ComputerWeekly's Fake News Fiasco
ComputerWeekly published false claims, wrongly denied existence of multiple pieces of digital forensics evidence, pushed dubious technical theories wrapped in conspiracy theories and distorted technical analysis, reporting and opinions of multiple parties to form a series of straw man attacks. The publication's editors have refused to accept verifiable evidence, have stonewalled when asked to confirm receipt of evidence and have betrayed the assurances of the publication's editor-in-chief regarding corrections.
In 2018, UK-based technology publication ComputerWeekly published an article that purported to expose a Briton who had allegedly ran a "pro-Kremlin disinformation campaign".
Evidence showing that the article contained distortions and disinformation emerged the following day and the situation has only devolved since publication due to how editors have handled facts and evidence.
- was riddled with inaccuracies
- made false claims about digital forensics evidence
- argued that legitimate digital forensics analysis was a "fraud"
- featured conspiracy theories that have since been discredited
- featured a technical "tampering" theory that has since been discredited
- needlessly doxxed an independent journalist
- misrepresented positions, conclusions and research of multiple analysts, creating straw man attacks
- attributed theories to people that they've never held
- concealed the author's own false assumptions and omitted critical context the author was aware of
- attributed the identity of an analyst in the US to the wrong people
- used a slew of innuendo, insinuations, logical fallacies and propaganda techniques
- contained various baseless allegations that were not supported by facts or evidence that neither the author nor editors were able to substantiate when requested.
- made claims that the author would have known were false (ie. It's ComputerWeekly that has published disinformation)
Those primarily responsible for this were:
Duncan Campbell (Freelance Journalist)
William Goodwin (CW Investigations Editor)
Bryan Glick (CW Editor In Chief)
- It was shown (within a day of publication) that the article's author, Duncan Campbell, had made a claim he would have known was false. In other words, it was almost immediately apparent that ComputerWeekly had published disinformation.
- Third party reporters interviewed Bill Binney and obtained clarifications on issues where ComputerWeekly had misled it's readers.
- Glick stated that the publication would correct things that were provably false but their subsequent inaction in response to proven falsehoods and inaccuracies suggests there was no genuine will to do this.
- Numerous inaccuracies have been pointed out to Glick and Goodwin including some serious errors that deny the existence of several pieces of digital forensics evidence (from multiple incidents).
- Campbell's "Forensicator Fraud" conspiracy theories were debunked.
- When asked to demonstrate his publication's "disinformation" and "pro-Kremlin" claims, , Glick was unable to. Instead, Glick made statements regarding "belief" and "opinion". Glick was advised that he should make the basis of his claims clear to readers rather than falsely present them as facts.
- Campbell has been challenged to substantiate various claims by email and phone. He refuses to respond to legitimate questions and requests for him to substantiate his allegations.
- Forensicator has explained how Campbell's timestamp tampering theory didn't account for transfer duration, and, had it been accounted for, Campbell would have found two overlaps in the timeline rather than 11 of the 13 RAR files appearing to slot neatly into gaps in the timeline.
- Evidence was found showing that Campbell's methodology and scenario proposed in relation to his timestamp tampering theory actually introduces a chronological anomaly which discredits the scenario proposed.
- Campbell fed more smears and unsubstantiated allegations into the public domain via NBC News. He was challenged to substantiate a claim of "proof" and so were the editors. Nobody responded. The author (Ben Collins) was challenged to demonstrate the claims on Twitter, he didn't respond.
- Further evidence was discovered corroborating Forensicator's work and my reportage with several new indicators from Guccifer 2.0's activities that were in line with US timezones.
- Evidence was discovered showing Guccifer 2.0 left behind Russian language indicia in documents with a device that wasn't really configured for use in Russia (further supporting suspicions that the Russian breadcrumbs were being left behind deliberately).
- Campbell posted to Twitter: "Another part of the scam was to avoid dealing with why funny data with US timezone only appeared in one specially tampered document dump" when we had already reported on three separate pieces of evidence that demonstrated Campbell's claim was false (and another party had also discovered another example that I wasn't aware of at the time). He had already been notified, two weeks prior to making this false statement, that there was another Eastern timezone indicator discovered relating to evidence Guccifer 2.0 had left behind on July 6, 2016.
- Despite verifiable evidence proving falsehoods, despite inaccuracies and distortions that are trivial to verify being highlighted and despite demonstrating that Campbell engaged in disinformation, Glick and Goodwin appear to have made no corrections or clarifications to address any of these issues. (The only update ComputerWeekly did provide was to further the propagandist nature of the hit-piece.)
- Despite asking Glick and Goodwin to confirm receipt of emails concerning their authors use of disinformation and proven false claims made about digital forensics evidence they have avoided providing confirmation.
- Goodwin has claimed, in a phone call, that the article is accurate despite him being sent evidence showing that it is not. When asked to confirm receipt of evidence and told about one of the inaccuracies he made bogus excuses to terminate the call.
Within one day of Campbell's article being published, evidence showed that he had engaged in disinformation and that he was misrepresenting the conclusions, theories and positions of other parties.
see: https://twitter.com/ClimateAudit/status/1024631456256016384 (archived)
The article should have been pulled immediately.
On August 3, 2018, I published an article titled "Deconconstructing Campbell's Smear Campain Yields A Blueprint For Propaganda" that provided background on the dispute between Campbell and myself and provided raw communications between parties for transparency and context. The article also highlighted several inaccuracies in Campbell's piece including Campbell's fake history of how the name "Ken" originally came about and why Campbell was allowed, exclusively, to believe in his false assumption (while other parties were told the truth, unbeknownst to him).
In the article:
- I explained why Campbell was not impartial, that he had previously acted maliciously towards me, had tried pushing bogus rumors and conspiracy theories on to people (such as VIPS members) nine months prior to the ComputerWeekly article being published.
- I showed that, contrary to Campbell's claims, the name of "Ken", did NOT come from an allegation from myself and that this actually came from Campbell.
(He first mentioned the name to me on December 14, 2017 and, on that same day, I informed the VIPS associate who introduced me to VIPS members that Campbell was making a wrong assumption and I volunteered my real identity. I then started relaying emails and recordings of calls to VIPS members so they could see what Campbell was up to.)
- I showed that Campbell's tampering theory and methodology discarded the hour component of timestamps and that this effectively disregarded the existence of a three hour gap in some of the file activity.
- I also highlighted the fact that Campbell had contacted the university of another researcher and author, David Blake, pushing conspiracy theories there too (suggesting Blake's Twitter account had been taken over by Russians or the Far-Right when Blake had tweeted about articles he published on his "Loaded for Guccifer 2.0" blog).
- As part of this initial response, I released email correspondence between Campbell and myself.
The initial response providing the background on Campbell's antics was followed by an article that focused more on the ComputerWeekly hit-piece itself. On August 11, 2018 I published an article titled: "Deconconstructing Campbell's Smear Campain Yields A Blueprint For Propaganda: Part Two".
In the August 11, 2018 article, I explained and/or demonstrated:
- how Campbell refers to an article that provides no evidence as "exposing evidence".
- how Campbell was attributing positions and ideologies to me that were already contradicted by an interview I had done with Jason Ross in September 2017.
- that Campbell made a claim that is literally contradicted by the very thing he was quoting (saying that I allege hacking where I actually argue about a lack of evidence for hacking).
- that Campbell falsely accused me of demanding that journalists reveal their sources (I requested material relating to a source I already knew, Guccifer 2.0, because I was constructing a corpus for public review).
- how Campbell was mischaracterizing material I was linking to on the d3f.uk site (eg. IPA's "How To Detect Propaganda", etc. being framed as "disinformation manuals") where the whole purpose of linking to these materials is to educate the public on disinformation and propaganda. (Essentially trying to flip my opposition to disinformation and propaganda on it's head with a false cause framing.)
- how Campbell used a query I had made about Guccifer 2.0 not working on the Sabbath and combined it with a comment another party had said in a conversation I had no involvement in where the "K" slur (the anti-semitic one) was used in an effort to smear me as an anti-semite though guilt-by-extremely-tenuous-association.
- that Campbell was barking up every wrong tree in sight regarding the draft of Forensicator's first article (coming up with crazy conspiracy theories over what was really just a draft of Forensicator's work that I was hosting for the purpose of peer review, which the note accompanying the draft made quite apparent).
- that ComputerWeekly editors didn't seem to care to check in with Bill Binney and that Campbell's sleight-of-pen misrepresented Binney's position and had people thinking that Binney was accusing me of a fabrication when he wasn't.
- there was a video of Jason Ross's August 7, 2017 interview with Bill Binney in which Binney clarifies he was not accusing me of manipulation and provides other clarifications.
- that my former colleague, Elizabeth Lea Vos, had spoke with Bill Binney and also obtained clarifications.
- that Campbell claimed that the NSA’s top secret records were disclosed in the DoJ indictment (in reference to the Netyksho indictment) but that Bill Binney argued against this and said it wasn't true.
- that Campbell attributed a theory (as a false cause fallacy) to what was really just a file analysis script.
- that Campbell had tried to suggest that Russians were using the file analysis script (during our phone calls back in 2017) and that the only people besides myself who ever accessed it, according to logs, was Campbell and his associates.
- I explain that Campbell's theories #3, #4 and #5 that he attributes to me are all distortions or fabrications on his part. (#3 is a false cause fallacy, #4 is a theory about CrowdStrike hacking but I never asserted that they had hacked anything, #5 is a fairly obvious distortion of what I had actually written and again, pins a hacking theory on me when in reality I'm not alleging any hacking by any of the parties Campbell cites).
- I highlight that the only update ComputerWeekly seemed willing to make was one that served to further the smears rather than actually make any corrections.
- I also explained some issues with Campbell's conspiracy theories and other inaccuracies (we'll be going into those in more detail later, though, so it's not necessary to list all of these here).
Note: As a general rule, if someone attributes an affirmative hacking theory ("DNC hacked itself", "X hacked the DNC", etc) to myself in relation to Guccifer 2.0, it's a distortion to create a straw man to attack (and creates a theory that supports THEIR belief of a hack, not mine). I've never been convinced that Guccifer 2.0 was a hacker nor that the operation's material necessarily came from a hack. I've been clear on that, publicly, for a long time. The ComputerWeekly article uses multiple straw man attacks of this type.
A link to the above rebuttal and a complaint about ComputerWeekly's article were sent to Bryan Glick on August 14, 2018.
Glick responded: (emphasis mine)
email from Bryan Glick to Tim Leonard on August 14, 2018
Thank you for getting in touch.
It is our editorial policy to ensure our articles are researched and fact-checked before publication. Where factual inaccuracies are subsequently pointed out to us and proven, we would of course be happy to make appropriate corrections.
We contacted you on 27th July in advance of publication in accordance with our policy on offering right of reply to individuals featuring significantly in an article. We invited your response to a series of questions regarding the article. Your reply did not provide answers to those specific questions, but the invitation to provide responses to those questions remains open.
If you would like to highlight, by reply to this email, any specific, proven factual inaccuracies in our article, we will consider those items in the light of any new information you can provide. If we discover any such specific, proven factual inaccuracies, we will of course be happy to correct them.
