ComputerWeekly's Fake News Fiasco

ComputerWeekly published false claims, wrongly denied existence of multiple pieces of digital forensics evidence, pushed dubious technical theories wrapped in conspiracy theories and distorted technical analysis, reporting and opinions of multiple parties to form a series of straw man attacks. The publication's editors have refused to accept verifiable evidence, have stonewalled when asked to confirm receipt of evidence and have betrayed the assurances of the publication's editor-in-chief regarding corrections.

In 2018, UK-based technology publication ComputerWeekly published an article that purported to expose a Briton who had allegedly ran a "pro-Kremlin disinformation campaign".

Evidence showing that the article contained distortions and disinformation emerged the following day and the situation has only devolved since publication due to how editors have handled facts and evidence.

The article:


Those primarily responsible for this were:

Duncan Campbell (Freelance Journalist)
William Goodwin
(CW Investigations Editor)
Bryan Glick
(CW Editor In Chief)


Since publication:



Within one day of Campbell's article being published, evidence showed that he had engaged in disinformation and that he was misrepresenting the conclusions, theories and positions of other parties.

see: (archived)

The article should have been pulled immediately.

On August 3, 2018, I published an article titled "Deconconstructing Campbell's Smear Campain Yields A Blueprint For Propaganda" that provided background on the dispute between Campbell and myself and provided raw communications between parties for transparency and context. The article also highlighted several inaccuracies in Campbell's piece including Campbell's fake history of how the name "Ken" originally came about and why Campbell was allowed, exclusively, to believe in his false assumption (while other parties were told the truth, unbeknownst to him).

In the article:

The initial response providing the background on Campbell's antics was followed by an article that focused more on the ComputerWeekly hit-piece itself. On August 11, 2018 I published an article titled: "Deconconstructing Campbell's Smear Campain Yields A Blueprint For Propaganda: Part Two".

In the August 11, 2018 article, I explained and/or demonstrated:


Note: As a general rule, if someone attributes an affirmative hacking theory ("DNC hacked itself", "X hacked the DNC", etc) to myself in relation to Guccifer 2.0, it's a distortion to create a straw man to attack (and creates a theory that supports THEIR belief of a hack, not mine). I've never been convinced that Guccifer 2.0 was a hacker nor that the operation's material necessarily came from a hack. I've been clear on that, publicly, for a long time. The ComputerWeekly article uses multiple straw man attacks of this type.

A link to the above rebuttal and a complaint about ComputerWeekly's article were sent to Bryan Glick on August 14, 2018.

Glick responded: (emphasis mine)

email from Bryan Glick to Tim Leonard on August 14, 2018

Dear Tim,

Thank you for getting in touch.

It is our editorial policy to ensure our articles are researched and fact-checked before publication. Where factual inaccuracies are subsequently pointed out to us and proven, we would of course be happy to make appropriate corrections.

We contacted you on 27th July in advance of publication in accordance with our policy on offering right of reply to individuals featuring significantly in an article. We invited your response to a series of questions regarding the article. Your reply did not provide answers to those specific questions, but the invitation to provide responses to those questions remains open.

If you would like to highlight, by reply to this email, any specific, proven factual inaccuracies in our article, we will consider those items in the light of any new information you can provide. If we discover any such specific, proven factual inaccuracies, we will of course be happy to correct them.

Kind regards,


It's worth remembering Glick's assurance here.

I followed up with two emails listing many problems including baseless allegations, inaccuracies and distortions.

The first of these was sent on August 14, 2018 and included the following items:

Your headline claims that my work has been "pro-Kremlin".

The analysis and discoveries made regarding Guccifer 2.0 have not, in any way, been demonstrated to actually be pro-Kremlin. Presenting what is inconvenient for the USIC as "pro-Kremlin" is nothing more than perpetration of a false assumption from Campbell. Please provide proof to support this assertion or retract this claim.

The article asserts that former US intelligence agents were duped with manufactured "evidence".

The evidence in question is evidence that has long been in the public domain and that was in no way manufactured by myself, it actually exists on Guccifer 2.0's site - you should be clear about this but instead the way this is phrased is very likely to mislead your readers into thinking that I've manufactured evidence. Please correct this careless phrasing.

Bill Binney has clarified his position, and has not stated that anyone at VIPS were duped - had you checked to clarify this with Mr. Binney you could have avoided making this accusation. This is purely Campbell's opinion being presented as fact. Please clarify that this is Campbell's opinion, demonstrate the claim properly (the article fails to do this) or retract it.

