In Part One, we covered the background of the recent smear campaign published in Computer Weekly, and whose author Duncan Campbell had been working on over the past nine months. In our prior response, we covered some key points, including the following:

  • Campbell has misrepresented people repeatedly.
  • Campbell didn’t want to engage with me in terms of my work and was only ever interested in finding information that he could use to distort or smear.
  • Campbell had his flawed interpretations and misconceptions corrected by myself multiple times via email correspondence, but ignored this and tries to pretend he’s debunked things he hasn’t.
  • Campbell tried to incite paranoia among VIPS members and actually injected disinformation into investigations, doing exactly what he wrongly accuses others of doing and his contribution was debunked in a technically valid manner, something he, like many others who have tried, struggles to do with Forensicator’s work.
  • Campbell tried to falsely portray the site operating on the “” domain as linking to “far right” sites when it didn’t.
  • Campbell omitted whatever is inconvenient to the narrative he’s trying to build.
  • Campbell made many false assumptions.
  • Campbell lied about the site’s author, claiming to be Ken, when that was an assumption Campbell had wrongly made.
  • Campbell was told about the history of the site’s author being a Bernie Sanders supporter but has proceeded to make false allegations that they’re a Trump supporter.
  • The “” site author’s identity was provided to the US Department of Justice (DOJ) (back when Campbell was trying to assemble this smear campaign) as part of a collaborative effort to collate information/evidence that had been sent to Special Counsel Robert Mueller and Deputy Attorney General Rod Rosenstein. Campbell has avoided making any mention of these facts and might not even have been aware of this.

In this part, I cover:

  • Debunking Campbell’s ComputerWeekly article.

To help make this experience less tedious than reading Campbell’s article, anything he cites from over a decade ago, whether true or false (and some of it IS false or distorted), will not be responded to as none of it has any actual relevance to this author’s work as a journalist. The only thing relevant that Campbell has done is confirm that a claim of being a former hacker was substantiated by evidence.

If you would prefer a brief summary of Campbell’s spin versus reality, you’ll find that on the site, which has been resurrected as a result of the smear campaign.

In his Computer Weekly smear, Campbell writes:

First: there is no “campaign,” much less a coordinated one. There is only an effort on the part of myself and others to understand what Guccifer 2.0 was and to report on new evidence and discoveries made, regardless of who it helps or hinders. Many individuals who contribute to the public’s understanding of Guccifer 2.0 are unrelated to me or Disobedient Media, making Campbell’s reference to a ‘campaign’ utterly ridiculous. gained popularity due to procuring a large collection of primary source materials and references (and secondary sources from those that communicated with Guccifer 2.0).

Ultimately, Campbell has constructed a completely false framework in his description of efforts to learn about Guccifer 2.0, as though these efforts were a coordinated disinformation operation that keeps contradicting itself (which doesn’t even make sense to do).

Moderators of the “WayOfTheBern” subreddit were entrusted to be a backup protocol for publishing the initial report in case anything prevented the author from being able to publish it as intended. Instead of reporting the truth, Campbell has tried to give people a false impression of the site as if it were set up in cahoots with right-wingers, which is at best thoroughly misleading.

Yes, the “” site and work produced by this author has been well received by the right-wing, but that does not mean there was any colluding with conservative or any other interests, a misconception Campbell pushes extraordinarily hard. Campbell repeatedly tries to associate my efforts with the “right-wing” even though I’ve never been a right-winger and am an anti-war, classical liberal who has become a strictly non-aligned independent who finds partisan affiliation sickening. 

I previously disclosed the email correspondence between Campbell and I, which illustrated that despite telling Campbell twice that I am a non-affiliated former Sanders supporter, he disingenuously ignored that information in his report, going to great lengths to make it appear otherwise in his final article.

Additionally, the truth is that my claims did NOT lead Trump to do anything. It’s possible Forensicator’s study being noticed by experts from Veteran Intelligence Professionals for Sanity (VIPS) may have, though. It’s then obvious that Campbell’s attempt to misconstrue my work with that of the Forensicator’s had a politically motivated purpose and was not an accident of ignorance or misunderstanding.

