New analysis suggests Guccifer 2.0 files copied locally, not hacked by Russia
RT | July 12, 2017
Files stolen from the Democratic National Committee (DNC) were likely downloaded to a USB drive by someone with physical access to a computer connected to the DNC network, not hacked remotely by Russia, according to a new analysis.
In an interview with Motherboard in June 2016, the hacker who claimed to be Guccifer 2.0 said he used a zero-day exploit to breach the DNC server and steal files he later published under the title “NGP-VAN.”
The leak was quickly attributed to the Russian government. However, a document published Sunday by an individual known as the Forensicator shows how the 7-zip file published by Guccifer 2.0 was transferred at a speed of 23 MB/s, making it “unlikely that this initial data transfer could have been done remotely over the Internet.”
“The initial copying activity was likely done from a computer system that had direct access to the data,” the report from the Forensicator stated. “By ‘direct access’ we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).”
For his analysis, the Forensicator looked at the data from the 7-zip file which showed the .rar files were built on September 1, 2016, while the other files were last modified on July 5, 2016. When the .rar files are unpacked using a program called WinRAR, their timestamps were preserved from the date they were transferred.
The timestamps of those .rar files were relative times, while the times recorded in the 7-zip files are absolute times, recorded in Coordinated Universal Time (UTC). The Forensicator found that if the .rar files were adjusted to Eastern Time, they “fall into the same range as the last modified times for the directories archived in the .rar files.”
Therefore, the Forensicator concludes that the files were built on a computer system where the Eastern Daylight Savings Time (EDT) timezone setting was in force, meaning that the system was most likely located on the East Coast of the US.
The Forensicator then generated a list of the files sorted by the date they were last modified and imported the list into an Excel spreadsheet. Analyzing the files by date last modified, he observed that the last modified times were clustered together in a 14-minute time period on July 5, 2016.
The analysis of the metadata also found a majority of the time it took for the files to be copies, 12 minutes and 48 seconds of the 14 minutes and 15 seconds, was allocated to “time gaps” that appear between several top-level files and directories. The Forensicator concluded that this indicated that the files were chosen from a much larger collection of files.
Estimating the transfer speed of the files published by Guccifer, the Forensicator concluded that if the 1.98 GB 7-zip archive published by Guccifer was copied at a rate of 22.6 MB/s, and all the time gaps were attributed to additional file copying, the initial file copy would be 10 times larger, or 19.3 GB.
No comments yet.
Featured Video
John Mearsheimer: The Case for a Nuclear Iran
or go to
Aletho News Archives – Video-Images
From the Archives
Ethnic Cleansing in a Zionist Fairyland
By Vacy Vlazna | Palestine Chronicle | February 10, 2012
‘De-Arabizing the history of Palestine is another crucial element of the ethnic cleansing. 1500 years of Arab and Muslim rule and culture in Palestine are trivialized, evidence of its existence is being destroyed and all this is done to make the absurd connection between the ancient Hebrew civilization and today’s Israel. The most glaring example of this today is in Silwan, (Wadi Hilwe) a town adjacent to the Old City of Jerusalem with some 50,000 residents. Israel is expelling families from Silwan and destroying their homes because it claims that king David built a city there some 3000 years ago. Thousands of families will be made homeless so that Israel can build a park to commemorate a king that may or may not have lived 3000 years ago. Not a shred of historical evidence exists that can prove King David ever lived yet Palestinian men, women, children and the elderly along with their schools and mosques, churches and ancient cemeteries and any evidence of their existence must be destroyed and then denied so that Zionist claims to exclusive rights to the land may be substantiated.’ — Miko Peled, Israeli dissident.
Indeed, archaeology has become a state apparatus for the ethnic cleansing of Palestinians in the Zionist fairyland aka the City of David Archaeological Park located in the Palestinian village of Silwan in East Jerusalem.
East Jerusalem is the proclaimed capital of the proposed Palestine state. It was illegally annexed by Israel in the 1967 war. Prohibiting annexation of territories gained by military conquest is one of the major principles of international law. The international community does not recognise Israel’s annexation of East Jerusalem nevertheless over 50,000 illegal premises have been built for 250,000 illegal Israeli colonists.
The goal of the archaeological judaisation of Jerusalem is to transform Jerusalem into the City of David, the capital of Greater Israel by eradicating the mixed ethnic composition of the Palestinian and Jewish population of East Jerusalem to a solely Jewish identity and unifying East and West Jerusalem under Israeli sovereignty. … continue
Blog Roll
Aletho News- US fears Iran war will ‘deplete’ air defenses stretched thin by Ukraine, Israel: Report
- Top AIs deploy nukes in 95% of war game simulations – study
- Could Hungary’s fight over oil change course of Ukraine War?
- North Korea Open to Rapprochement If US Respects Its Nuclear Status – Kim Jong-un
- John Mearsheimer: The Case for a Nuclear Iran
- The Founder Who Turned Against Root Canals
- Israel displaces last two families from Al Khalayel valley, Al Mughayyir
- Israeli Opposition Leader Endorses Greater Israel
- Islamic Jihad: Trump’s peace board is a “theatrical stunt detached from reality”
- The Head Of A CIA Cutout Admits To Meddling In Iran To Fuel Unrest
- If Americans Knew
- Israel responsible for 2/3 of press killings worldwide – Not a ceasefire Day 139
- Are the Jews indigenous to Palestine?
- AIPAC Wants to Kill a Bill that would Ensure Israel Complies with Ceasefire
- Former Israeli PM, in Epstein Files, Dreamed of Israeli Eugenics and Pretty Converts
- Israeli settlers join ‘safari’ tour of Palestinian prisoners
- Flooding in Gaza amid rumors of war; fire in West Bank – Not a ceasefire Day 138
- Fourteen Countries Condemn Huckabee’s Support for Israel Taking Over Most of the Middle East
- Israeli Soldiers Killed Gaza Aid Workers at Point Blank Range in 2025 Massacre: Report
- Israel’s insidious network to propagandize American Christians
- Israel’s Best-Kept Secret: Palestinian Resistance Never Agreed to Disarm
- No Tricks Zone
- Surprising Discovery: Sahara Is Greening…Billions Of Trees Where Once Thought To Be Barren
- New Research Reaffirms Clouds, Aerosols, And Surface Solar Radiation Are ‘Driving The Climate System’
- Germany: Electric Car Catches Fire At Charging Station, Sets Off Local “Inferno”, Widespread Damage
- New Study: Canada’s New Brunswick Was 1°C Warmer Than Today During The Medieval Warm Period
- Coal Power Back In Trend As Globe Tries To Keep Pace With Growing Demand For Power
- New Study: A 4°C Warmer Beaufort Sea Had ‘No Sea Ice’ 11,700 – 8200 Years Ago
- Unfudging The Data: Dutch Meteorological Institute Reinstates Early 20th Centruy Heat Waves It Had Erased Earlier
- German Gas Crisis…Chancellor Merz Allegedly Bans Gas Debate Ahead of Elections!
- Pollen Reconstructions Show The Last Glacial’s Warming Events Were Global, 10x Greater Than Modern
- Germany’s Natural Gas Storage Level Dwindles To Just 28%… Increasingly Critical
Aletho News 
Leave a comment