New Analysis By The Forensicator Examines ‘Russian Fingerprints’ and Inconsistencies Left By Guccifer 2.0

Last year, Disobedient Media broke coverage of the groundbreaking findings published by independent data forensics researcher the Forensicator, which suggested that the files published by the Guccifer 2.0 persona had not been hacked remotely from Russia or Eastern Europe, as the official narrative claims, but were instead accessed locally, most likely as a USB drive transfer. Recently, the Forensicator has published a new analysis, the first of three articles which will comprise a series centered once again on the work of “Guccifer 2.0,” whom the original Guccifer has accused of being a U.S. government invention.

The Forensicator’s article, Did Guccifer 2 Plant his Russian Fingerprints?, analyzes the first five Microsoft Word documents that Guccifer 2.0 published on his blog the day after the DNC very publicly alleged that it had been hacked by Russian state-sponsored operatives. The first of those documents, which Guccifer 2.0 labeled 1.doc, also known as the “Trump opposition report,” received a substantial amount of corporate media attention.

One particular aspect of this document was highlighted by Ars Technica the day after Guccifer 2.0 published it; towards the end of the document there were error messages written in Russian, using the Cyrillic alphabet. These error messages were dubbed “Russian fingerprints” by Ars Technica.

Ars Technica found these “Russian fingerprints” in a PDF posted by Gawker the previous day. Apparently both Gawker and The Smoking Gun (TSG) had received pre-release copies of Guccifer 2.0’s first batch of documents; Guccifer 2.0 would post them later, on his blog site. Although neither Gawker nor TSG reported on these Russian error messages, some readers noticed them and mentioned them in social media forums; Ars Technica was likely the first media outlet to cover those “Russian fingerprints”.

Although almost two years have passed since the day (June 15, 2016) that Guccifer 2.0 published his first batch of documents, very few voices (with the important exception of Adam Carter) have questioned the method by which Russian error messages were embedded within the persona’s version of the Trump opposition report. The Forensicator’s latest study does just that, describing in dense technical detail the circuitous sequence of events that led to the situation where Guccifer 2.0’s version of the Trump opposition report had Russian error messages embedded within it.

Those who wish to view the Forensicator’s findings in full are encouraged to visit his blog, where the entire analysis is available. The Forensicator summarized the results of his research as follows:

According to the Forensicator, the sheer specific complexity of the process required to create the Cyrillic error messages calls into question the narrative that Guccifer 2.0 inadvertently disclosed the so-called Russian fingerprints by “mistake.” The Forensicator outlined some of the major points made above in order to provide context.

When reports emerged that Guccifer 2.0 had chosen the “Trump opposition report” as his debut disclosure, many observers questioned whether this catalog of publicly available media articles did any serious damage to the Clinton campaign or the DNC.  The Smoking Gun and Gawker made valiant attempts at defending the soft punches; they argued that Guccifer 2.0’s disclosure of the DNC’s talking points gave away the Democrat’s anti-Trump-strategy, harming its effectiveness. For many, this was not a very satisfying answer.

It should be noted that the series of Clinton documents WikiLeaks had been hyping up in the months prior to their publication, which were due for release right before the 2016 DNC National Convention and promised to be significantly damaging, had at that point been entirely unknown to the public and, more importantly, a complete frustrating mystery to the Clinton campaign/DNC/Crowdstrike, in regards to the nature of the documents. The initial release of documents from “Guccifer 2.0” to the media, meant to head off and detract from the highly-anticipated release by WikiLeaks of the real damaging material, are all innocuous Microsoft Word files unrelated to the DNC’s collusion with the media and the Clinton campaign in rigging the 2016 primary. But the WikiLeaks series turned out to be a gigantic trove of incriminating emails by the DNC implicating them in the cheating of Bernie Sanders out of the nomination. It was entirely unrelated to the harmless content of the Word documents, which were mostly uninteresting and unremarkable talking points and strategy write-ups instead of exciting teases of the explosive revelations to come.

The erratic behavior by “Guccifer 2.0” begs the question: if he were truly the source of the emails released by WikiLeaks that summer, why bother going through the anti-secrecy organization — whose major selling point is the uncompromising protection of their sources — at all if he is just going to voluntarily reveal himself as the source and publish the documents himself — why stop at 5? — and why interfere with WikiLeaks’ promotion of their release of the materials he claims to have provided them by dropping underwhelming unrelated files prior to it? This only makes sense if his objective was to hijack the narrative and promote the “Russian hacking” storyline to dispel more credible and substantiated notions that the documents were “leaked” by a disgruntled insider.

Narrative arguments aside, the fact that the DNC singled out this specific “Trump opposition report” document  the very day before Guccifer 2.0 published it raises questions as to possible Democratic Party coordination or collusion with those behind the Guccifer 2.0 persona’s publications. 

The Forensicator noted that the Trump opposition report is unique. It was one of four documents attached to a particular Podesta email. Those four attached documents, out of over 2000 Word documents in the Podesta emails, will trigger a bug in Word 2007 that ultimately generates error messages that (when translated to Russian) became the so-called “Russian fingerprints.”  Within those four attached documents, only the Trump opposition report is relevant to the Trump campaign.

Essentially, the Trump opposition report is the only document from over 2000 Word documents in the WikiLeaks Podesta email collection that both triggers the bug in Word 2007 that generates the Russian error messages (the “Russian fingerprints”) and that is at all relevant to the Trump campaign.

The Forensicator was quick to point out to this writer that it is impossible to confirm whether Guccifer 2.0’s 1.doc document originated in the Podesta email collection, but a search through that collection nonetheless shows us how unique this document is. The Forensicator emphasized that this specific attachment was the singular document in the entire collection that was somewhat ‘hurtful’ to Trump, and able to generate the “Russian fingerprints.”

Although the Forensicator was able to find source documents for Guccifer 2.0’s first five Word documents in the Podesta email collection, we have no way of knowing if the Podesta emails were, in fact, the source. Since the DNC mentioned the Trump opposition report as being “taken” (a nonsensical and impossible claim, considering the meticulously-audited NSA still has no idea how many or  which documents were “taken” by Edward Snowden) and that very document appeared the next day prominently featured in Guccifer 2.0’s first disclosures, it suggests that Guccifer 2.0’s 1.doc was derived directly from a DNC source.  Otherwise, the association between the DNC’s claim that the Trump opposition report was taken and its disclosure by Guccifer 2.0 doesn’t hold.

In addition to choosing this unique document, the Forensicator explained that there were three other critical factors that needed to be present in order to create a version of the Trump opposition report that would have Russian error messages embedded within it. Specifically, those conditions include: 

The Forensicator continued, “Whether you buy these theories or not, that might explain the use of RTF and a template file, many of us can agree that this multi-step process is too long and complex to be easily explained by Guccifer 2.0’s carelessness.”

The latest analysis by the Forensicator demonstrates that it is highly unlikely that the Cyrillic error messages found in Guccifer 2.0’s first publication were the result of simple lack of foresight on the part of Kremlin-backed hackers. Instead, the likely conclusion reached is that this document was carefully crafted with the intent of creating evidence that Russian hackers were the source of the security breaches that led to the Wikileaks publication of the DNC and Podesta emails. 

If the DNC had been the victim of a hacking intrusion as they so loudly insist, why did they not report the crime to the proper investigative authorities, running to the media instead? And why did they refuse to turn over the affected server to the FBI, instead hiring a private firm of questionable record to replicate the files on that server, and destroying the original — the equivalent of destroying the crime scene, which could be viewed as obstruction of justice? The DNC have actively avoided addressing these questions.

Disobedient Media will continue to report on the Forensicator’s findings as they are published.

* Expanded from original article by Elizabeth Vos published April 30, 2018 at Disobedient Media. All rights reserved.



Be the first to comment

Leave a comment: