On November 14, 2017, I wrote an article titled "RussiaGate Redux: Part Three" in which I was critical of what was, in my opinion, a propaganda piece that sought to undermine news of a meeting between Bill Binney (former NSA technical director and whistleblower) and Mike Pompeo (US Secretary of State but CIA director at the time) that was published on November 7, 2017, in The Intercept, authored by James Risen and Duncan Campbell.
Specifically, I was critical of the techniques used to unduly manipulate readers. I tried to tackle propaganda by it's form, something I preach and try hard to practice and didn't single out these authors for any personal attacks or try to smear them, it was the writing not the authors I was critical of.
While I always expect some backlash and retaliation/counter-attacks online from those whose work I criticise, what actually followed, in terms of what seems to have been the reaction from Campbell to this, has been both disappointing (regarding his behavior now versus his past accomplishments) and to a degree, quite shocking too (regarding apparent unhinged fervor to try to smear me, interrogate me with loaded questions, have me censored by lying about me, expose the identities of individuals who wish to remain pseudonymous for their own protection and appears to have tried to provoke paranoia among third parties with baseless speculation).
To be clear, I never wanted to be the focus of attention and of course, have never cared for getting targeted by overzealous third parties, I've always insisted people should focus on the evidence (and even made a point of declaring that other researchers don't necessarily agree with my conclusions) but I guess it was inevitable I'd be attacked sooner or later and I knew something like this was coming (and am aware that there's likely something similar elsewhere being prepped).
I don't care though, after all, the reality opponents are showing me is that they:
I actually thought I was a coward for hiding behind a pseudonym but I actually feel emboldened by knowing the depths to which others have to sink in their efforts to intimidate, silence and smear others for daring to bring attention to evidence on public record that happens to contradict or discredit what we are told by intelligence agencies, politicians and all too often, the mainstream press.
Rather than try to attack Campbell's character (two wrongs don't make a right, after all), I'm going to try to counter this in a far more candid, fair and responsible manner.
I'm going to focus on activity relevant to his current efforts and I'm going to show how to build a propaganda campaign by simply deconstructing Campbell's own efforts to fish for (and even fabricate) character vulnerabilities to exploit - basically I will give you a behind-the-scenes view of how Campbell has operated in his disingenuous and desperate endeavours to undermine me.
It seems, that some time around or shortly after I'd published the RussiaGate Redux Part 3 article, Campbell, having been a friend of Bill Binney's, decided to express what appeared, at first, to be objective interest in the research carried out by Forensicator.
However, this seems to have shifted to expressing concerns, then into seeding doubts, escalating with the promotion of suspicion and ultimately, peaking with a provocation of paranoia and an effort to misrepresent Forensicator's work in a relatively short time span.
By the time Campbell's antics were disclosed to me, Campbell had already suggested to Bill Binney that Forensicator and I were the same person, that I may be an undercover CIA officer trying to undermine VIPS with bogus evidence/claims or that I may be part of a Russian disinformation campaign.
(Yes, all of this baseless speculation, and yet, Campbell insists it is others that spread disinformation!)
He also misrepresented the purpose of a timestamp adjustment cited in part of Forensicator's study (either demonstrating his misunderstanding of it or that he was misinterpreting the study deliberately) and tried to use this to justify an arbitrary and unsubstantiated adjustment of his own to produce a "competing" theory that was nothing of the sort and only served to do exactly what he was accusing others of - to introduce disinformation and refuses to accept that Forensicator is genuinely a separate entity to myself and Disobedient Media.
As part of his efforts, starting from approximately December 15, 2017, Campbell contacted me with what was essentially an accusative, hostile, interrogatory questionaire that was blatantly loaded with bias, prejudices and flawed assumptions (as you will soon see).
It was clear to me that Campbell had little interest in challenging the information Forensicator, myself and others have published and instead, he has shown himself to be obsessed with trying to smear those investigating Guccifer 2.0 and the technical aspects of "RussiaGate" allegations, ultimately managing to attack everything except for the published information he claims is "disinformation".
(Campbell has even sought out means to undermine other researchers and contacted their former places of work/education in the UK too, insinuating that they were part of a "pro-Kremlin" disinformation effort because they had also had the audacity to bring evidence to the public's attention.)
Campbell emailed the site's former host making various alarmist claims around December 14, 2017, enough to spook people and have the g-2.space site pulled offline.