Campbell asserts "fake evidence".

The files analyzed were those published at a conference in London that Guccifer 2.0 had advertised the day prior to it taking place, what the evidence suggests may be distorted by Guccifer 2.0's efforts but the adjective "fake" without sufficient context is likely to mislead your readers and doesn't distinguish that the evidence is an archive compiled by Guccifer 2.0 that Campbell thinks has been deliberately manipulated to deceive forensic investigators (a claim that he doesn't actually have proof of and that is entirely based on his inference but still stated as fact in the article).

"Leonard worked with a group of mainly American right-wing activists"

The majority of my activity was on Sanders related subs.

r/WayOfTheBern's moderators at that time (including head moderator FThumb who still runs the sub) were entrusted to publish my initial report on Guccifer 2.0, if, for any reason, I was unable to. I think FThumb will confirm this much for you.

tvor_22 certainly was not a right-winger, he was the first person that contributed to investigations by publishing his own research that I subsequently reported on.

The statement you've published is false, I worked with a group of Sanders supporters when I was compiling my report and the first person to publish additional research (that I reported on) was a left-winger. What would be fair to say, is that my work was well received by the right-wing but to say I worked with a group of mainly right-wing activists on anything I've done simply isn't true.

"to spread claims on social media that Democratic “insiders” and non-Russian agents were responsible for hacking the Democratic Party"

I've not stated that "insiders" or non-Russian agents had hacked the DNC. What I've actually stated is that Guccifer 2.0 seems to have acquired documents but that the hacking claims he made were discredited by ThreatConnect . If anything, I've said that Guccifer 2.0 didn't hack. This statement misrepresents what I've actually said, it is misleading and should be corrected or retracted. (see: , , , , etc)

"The claims led to Trump asking then CIA director Mike Pompeo to investigate allegations..."

It seems that it was a memo from VIPS that caught Trump's attention rather than anything I'd published or that Forensicator published. VIPS also made assertions of their own that neither Foreniscator nor myself made. Colleen Rowley may be able to confirm this for you, it was something she noted as part of her withdrawal from signing the VIPS memo.

"and that they could be proved to be an “inside job”, in the form of leaks by a party employee"

You're conflating separate things here and generally making a mess of everything. The NGP-VAN analysis had nothing to do with the emails published by WikiLeaks nor any demonstrable connection to Seth Rich, it was solely about Guccifer 2.0. This point was reiterated by Elizabeth Vos in an interview with Primo Nutmeg back in January. see: and was stated because there is no desire by any of us for people to hold misconceptions (which is more than can be said for Duncan Campbell, who has gone out of his way to create misconceptions).

"The GRU’s hackers were caught red-handed in June 2016, when the Washington Post exposed evidence of their role.".

What evidence are you referring to exactly? Dmitri Alperovitch even concedes in that article that they had no evidence at that time. You should correct this to "allegations" for the sake of accuracy and so as not to mislead your readers - or just retract the false claim.

"Within 24 hours, after the Post had asked Russia for comment, the hackers fabricated evidence and planted a false trail that the hacking was the work of an imaginary, lone Romanian called Guccifer 2.0"

Guccifer 2.0 planted evidence suggesting he was Russian more than anything else. To be fair, you may infer from the embedded datastore objects with the GMT+3 times that he tried to plant a false trail to Romania but one of the files had a GMT+4 time, the metadata was Russian language rather than Romanian, the stylesheet entry added was Russian rather than Romanian, he chose to use a Russian VPN (rather than Romanian) and he dropped a "Russian Smiley" in his first blog post which the corpus (see: shows was not something he habitually used at all, quite the opposite in fact. He primarily planted evidence suggesting he was Russian and did this through a series of deliberate choices/actions made. He then merely claimed to be Romanian but anyone ripping off this extremely thin veil would see indicators of Russian origin behind it the second they questioned anything.

"Detailed evidence had not been publicly available until the publication of the indictment."

The indictment did not contain evidence. An indictment alone is not evidence. Therefore, evidence still is not publicly available but your article makes it appear otherwise. This is misleading your readers.

"In Britain at the same time, archived evidence shows, Tim Leonard was completing a website intended to obfuscate the truth about Guccifer 2.0 and the GRU"

No, evidence does not show there was any intent to obfuscate the truth, at best (for your side in this dispute), I did errantly suspect Flood to have had some involvement (because it was bizarre that his name would turn out to be the author of 3 documents he didn't really author), however, within the first month, I clarified that Flood may have had no involvement and the site only become more accurate exponentially over time as more has been learned and more evidence has come to light. If the intention was to obfuscate the truth, the quality and accuracy of information would not have rapidly and consistently improved and I wouldn't have tried to collate primary source information or encourage people to focus on the evidence and to draw their own conclusions rather than adopt mine. I wanted to discover the truth (and still do), I never had any intention to obfuscate whatsoever.

"A Twitter account traced to Leonard revealed his new project – a campaign claiming that the hacking was done by a Democratic Party insider."

Again, I've not said an insider was hacking, I've said that Guccifer 2.0 was a pretend hacker and that his hacking claims were discredited. My project was intended for me to understand what Guccifer 2.0 was and to collate as much evidence relating to the persona as possible. The real reasons for me strarting the project were explained in an interview I did with Jason Ross back in September 2017. see: - my reasons for what had inspired me to start investigating have never changed (excluding Campbell's fraudulent efforts to assign himself as an interpreter).

To further demonstrate the point I'm making here, you even cite my question: "What if #Guccifer2 is NOT Russian ... NOT even a hacker..."

"who had faced demands to disclose their evidence and sources about Guccifer 2.0. All declined or ignored him"

They were sent polite requests for information relating to Guccifer 2.0 and communications from the persona. Where is there evidence that sources were being demanded?

"he transformed Defianet to make it a focus for US extremist and conspiracy “independent media” groups"

Name an extremist group that I linked to or post a correction.

"Leonard has created and managed a library of disinformation manuals and techniques shared with his supporters, including “Weaponisation of social media”, “Deception techniques” and “Information warfare""

Through framing and omission you have given readers a false impression. The links go primarily to studies and research about disinformation and propaganda. These were only ever presented to others in the context of fighting against disinformation and propaganda and by omitting the fact it includes "How to Detect Propaganda", "Detecting Deception: Current Challenges and Cognitive Approaches", "Deception: Essays from the Outis Project on Deception", etc. you've misrepresented my efforts completely.

My social media activity make this context very clear: , , , , , , , , etc.

You should clarify this intent and context as the way you've currently presented it is misleading.

"One @with_integrity tweet asked for confirmation that the cyber security expert who first spotted Russian hackers was Jewish. “Social media activity patterns [suggest] possible observance of the Sabbath,” he told followers."

You should clarify that this arose from a study of Guccifer 2.0's social media activity.  However, there's a bigger issue here.  It's fairly clear by the sequence of topics in the article that this is an attempt to trick your readers into thinking I'm antisemitic when the reality is that I've never made an anti-semitic statement in my life. This is disgraceful and should be retracted just on the principal that you're fooling your readers into forming a grossly false impression about myself.

"One document – a tip-off file obtained in June 2017 by Leonard’s site from an “anonymous source” – took new disinformation all the way to the White House and the CIA."

The "tip-off" file was from Forensicator, it was actually an early draft of his work and was posted for the purpose of seeking peer-review. The document is consistent with the rest of Forensicator's work (which an objective analysis would make clear not that I expect you to check or even be capable of such).

"took new disinformation all the way to the White House and the CIA."

What "disinformation" was that? Please provide proof to support this statement.

"included complex details explaining how to unlock information inside a tranche of files"

No, it analyzed data and through derivative data sets allowed certain indicators of transfer rates, etc to be identified - this wasn't "unlocking" anything.

"Metadata in the files had been manipulated to “prove” that the documents".

There is no evidence of this, it's purely speculative based on Campbell's inference.

"Until the file arrived, the information hidden in the files, created by the GRU hackers and known only to them, had not been detected by security experts"

If it was planted and supposed to be found, it would have been found in 2016. This is the whole point of looking for obscure data points (as well as data that was independently recorded, such as social media activity) in which an entity like Guccifer 2.0 would be far less likely or capable to have manipulated data to deceive forensic investigators (such as he clearly did with his first batch of files released on June 15 2016).

"The document, rewritten for propaganda effect"

No, the document was continued and expanded upon further by Forensicator. It was NOT re-written. If it had been re-written for propaganda effect, it would have incorporated distortion, lies, propaganda devices and baseless speculation - such as Campbell has very clearly provided to you with his article.

I followed up with more examples of inaccuracies and issues with the article two days later, the examples included the following:

"and claimed to be the work of a new fake personality called Forensicator"

Everything on Forensicator's blog is the work of an independent third party and any objective analysis will show considerable differences between his output and that of myself and/or anyone at Disobedient Media.

He has digital forensics knowledge and capabilities that considerably surpass my own and those of anyone at Disobedient Media.

How exactly we're supposed to have created a "fake personality" that is capable of what we're not doesn't even make any sense.

Campbell's claims on this matter are illogical, unsupported by evidence and contrary to objective consideration of the output from all accused parties.

"were persuaded, without checking the file data, to say that the hacking was the work of insiders."

Again, neither VIPS, myself, Forensicator nor, to my knowledge, Disobedient Media, have said that the NGP-VAN archive was the result of anyone hacking, "insiders" or otherwise.

Binney, McGovern, etc. had already spoken out against the allegations of the DNC hacking allegations lacking sufficient evidence to pin on Russia long before Forensicator started any of his analysis on the NGP-VAN archive and one of their associates reached out to me for more information.  Your article, though, makes it sound like we convinced them into being skeptics when the reality is that they already were highly skeptical of claims and already had spoken out.

Due to wanting to retain his anonymity (and seeing Campbell's behavior, you can hardly blame his caution), I ended up having to act as a go-between, relaying messages between both parties and in that regard I have always acted in good faith, never served to mislead and I have not seen any effort on Forensicator's behalf to try to mislead either.

Where Campbell is concerned about crafting partisan-pandering narratives, Forensicator only cares about the evidence and technical probabilities.

“Ray’s determination to publish claims he wanted to believe without checking facts and discarding evidence he didn’t want to hear exactly reproduced the Iraq war intelligence failures which the VIPS group was formed to oppose”

I'll say this more as a challenge to Thomas Drake.  What evidence does he think hasn't been acknowledged and does he not realize that trying to suppress and unduly undermine what independent researchers have discovered (something Drake now appears to be on-board with) is even worse than what he's accusing Ray of here?

"The ploy succeeded"

There was no ploy.  This is a gross distortion of efforts made to understand what Guccifer 2.0 was and to report on new evidence, no matter which narratives it supports.  (which Campbell frames as being conflicting/contradictory theories)

What Campbell omits is the fact that most of my work has been about debunking claims through the use of evidence and objective analysis and Guccifer 2.0 is not the only subject where I do this.

I also debunk claims and conspiracy theories from the opposite end of the political spectrum and debunked nonsense about Seth Rich/MS-13, a fake Podesta leak, as well as a few FBI/DOJ hoax documents, etc (including some of the hoaxes propagated by "Q" followers).


I also debunked BadVolf before Kevin Poulsen and caught him out manufacturing evidence retroactively which I covered in detail at:

It's amazing how much Campbell has omitted and refused to accept in his efforts to paint a false image of me being interested in propagating conspiracy theories when the reality is that I've wanted to lay out as much reliable and verifiable evidence as possible in front of the general public in order to debunk a conspiracy theory.

I really couldn't be clearer in separating my opinions from the evidence, Campbell on the other hand, does what he does.

"NSA’s top secret records, disclosed in the DoJ indictment earlier this month,"

Binney has countered with observations about the use of NSA evidence being used in the indictment and why it's unlikely this was actually the source.  You may want to fact-check this statement for accuracy and make sure it's not just speculation from Campbell.

"The Guccifer 2.0 files analysed by Leonard’s were “manipulated”, he said, and a “fabrication”."

The files I (and other researchers) have analyzed came directly from Guccifer 2.0's own blog.  You make it sound like I've worked on a batch that were specifically manipulated whereas I (and other researchers) have inspected these files, identified anomalies and exposed fabrications in considerable detail.  The way this is phrased is prone to mislead your readers and unduly load suspicion on to me, which is unfair.

Binney has been interviewed since the publication of your article and clarified that he's not saying that Forensicator or I had manipulated or fabricated anything and my editor at Disobedient actually spoke with Binney to seek clarifications - we take editorial responsibility far more seriously than you seem to think (or even seem to be doing yourselves).

"Leonard’s @with_integrity Twitter account had also posed as a US citizen in the same period"

I never claimed to be an American, have only ever stated my origins as being from the UK and everyone that follows me on Twitter knows I'm from the UK.  I did express solidarity with Sanders supporters because I supported Sanders but I doubt that, with only around five followers on Twitter, I was really influencing anything unduly through this.

"Leonard created the Hexcell program in a failed attempt to find data proving Guccifer was a former Democratic Party manager."

No, it was a hex-viewer and RTF analysis tool that did not have a political objective attached.  It was an effort to understand more about Guccifer 2.0's first files, that's all.  Even before HexCell existed Flood's name being present on multiple documents had already been established - this was just part of trying to understand why that might be and to look for any other clues (again, no matter what they did or didn't support).

Campbell's claim here is highly speculative (and, to be clear, bullshit).

Glick did not respond.

On August 30, 2018, Forensicator published an article titled "The Campbell Conspiracy".

Forensicator explained that Duncan Campbell saw a problem that arose from Forensicator copying a BASH script into WordPress (which messed with the formatting and malformed the script) and leaped to all the wrong conclusions over it.

Forensicator shows that Campbell didn't have the sense to apply Hanlon's razor and consider the most probable and reasonable causes for what he saw. Forensicator demonstrated, in his article, that he understood the script very well and that, in fact, the script he had included along with the draft version of his article worked fine and didn't have the problem (therefore, it happened when he copied it into WordPress).

Forensicator destroyed Campbell's conspiracy theory fantasies (covering more than just the BASH script nonsense highlighted above) as much as any person can reasonably be expected to do.

I emailed Glick the following day with a link to Forensicator's article.

email from Tim Leonard to Bryan Glick on August 31, 2018


Forensicator has debunked several of Campbell's conspiracy theories:

You did not fact-check claims of a technical nature as thoroughly as you should and subsequently have allowed demonstrably bogus conspiracy theories (coupled with doxxing and distortions as part of a smear campaign) to be fed to your readers.  Some of the evidence cited even contradicts what is asserted by Campbell.

You, as an editor, should also have recognized the form and nature of Campbell's work as being propaganda, as I've said before, it simply wouldn't have made it through Disobedient Media's editorial oversight process because it's a mish-mash of unsubstantiated conspiracy theories that completely overlook countervailing evidence and Campbell blatantly distorts and/or tries to present tenuous correlation as causation with him desperately seeking long into my past, way before I even embarked on researching/writing/reporting... all in order just to attack character.

The fact is that Campbell didn't cover a single one of my studies or any of the evidence I reported on (aside from Forensicator, whom Campbell is completely wrong about too, for the record) and I'm shocked you've allowed such blatantly biased and deliberately dishonest bilge to be foisted upon your readers.

It also seems that you've continued to willfully propagate what you should already know is disinformation and are refusing to rectify a clear failure in editorial oversight at ComputerWeekly.  I hope that it's starting to become clear to you just how bad this is looking for you.

Campbell knowingly and deliberately tried to mislead people, he has attacked character, name-called, smeared, tried to misrepresent testimonial, distorted egregiously and has avoided my studies and research entirely.

In return, those of us he falsely labels "pro-Kremlin trump trolls", have responded by dilligently dismantling Campbell's claims through disclosure of communications, referencing countervailing evidence that Campbell has disregarded/omitted and by debunking Campbell's claims on technical plausibility, probability and possibility.

Does ComputerWeekly have a response to what Forensicator, Elizabeth and myself have demonstrated so far and can you explain why such a demonstrably misleading article, of which many flaws have already been pointed out to you personally, is still being propagated by your publication with the only updates you have added being for the sake of furthering misconceptions pushed by the article?

By now, we had already demonstrated multiple "factual inaccuracies" (to use the term Glick used in his assurances two weeks earlier) and showed that Campbell had ran with silly conspiracy theories that lacked merit.

Glick still did not respond.

To help illustrate just how bad things are in the ComputerWeekly piece, here are three consecutive paragraphs that immediately follow their "The Forensicator Fraud" sub-heading along with notes covering the inaccuracies:

The team that created Forensicator, including Leonard (Wrong. I didn't create Forensicator, he's an analyst in the US, Campbell ignores various factors including Forensicator revealing his own local timezone as PDT), gave away that they were not the real authors of the analysis when they inaccurately copied a Linux “Bash” script they had been sent, breaking it. (It was a formatting issue pasting the script into WordPress.) This suggested that they did not write, understand, or test the script before they published (or... it was simply an issue pasting a script into a WordPress article). Someone else had sent the script, together with the fake conclusion they wanted discovered and published (or... it was simply an issue pasting a script into a WordPress article and Campbell didn't understand that I was hosting a draft of Forensicator's report for peer review prior to him having his own blog.) – that DNC stolen files had been copied in the US Eastern Time zone on 5 July 2016 (that's not the date that the Eastern timezone indicator relates to, that would be September 1, 2016.. AND.. it was in relation to archival of files, NOT copying) , five days before DNC employee Seth Rich was killed.

Uncritical reporters failed to spot that the Forensicator blog gave no evidence for its conclusion (no, it's just that it doesn't give evidence for the conclusion that Campbell is about to falsely attribute to Forensicator!) , which was that the data analysed was evidence of theft by local copying happening within the eastern US (Wrong. 1. Forensicator spoke out against such a misconception back in August 2017. 2. it was the archival operation not copying that produced the Eastern timezone indication. 3. Forensicator has NOT argued for "theft by local copying" happening in the eastern US or anywhere else nor argued that this was exfitration from the DNC. - So, of course, Forensicator isn't going to have evidence for a conclusion he didn't actually make and that is just a distortion from Campbell). The Forensicator report avoided pointing out that the time stamps examined were present only in the special London group of documents, and not in tens of thousands of other DNC files published by WikiLeaks or Guccifer 2.0. (Wrong. This was already false at the time of publication and there are now at least four pieces of evidence from separate incidents that disprove this. Additionally we have other pieces of evidence separate from files released by Guccifer 2.0 that suggest a US origin).

The files were manipulated using an unusual method of file packing, forensic checks show (it looks like the process involved the files being RAR'd, then moved to a thumbdrive and then, at some point, the contents of that thumbdrive were archived with 7-zip - the reason for the two different archival formats could easily just be because the thumbdrive was used on two different devices with different archival applications on them. Campbell, however, just assumes that this was all trickery to signal an eastern time zone by sneaky Russians while ignoring, contrary to his Seth Rich themed conspiracy theory, that this actually related to September rather than July). Because of computer clock settings, the packing operations appeared to have created “evidence” that the stolen files had been copied in the US Eastern Time zone (The timezone indication comes from the "packing operation" itself, not from any prior copying), which includes Washington.

It appears ComputerWeekly's policies of "researching and fact-checking" either weren't followed or were inadequate here.

Some of the claims made are also things that Campbell should have known to be false or misleading on the basis of what he had already stated in an email to another analyst (Stephen McIntyre) long before Campbell's article was published. Campbell was aware of Forensicator's clarifications on this topic yet seems to have ignored these selectively when convenient for the narrative he was spinning.




On October 4, 2018, I phoned Bryan Glick at ComputerWeekly's offices.

I asked Glick to substantiate the claims his publication made in it's headline and asked for examples of where I had engaged in disinformation or where my work was "pro-Kremlin".

Glick could not cite any examples and started making statements about beliefs and opinions.

I advised Glick that he should make this clear to his readers rather than expressing opinions and beliefs as though they were definitive fact.

Following this, I emailed Glick with requests to substantiate the two main claims I had asked him to substantiate by phone:

email from Tim Leonard to Bryan Glick on October 4, 2018

Hi Bryan,

Thank you for taking the time to discuss our disagreement briefly earlier today.

Putting aside the opinions and beliefs you may hold and focusing on facts, allegations and evidence, please can you provide:

Thank you.

Kind Regards,

Tim Leonard

These are basically the same two things Campbell was challenged to demonstrate nine months prior to the ComputerWeekly hit-piece being published (by the VIPS associate who introduced me to VIPS members). Campbell wouldn't respond to that challenge (and it's probably why The Register had the sense to avoid publishing Campbell's earlier efforts).

I thought that, being unable to substantiate the two major claims made in the headline, Glick would give his article serious reconsideration (as I think most sensible and responsible editors would do).

I was wrong. Glick's response, coming one day later, showed he had no interest in trying to substantiate his publication's allegations and that he hadn't really given appropriate consideration to what I had sent to him:

email from Bryan Glick to Tim Leonard on October 5, 2018

Hi Tim,

We have reviewed our July article in the light of your emails and subsequent articles and have not found evidence of inaccuracies or new information that would require our article to be amended. Our readers can and will come to their own judgement on our reporting.

With best regards,


There were already demonstrable inaccuracies and inaccuracies pointed out that were trivial to verify (eg. by simply comparing claims and conclusions in the source material with Campbell's modified and distorted versions) and it was becoming crystal clear that Glick only cared about Campbell's side of the story.

At this point, I started to suspect that Glick had no intention of ever making corrections, no matter what we could demonstrate.




On January 14, 2019, Duncan Campbell made a mistake. He provided clarification on a statement in his article that had previously been open to interpretation.

In the ComputerWeekly article, Campbell had argued:

In his tweet (archived), Campbell clarified exactly what he had meant by this:

Already, by this time, there were at least four separate examples of evidence providing US timezone indicia in relation to other files Guccifer 2.0 had released (and there were more indicators supporting this aside from file metadata, such as emails, blogging activity, social media activity, etc).

Not only that but just a couple of weeks prior to Campbell tweeting this, I had already informed him that we had found a second Eastern US timezone indicator and pointed out that Guccifer 2.0 didn't need to retroactively fabricate anything to place himself on the East coast in early July (as per Campbell's theory) as there was already evidence supporting this in the public domain as of July 6, 2016.

Examples were cited to Campbell in replies to his tweet. (here and another, in February 2019, here)

No corrections were made by Campbell or ComputerWeekly. No acknowledgement was made of the error and, due to the prior notification from myself, it looks like Campbell should have known better than to still be making such claims.

Most importantly, though, it gave us clarification on what the statement in the article was arguing for and we learned that it's a false statement that effectively denies the existence of multiple pieces of evidence that corroborate the research and reporting of those Campbell was defaming.



JUNE 2019

On June 7, 2019, Forensicator published an article titled "The Campbell Coincidence".

The article provides counter arguments to Campbell's "timestamp tampering" theory and challenges Campbell's argument about file timestamps appearing to slot together neatly. Forensicator argues that Campbell hadn't considered the duration of each transfer and, if he had, he would have found that the files don't slot together neatly in the way Campbell imagined and that there were actually two overlaps occurring in Campbell's timeline that Campbell was unaware of because he hadn't considered this and was only looking at transfer completion times.

Forensicator also raised other issues with Campbell's theory.

It is difficult to deal with Campbell's tampering theory with certainty in some areas because he hasn't produced a detailed description outlining his methodology, observations and conclusions (ie. exactly what scenario/process it is he's arguing for) and when asked to clarify on ambiguities and explain anomalies that seem to be introduced in the scenario proposed, he doesn't respond.



JULY 2019

On July 5, 2019, I published an article providing a recap.

see: "Briton Ran Pro-Kremlin Disinformation Campaign" Story Was Disinformation

By now, enough had built up that the case against Campbell and ComputerWeekly had grown to be quite strong.

It was clear the publication had disseminated disinformation and made false claims about digital forensics evidence.

I reported on highlights, linking to evidence and relevant studies and covered the following points:





On January 1, 2020, following Duncan Campbell making more dubious claims (this time published by NBC News's Ben Collins), I emailed him. (with NBC's Ben Collins, five editors at NBC and ComputerWeekly's Bryan Glick all included as CC recipients).

The email was primarily about his comments that featured in the NBC article from October 2019, however, in relation to the ComputerWeekly article, I did ask Campbell for a response to Forensicator's article that presented counter arguments against Campbell's timestamp tampering theory and asked that he demonstrate his "pro-Russian" allegations.

On Janary 22, 2020, I emailed Campbell again, noting that he hadn't responded and that nobody seemed able to substantiate his claim. In relation to the ComputerWeekly piece, I provided a link to McIntyre's August 1, 2018 evidence of disinformation. I asked Campbell if he or Glick could explain why they had failed to make corrections despite there being evidence directly contradicting his claims and asked why he published information that he appears to have known was false and misleading.

He did not respond.



MARCH 2020

On the 9th, 10th and 11th of March, 2020, I phoned Duncan Campbell to ask him questions that he had failed to answer back in January. I made sure I called at different times of the day on each day (to increase my chances of catching him when he wasn't busy).

Campbell didn't answer and he didn't respond to the questions left in messages.



MAY 2020

On May 2, 2020, I emailed Glick. Goodwin and approximately another ten editors/reporters at ComputerWeekly. The subject line was fairly blunt about the issue being raised:

"Why Is ComputerWeekly Still Being A Platform For Disinformation & Demonstrably False Claims About Evidence"

I provided links to the evidence demonstrating that the claim they had published about a lack of other digital forensics evidence pointing at the US was false.

email from Tim Leonard to Bryan Glick on May 2, 2020 (excerpt)

The following pieces of evidence demonstrate that your article contains false claims about evidence with US timezone indicators:

EDT Timezone:

CDT Timezone:
Analysis 1:
Analysis 2:

PDT Timezone:
Evidence 1:
Evidence 2:

The email also covered evidence that suggested Campbell had deliberately sought to mislead the public about the positions and conclusions of others:

email from Tim Leonard to Bryan Glick on May 2, 2020 (excerpt)

Your author also made claims that they knew to be untrue based on what they had stated in their prior communications with others.

Stephen McIntyre independently provided an example of this:

Glick did not respond and, of course, no corrections were made.



JULY 2020

On July 27, 2020, I emailed Glick to inform him that there was a new problem discovered with Campbell's timestamp tampering theory that I had discovered:

email from Tim Leonard to Bryan Glick on July 27, 2020 (excerpt)

The technical theory your publication promoted also seems to have a few problems:

All one has to do is look at the DNC.rar archive and contrast that with Campbell's one-hour timeline hypothesis. The minute-past-the-hour values in the last mod timestamps of the contents are later than the RAR archive which points to the contents getting their last mod times from an hour prior to when the RAR archiving was done. This, in itself, contradicts the premise of the files originating from a one-hour timeline such as Campbell appears to be proposing with his theory.

Campbell's methodology introduces a chronological anomaly (and this is on top of Forensicator's argument about accounting for transfer durations and the subsequent clashes in the timeline that this produces). Once we bring back the two thirds of timestamp evidence Campbell chose to omit, the chronological anomaly disappears and order is restored.

Glick did not respond.




On August 2, 2020, I emailed Campbell (with Glick and Bill Binney as CC recipients) and informed him of the problem discovered with the one-hour timeline and a chronological anomaly his methodology and scenario introduced and asked him to clarify his arguments on this.

I included Bill Binney as a CC recipient because I knew he found Campbell's theory compelling and had hoped that with Binney included as a recipient, Campbell might be more willing to defend his theory.

Campbell did not respond.




It had now been six months since ComputerWeekly were presented multiple pieces of evidence demonstrating that they had made false claims about digital forensics evidence (and were concealing an array of evidence that corroborates the research and reporting of their hit-piece's primary targets) and a link to where they could find evidence showing their author had made claims he would have known were false.

On November 18, 2020, I emailed Goodwin to bring his attention to the new issue concerning Campbell's timestamp tampering theory that I had previously raised with Campbell and Glick.

On November 22, 2020, I sent a few Twitter DMs to Goodwin. I requested receipt of the evidence sent in May, I provided a link to McIntyre's thread about inaccuracies and disinformation in ComputerWeekly's article and also provided him a link to my report from last year which provides links to verifiable evidence.

On November 30, 2020, I emailed Glick asking for him to confirm receipt of the evidence sent in May 2020.

No responses were received.




On December 1, 2020, I called Goodwin and asked for him to confirm receipt of the email sent in May. He said he would have to check his emails. He then stated that Campbell's article was accurate and that he stood by it. I informed him that it was full of inaccuracies and started explaing one for which I'd already published evidence of two years prior. He then interjected to say that in his opinion I was engaging in disinformation and that he would have to terminate the call. I asked if he could at least confirm receipt of the email in November, he again made excuses to terminate the call and no confirmation was provided. I said I'd give it another day and call back.

Subsequent calls requesting confirmation of receipt went unanswered.

Glick and Goodwin would not confirm receipt of evidence and have been unwilling to discuss the problems with their article.




ComputerWeekly's editors have published disinformation, distortions, false claims about digital forensics evidence, conspiracy theories that were subsequently debunked, a technical theory that fell apart and their article attributes theories to people who have not held those theories.

Campbell, Goodwin and Glick have egregiously misled the public regarding independent analysis and evidence discovered in relation to Guccifer 2.0 (and about the Guccifer 2.0 operation itself). They have hurt legitimate research and researchers who have never deserved to have their hard work maligned by Campbell's lies and ridiculous fantasies.

Their article has served to be a corrupting and illegitimate source of information on this topic, and, those who published it have demonstrated themselves to be deceptive or incredibly incompetent in their handling of facts and evidence. This, at least, becomes apparent when considering their refusal to address proven inaccuracies.

The hit-piece was a cocktail of conspiracy theories, disinformation and malicious propaganda.

By publishing Campbell's hit-piece, propping it up in spite of everything that's been demonstrated, stubbornly refusing to make corrections and, apparently, stonewalling now that their position is so clearly untenable, Bryan Glick and William Goodwin have proven themselves to be irresponsible (and, in my opinion, dishonest) editors. They clearly don't care that their technology publication is providing a platform for false technical claims, broken technical theories wrapped in discredited conspiracy theories and fraudulent distortions of technical analysis that unduly corrupts public perceptions of legitimate investigations into Guccifer 2.0.


If there are any concerns or issues here that anyone would like to speak with me about, please feel free to contact me on: