Khatchadourian's Collusion Delusion

By Adam Carter - October 24th, 2017

I received an email a few days ago, I'll only divulge the last sentence of the email:

Would appreciate you addressing the point with your readers about alleged collusion between Guccifer 2.0 and Wikileaks instead of covering it up.

So, what collusion exactly am I being accused of covering up?

On the basis of the hypothesis I've presented already (that CrowdStrike executives Shawn Henry & Dmitri Alperovitch were the operators of the Guccifer 2.0 persona), it could simply be Guccifer 2.0's operators having a better idea of the emails that were leaked over time and trying to make sure Guccifer 2.0's releases have some overlap with attachments in emails it anticipated WikiLeaks would soon be publishing.

There are of course those who disagree, who see indicators of collusion, who infer a change in modus operandi as a form of cryptic message from Russia and who, of course, seem to have disregarded some of the most fundamental discoveries made concerning Guccifer 2.0 this year that would render much of their supposition invalid if they cared to even acknowledge it.

One example of this was provided by Raffi Khatchadourian, who, a little over 2 months ago, demonstrated how a lot of collusion could be inferred by simply excluding a couple of key facts in order to allow speculation on scenarios that could constitute WikiLeaks-Russia collusion.


Raffi Khatchadourian, A Writer Without A Conscience?

On August 21st, 2017, Raffi Khatchadourian wrote a long article titled "Julian Assange, A Man Without A Country" for the New Yorker.

The article meandered back and forth between the subjects of Assange, his circumstances and various third party perceptions of him and of the WikiLeaks organization as a whole.

To keep this article brief, I'll just skip straight to the part where the Guccifer 2.0 persona is introduced:

What happened next is as revealing as it is strange. On June 14th, the Washington Post ran a story about the D.N.C. hacks, which noted CrowdStrike’s conclusion that Russia was the culprit. A day later, a curious Internet persona emerged—whipped up overnight, it seems, to counter the article.

By presenting to the press the exact research Shawn Henry and Dmitri Alperovitch had claimed (in the Washington Post article) to have been targeted in April (the "Trump opposition research") AND by deliberately tainting that file and others released with Russian language meta-data AND by dropping a "Russian Smiley" in his first WordPress post AND using a publicly-accessible Russian VPN service to contact the press through, Guccifer 2.0 actually did far more to affirm the claims of CrowdStrike for anyone willing to look past the verbal claim of "I'm a Romanian".

When all now known is considered, it certainly does NOT seem like it was whipped up overnight to counter the article, it really looks like it was designed to do the opposite - to affirm the most significant claims that were being made by Henry & Alperovitch.

It was actually a smarter disguise than Khatchadourian and others seem to realize (even though I've dismantled and explained almost every aspect of it), it was a two layer masquerade with the real masquerade consisting of "signal mimicry" achieved in the various ways outlined above (even Guccifer 2.0's choice to release the documents in RTF format files was an effort to mirror the format of files that had been recently involved in phishing attacks at that time so that cyber-security researchers familiar with the APT-28/APT-29 entities and the phishing attacks would be drawn to investigate the tainted documents).

By having a flimsy veil of him saying "I'm A Romanian" over the top of the real, multi-faceted Russian masquerade - most investigating Guccifer 2.0 only ever considered two possibilities and inherently were convinced by their own discovery to such a degree that almost all failed to question what they were seeing. None investigated as thoroughly as they could (and should).

The new persona, called Guccifer 2.0, was crafted to present the image of another lone Romanian hacker, following in Lazar’s footsteps—but the results were comically unconvincing.

He was crafted to appear to be a Russian engaging in the most feeble attempt to pass themselves off as Romanian. The Romanian origin claims were comically unconvincing precisely because they were intended to be unconvincing, the effort there never extending any further than verbal claims.

Guccifer 2.0 had the flair of a Bell Atlantic phone book. It had little evident understanding of American journalism, and erratic habits that evoked a badly run P.R. committee.

The day it made its début, it reached out to the Smoking Gun and to Gawker, offering hacked material—a conspicuous but purely symbolic gesture, since it had posted the very same documents to a personal Web page, created that day on WordPress.

"Little understanding of American journalism", yet, somehow, Guccifer 2.0 knew about an article that cited a file he'd apparently acquired a month and half prior to the article's date and knew he could immediately lure in the press within the 24 hours following the article being published (presenting that file to numerous outlets, not just the Smoking Gun and Gawker) rapidly achieving coverage on many sites within the space of the first 48 hours.

In retrospect and in contrast with Khatchadourian's assertion, Guccifer 2.0 actually seemed pretty savvy and, if you look back at June 2016, it's hard to argue that he was anything less than highly effective at capturing attention and making headlines in very little time.