He emailed me too, asking if I was "Ken".
I actually didn't realise who he was referencing when he first mentioned this name, however, having been advised by a whistle blower to allow people to make false assumptions if they seem to be digging around for information to exploit, and having had my web site only just taken offline, I suspected something was up and so I allowed him to retain his assumption and asked why he had an interest in me and asked whether I'd done something wrong as I noticed my site was offline.
I was later informed that Campbell had contacted Creative Insomnia, had made it sound as though the sites may be illegal or infringing and that there were likely implications legally and for the reputations of whoever was managing the site.
On December 15, 2017, I was presented further questions:
Questions #12, #13 and #14 in the above email were presented as being the answers to my questions from the previous day (about whether I had done something wrong), however, these points actually only surfaced as a direct result of Campbell intimidating and misleading individuals at Creative Insomnia (followed the next day by making false statements to the company) and so Campbell doesn't actually explain any wrong-doing that led Campbell to involve himself in anything in the first place.
Campbell was subsequently informed that the space for the site was personal space allocated to Tim Leonard and that, while they allowed use of that space for the g-2.space site, they hadn't inform the company board that they were hosting this.
Unfortunately, Campbell didn't even give the company board chance to confer and tried to pressure one company director into responding and chose to initiate his alarmist contact with that director (that doesn't manage the servers or technology side of operations) on their cell phone, away from the office and outside of office hours, demanding answers immediately.
As can be seen in the above email, Campbell also takes issue with:
I also received the following on the same day and responded:
And then came this (with my initial response showing my patience wearing thin from his efforts but still responding with details a few days later):
The rhetoric here from Campbell was of course ridiculous but rather than nitpick over his choice of vocabulary, the important points:
Campbell does seem to struggle with a few things too:
"Third: we could not show that the time stamps were done on the east coast i.e. we can't show where the time stamps designate"
We can show the .7z archive was most likely to have been created in the Eastern time zone, we'll cover this in more detail at the end of this article.
Fourth: the data from G2 in September merges with the data from 05 July if you only look at mins, seconds and milliseconds Does raise questions about G2 (playing games with data and us)
The files this relates to are those with July 5, 2016 as their last modification date. The only adjustments observed or suggested in Forensicator's study are those pertaining to the difference in timestamp storage format differences between RAR4.x archives (stores archivists timestamp, raw) and 7-Zip archives (stores UTC offset adjusted times that alter depending on your time zone). There is nothing to suggest dates were tamperered with in any way.
A fair point regarding transfer rate was made though:
Fifth: the highest transfer rate we found was 49.1 mBps. not 38 mBps
However, Forensicator has informed me that he didn't include that specific example as it was an isolated calculation and there was a risk of it being an outlier considering the step up from all other transfer rates calculated and didn't want to risk unduly inflating transfer rates. He was attempting to report a reliable peak rate where the rate comes from part of a series of file transfers rather than risk reporting on a potential distortion from an outlier. (Without doing this, it would make the study vulnerable to accusation of attempting to game the results to strengthen assertions.)
I'd sum this up as: "Damned if you err on the side of caution, damned if you don't!", either way, it's a point that only serves to stengthen the conclusions and comments from Forensicator. If you wish to include the 49.1MBps rate, I won't argue against it, it just makes it easier to argue that the mass transfer of files that appears to have occurred on July 5, 2016 was local.
On December 17, 2017, Campbell decided to seek other lines of attack as the following fishing-expedition-of-an-email demonstrates (obviously by this stage I was really getting tired of his blatant effort to seek ways to try to unduly smear me or undermine me):
The crazy thing is that Campbell is asking me questions in which he's making no sense and making assertions that are completely baseless. Toward the end of this email, he simply devolves into completely false assumptions that I've done things, been places and tweeted things ahead of others when I didn't... demanding I give him answers over things that aren't even grounded in any reality.
Finally... he returns to being pedantic over me defining myself as a 'citizen journalist' but not a 'journalist' (as I used to consider the latter synonymous with professional/paid journalism) and various other changes made to my Twitter bio over time.
In reality, Campbell will struggle to find any example where I ever try to use who or what I am (or "claim to be" in the eyes of the skeptic) as the basis for why anyone should trust or believe me. In fact, I do actually advise against trusting people who do that and often say that people should "check and verify evidence for themselves whenever possible and draw their own conclusions". - It became damn close to being a motto during the first few months of my efforts to investigate Guccifer 2.0.
Overall, as can be seen from his communications with me, it's fairly evident that campbell never had any desire to debate things or make a legitimate complaint, he doesn't even care to understand Forensicator's work, he's just purely digging for smears and it shows.
We'll now cover some of the key areas Campbell had indicated intention to attack through his communications above (and from what I had been informed of by third parties at that time):
When I first started writing articles about Guccifer 2.0, I didn't consider myself to be a journalist and didn't want to use my profession or claims of expertise to unduly influence people. I didn't want to give a false impression of authority in any way. I wanted people to concentrate on the research and what was being reported.
So, I outright stated that I wasn't a journalist. I also stated that I wasn't claiming to be an expert at anything.
However, as I spoke with more people, some wanting to retain anonymity, some willing to entrust me with details and willing to make contact on condition of keeping confidentiality, I accepted that I was, at the very least, a "citizen journalist" - this only became clearer over time as I started reporting on new developments, discoveries by third parties and studies carried out separately by other researchers.
I have referred to myself in my Twitter bio in various ways over time, even mentioning being a hacker (approx 2 decades ago!) but I felt that sent out the wrong message, especially when, for the last 20 years or so, I've done the opposite, investigating hacking and malware and protecting servers from such threats.
More recently I changed it to say I was a pseudonymous Guccifer 2.0 researcher, again, it's all true (and I was just having fun with the word 'pseduonymous' as an article had recently used that word to describe me: "The pseduonymous Adam Carter" as they stated it).
However, Campbell, as can be seen from his communications, desperately tries to make these seem like they're significant and/or conflicting when in most cases they're not.
I strive to inform people of factual information (even if outcomes from it are contentious), am now a technology correspondent for Disobedient Media (my first article being republished at other sites within hours of publication) and most importantly, I have long had sources to protect.
I have a responsibility to my sources and for their sake I must declare that I am a journalist.
Guccifer 2.0 was a persona that appeared in the middle of a US election, claimed to hack into a political party in the US and steal their documents, he then contacted US media exclusively and, I would guess about over 90% of the reporting on the topic has been in America.
Guess who my audience typically is? - That's right, Americans.
Do I want them to have the most fluid reading experience I can provide so they can focus on the topics, concepts, arguments, etc or have them distracted by what will, to them, be apparent oddities in spellings, etc? - Answer's obvious to me.
Not only do I try to use American spellings in my articles, a friend who very kindly proof-reads a lot of the articles I wrote for my site also does so knowing I have Americans in mind as an audience and they'll 'correct' spellings from English to American where necessary.
I generally use American spellings unless I know the person I'm communicating with is English.
Having communicated more frequently with Americans online than Brits (for almost 20 years), I've got in the habit of using American spellings of words and when English spellings cause a squiggly red line to appear under words indicating there's a spelling mistake, I habitually 'correct' them to the American spellings.
That said, my work isn't completely devoid of English spellings. I did let "behaviour" slip through in an article I wrote in November as an example.
Campbell, unfortunately, suspects me of being American, or possibly the Forensicator, or at the very least suspicious in some way as a result of my use of American spellings.
A few weeks ago, I was contacted by a member of VIPS who passed on a dispute (from Duncan Campbell) over the EDT time zone assertions in Forensicator's research. As always, I relayed this back to Forensicator, he provided a response and I relayed that back to VIPS.
Unsatisifed by the response relayed, Campbell has proceeded to make accusations against Forensicator and myself that are ridiculous (and entirely misplaced in regard to criticism of myself as I was just acting as a messenger).
Forensicator explains that the RAR archives (within the 7-zip archive) are an older format that records a fixed time and the timezone will be whatever the local time was for the archivist (unlike the 7-zip's files which are UTC adjusted times and will show an archiving time that would be accurate according to your own timezone, whereever it is you're opening the file.)
He uses PDT solely as an example (as he states) but Campbell has treated that as if it's an example of Forensicator misleading.
Here is an example of what we would see in the above image if viewed from EDT timezone:
This helps to illustrate the point Forensicator makes and hopefully makes it clearer why he says the local time was EDT.
Forensicator then went on to explain how, if you accept the EDT timezone observation above - you can adjust the timestamps so that files from both sets of archives are in the same timezone and primed for collective analysis. He provided an example script that would achieve this.
