense technical detail the circuitous sequence of events that led to the situation where Guccifer 2.0’s version of the Trump opposition report had Russian error messages embedded within it.

Those who wish to view the Forensicator’s findings in full are encouraged to visit his blog, where the entire analysis is available. The Forensicator summarized the results of his research as follows:

According to the Forensicator, the sheer complexity of the process required to create the Cyrillic error messages calls into question the narrative that Guccifer 2.0 inadvertently disclosed the so-called Russian fingerprints by mistake. The Forensicator outlined some of the major points made above in order to provide context.

When reports emerged that Guccifer 2.0 had chosen the “Trump opposition report” as their first disclosure, many observers questioned whether this catalog of publicly available media articles did any serious damage to the Clinton campaign or the DNC.  The Smoking Gun and Gawker made valiant attempts at defending the soft punches; they argued that Guccifer 2.0’s disclosure of the DNC’s talking points gave away the Democrat’s anti-Trump-strategy, harming its effectiveness. For many, this was not a very satisfying answer.

Narrative arguments aside, the fact that the DNC mentioned this specific document the day before Guccifer 2.0 published it raises questions as to possible Democratic Party coordination or collusion with those behind the Guccifer 2.0 persona’s publications. 

The Forensicator noted that the Trump opposition report is unique. It was one of four documents attached to a particular Podesta email. Those four attached documents, out of over 2000 Word documents in the Podesta emails, will trigger a bug in Word 2007 that ultimately generates error messages that (when translated to Russian) became the so-called “Russian fingerprints.”  Within those four attached documents, only the Trump opposition report is relevant to the Trump campaign.

Essentially, the Trump opposition report is the only document from over 2000 Word documents in the WikiLeaks Podesta email collection that both triggers the bug in Word 2007 that generates the Russian error messages (the “Russian fingerprints”) and that is at all relevant to the Trump campaign.

The Forensicator was quick to point out to this writer that it is impossible to confirm whether Guccifer 2.0’s 1.doc document originated in the Podesta email collection, but a search through that collection nonetheless shows us how unique this document is. The Forensicator emphasized that this specific attachment was the singular document in the entire collection that was somewhat ‘hurtful’ to Trump, and able to generate the “Russian fingerprints.”

Although the Forensicator was able to find source documents for Guccifer 2.0’s first five Word documents in the Podesta email collection, we have no way of knowing if the Podesta emails were, in fact, the source.  Since the DNC mentioned the Trump opposition report as being taken and it appeared the next day prominently featured in Guccifer 2.0’s first disclosures, it suggests that Guccifer 2.0’s 1.doc was derived directly from a DNC source.  Otherwise, the association between the DNC’s claim that the Trump opposition report was taken and its disclosure by Guccifer 2.0 doesn’t hold.


In addition to choosing this unique document, the Forensicator explained to this author that there were three other critical factors that needed to be present in order to create a version of the Trump opposition report that would have Russian error messages embedded within it. Specifically, those conditions include: 

The Forensicator continued, “Whether you buy these theories or not, that might explain the use of RTF and a template file, many of us can agree that this multi-step process is too long and complex to be easily explained by Guccifer 2.0’s carelessness.”

The latest analysis by the Forensicator demonstrates that it is highly unlikely that the Cyrillic error messages found in Guccifer 2.0’s first publication were the result of simple lack of foresight on the part of Kremlin-backed hackers. Instead, the likely conclusion reached is that this document was carefully crafted with the intent of creating evidence that Russian hackers were the source of the security breaches that led to the Wikileaks publication of the DNC and Podesta emails. 

Disobedient Media will continue to report on the Forensicator’s findings as they are published.

Leave a Reply