It's worth remembering Glick's assurance here.
I followed up with two emails listing many problems including baseless allegations, inaccuracies and distortions.
The first of these was sent on August 14, 2018 and included the following items:
Your headline claims that my work has been "pro-Kremlin".
The analysis and discoveries made regarding Guccifer 2.0 have not, in any way, been demonstrated to actually be pro-Kremlin. Presenting what is inconvenient for the USIC as "pro-Kremlin" is nothing more than perpetration of a false assumption from Campbell. Please provide proof to support this assertion or retract this claim.
The article asserts that former US intelligence agents were duped with manufactured "evidence".
The evidence in question is evidence that has long been in the public domain and that was in no way manufactured by myself, it actually exists on Guccifer 2.0's site - you should be clear about this but instead the way this is phrased is very likely to mislead your readers into thinking that I've manufactured evidence. Please correct this careless phrasing.
Bill Binney has clarified his position, and has not stated that anyone at VIPS were duped - had you checked to clarify this with Mr. Binney you could have avoided making this accusation. This is purely Campbell's opinion being presented as fact. Please clarify that this is Campbell's opinion, demonstrate the claim properly (the article fails to do this) or retract it.
Campbell asserts "fake evidence".
The files analyzed were those published at a conference in London that Guccifer 2.0 had advertised the day prior to it taking place, what the evidence suggests may be distorted by Guccifer 2.0's efforts but the adjective "fake" without sufficient context is likely to mislead your readers and doesn't distinguish that the evidence is an archive compiled by Guccifer 2.0 that Campbell thinks has been deliberately manipulated to deceive forensic investigators (a claim that he doesn't actually have proof of and that is entirely based on his inference but still stated as fact in the article).
"Leonard worked with a group of mainly American right-wing activists"
The majority of my activity was on Sanders related subs. https://roadtolarissa.com/redditgraphs/?d3fi4nt&Histograph&Number&Comments
r/WayOfTheBern's moderators at that time (including head moderator FThumb who still runs the sub) were entrusted to publish my initial report on Guccifer 2.0, if, for any reason, I was unable to. I think FThumb will confirm this much for you. https://www.reddit.com/user/FThumb
tvor_22 certainly was not a right-winger, he was the first person that contributed to investigations by publishing his own research that I subsequently reported on. https://archive.fo/2dMfC
The statement you've published is false, I worked with a group of Sanders supporters when I was compiling my report and the first person to publish additional research (that I reported on) was a left-winger. What would be fair to say, is that my work was well received by the right-wing but to say I worked with a group of mainly right-wing activists on anything I've done simply isn't true.
"to spread claims on social media that Democratic “insiders” and non-Russian agents were responsible for hacking the Democratic Party"
I've not stated that "insiders" or non-Russian agents had hacked the DNC. What I've actually stated is that Guccifer 2.0 seems to have acquired documents but that the hacking claims he made were discredited by ThreatConnect . If anything, I've said that Guccifer 2.0 didn't hack. This statement misrepresents what I've actually said, it is misleading and should be corrected or retracted. (see: https://twitter.com/with_integrity/status/930578670288285696 , https://twitter.com/with_integrity/status/904317771617533952 , https://twitter.com/with_integrity/status/891004616183349248 , https://twitter.com/with_integrity/status/880010591208968192 , etc)
"The claims led to Trump asking then CIA director Mike Pompeo to investigate allegations..."
It seems that it was a memo from VIPS that caught Trump's attention rather than anything I'd published or that Forensicator published. VIPS also made assertions of their own that neither Foreniscator nor myself made. Colleen Rowley may be able to confirm this for you, it was something she noted as part of her withdrawal from signing the VIPS memo.
"and that they could be proved to be an “inside job”, in the form of leaks by a party employee"
You're conflating separate things here and generally making a mess of everything. The NGP-VAN analysis had nothing to do with the emails published by WikiLeaks nor any demonstrable connection to Seth Rich, it was solely about Guccifer 2.0. This point was reiterated by Elizabeth Vos in an interview with Primo Nutmeg back in January. see: https://www.youtube.com/watch?v=jj48ULzdJ1I and was stated because there is no desire by any of us for people to hold misconceptions (which is more than can be said for Duncan Campbell, who has gone out of his way to create misconceptions).
"The GRU’s hackers were caught red-handed in June 2016, when the Washington Post exposed evidence of their role.".
What evidence are you referring to exactly? Dmitri Alperovitch even concedes in that article that they had no evidence at that time. You should correct this to "allegations" for the sake of accuracy and so as not to mislead your readers - or just retract the false claim.
"Within 24 hours, after the Post had asked Russia for comment, the hackers fabricated evidence and planted a false trail that the hacking was the work of an imaginary, lone Romanian called Guccifer 2.0"
Guccifer 2.0 planted evidence suggesting he was Russian more than anything else. To be fair, you may infer from the embedded datastore objects with the GMT+3 times that he tried to plant a false trail to Romania but one of the files had a GMT+4 time, the metadata was Russian language rather than Romanian, the stylesheet entry added was Russian rather than Romanian, he chose to use a Russian VPN (rather than Romanian) and he dropped a "Russian Smiley" in his first blog post which the corpus (see: http://g-2.space/guccifer2_corpus_raw.html) shows was not something he habitually used at all, quite the opposite in fact. He primarily planted evidence suggesting he was Russian and did this through a series of deliberate choices/actions made. He then merely claimed to be Romanian but anyone ripping off this extremely thin veil would see indicators of Russian origin behind it the second they questioned anything.
"Detailed evidence had not been publicly available until the publication of the indictment."
The indictment did not contain evidence. An indictment alone is not evidence. Therefore, evidence still is not publicly available but your article makes it appear otherwise. This is misleading your readers.
"In Britain at the same time, archived evidence shows, Tim Leonard was completing a website intended to obfuscate the truth about Guccifer 2.0 and the GRU"
No, evidence does not show there was any intent to obfuscate the truth, at best (for your side in this dispute), I did errantly suspect Flood to have had some involvement (because it was bizarre that his name would turn out to be the author of 3 documents he didn't really author), however, within the first month, I clarified that Flood may have had no involvement and the site only become more accurate exponentially over time as more has been learned and more evidence has come to light. If the intention was to obfuscate the truth, the quality and accuracy of information would not have rapidly and consistently improved and I wouldn't have tried to collate primary source information or encourage people to focus on the evidence and to draw their own conclusions rather than adopt mine. I wanted to discover the truth (and still do), I never had any intention to obfuscate whatsoever.
"A Twitter account traced to Leonard revealed his new project – a campaign claiming that the hacking was done by a Democratic Party insider."
Again, I've not said an insider was hacking, I've said that Guccifer 2.0 was a pretend hacker and that his hacking claims were discredited. My project was intended for me to understand what Guccifer 2.0 was and to collate as much evidence relating to the persona as possible. The real reasons for me strarting the project were explained in an interview I did with Jason Ross back in September 2017. see: https://larouchepac.com/20170926/one-person-can-make-difference-adam-carter-responds-questions - my reasons for what had inspired me to start investigating have never changed (excluding Campbell's fraudulent efforts to assign himself as an interpreter).
To further demonstrate the point I'm making here, you even cite my question: "What if #Guccifer2 is NOT Russian ... NOT even a hacker..."
"who had faced demands to disclose their evidence and sources about Guccifer 2.0. All declined or ignored him"
They were sent polite requests for information relating to Guccifer 2.0 and communications from the persona. Where is there evidence that sources were being demanded?
"he transformed Defianet to make it a focus for US extremist and conspiracy “independent media” groups"
Name an extremist group that I linked to or post a correction.
"Leonard has created and managed a library of disinformation manuals and techniques shared with his supporters, including “Weaponisation of social media”, “Deception techniques” and “Information warfare""
Through framing and omission you have given readers a false impression. The links go primarily to studies and research about disinformation and propaganda. These were only ever presented to others in the context of fighting against disinformation and propaganda and by omitting the fact it includes "How to Detect Propaganda", "Detecting Deception: Current Challenges and Cognitive Approaches", "Deception: Essays from the Outis Project on Deception", etc. you've misrepresented my efforts completely.
My social media activity make this context very clear: https://twitter.com/with_integrity/status/996113729661100032 , https://twitter.com/with_integrity/status/996852333681266688 , https://twitter.com/with_integrity/status/996087532768104448 , https://twitter.com/with_integrity/status/999547001166540802 , https://twitter.com/with_integrity/status/928400348498231296 , https://twitter.com/with_integrity/status/957884227785314304 , https://twitter.com/with_integrity/status/1001076702284574720 , https://twitter.com/with_integrity/status/1011546003462328320 , etc.
You should clarify this intent and context as the way you've currently presented it is misleading.
"One @with_integrity tweet asked for confirmation that the cyber security expert who first spotted Russian hackers was Jewish. “Social media activity patterns [suggest] possible observance of the Sabbath,” he told followers."
You should clarify that this arose from a study of Guccifer 2.0's social media activity. However, there's a bigger issue here. It's fairly clear by the sequence of topics in the article that this is an attempt to trick your readers into thinking I'm antisemitic when the reality is that I've never made an anti-semitic statement in my life. This is disgraceful and should be retracted just on the principal that you're fooling your readers into forming a grossly false impression about myself.
"One document – a tip-off file obtained in June 2017 by Leonard’s site from an “anonymous source” – took new disinformation all the way to the White House and the CIA."
The "tip-off" file was from Forensicator, it was actually an early draft of his work and was posted for the purpose of seeking peer-review. The document is consistent with the rest of Forensicator's work (which an objective analysis would make clear not that I expect you to check or even be capable of such).
"took new disinformation all the way to the White House and the CIA."
What "disinformation" was that? Please provide proof to support this statement.
"included complex details explaining how to unlock information inside a tranche of files"
No, it analyzed data and through derivative data sets allowed certain indicators of transfer rates, etc to be identified - this wasn't "unlocking" anything.
"Metadata in the files had been manipulated to “prove” that the documents".
There is no evidence of this, it's purely speculative based on Campbell's inference.
"Until the file arrived, the information hidden in the files, created by the GRU hackers and known only to them, had not been detected by security experts"
If it was planted and supposed to be found, it would have been found in 2016. This is the whole point of looking for obscure data points (as well as data that was independently recorded, such as social media activity) in which an entity like Guccifer 2.0 would be far less likely or capable to have manipulated data to deceive forensic investigators (such as he clearly did with his first batch of files released on June 15 2016).
"The document, rewritten for propaganda effect"
No, the document was continued and expanded upon further by Forensicator. It was NOT re-written. If it had been re-written for propaganda effect, it would have incorporated distortion, lies, propaganda devices and baseless speculation - such as Campbell has very clearly provided to you with his article.
I followed up with more examples of inaccuracies and issues with the article two days later, the examples included the following:
"and claimed to be the work of a new fake personality called Forensicator"
Everything on Forensicator's blog is the work of an independent third party and any objective analysis will show considerable differences between his output and that of myself and/or anyone at Disobedient Media.
He has digital forensics knowledge and capabilities that considerably surpass my own and those of anyone at Disobedient Media.
How exactly we're supposed to have created a "fake personality" that is capable of what we're not doesn't even make any sense.
Campbell's claims on this matter are illogical, unsupported by evidence and contrary to objective consideration of the output from all accused parties.
"were persuaded, without checking the file data, to say that the hacking was the work of insiders."
Again, neither VIPS, myself, Forensicator nor, to my knowledge, Disobedient Media, have said that the NGP-VAN archive was the result of anyone hacking, "insiders" or otherwise.
Binney, McGovern, etc. had already spoken out against the allegations of the DNC hacking allegations lacking sufficient evidence to pin on Russia long before Forensicator started any of his analysis on the NGP-VAN archive and one of their associates reached out to me for more information. Your article, though, makes it sound like we convinced them into being skeptics when the reality is that they already were highly skeptical of claims and already had spoken out.
Due to wanting to retain his anonymity (and seeing Campbell's behavior, you can hardly blame his caution), I ended up having to act as a go-between, relaying messages between both parties and in that regard I have always acted in good faith, never served to mislead and I have not seen any effort on Forensicator's behalf to try to mislead either.
Where Campbell is concerned about crafting partisan-pandering narratives, Forensicator only cares about the evidence and technical probabilities.
“Ray’s determination to publish claims he wanted to believe without checking facts and discarding evidence he didn’t want to hear exactly reproduced the Iraq war intelligence failures which the VIPS group was formed to oppose”
I'll say this more as a challenge to Thomas Drake. What evidence does he think hasn't been acknowledged and does he not realize that trying to suppress and unduly undermine what independent researchers have discovered (something Drake now appears to be on-board with) is even worse than what he's accusing Ray of here?
"The ploy succeeded"
There was no ploy. This is a gross distortion of efforts made to understand what Guccifer 2.0 was and to report on new evidence, no matter which narratives it supports. (which Campbell frames as being conflicting/contradictory theories)
What Campbell omits is the fact that most of my work has been about debunking claims through the use of evidence and objective analysis and Guccifer 2.0 is not the only subject where I do this.
I also debunk claims and conspiracy theories from the opposite end of the political spectrum and debunked nonsense about Seth Rich/MS-13, a fake Podesta leak, as well as a few FBI/DOJ hoax documents, etc (including some of the hoaxes propagated by "Q" followers).
I also debunked BadVolf before Kevin Poulsen and caught him out manufacturing evidence retroactively which I covered in detail at: http://g-2.space/badvolf/
It's amazing how much Campbell has omitted and refused to accept in his efforts to paint a false image of me being interested in propagating conspiracy theories when the reality is that I've wanted to lay out as much reliable and verifiable evidence as possible in front of the general public in order to debunk a conspiracy theory.
I really couldn't be clearer in separating my opinions from the evidence, Campbell on the other hand, does what he does.
"NSA’s top secret records, disclosed in the DoJ indictment earlier this month,"
Binney has countered with observations about the use of NSA evidence being used in the indictment and why it's unlikely this was actually the source. You may want to fact-check this statement for accuracy and make sure it's not just speculation from Campbell.
"The Guccifer 2.0 files analysed by Leonard’s g-2.space were “manipulated”, he said, and a “fabrication”."
The files I (and other researchers) have analyzed came directly from Guccifer 2.0's own blog. You make it sound like I've worked on a batch that were specifically manipulated whereas I (and other researchers) have inspected these files, identified anomalies and exposed fabrications in considerable detail. The way this is phrased is prone to mislead your readers and unduly load suspicion on to me, which is unfair.
Binney has been interviewed since the publication of your article and clarified that he's not saying that Forensicator or I had manipulated or fabricated anything and my editor at Disobedient actually spoke with Binney to seek clarifications - we take editorial responsibility far more seriously than you seem to think (or even seem to be doing yourselves).
"Leonard’s @with_integrity Twitter account had also posed as a US citizen in the same period"
I never claimed to be an American, have only ever stated my origins as being from the UK and everyone that follows me on Twitter knows I'm from the UK. I did express solidarity with Sanders supporters because I supported Sanders but I doubt that, with only around five followers on Twitter, I was really influencing anything unduly through this.
"Leonard created the Hexcell program in a failed attempt to find data proving Guccifer was a former Democratic Party manager."
No, it was a hex-viewer and RTF analysis tool that did not have a political objective attached. It was an effort to understand more about Guccifer 2.0's first files, that's all. Even before HexCell existed Flood's name being present on multiple documents had already been established - this was just part of trying to understand why that might be and to look for any other clues (again, no matter what they did or didn't support).
Campbell's claim here is highly speculative (and, to be clear, bullshit).
Glick did not respond.
On August 30, 2018, Forensicator published an article titled "The Campbell Conspiracy".
Forensicator explained that Duncan Campbell saw a problem that arose from Forensicator copying a BASH script into WordPress (which messed with the formatting and malformed the script) and leaped to all the wrong conclusions over it.
Forensicator shows that Campbell didn't have the sense to apply Hanlon's razor and consider the most probable and reasonable causes for what he saw. Forensicator demonstrated, in his article, that he understood the script very well and that, in fact, the script he had included along with the draft version of his article worked fine and didn't have the problem (therefore, it happened when he copied it into WordPress).
Forensicator destroyed Campbell's conspiracy theory fantasies (covering more than just the BASH script nonsense highlighted above) as much as any person can reasonably be expected to do.
I emailed Glick the following day with a link to Forensicator's article.
email from Tim Leonard to Bryan Glick on August 31, 2018
Forensicator has debunked several of Campbell's conspiracy theories:
You did not fact-check claims of a technical nature as thoroughly as you should and subsequently have allowed demonstrably bogus conspiracy theories (coupled with doxxing and distortions as part of a smear campaign) to be fed to your readers. Some of the evidence cited even contradicts what is asserted by Campbell.
You, as an editor, should also have recognized the form and nature of Campbell's work as being propaganda, as I've said before, it simply wouldn't have made it through Disobedient Media's editorial oversight process because it's a mish-mash of unsubstantiated conspiracy theories that completely overlook countervailing evidence and Campbell blatantly distorts and/or tries to present tenuous correlation as causation with him desperately seeking long into my past, way before I even embarked on researching/writing/reporting... all in order just to attack character.
The fact is that Campbell didn't cover a single one of my studies or any of the evidence I reported on (aside from Forensicator, whom Campbell is completely wrong about too, for the record) and I'm shocked you've allowed such blatantly biased and deliberately dishonest bilge to be foisted upon your readers.
It also seems that you've continued to willfully propagate what you should already know is disinformation and are refusing to rectify a clear failure in editorial oversight at ComputerWeekly. I hope that it's starting to become clear to you just how bad this is looking for you.
Campbell knowingly and deliberately tried to mislead people, he has attacked character, name-called, smeared, tried to misrepresent testimonial, distorted egregiously and has avoided my studies and research entirely.
In return, those of us he falsely labels "pro-Kremlin trump trolls", have responded by dilligently dismantling Campbell's claims through disclosure of communications, referencing countervailing evidence that Campbell has disregarded/omitted and by debunking Campbell's claims on technical plausibility, probability and possibility.
Does ComputerWeekly have a response to what Forensicator, Elizabeth and myself have demonstrated so far and can you explain why such a demonstrably misleading article, of which many flaws have already been pointed out to you personally, is still being propagated by your publication with the only updates you have added being for the sake of furthering misconceptions pushed by the article?
By now, we had already demonstrated multiple "factual inaccuracies" (to use the term Glick used in his assurances two weeks earlier) and showed that Campbell had ran with silly conspiracy theories that lacked merit.
Glick still did not respond.
To help illustrate just how bad things are in the ComputerWeekly piece, here are three consecutive paragraphs that immediately follow their "The Forensicator Fraud" sub-heading along with notes covering the inaccuracies:
The team that created Forensicator, including Leonard (Wrong. I didn't create Forensicator, he's an analyst in the US, Campbell ignores various factors including Forensicator revealing his own local timezone as PDT), gave away that they were not the real authors of the analysis when they inaccurately copied a Linux “Bash” script they had been sent, breaking it. (It was a formatting issue pasting the script into WordPress.) This suggested that they did not write, understand, or test the script before they published (or... it was simply an issue pasting a script into a WordPress article). Someone else had sent the script, together with the fake conclusion they wanted discovered and published (or... it was simply an issue pasting a script into a WordPress article and Campbell didn't understand that I was hosting a draft of Forensicator's report for peer review prior to him having his own blog.) – that DNC stolen files had been copied in the US Eastern Time zone on 5 July 2016 (that's not the date that the Eastern timezone indicator relates to, that would be September 1, 2016.. AND.. it was in relation to archival of files, NOT copying) , five days before DNC employee Seth Rich was killed.
Uncritical reporters failed to spot that the Forensicator blog gave no evidence for its conclusion (no, it's just that it doesn't give evidence for the conclusion that Campbell is about to falsely attribute to Forensicator!) , which was that the data analysed was evidence of theft by local copying happening within the eastern US (Wrong. 1. Forensicator spoke out against such a misconception back in August 2017. 2. it was the archival operation not copying that produced the Eastern timezone indication. 3. Forensicator has NOT argued for "theft by local copying" happening in the eastern US or anywhere else nor argued that this was exfitration from the DNC. - So, of course, Forensicator isn't going to have evidence for a conclusion he didn't actually make and that is just a distortion from Campbell). The Forensicator report avoided pointing out that the time stamps examined were present only in the special London group of documents, and not in tens of thousands of other DNC files published by WikiLeaks or Guccifer 2.0. (Wrong. This was already false at the time of publication and there are now at least four pieces of evidence from separate incidents that disprove this. Additionally we have other pieces of evidence separate from files released by Guccifer 2.0 that suggest a US origin).
The files were manipulated using an unusual method of file packing, forensic checks show (it looks like the process involved the files being RAR'd, then moved to a thumbdrive and then, at some point, the contents of that thumbdrive were archived with 7-zip - the reason for the two different archival formats could easily just be because the thumbdrive was used on two different devices with different archival applications on them. Campbell, however, just assumes that this was all trickery to signal an eastern time zone by sneaky Russians while ignoring, contrary to his Seth Rich themed conspiracy theory, that this actually related to September rather than July). Because of computer clock settings, the packing operations appeared to have created “evidence” that the stolen files had been copied in the US Eastern Time zone (The timezone indication comes from the "packing operation" itself, not from any prior copying), which includes Washington.
It appears ComputerWeekly's policies of "researching and fact-checking" either weren't followed or were inadequate here.
Some of the claims made are also things that Campbell should have known to be false or misleading on the basis of what he had already stated in an email to another analyst (Stephen McIntyre) long before Campbell's article was published. Campbell was aware of Forensicator's clarifications on this topic yet seems to have ignored these selectively when convenient for the narrative he was spinning.
On October 4, 2018, I phoned Bryan Glick at ComputerWeekly's offices.
I asked Glick to substantiate the claims his publication made in it's headline and asked for examples of where I had engaged in disinformation or where my work was "pro-Kremlin".
Glick could not cite any examples and started making statements about beliefs and opinions.
I advised Glick that he should make this clear to his readers rather than expressing opinions and beliefs as though they were definitive fact.
Following this, I emailed Glick with requests to substantiate the two main claims I had asked him to substantiate by phone:
email from Tim Leonard to Bryan Glick on October 4, 2018
Thank you for taking the time to discuss our disagreement briefly earlier today.
Putting aside the opinions and beliefs you may hold and focusing on facts, allegations and evidence, please can you provide:
- any examples of where anything I've published has contained a claim made intentionally where it can be shown that I knew the claim to have been false or misleading at the time of writing. (ie. engaging in literal disinformation/running a disinformation campaign/etc)
- any examples you have of where I have literally demonstrated myself to be a proponent of the Russian Government. (Note: Just because someone's research exposes evidence that seems to raise doubts over attribution of hacking to Russia it is not inherently pro-Kremlin, you're failing to differentiate causation from correlation and are attaching a false cause to efforts that were simply aimed at understanding what Guccifer 2.0 was).
These are basically the same two things Campbell was challenged to demonstrate nine months prior to the ComputerWeekly hit-piece being published (by the VIPS associate who introduced me to VIPS members). Campbell wouldn't respond to that challenge (and it's probably why The Register had the sense to avoid publishing Campbell's earlier efforts).
I thought that, being unable to substantiate the two major claims made in the headline, Glick would give his article serious reconsideration (as I think most sensible and responsible editors would do).
I was wrong. Glick's response, coming one day later, showed he had no interest in trying to substantiate his publication's allegations and that he hadn't really given appropriate consideration to what I had sent to him:
email from Bryan Glick to Tim Leonard on October 5, 2018
We have reviewed our July article in the light of your emails and subsequent articles and have not found evidence of inaccuracies or new information that would require our article to be amended. Our readers can and will come to their own judgement on our reporting.
With best regards,
There were already demonstrable inaccuracies and inaccuracies pointed out that were trivial to verify (eg. by simply comparing claims and conclusions in the source material with Campbell's modified and distorted versions) and it was becoming crystal clear that Glick only cared about Campbell's side of the story.
At this point, I started to suspect that Glick had no intention of ever making corrections, no matter what we could demonstrate.
On January 14, 2019, Duncan Campbell made a mistake. He provided clarification on a statement in his article that had previously been open to interpretation.
In the ComputerWeekly article, Campbell had argued:
In his tweet (archived), Campbell clarified exactly what he had meant by this:
Already, by this time, there were at least four separate examples of evidence providing US timezone indicia in relation to other files Guccifer 2.0 had released (and there were more indicators supporting this aside from file metadata, such as emails, blogging activity, social media activity, etc).
Not only that but just a couple of weeks prior to Campbell tweeting this, I had already informed him that we had found a second Eastern US timezone indicator and pointed out that Guccifer 2.0 didn't need to retroactively fabricate anything to place himself on the East coast in early July (as per Campbell's theory) as there was already evidence supporting this in the public domain as of July 6, 2016.
Examples were cited to Campbell in replies to his tweet. (here and another, in February 2019, here)
No corrections were made by Campbell or ComputerWeekly. No acknowledgement was made of the error and, due to the prior notification from myself, it looks like Campbell should have known better than to still be making such claims.
Most importantly, though, it gave us clarification on what the statement in the article was arguing for and we learned that it's a false statement that effectively denies the existence of multiple pieces of evidence that corroborate the research and reporting of those Campbell was defaming.
On June 7, 2019, Forensicator published an article titled "The Campbell Coincidence".
The article provides counter arguments to Campbell's "timestamp tampering" theory and challenges Campbell's argument about file timestamps appearing to slot together neatly. Forensicator argues that Campbell hadn't considered the duration of each transfer and, if he had, he would have found that the files don't slot together neatly in the way Campbell imagined and that there were actually two overlaps occurring in Campbell's timeline that Campbell was unaware of because he hadn't considered this and was only looking at transfer completion times.
Forensicator also raised other issues with Campbell's theory.
It is difficult to deal with Campbell's tampering theory with certainty in some areas because he hasn't produced a detailed description outlining his methodology, observations and conclusions (ie. exactly what scenario/process it is he's arguing for) and when asked to clarify on ambiguities and explain anomalies that seem to be introduced in the scenario proposed, he doesn't respond.
On July 5, 2019, I published an article providing a recap.
see: "Briton Ran Pro-Kremlin Disinformation Campaign" Story Was Disinformation
By now, enough had built up that the case against Campbell and ComputerWeekly had grown to be quite strong.
It was clear the publication had disseminated disinformation and made false claims about digital forensics evidence.
I reported on highlights, linking to evidence and relevant studies and covered the following points:
- Bill Binney clarified his position where Campbell had promoted misconceptions and misled people on Binney's position (including deceptive framing of Binney's testimony to make it appear as though it was a criticism of this author's site, deceiving many ComputerWeekly readers in the process).
- ComputerWeekly's editor in chief Bryan Glick was informed of over 40 errors. He has privately made statements conceding that ComputerWeekly's position is based on "beliefs" and "opinion". (Unfortunately, such frail basis of claims was never stated to ComputerWeekly's readers and instead the claims made have been presented as though they are facts.)
On January 1, 2020, following Duncan Campbell making more dubious claims (this time published by NBC News's Ben Collins), I emailed him. (with NBC's Ben Collins, five editors at NBC and ComputerWeekly's Bryan Glick all included as CC recipients).
The email was primarily about his comments that featured in the NBC article from October 2019, however, in relation to the ComputerWeekly article, I did ask Campbell for a response to Forensicator's article that presented counter arguments against Campbell's timestamp tampering theory and asked that he demonstrate his "pro-Russian" allegations.
On Janary 22, 2020, I emailed Campbell again, noting that he hadn't responded and that nobody seemed able to substantiate his claim. In relation to the ComputerWeekly piece, I provided a link to McIntyre's August 1, 2018 evidence of disinformation. I asked Campbell if he or Glick could explain why they had failed to make corrections despite there being evidence directly contradicting his claims and asked why he published information that he appears to have known was false and misleading.
He did not respond.
On the 9th, 10th and 11th of March, 2020, I phoned Duncan Campbell to ask him questions that he had failed to answer back in January. I made sure I called at different times of the day on each day (to increase my chances of catching him when he wasn't busy).
Campbell didn't answer and he didn't respond to the questions left in messages.
On May 2, 2020, I emailed Glick. Goodwin and approximately another ten editors/reporters at ComputerWeekly. The subject line was fairly blunt about the issue being raised:
"Why Is ComputerWeekly Still Being A Platform For Disinformation & Demonstrably False Claims About Evidence"
I provided links to the evidence demonstrating that the claim they had published about a lack of other digital forensics evidence pointing at the US was false.
email from Tim Leonard to Bryan Glick on May 2, 2020 (excerpt)
The email also covered evidence that suggested Campbell had deliberately sought to mislead the public about the positions and conclusions of others:
email from Tim Leonard to Bryan Glick on May 2, 2020 (excerpt)
Glick did not respond and, of course, no corrections were made.
On July 27, 2020, I emailed Glick to inform him that there was a new problem discovered with Campbell's timestamp tampering theory that I had discovered:
email from Tim Leonard to Bryan Glick on July 27, 2020 (excerpt)
The technical theory your publication promoted also seems to have a few problems:
All one has to do is look at the DNC.rar archive and contrast that with Campbell's one-hour timeline hypothesis. The minute-past-the-hour values in the last mod timestamps of the contents are later than the RAR archive which points to the contents getting their last mod times from an hour prior to when the RAR archiving was done. This, in itself, contradicts the premise of the files originating from a one-hour timeline such as Campbell appears to be proposing with his theory.
Campbell's methodology introduces a chronological anomaly (and this is on top of Forensicator's argument about accounting for transfer durations and the subsequent clashes in the timeline that this produces). Once we bring back the two thirds of timestamp evidence Campbell chose to omit, the chronological anomaly disappears and order is restored.
Glick did not respond.
On August 2, 2020, I emailed Campbell (with Glick and Bill Binney as CC recipients) and informed him of the problem discovered with the one-hour timeline and a chronological anomaly his methodology and scenario introduced and asked him to clarify his arguments on this.
I included Bill Binney as a CC recipient because I knew he found Campbell's theory compelling and had hoped that with Binney included as a recipient, Campbell might be more willing to defend his theory.
Campbell did not respond.
It had now been six months since ComputerWeekly were presented multiple pieces of evidence demonstrating that they had made false claims about digital forensics evidence (and were concealing an array of evidence that corroborates the research and reporting of their hit-piece's primary targets) and a link to where they could find evidence showing their author had made claims he would have known were false.
On November 18, 2020, I emailed Goodwin to bring his attention to the new issue concerning Campbell's timestamp tampering theory that I had previously raised with Campbell and Glick.
On November 22, 2020, I sent a few Twitter DMs to Goodwin. I requested receipt of the evidence sent in May, I provided a link to McIntyre's thread about inaccuracies and disinformation in ComputerWeekly's article and also provided him a link to my report from last year which provides links to verifiable evidence.
On November 30, 2020, I emailed Glick asking for him to confirm receipt of the evidence sent in May 2020.
No responses were received.
On December 1, 2020, I called Goodwin and asked for him to confirm receipt of the email sent in May. He said he would have to check his emails. He then stated that Campbell's article was accurate and that he stood by it. I informed him that it was full of inaccuracies and started explaing one for which I'd already published evidence of two years prior. He then interjected to say that in his opinion I was engaging in disinformation and that he would have to terminate the call. I asked if he could at least confirm receipt of the email in November, he again made excuses to terminate the call and no confirmation was provided. I said I'd give it another day and call back.
Subsequent calls requesting confirmation of receipt went unanswered.
Glick and Goodwin would not confirm receipt of evidence and have been unwilling to discuss the problems with their article.
ComputerWeekly's editors have published disinformation, distortions, false claims about digital forensics evidence, conspiracy theories that were subsequently debunked, a technical theory that fell apart and their article attributes theories to people who have not held those theories.
Campbell, Goodwin and Glick have egregiously misled the public regarding independent analysis and evidence discovered in relation to Guccifer 2.0 (and about the Guccifer 2.0 operation itself). They have hurt legitimate research and researchers who have never deserved to have their hard work maligned by Campbell's lies and ridiculous fantasies.
Their article has served to be a corrupting and illegitimate source of information on this topic, and, those who published it have demonstrated themselves to be deceptive or incredibly incompetent in their handling of facts and evidence. This, at least, becomes apparent when considering their refusal to address proven inaccuracies.
The hit-piece was a cocktail of conspiracy theories, disinformation and malicious propaganda.
By publishing Campbell's hit-piece, propping it up in spite of everything that's been demonstrated, stubbornly refusing to make corrections and, apparently, stonewalling now that their position is so clearly untenable, Bryan Glick and William Goodwin have proven themselves to be irresponsible (and, in my opinion, dishonest) editors. They clearly don't care that their technology publication is providing a platform for false technical claims, broken technical theories wrapped in discredited conspiracy theories and fraudulent distortions of technical analysis that unduly corrupts public perceptions of legitimate investigations into Guccifer 2.0.
If there are any concerns or issues here that anyone would like to speak with me about, please feel free to contact me on: email@example.com