The first post, taken on its own terms, was bizarre. It was presented as a personal statement, but its headline, written in the third person, looked as though it had been torn off the top of a propagandist’s memo: “Guccifer 2.0 DNC’s Servers Hacked by a Lone Hacker.” The post was designed with a heavy hand to prove two things: that Guccifer 2.0 had indeed committed the hack, and that it wasn’t linked to Russia.

On the first count, the persona’s handlers offered a trophy to prove its bona fides—an opposition-research file on Trump, which CrowdStrike said had been exfiltrated from the D.N.C. On the second, it presented an array of other records that had no apparent news value, except to discredit the Post article.

There were actually four things and one of the things Khatchadourian infers (that it's somehow asserting it's not linked to Russia in that post) isn't even stated or implied, in fact, albeit subtly, the opposite was being suggested through Guccifer 2.0's actions:

  1. Claimed to have committed the hack, for which he used a deliberately tainted copy of the Trump opposition research to demonstrate. (Helped affirm CrowdStrike's main claim and lured in the press.)
  2. Had acquired more files than CrowdStrike claimed were targeted (sustaining press interest but producing a trivial conflict with CrowdStrike's claims). Khatchadourian views this as an effort to discredit the Washington Post article, but, ultimately, Guccifer 2.0's appearance, releasing the documents he did (tainted in the way they were tainted) did a lot to affirm the biggest, boldest and most questionable of the claims made by CrowdStrike in the article.
  3. Gave the impression he was likely Russian for one of two reasons (because of the arbitrary use of the Russian smiley that wasn't used in any public communications beyond that point and also because the files being released, when inspected, would appear to have been handled/manipulated by someone Russian)
  4. Claimed it was the source for WikiLeaks (at that time, 3 days following Assange's announcement about upcoming leaks).

Of course, the last of these was questionable from the outset. If a pseudonymous 'hacker' is willing to release files on the day he appears and is willing to be attributed to both a hack and the leaking of files - he would have little use for WikiLeaks (which caters for source protection as much as publishing leaks, the former being something Guccifer 2.0 had no need for and the latter being something he appeared able to handle by himself).

In strident terms, Guccifer 2.0 insisted that accusing Russia was an act of deliberate mischief, emphasizing the point with a clunky reference to Lazar: “Fuck the Illuminati and their conspiracies!” Before signing off, it promised more. “The main part of the papers, thousands of files and mails, I gave them to WikiLeaks,” it said. “They will publish them soon.”

Khatchadourian seems to use "In strident terms" to mean that something is done in a manner that doesn't involve stating, implying or insinuating something in any way. Guccifer 2.0's first post does nothing to overtly detract from him being attributed to Russia, a premise Khatchadourian seems to try to forge in the minds of readers where it isn't actually supported and, in some ways, is contradicted.

Twenty thousand D.N.C. e-mails arrived at WikiLeaks.

If Assange's statement was any indication, the receipt of the emails would probably have preceded Guccifer 2.0 stepping forward, by presenting these in reverse order it's likely to leave readers confused on the sequence of events and causation assumed as a result of that.

Throughout June, cybersecurity analysts built a case that it was a Russian front—a conclusion that was amplified by Democratic operatives. Forensic traces in the records on WordPress, and in the persona’s linguistic quirks, linked it to Russia.

We've shown that forensic traces likely being referenced were the fabricated Russian fingerprints, a process that we've explained with some precision, even in terms of posting times and activity, we've looked at that too and again, it's doesn't look like Russian operatives were really behind this.

As for the linguistic analysis. There was only one language expert willing to be named, professor M. J. Connolly of the Slavic/Eastern European Languages department at Boston University. He actually stated, when interviewed by Motherboard's Lorenzo Franceschi-Bicchierai that Guccifer 2.0 demonstrated none of the traits he would expect to see from a Russian communicating in English.

The other 2 people (one picking up on the "Russian Smiley" in Guccifer 2.0's first post and another giving opinions stating that Guccifer 2.0 seemed Russian to them) were both anonymous.

Having carried out linguistic analysis of my own specifically dealing with traits that Russian's are known to struggle with when communicating in English, I can understand why only Professor Connolly was prepared to identify himself. Syntactically, in terms of sentence structure, Guccifer 2.0 doesn't appear to be Russian at all and never did.

There were really two things that were claimed to be indicators of Russian origin, one being the Russian smiley and the other being the incessant use of "deal" to refer to hacks/breaches, something that was far from habitual (in this instance, it was a practice that appears to have been adopted exclusively for the interview with Lorenzo as Guccifer 2.0 uses "hack" and "breach" in all instances prior to and after the interview).

Its handlers had also provided the Smoking Gun with the password to the Clinton press aide’s e-mails posted on DCLeaks, demonstrating its unique access to the site, and, by extension, its ties to a coördinated propaganda effort.

Guccifer 2.0 did give a password out, however, how it was presented was entirely under Guccifer 2.0's control (it wasn't provided by DCLeaks and there was nothing from DCLeaks supporting the communications Guccifer 2.0 claimed to have been having with DCLeaks)

The password Guccifer 2.0 gave reporters gave them restricted access to a specific set of leaks, the leaks he had uploaded to DCLeaks (which were mostly low-level staffers whose emails seemed to be of little consequence). This didn't demonstrate more than Guccifer 2.0 having anything more than restricted access to the site to upload/manage his own leaks there.

Interestingly, there appears to have been a bizarre effort to have Guccifer 2.0 associated with a Russian hacker supposedly having root access to DCLeaks but the theatrical performance (using multimedia props as proof!) fell apart due to the reporter asking for them to provide verifiable proof of access.

This leaves one question: Why try to fabricate a perceived association between Guccifer 2.0 and someone with purported root access to DCLeaks if such an association genuinely existed?

Further in the article we reach the following paragraph:

In our many conversations about the election, the most striking thing was Assange’s emotion: the frustration he expressed when faced with suggestions that his material was linked to Russian intelligence, or the way he shook his fist when he insisted that he had been robbed of credit. But his protestations that there were no connections between his publications and Russia were untenable.

This is soon followed up by an example of the sort of nonsense I imagine to be frustrating to Assange, not because of him being emotional but because of illogical inference and assumptions being presented as though they somehow discredit what Assange had stated.

There are several, and they go beyond Guccifer 2.0’s insistence that it was responsible for the WikiLeaks releases. In early July, for example, Guccifer 2.0 told a Washington journalist that WikiLeaks was “playing for time.” There was no public evidence for this, but from the inside it was clear that WikiLeaks was overwhelmed.

"Playing for time" can be inferred in various ways. Most will see it as being synonymous with "running out the clock" or arbitrarily delaying something, very few infer it as implying that the subject is overwhelmed and struggling to meet deadlines, however, Khatchadourian does do this, an unusual inference that allows him to push the premise of Guccifer 2.0 having 'inside knowledge' when, in reality, he demonstrates no knowledge of WikiLeaks through the speculative statements he makes.

In addition to the D.N.C. archive, Assange had received e-mails from the leading political party in Turkey, which had recently experienced a coup, and he felt that he needed to rush them out. Meanwhile, a WikiLeaks team was scrambling to prepare the D.N.C. material. (A WikiLeaks staffer told me that they worked so fast that they lost track of some of the e-mails, which they quietly released later in the year.) On several occasions, and in different contexts, Assange admitted to me that he was pressed for time. “We were quite concerned about meeting the deadline,” he told me once, referring to the Democratic National Convention.

Indeed, it seems they were struggling for time rather than "playing for time".

His original release date for the D.N.C. archive, he explained, was July 18th, the Monday before the Convention; his team missed the deadline by four days. “We were only ready Friday,” he said. “We had these hiccups that delayed us, and we were given a little more time—” He stopped, and then added, strangely, “to grow.” (Later, when I asked about the comment, he argued that my recording of his saying it was faulty.) It was unclear who had given him time, but whoever it was clearly had leverage over his decisions.

Could the occurence of the "hiccups" and the "delays" that were caused not have been the thing that gave them more time? This, of course, isn't considered and Khatchadourian immediately assumes there must be external influence and collusion - but this could easily just be an overzealous inference on Khatchadourian's part in order to set himself up for framing Guccifer 2.0's behavior as some form of attempting to exert leverage over WikiLeaks, such as he does straight away:

A few weeks before WikiLeaks published, Guccifer 2.0 appeared to demonstrate just this type of leverage.

Khatchadourian then explains that the files released by Guccifer 2.0 over the first 25 days had no overlap with the DNC Leaks attachments and that his first 40 documents have overlaps with the Podesta leaks (something actually discovered by JimmysLlama back in May).

But then, on July 6th, just before Guccifer 2.0 complained that WikiLeaks was “playing for time,” this pattern of behavior abruptly reversed itself. “I have a new bunch of docs from the DNC server for you,” the persona wrote on WordPress. The files were utterly lacking in news value, and had no connection to one another—except that every item was an attachment in the D.N.C. e-mails that WikiLeaks had.

So, after 25 days, Guccifer 2.0 (an entity that had made great effort to be perceived as Russian by any cybersecurity analyst or technology journalist looking beyond the surface claims), finally started to release files that would later overlap with files attached to the leaked emails.

The shift had the appearance of a threat. If Russian intelligence officers were inclined to indicate impatience, this was a way to do it.

Creating an overlap with leaks that would cause association between WikiLeaks and an entity already being identified as Russian at that time would only serve to compromise perceived validity of the leaks - it would have been a very counterproductive way to cryptically express impatience.

Conversely, on the basis of my hypothesis of Guccifer 2.0 being operated by CrowdStrike executives (see: infographic | "Fact or Fiction" article), it would just be indicative that they had discovered exactly which emails had been leaked and would just be an effort to craft releases specifically to have an overlap with the attachments in the emails in order to create a perceived causal relationship between Guccifer 2.0 and WikiLeaks.

In mid-August, Guccifer 2.0 expressed interest in offering a trove of Democratic e-mails to Emma Best, a journalist and a specialist in archival research, who is known for acquiring and publishing millions of declassified government documents. Assange, I was told, urged Best to decline, intimating that he was in contact with the persona’s handlers, and that the material would have greater impact if he released it first.

I was surprised by these claims because casually divulging sources isn't something Assange is known for.

I contacted someone I know that is familiar with both Assange and the policies of WikiLeaks. As expected, they immediately informed me that this paragraph (in Khatchadourian's article) describes something that Assange would never do (at least in terms of confirming connections with handlers, etc) as he is far too cautious about source protection.

They suggested Assange could possibly have advised Best to steer clear of Guccifer 2.0 but that claiming to be "in contact with Guccifer 2.0's handlers" was likely an embellishment or misinterpretation.

Whatever one thinks of Assange’s election disclosures, accepting his contention that they shared no ties with the two Russian fronts requires willful blindness.

Actually, it seems willful blindness is inflicting Khatchadourian because he persistently assumes Guccifer 2.0 is connected to Russian intelligence agencies.

As of the date he wrote his article, enough information was in the public domain for him find out that Guccifer 2.0 was highly unlikely to be anything connected to Russian intelligence agencies (due to the multiple, deliberate efforts to have focus drawn to Russia and be perceived as a Russian engaging in deceit).

Khatchadourian then provides a summary that seems to repeat the conclusions of his speculative statements and pondering but states them more as though they're definitive facts.

Guccifer 2.0’s handlers predicted the WikiLeaks D.N.C. release. They demonstrated inside knowledge that Assange was struggling to get it out on time. And they proved, incontrovertibly, that they had privileged access to D.N.C. documents that appeared nowhere else publicly, other than in WikiLeaks publications.

They didn't predict the release, they flailed around and made speculative and ambiguous statements regarding the release date. They stated that WikiLeaks was "playing for time" and Khatchadourian has decided that it must have meant "struggling for time" so it can be inferred as inside knowledge, when Guccifer 2.0's statement doesn't show any genuine inside knowledge at all.

The twenty thousand or so D.N.C. e-mails that WikiLeaks published were extracted from ten compromised e-mail accounts, and all but one of the people who used those accounts worked in just two departments: finance and strategic communications. (The single exception belonged to a researcher who worked extensively with communications.) All the D.N.C. documents that Guccifer 2.0 released appeared to come from those same two departments.

It was primarily seven compromised e-mail accounts that WikiLeaks published as the DNCLeaks (according to WikiLeaks), though the figure is disputed by different parties.

Some of Guccifer 2.0's DNC files may have come from research external to strategic communications and there is still research being carried out on files released by Guccifer 2.0.

The Podesta e-mails only make the connections between WikiLeaks and Russia appear stronger. Nearly half of the first forty documents that Guccifer 2.0 published can be found as attachments among the Podesta e-mails that WikiLeaks later published.

Podesta fell victim to the phishing scam prior to Guccifer 2.0's appearance, it may have been assumed initially by the Guccifer 2.0 persona's operators that the leaks Assange had referenced would include or involve those emails.

The rest of the article basically just reiterates the intelligence community's flawed assessments including their embarrassing exclamation of "high-confidence" in Guccifer 2.0 being connected to GRU/FSB/etc and follows this peddling doubts and fears about WikiLeaks being used by nations as a tool for their information warfare.

Khatchadourian has managed to pick up on some research that has come out this year (even that which has had relatively little exposure), but, somehow, he's managed to only pick up on the stuff that's useful for him to infer collusion. He's managed to overlook or, maybe, somehow, miss the more prominent research that tears apart the basis of his most significant assertions.


Correction/Edit: A reference to a DNC staffer's name being on documents has been removed from this article as new evidence emerged that allowed us to identify exactly where his name came from. The up-to-date details on that were initially reported on briefly here and in far more detail here.