In early January, NSA whistleblower Bill Binney wrote an editorial for the Baltimore Sun in which he explained why the report that the DNC emails were hacked, not leaked, was unconvincing. He has this week forwarded a memorandum to the President put together by several other cyber experts stating that they have concluded a thorough analysis indicating the DNC emails were leaked, not hacked.
Binney, a member of the Veteran Intelligence Professionals for Sanity, an anti-war group, is comprised of former officers of the United States Intelligence Community. They formed in 2003 and have made predictions that have been both correct and incorrect.
In this latest analysis, they stated that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computers.
They examined metadata of the Guccifer 2.0 intrusion into the DNC server.
Key findings indicate that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack. Of equal importance, the forensics show that the copying and doctoring were performed on the East coast of the U.S. Thus far, mainstream media have ignored the findings of these independent studies [see here and here].
A more detailed technical report titled, “Cyber-Forensic Investigation of ‘Russian Hack’ and Missing Intelligence Community Disclaimers,” has been sent to the Office of the Special Counsel for the Attorney General.
As part of their evidence, they issued the timeline they used:
The Time Sequence
June 12, 2016: Assange announces WikiLeaks is about to publish “emails related to Hillary Clinton.”
June 15, 2016: DNC contractor Crowdstrike, (with a dubious professional record and multiple conflicts of interest) announces that malware has been found on the DNC server and claims there is evidence it was injected by Russians.
June 15, 2016: On the same day, “Guccifer 2.0” affirms the DNC statement; claims responsibility for the “hack;” claims to be a WikiLeaks source; and posts a document that the forensics show was synthetically tainted with “Russian fingerprints.”
We do not think that the June 12 & 15 timing was pure coincidence. Rather, it suggests the start of a pre-emptive move to associate Russia with anything WikiLeaks might have been about to publish and to “show” that it came from a Russian hack.
The Key Event
July 5, 2016: In the early evening, Eastern Daylight Time, someone working in the EDT time zone with a computer directly connected to the DNC server or DNC Local Area Network, copied 1,976 MegaBytes of data in 87 seconds onto an external storage device. That speed is many times faster than what is physically possible with a hack.
It thus appears that the purported “hack” of the DNC by Guccifer 2.0 (the self-proclaimed WikiLeaks source) was not a hack by Russia or anyone else, but was rather a copy of DNC data onto an external storage device. Moreover, the forensics performed on the metadata reveal there was a subsequent synthetic insertion – a cut-and-paste job using a Russian template, with the clear aim of attributing the data to a “Russian hack.” This was all performed in the East Coast time zone.
The entire memorandum can be found at Zerohedge and several other websites.