New Research Proving Hillary Clinton Email Files Were Copied Locally, NOT HACKED!

christophzak (37)in #politics • 7 years ago

On the 9th of December, the Democratic National Committee (DNC) was hacked by an independent entity known as Guccifer 2.0 with the help of the Russian government to influence the American election.
After months and months of Russian allegations, (on every FUCKING news channel!) everybody widely accepted the official narration of the what happened during the US elections of 2017.
After hours of research, I came across very interesting documents. Documents that indicate that DNC files were not hacked, but leaked!

The Story of Clintons Downfall

On Jully 22, 2016 an entity known only as Guccifer 2.0 claimed that he/they alone were responsible for the cyber attack on the DNC. He also claimed that it was him, who sent huge amounts of stolen digital files to WikiLeaks. However, WikiLeaks has not revealed the source regarding the Clinton emails.
This is what Julian Assange had to say about the source of the DNC leak:

Julian Assange seems to suggest on Dutch television program Nieuwsuur that Seth Rich was the source for the Wikileaks-exposed DNC emails and was murdered for it. Well that sound like quite a conspiracy right... right?
Well Julian is implying that the DNC was never hacked. The files were leaked by Seth Rich. This story caused unbelievable uproar as Fox News convered the story and blamed the murder of Seth Rich on the Democratic Party as
Full article here

Well, sadly the Guardian did not show any evidence to back their claim, "it wasn't ture". They just went on to attack Rupert Murdock the owner of Fox News and immediately jumped to some other story:

Luckily the ICA (Intelligence Community Assesment) gave a full declassified report on the DNC hack. Great! So I started reading through the 25-page report on "Russian activities and Inentions". Yet again I found no conclusive evidence that could prove Julian Assange claim regarding Seth Rich wrong. If you ever wanted to actually read the full report you can find it all here. Just as a reminder, this report was the main bases for the new set of sanctions that the US placed on Russia just last month.

A Quick summary of the ICA report "Assessing Russian Activites and Intentions in Recent US Elections".

Russia hacked the United States because Russia is evil.
Putin wants help Trump to win.
It´s basically 25 pages of pure speculations backed by no evidence at all!

Ok now that background story is over, [here] (https://theforensicator.wordpress.com/guccifer-2-ngp-van-metadata-analysis/) is the entire analysis of the Guccifer Files.

Guccifer 2.0

The full document referenced here has been published on their blog.
Their analysis indicates the data was almost certainly not accessed by a remote hacker, very unlikely in Russia. If true, this analysis obliterates the Russian hacking narrative completely!.

Crowdstrike is the only cyber research group that has directly analyzed the DNC servers. Other groups such as Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike;

Findings

Based on the analysis that is detailed below, the following key findings are presented:

On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis). This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.
Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.
The initial copying activity was likely done from a computer system that had direct access to the data. By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).
They may have copied a much larger collection of data than the data present in the NGP VAN 7zip. This larger collection of data may have been as large as 19 GB. In that scenario the NGP VAN 7zip file represents only 1/10th of the total amount of material taken.
This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast.
The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).
A Linux OS may have been booted from a USB flash drive and the data may have been copied back to the same flash drive, which will likely have been formatted with the Linux (ext4) file system.
On September 1, 2016, two months after copying the initial large collection of (alleged) DNC related content (the so-called NGP/VAN data), a subset was transferred to working directories on a system running Windows. The .rar files included in the final 7zip file were built from those working directories.
The computer system where the working directories were built had Eastern Daylight Time (EDT) settings in force. Most likely, this system was located somewhere on the East Coast.
The .rar files and plain files that eventually end up in the “NGP VAN” 7zip file disclosed by Guccifer 2.0 on 9/13/2016 were likely first copied to a USB flash drive, which served as the source data for the final 7zip file. There is no information to determine when or where the final 7zip file was built.

Analysis

The Guccifer 2 “NGP VAN” files are found in a password protected 7zip file; instructions for downloading this 7zip file can be found at https://pastebin.com/fN9uvUE0.

The times shown above are in Pacific Daylight Savings Time (PDT). The embedded .rar files are highlighted in yellow. The “*” after each file indicates that the file is password encrypted. This display of the file entries is shown when the .7z file is opened. A password is required to extract the constituent files. This aspect of the .7z file likely motivated zipping the sub-directories (e.g. CNBC and DNC) into .rar files; this effectively hides the structure of the sub-directories, unless the password is provided and the sub-directories are then extracted. The last modification dates indicate that the .rar files were built on 9/1/2016 and all the other files were copied on 7/5/2016. Note that all the times are even (accurate only to the nearest 2 seconds); the significance of this property will be discussed near the end of this analysis. The files copied on 7/5/2016 have last modified times that are closely clustered around 3:50 PM (PDT); the significance of those times will be described below.

The Guccifer 2 “NGP/VAN” file structure is populated by opening the .7z file and then extracting the top-level files inclusive of the .rar files. The .rar files are further unpacked (using WinRAR) into directories with a name derived by dropping the .rar suffix.

Note: although other archive programs claim to handle .rar files, only WinRAR will reliably restore the archived files, inclusive of their sub-microsecond last modification times.

The times recorded in those .rar files are local (relative) times; this determination is detailed in the blog post, RAR Times: Local or UTC? . The times recorded in the .7z file are absolute (UTC) times. If you look at the recorded .rar file times, you will see times like “7/5/2016 6:39:18 PM” and the times in the .7z file will be at some offset to that depending on your time zone. For example, if you are in the Pacific (daylight savings) time zone, the files shown in the .7z file will read 3 hours earlier than those shown in the .rar files, as shown below.

In this case, we need to adjust the .7z file times to reflect Eastern Time. Something like this command if you are on the West Coast (using Cygwin) will make the adjustment.
find . -exec touch -m -r {} -d '+3 hour' {} ;
The .rar files can be unpacked normally because they will appear with the same times as shown in the archive.

Conclusion 1: The DNC files were first copied to a system which had Eastern Time settings in effect; therefore, this system was likely located on the East Coast. This conclusion is supported by the observation that the .7z file times, after adjustment to East Coast time fall into the range of the file times recorded in the .rar files.

This file is then imported into an Excel spreadsheet for analysis.

Many archive file formats (e.g., zip and 7zip) record file times only to whole second resolution. The .rar format however records file times to a higher (nanosecond) resolution. This can be difficult to confirm; the GUI interface will only display whole seconds. The included command line utility, rar, however can be used to display the sub-second resolution. The lt (“list technical”) command will provide further detail. For example, the following command will list additional detail on the file