It’s also not that important whether it was or wasn’t an insider. What matters is that numerous pieces of evidence have brought the attribution of Guccifer 2.0 as a Russian into doubt – but Campbell doesn’t care to deal with any of that evidence (and doesn’t in his article). Instead of showing any nuance at all, he tries to assert that everyone he criticizes holds an extremely distorted version of whatever position they hold or opinion they have (along with portraying people as holding positions they don’t hold at all!). Campbell writes:

The Washington post article Campbell links to here doesn’t contain or cite any evidence; it is comprised of allegations from two CrowdStrike executives, one of whom concedes they had no evidence at that time.

The story about the “catastrophic error” is one in which the GRU allegedly used a commercial Russian VPN service provider to conceal their identity. However, no evidence has been published to support this to date.

Campbell refers to allegations as “evidence” when it suits his needs and assumes there is evidence supporting what was published in the Daily Beast where we haven’t seen evidence to support it (and where the premise offered seems unrealistic) – all we’ve had is an anonymous source’s rumor and an allegation in an indictment where we don’t know the source or evidence it is based upon.

The reasons for starting to investigate were already stated in an interview in September 2017. Campbell, of course, omits this and makes false assumptions about causation elsewhere which he then tries to convince readers to adopt even though it’s already been directly contradicted.

It seems Campbell is intentionally acting to deceive through lies of omission to try to create a false perception of a causative link with Trump becoming president and this author’s work. It’s a distortion, to deflect from the reality that he cannot attack his target’s actual position, their stated preference for Bernie Sanders at the time, or their genuine reasons for starting to investigate.

A question was asked, informed by a number of observations contradicting the public claims by and about Guccifer 2.0. Campbell ignores the point that I queried whether Guccifer 2.0 was “not even a hacker,” and instead insists that I made the claim that a DNC insider had engaged in hacking. It’s another distortion from Campbell.

It appeared, at least to this author, that Guccifer 2.0 sought to discredit WikiLeaks and generate negative headlines about leaks in general. At the time of the persona’s appearance in June 2016, those who would have been motivated to seek such an outcome were those for whom upcoming leaks would be most damaging. Namely, the Clinton camp.

As Assange had only mentioned leaks relating to Hillary Clinton were coming at that time (June 12th, 2016), I assumed that if any negative pushback were to result from my efforts to dig into what Guccifer 2.0 was, it would most likely originate with those associated with Hillary Clinton’s campaign.

It’s not exactly a point that was advertised and was a comment hidden from site visitors intended only for people to stumble on if something bad did happen and others came looking for clues.

Campbell claims I demanded that journalists expose their sources. This is false. There was no reason to ask these journalists to disclose their source for the particular articles I was querying, as the source was already widely known – it was Guccifer 2.0.

My main interest and reason for contacting journalists was to share information and to build up the corpus of Guccifer 2.0 texts for analysis, keeping track of my efforts to do so as I went along.

Again, Campbell has invented and distorted the record on this issue, rather than “reporting” on it.

That’s the thing with being a journalist. If there is a new discovery or new evidence, you report on it, no matter who it benefits or hurts. Campbell fails to understand that the project was an exercise, for me, in learning more about Guccifer 2.0 and sharing that process with the public.

The grim reality for the Campbells, Risens, Biddles, Bodes and Khatchadorians of the world is that evidence discovered since the beginning of 2017 has been challenging a conspiracy theory they have propagated and invested their reputations in.

File-sharing is not the same as piracy, being a proponent of one doesn’t necessarily mean someone is a proponent of both.

As an example, BitTorrent and torrent sites have been helpful in the retention of some of the evidence relating to RussiaGate, Campbell simply misrepresents this to emphasize an assumption he makes about an endorsement of criminal activity.

For context, the site had less than 20 hits a day, and that was mostly a few web-crawlers. I did very little to promote it, and most people familiar with my work didn’t even know about it.

Links to studies about disinformation and propaganda (which even included guides on “How To Recognize Propaganda,” “How To Detect Deception” and “Detecting Deception: Current Challenges and Cognitive Approaches”) were linked to and these were subsequently shared with others in the context of fighting against disinformation, not encouraging it.

Campbell is simply distorting, again.

In reality, Hillary Clinton was pro-fracking, she is and was a warmonger, this author is a CTO, a software developer, and an ex-blackhat.

So, essentially, I told the truth about myself and my past and gave my honest opinion of Clinton. It’s almost as if the only thing the public has been deliberately misled about was an author’s name! Duncan seems to wish that tweeting critically about Hillary Clinton was criminalized, while conflating such Tweets with “Circulating media attacks against Clinton,” a vast overstatement that looks absolutely ridiculous in context with the way Twitter operates.

Again, Campbell is incorrect. The cited journalists were called out for using straw-man attacks and attacking when there wasn’t even a reason to (because Karl Bode of TechDirt clearly didn’t even understand the strawman attack but was eager to jump on the bandwagon and tried attacking anyway, making himself look a little silly in the process). (Campbell simply frames the writing of articles debunking straw-man attacks as “trolling”).

Regarding “Anna,” this person was communicated with specifically and only in relation to Guccifer 2.0 and this author had absolutely no idea that she had previously made antisemitic statements until it was highlighted in Campbell’s article.

This is an attempt to push guilt-through-irrelevant-association, an alarmingly common tactic used in modern propaganda that is often difficult to see past as it plays to an audience’s biases and prejudices, relying on an emotional response rather than a rational one.

Placement of this straight after the “Anna” interaction makes it quite clear what misconception Campbell is aiming to perpetuate.

To be clear, for those who don’t already know it, this author is not a Trump supporter, far-right, a supporter of Daily Stormer or an antisemite, despite what Campbell wants you to believe.

The comment in question regarding the Sabbath resulted from my having done a timezone analysis of Guccifer 2.0’s Twitter activity. I subsequently noticed the pattern seemed to avoid the Sabbath. Therefore, the comment results directly from my observation of a pattern in the data, and I considered religious affiliation a possible explanation for it. I was following up on clues in an investigation, not being anti-Semetic.

It’s clear what Campbell is trying to get people to believe, though, and what’s worrying is that this sort of smearing can foment hatred and cause it to be directed where it truly doesn’t belong. This is an allegation I take tremendously seriously. To try and construe a random denizen of the internet’s beliefs as my own is disingenuous at best, slanderous at worst, and has forced me to consider legal action.

As shown in my previous article, I never claimed to be Ken. The conclusion was an assumption Campbell made due to digging through my past and finding that I was friends with someone who used the name “d3f.” I was non-committal in my responses to Campbell and merely allowed him to continue his false assumptions as it was clear to me he was desperate to strip me of my pseudonymity.

Note: Campbell’s sly use of quotation marks in the above text. “Old friend” is what I said to Mark Butler, not “old friend called Ken.” At no time did I tell anyone that Ken McClelland “was running the Adam Carter operation,” as the email exchanges published in Part One of Deconstructing Duncan Campbell’s Smear Campaign make clear.

I regret that he then harassed Ken and others from my past, I honestly didn’t think Campbell would go as far as he did in his desperation to unmask and harass me: his respectable history belied his deranged attempts to dox and smear me and others.

Campbell’s diatribe continues:

There is so much wrong here.

That “tip-off file” was the first draft of Forensicator’s analysis of the NGP-VAN archive released by Guccifer 2.0 in London in September 2017 AND it is consistent with the rest of the Forensicator’s work on that document and in general with the rest of his writing since then. It was made available on the site, and a link was sent to a third party via a contact form on their site asking them to peer review it because Forensicator wanted the opinion of a known cybersecurity expert before publishing anything. I facilitated that early contact as a go-between, and that is all.

Campbell tries to imply that Forensicator had manipulated some metadata (‘Metadata in the files had been manipulated to “prove” that the documents could have been stolen by a Democratic National Committee (DNC) employee’) but there’s no evidence to show that the NGP-VAN files had their timestamps manipulated deliberately.

Moreover, to date no technical evidence has been presented to show “information hidden in the files” was “created by GRU hackers,” which is why Duncan Campbell couldn’t find any evidence to prove his wished-for thesis.

The document wasn’t re-written, if Campbell had the sense to analyze properly, he’d know that the article was expanded further and remained consistent with how it started out.

Forensicator will probably have something to say about this in due course.

There does seem to have been some division within VIPS over this.

However, Scott Ritter took his own path (one that saw CrowdStrike harshly criticized anyway) and Coleen Rowley, I believe, withdrew primarily because the VIPS memo made a declarative statement that she wasn’t comfortable with supporting rather than an objection to the study it referenced.

I’ve heard rumors regarding one of the other detractors but rather than participate in gossip. I’ll just say that they have not yet offered any substantive criticism of Forensicator’s work.

Also, as I advised ComputerWeekly’s Bryan Glick prior to publication of the article, Bill Binney might not agree with exactly how Campbell has portrayed things.

It doesn’t look like Glick wanted to check on this (or perhaps failed to do so adequately as a photograph of Campbell with Binney was convincing enough for him!?)

Fortunately, though, Disobedient Media’s Editor, Elizabeth Vos, reached out to Bill Binney. So did Jason Ross of LaRouche PAC, the latter publishing the audio resulting from his phone interview with the former NSA Technical Director, which can be heard in full below:

Two points from these follow-up interviews are worth stressing.

First, as Binney made clear to Elizabeth Lea Vos, he hasn’t changed his mind regarding the fact that Guccifer 2.0’s NGP-VAN files do not prove that Russia hacked the DNC. Rather than the analysis by “Leonard’s ” or Forensicator being “manipulated” and a “fabrication,” as Campbell’s phrasing slyly tries to imply, it’s our work that’s uncovered and exposed the fabrications in materials released by Guccifer 2.0. This is exactly what Binney confirmed to both Vos and Ross after the publication of Campbell’s article.

Second, contrary to Campbell’s claim of “NSA’s top secret records, disclosed in the DoJ indictment earlier this month,” Binney states in the LaRouche interview that the idea that Mueller’s indictment must be based on NSA intercepts is “False also. Any data collected by NSA is classified. Any form of statement about it is redacted. None of that [Mueller’s indictment] is redacted.”

Campbell’s article then shifts to focus on this author’s reaction to the DNC convention (prior to embarking on my investigation and moving into journalistic work), writing:

With only four or five followers at this point in time, venting about how Bernie Sanders got screwed over by the DNC and the mainstream media (due to me being a Sanders supporter), it’s unlikely any of my Tweets was impactful, and the entire matter is totally beside the point of the validity of my findings.

If there should have been an inference drawn from this, “disgruntled Sanders supporter” is what it should be. Instead, Campbell persists with his abject refusal to accept the obvious, no matter how abundant the evidence is that supports it, because being honest about this doesn’t allow him to vilify his target. This tells us that Campbell is not interested in uncovering the truth, he is interested in pushing a narrative, and is willing to twist, manipulate, deceive, and lie outright or by omission to do so.

Campbell continues:

Hexcell was simply an online hex viewer and file analysis tool that was built for analyzing Guccifer 2.0’s first batch of documents, that’s all, a tool to analyze files without any motive attached beyond that of trying to discover missed evidence. To readers with no technical background, including this type of meaningless detail serves to convince by confabulation instead of with evidence.

There was no effort inherent in this to try to attribute anything to anyone (and we already knew Flood’s name existed in the metadata without needing to dive any deeper but digging deeper was necessary to improve understanding).

It was an effort to strip the files down and hunt for anything anomalous, but Campbell can’t even let this go by without trying to attach assumed motives and imagined intent to it. To say HexCell was related to any specific theory is wild speculation from Campbell – it was a file analysis tool, nothing more.

This was explained to Campbell (as shown in communications published in Part One of this series), while this author didn’t consider themselves a journalist at first, telling people that this writer wasn’t an expert/journalist/etc, “citizen-journalist” was eventually adopted as a self-conception, in part due to the severe lack of meaningful press reporting on Guccifer 2.0.

However, when it became clear there were sources to protect, it was necessary to accept the title of “journalist” for the protection of sources.

I explained this to Campbell, as was demonstrated in Part One, but he evidently refuses to accept my answer, and in doing so, appears to be intentionally misrepresenting his subject in order to manipulate readers.

The “first theory” in which I express suspicion that G2 may have come from the FBI was before I’d even published or properly investigated anything, a flippant comment made before I’d done any researching and certainly wasn’t something I’d published (ie. as part of an article, etc.)

As for my cruel plan to brand the media based on whether they were or weren’t qualifying their references to the ICA with up-to-date information, I still think this is deserved but simply don’t have the time and resources to bother trying to shame the press into providing up to date information to their audiences and instead have tried to do what I wish they would have done – keeping people informed of the facts no matter who that helps or hinders.

There was no “third theory” and HexCell was purely for analyzing RTF documents without any predetermined attribution being a factor in that. Campbell is purely speculating with his own nonsense here.

Although Campbell tried to convince me (that is, by contacting my workplace and speaking to Tim Leonard as part of his campaign to harass ‘Ken McClelland’) that it may still be getting used by those aligned with Russia, it turned out that the only other people to have used it was Campbell and his clique while they were snooping around for material to try to use against me.

“Theory four” claims that I’ve asserted CrowdStrike hacked but, again, I haven’t said they hacked, or that anyone necessarily hacked anything for Guccifer 2.0 to acquire the documents he had. Another misrepresentation (although I do suspect there may be some conspiratorial link between Guccifer 2.0 and CrowdStrike for certain reasons, I’ve been straight with people about this being my inference and opinion and have advised people to check the evidence and draw their own conclusions).

“Theory five” isn’t a theory I’ve adopted or anything that I’ve stated commitment to either. I stumbled on a delegation of Ukrainians at the White House at the exact time Guccifer 2.0’s documents were purportedly created, and reported this fact. Again, this is just more of Campbell spinning furiously trying to present me as holding positions that, in reality, I don’t.

Campbell needs to learn the difference between someone reporting facts no matter who it helps versus someone changing their own theories as he clearly struggles with this distinction.

Campbell might also care to explain this, as forensic analysis of the files does not demonstrate the conclusion drawn by Campbell at all. In fact, it’s not possible to make such a determination from it.

It’s amazing that people around him (including editors at ComputerWeekly) didn’t pick up on this highly speculative assertion presented as though forensic analysis supported it – when it didn’t. Campbell drones on:

As shown in Part One, Campbell’s already had his claims here challenged directly and there are assertions here he’ll struggle to support but responding to this will be left to someone with experience in digital forensics analysis, and who is more qualified than I to deal with Campbell’s assertions here.

The “tampering” Campbell references here is not demonstrable or built on objective analysis, but rather comes from Campbell’s inference that Russians were trying to trick people into believing the files were connected to Seth Rich (possibly due to the statement Guccifer 2.0 made to Robbin Young?)

Campbell’s belief that McClelland had any involvement in this originated from Campbell’s assumptions. It was Duncan Campbell who first mentioned the name Ken, as was demonstrated in Part One. Despite this, he is clearly eager to have people perceive it as though his target had introduced the name when the reality is that they didn’t.

It’s also purely Campbell’s inference and silly assumptions that have led to anyone asserting that anyone is a “Russian disinformation agent.” I generally don’t label people as such. Campbell writes:

The Register was informed that its reputations would get burned by publishing Campbell’s article (and in retrospect, this may well have been correct) but, of course, Campbell has stripped out this context to frame this as if there’s a threat of arson (or something equally criminal), which absolutely wasn’t the case.

As seen in Part One, Campbell had originally tried to claim, wrongfully, that blackmail was committed (an assertion he had made to multiple parties). Fortunately he seems to have had the sense to walk away from outright alleging that (even though it does still seem to be one of many false perceptions he’s trying to propagate anyway).

Unfortunately, the only thing Campbell can be relied on to do is distort rather than simply report communications between parties. This is part of the reason that I’ve published the communications for all to see, and why more will be published in later parts of this series of articles.

Lies of omission are still lies. Here is one of the many things Campbell doesn’t want to let his readers know about:

Indeed, Campbell has treated a comment made on social media about personal opinions expressed at that time as being indicative of actions or intentions related to that individual’s reporting but has willfully ignored how that person has actually handled the topic in what they’ve published. It’s more spin and distortion from Campbell, misleading readers through what appear to be strategically made omissions.

The article finishes with an update:

It’s interesting that the only update ComputerWeekly gave their readers is this little piece of information to reinforce the perception of Russian ties.

What they don’t mention is that they’d received multiple rebuttals already at this point (from third parties as well as myself) and that there were even statements from others who were misrepresented in Campbell’s article that had corrected the record.

It seems that ComputerWeekly has no reservations about betraying the trust of its readers and is willing to feed them blatant propaganda in the form of an ill-conceived campaign to dox and smear an independent journalist.

Next week we’ll consider Campbell’s actions/behavior and the editorial irresponsibility of ComputerWeekly, take a look at misinformation versus disinformation and proceed to deal with the third parties that have lined up behind Campbell’s efforts to dox and smear.