Campbell has decided to frame the above as "TAMPERING", however, the timezone inference is made before getting to that stage and Forensicator was just explaining how to appropraite the files for further analysis after extraction due to the fact that for everyone outside of the Eastern timezone, their timestamps will need adjusting.
I decided to carry out my own testing on a copy of the NGP-VAN archive, testing how the 7Zip and RAR archives appear according to both my timezone (Greenwich Mean Time) and Eastern Time as well as looking at various files in the RAR archives and ZIP archives.
It's not by any means extensive, it's just an attempt to record my own effort to check things out, take screenshots and explain why I personally understand how Forensicator has drawn the conclusion about Eastern Time being in effect during the archiving operations carried out in September 2016.
Campbell has tried to claim that you can also show that the files from September synchronize with times in the archive, well, just as long as you ignore the evidence and disregard the dates.
There are two flaws with this effort.
The first flaw is that Campbell is ignoring what the evidence shows and is just arbitrarily ignoring values in the data to suit his purpose.
The issue Forensicator was dealing with actually involved an hour value that was variable for a legitimate reason (due to UTC adjusted timestamps that chance depending on where you're opening them from)... no evidence had to be selectively ignored.
So the premise this in any way discredits Forensicator is inherently risible already.
To make matters worse for Campbell, even if you ignore the arbitrary date manipulation required for his theory - there's another flaw:
The files with last modification dates in September aren't all within the same hour. There are some that were 3 hours apart from the others (colored red and blue to differentiate them clearly in the image above).
Considering we're looking for transfers to have occurred within a 15 minute period and Campbell's presenting files spanning a 3 hour gap as being suitable for that... he must also be ignoring the hour value as well as the date.
So, Campbell is investigating what the evidence would show after he has been allowed to arbitarily manipulate timestamps and ignore values that are inconvenient justified by nothing more than his own unsubstantiated suspicions of manipulation.
Forensicator, on the other hand, just analyzed the evidence, as it is.
There is a world of difference between the two and it's absolutely ridiculous of Campbell to pretend his mangling of data to suit political purpose is the same as analyzing data and finding you have a variable value that adjusts depending on timezone and trying to understand what can actually be supported by that (and all without arbitrarily adjusting values for no good reason).
The Defianet site was just a little personal portal page that would gather infosec/cyber-security/hacking/etc news from different RSS feeds as well as YouTube videos from various channels that I liked.
It received an average of 19 visitors per day at the point it was shutdown.
Campbell did originally tell my previous host that this site linked to racist hate sites full of Trump supporters, etc. (see their statement at the end of this article) and later followed up with an email to them framing the sites being linked to as "extreme Trump/Russia" sites where "Russia denialism is a common theme".
Unfortunately, Campbell doesn't seem to understand the difference between denialism and showing a modicum of deference to exculpatory evidence.
It's also worth noting that Campbell combines a statement that vindicates the host with an assertion about sites being used as part of a disinformation campaign - and then asks them to agree with it.
That's the sort of journalist Campbell has become lately.
As for those "racist", "extreme Trump/Putin" sites he referred to... they are:
Disobedient Media, Redacted Tonight, WikiLeaks, Global Research, Zero Hedge, Circa, The Jimmy Dore Show, Big League Politics, Humanist Report, Judicial Watch, Counter Punch, The Populst, Hard News Network, Tracy Beanz, OAN (One America News Network), AFMG (America First Media Group), The Real News, WeAreChange, Consortium News & BullTruth.
If you've got much appreciation for independent media, you'll be laughing your socks off at what Campbell was asserting already. The objective reality is that I was simply offering links to a broad spectrum of independent media sites including both left and right but Campbell can't admit to that reality.
It is fair to say that during the Democratic party primary I did want Sanders to win. The way the mainstream press censored the dissent at the convention pissed me off too and I was against the collusion that had become apparent (in leaks) between the DNC leadership and most of the mainstrem media.
So I was vocal about it on Twitter at that time and, it seems, Campbell is wanting to use my tweets from around that period to try to throw shade in various ways.
Fortunately, I was aware of the tweets he had intended to use.
However, by the time the election came (5-6 months after those tweets were posted), my interest had faded significantly.
By December 2016, I'd stopped caring altogether and was focusing on issues closer to home, however, I did notice that there was something alarming published by mainstream press: allegations that Putin had ordered the hacking of the DNC, something reported by 3 different networks according to their own sources (and then propagated by many media outlets afterwards).
Those allegations and the dependence of the mainstream press on Guccifer 2.0 references became the focus of my attention, that's when, driven by curiosity, I started investigating.
Not long after I started, I found things that were significant, so significant that I felt I had to say "good bye" to all and any partisan echo-chambers I had visited and to leave partisanship completely behind for the sake of the investigation (which I did, promptly).
I've been stubbornly independent and ceased to feel any affinity with any political party since the beginning of the 2017. After what I've seen over the past few years, I doubt I'll be changing that any time in the near future.
However, I won't hide my history nor express any shame or remorse for it, it is what it is and it is completely separate from any investigating and reporting I've done (which didn't start until 2017).
I should also point out that I wasn't "posing" as a Democratic party supporter either (as Campbell has stated in one of his emails). During the primary I was genuinely a Sanders supporter as I liked his track record compared to his opponents and liked the grass-roots nature of his campaign.
Campbell asks why I didn't disclose my nationality at that time but I don't think, with only 4 or 5 followers at that time, I'd have had much influence over the outcome of the election, though evidently from Campbell's perspective, I was clearly making waves and rocking boats all over the place with my extensive following at that time.
I'm aware Campbell has tried to portray me retweeting an image (that was accompanied by MAGA-themed hashtags) as though I had tweeted the hashtags myself or that I was expressing support for Trump, but this just attempts to take what I had actually done (retweeted a picture someone had tweeted) about as far out of context as he possibly can.
Sadly, this is just Campbell desperately hoping to conflate my past politics with the investigation in an attempt to degrade information unduly (and also to try to claim I have political affiliations that I've never had). He's just trying to attack character because attacks against the research, evidence and conclusions are weak and easily rebutted.
I sent an email to The Register to try to warn them that publishing Campbell's article is likely to "turn them from The Register into The Retractor", explained that I was already writing an article to counter Campbell's misguided attacks and that Campbell's deceptions were being recorded/logged.
I explained that The Register didn't need to have it's reputation burned with Campbell's nonsense and that if they published what it looked like he was planning to write - it likely would get burned [inherently, as a result of Campbell's article and the rebuttals I had already planned to use in response].
I'm not sure if this was inferred as a threat as I started out the email by making clear an article was already written to counter Campbell's if they were careless enough to publish Campbell's fantasies.
Of course, upon being notified of this, Campbell contacted my former service provider to declare that my email address had been used to send out "blackmail" and "threats", following which my email service was suspended.
Campbell then repeated these claims in communications with third parties about a week later.
I've noticed from Campbell's communications with others that he has tried use "could have been" arguments on the basis that, in theory, all timestamps could have been manipulated.
It is fair to say, in theory, that hackers could manipulate and fabricate information to fool investigators. However, assuming this and assuming it on a broad scale without any indication that timestamps are manipulated, is problematic.
There's an even bigger problem with Campbell's "could have been" assumptions here, there are indicators that timestamps are organic (from the plausible time gaps between timestamps through to some of the interleaving across directories that was also observed).
His argument is that the files could have been transferred any time between 2012 and 2016 (up to September 8, 2016) because theoretically, the timestamps could have been manipulated or the hacker could have altered his local timezone, etc. (even though there is nothing to suggest it).
Campbell's argument here is nothing more than an appeal for people to ignore what the data shows without any substantive reason to do so.
It is fair to say that the files in the NGP-VAN archive (that we see were transferred as a batch on July 5, 2016) could have been transferred at an earlier date. - That's not to say there's any indication of an earlier batch-transfer in 2016 though, it's just not an unrealistic premise.
Due to the volume of data calculated to have been transferred overall and the lack of anything to support a theoretical batch transfer in the months preceding that date, it does look like there's a moderate chance of it being an initial acquisition of files but it's not something I can state with any certainty. - It could have been a secondary or tertiary copy for all we know.
While there is some disparity between Forensicator's work and inferences of third parties, I've never concealed or denied this and have been candid about this throughout.
Some of the latest claims are tempting to get into but I will save all of those for part two. In this part, I just wanted to demonstrate the tactics Campbell has used to insert himself into things, cause disruption and generate disinformation of his own and that he has demonstrated more interest in attacking character and smearing others than actually debunking analysis and debating the technical merits of third party studies.