Guccifer 2.0: Game Over - Six Months In

By Adam Carter --- August 4th, 2017


Update (June 3rd, 2018)

This article states that a computer with a copy of Microsoft Word registered in Warren Flood's name was likely used by Guccifer 2.0. Since this article was published it has been discovered that Flood's name actually came from a document attached to one of John Podesta's emails.

Click Here For More Information On The Demonstrable Origin Of Flood's Name

For those who are unaware of the research I've carried out and reported on over the last six months, please check this site's homepage out before proceeding (FAQs at the bottom and the information available in the additional articles are all worth considering too).

Likewise, if you haven't heard of the Forensicator and his analysis, please check out Disobedient Media's article on his work and check out the Forensicator's blog (it's worth checking out the comments there as well as he directly answers a lot of questions from those challenging his conclusions).


1. Status Update
2. Forensicator & VIPS Memo
3. Common Logical Fallacy Attacks
4. Technobabble & Debunking Delusions
5. Meta Manipulation
6. Seth/Awan/G2 Conflation


(1) Status Update

Over the last six months we have explored Guccifer 2.0's behavior, statements and actions to establish his intent and purpose through a number of factors considered in aggregate.

We've seen that Guccifer 2.0:

Overall, it seems fair to suggest that this looks a lot like it was initially an operation intended to undermine WikiLeaks and pre-emptively taint its reputation (and the reputation of the upcoming leaks Assange first raised awareness of on June 12th 2016) by introducing a "Russian hacker" persona and having it forge a perceived association between itself and WikiLeaks (and, in DMs to Robbin Young, apparently with Seth Rich, posthumously, too) as a way to "poison the well" so that, even if Seth Rich was demonstrated to be the leaker, he could be discredited due to a supposed connection to a Russian hacker and doubt could be raised on the veracity of the documents he released).

From assessing Guccifer 2.0's actions, behavior, stated intent and contradictions therein, along with capabilities demonstrated, the false claims that were exposed and more, it's not too difficult to find a pool of individuals in two groups that had a motive aligning with this (or that were hired by those that had such motives around that time).

Of those, two people from a firm hired by the DNC seems likely to have had the skill-set demonstrated by the Guccifer 2.0 operation (in terms of misdirection, setting up the masquerade, cyber security experience, etc), and those two are CrowdStrike's Shawn Henry and Dmitri Alperovitch.

Even without attributing names to the subterfuge, we have enough to argue that there is considerable reasonable doubt about Guccifer 2.0's identity and we can show there are ample reasons to suspect that attributions that an embarrassing number of high-profile cyber-security firms made in relation to this are likely to be significantly flawed, especially those that express confidence in Guccifer 2.0 being a Russian and/or working for/with GRU/FSB/etc based on what we've now shown was a masquerade.

I do have a plan to test my interim attribution conclusions further (and will report on the experiment and results, regardless of what it shows, as soon as it has been completed).

(2) Forensicator & VIPS Memo

The Forensicator Emerges

On July 9th someone operating under the pseudonym "The Forensicator" went live with a blog detailing analysis they had carried out on the NGP-VAN archive and later that day Disobedient Media went live with an article by Elizabeth Lea Vos detailing the analysis, explaining what it meant and the implications of it.

The Forensicator's efforts and the detail in his work soon caught the attention of intelligence veterans and, as many of you will have seen, there have been headlines in independent media regarding VIPS members taking an interest in this lately.


VIPS Memos & Interest

For those who don't know, VIPS stands for Veteran Intelligence Professionals for Sanity, a group that includes former officers of the US Intelligence Community and that protested against the use of faulty intelligence and called out flaws in the intelligence used to justify the Iraq War (in a memo sent to the President before the invasion had started), advice that should, in retrospect, have been followed.

It has been a relief to know that Forensicator's (and subsequently a little of my own) research has been noticed by intelligence veterans.

For me personally, just having more experts examine the work and judge it on its merits is half the battle won (as I personally feel that both Forensicator and I can do a good job of defending our conclusions and finding ways to improve confidence and clarity further).

There are some important points I want to make clear regarding the VIPS memo(s), etc:

Hopefully, the above clarifies exactly what VIPS’ position is, doesn't promote any nonsense perceptions, and openly shares with you a dissenting opinion from a respected intelligence community expert.

(It may be the case that a misstatement or miscommunication resulted in one of the points in the memo not being strictly true or that something may have been stated as absolute rather than indicated as most probable. Either way, we're transparent about it and don't feel the need to hide away from legitimate criticism. We will attempt to provide more information to add clarity and strengthen the basis of conclusions in response to this dissenting view.)


4Chan Concerns Regarding Forensicator

Recently I've noticed some concern being expressed about Forensicator being an effort to derail my research. I appreciate the concern but this shouldn't be a problem.

Forensicator and I are both well aware of how strawman arguments can be used and that is one of the reasons Forensicator opted for publishing via a separate blog - it was a conscious decision to make sure both our efforts would be insulated from one another, meaning instead of someone being able to discredit one to discredit all the research, they now have to discredit both on their individual merits in order to argue that Guccifer 2.0 was, beyond reasonable doubt, associated with the Kremlin or Russian intelligence agencies.

The only group that's really likely to be weakened by Forensicator's work being added under these circumstances are those that are trying to prop up the false narrative.

Really, right now, the biggest threat to my efforts comes from people trying to conflate Guccifer 2.0 with entities we have no indication of him having any connection with (eg. the Awans, Seth Rich, etc), as such conflations will be used by the MSM to try to make out that anyone investigating any of these subjects individually must inherently believe in all conspiracy theories, etc.

(3) Common Logical Fallacy Attacks

One of the various disingenuous ways in which people try to undermine our research and/or analysis is to use logical fallacies. This list is far from exhaustive but gives a quick overview of what some of these attacks look like (and how to handle them if you need to do more than just call out the tactic):

Strawman - Misrepresenting someone's argument to make it easier to attack

False Cause - Presuming that a real or perceived relationship between things means that one is the cause of the other

We see this being used to prop up the mainstream narrative repeatedly and have even seen it used to try to insert a leak-discovery date assumption that is likely to be false.

Appeal to Emotion - Manipulating an emotional response in place of a valid or compelling argument

Slippery Slope - Asserting that if we allow A to happen, then Z will consequently happen too, therefore A should not happen

Bandwagon - Appealing to popularity or the fact that many people do something as an attempted form of validation

Appeal to Authority - Saying that because an authority thinks something, it must therefore be true

Genetic - Judging something good or bad on the basis of where it comes from, or from whom it comes

Black-or-White - Where two alternative states are presented as the only possibilities, when in fact more possibilities exist

Anecdotal - Using personal experience or an isolated example instead of a valid argument, especially to dismiss statistics

(4) Technobabble & Debunking Delusions

Self-Proclaimed Experts That Present No Technical Challenges

Let's start with one of those self-described security experts who doesn't tackle a single claim or demonstrate technical expertise. In this instance, we have someone that insisted both u/tvor_22 and I were clueless and don't know how to interpret data, because we're not experts - like he obviously is.

Unsurprisingly, Wyn never did return to actually share his expert opinions.

Plausible-Sounding Lies That Require Technical Knowledge To Debunk

Of course, attacks aren't always this blatant and easy to spot, some are trickier to detect and use technobabble to push misconceptions and degrade an argument by appearing to debunk something (when they're actually debunking nothing).

Here is one example specifically relating to the deliberate placement of fingerprints and RSIDs, the highlighted assertions are false:

Ad-Hominems, Pretending To Be Obtuse, Debunking Delusions

@trickfreee aka "Patrick" probably deserves credit here...

His latest debunking effort consisted of asserting that one of Guccifer 2.0's first three documents could have been opened as an original and then been tainted through mishandling and so he considers, with that being an apparent possibility, it means I'm debunked.

Of course, this debunking attempt suffers from the same flaw many others do, in that it presents an alternate theory that makes things anomalous or introduces anomalies.

The RSID correlations would still mean that the first document would need to be saved, closed, re-opened, then have content copied/pasted in from a different original document, be saved as a new document, be closed, then one of the two docs made so far would need to be re-opened and another copy+paste from a third original document would be carried out, with the result being saved as a new, third file. So, it STILL is clearly not compliant with accidental mishandling and sloppiness of a supposed Russian hacker AND Flood's name being on all three documents (none of which Flood originally authored) then becomes an inexplicable anomaly.

Here's another example where Patrick @trickfreee 'debunks' me on Twitter. It's ridiculous:

This is very similar to the following person trying to do the same thing relating to stylesheet RSIDs ("Controls Freak" is actually quoting a 3rd party who had, thankfully, checked and verified things for themselves and could call him out on this - full thread is here)

The problem here is that he pretends to debunk something (which he doesn't, he just tries to dismiss it with a seemingly plausible deception) and then asks the person to provide another example (which, if given, he would repeat the process with).

Thankfully, the person he tried this on was someone that had checked and verified what was claimed about the files and had enough knowledge to be wise to this, but many would be caught off guard by it and believe the discovery had been legitimately discredited.

(5) Meta Manipulation

Of course, as we all know, timestamps and metadata can be manipulated.

However, this doesn't inherently make timestamps and metadata entirely worthless for analysis.

While it's true that many simply gauge metadata validity based on whether it is being used to attack or support their predetermined conclusions or partisan bias, Forensicator and myself have both looked for ways to assess timestamp integrity and have checked inconsistency in timezones, timestamp resolution, noted any apparent anomalies, etc., and sought to find other ways to corroborate/support our conclusions.

For the deliberate fingerprint fabrications the RSIDs helped us to make sense of what looked, at first, to be anomalous timestamps. In the first batch of RTF files there was ultimately no indication of any direct tampering of the raw data and supporting RSID data helped to corroborate them.

For the July 5th file transfers, the difference between timestamps, the fact that timestamps on some files are interleaved between multiple folders, the consistency of timestamps throughout all archives and consideration being given to what timezone Guccifer 2.0 would use if he was going to manipulate these files (considering he claimed to be Romanian) were all looked at and the conclusion, again, is that there were no signs of arbitrary modification or time manipulation (if this had been the case, it would have been counterproductive to creating a perception of Romanian origins!)

We do typically disclose all these additional details but sometimes it's necessary to check comments, FAQs, additional articles, etc on each of our respective sites.

(6) Seth/Awan/G2 Conflation

In the past six months, I have NOT seen any direct indication that Guccifer 2.0 had any connection to the Awan Brothers.

In the past six months, I have NOT seen any direct indication that Seth Rich had any connection to the Awan Brothers.

The only reference connecting Guccifer 2.0 to Seth Rich was a specious claim that Guccifer 2.0 made when trying to associate himself with Seth during a conversation he had with Robbin Young.

The date of these unsoliticited remarks, coming immediately after news reports had pushed a potential association between Seth Rich and Wikileaks, and Guccifer 2.0's linking of Julian Assange as "connected to the Russians" in the same conversation, can also be interpreted as a pre-emptive "poison the well" attempt, ready to be deployed at a later date should the association between Seth and Wikileaks gain any more traction.

I'm also unaware of any solid Seth-Awan connections. Matt Couch and the America First Media team (who are actually investigating Seth's murder thoroughly) have recently debunked a claim relating to this - a baseless claim that Seth and one of the Awans went out the night before his death.

It is now the case that both those carrying out the most thorough investigation into Seth Rich's murder and several of us investigating things in relation to Guccifer 2.0 are all saying the same thing - trying to warn people to NOT unduly conflate separate entities.

If you're convinced Guccifer 2.0, Seth Rich and the Awan family are linked despite all of this, and you're getting the information from anyone other than Webb/Goodman/Negron, please tweet or DM me with the details of the source/reasoning.

Thank You

Thank you to anyone still reading this far down the page for caring about this topic enough to have the perserverance to get this far. It's a complex topic and one that's difficult to fully get to grips with if only parts of it are known. I know it takes a fair bit of effort to read through and fully take on all the information but when you've got it all understood things do become clearer. You'll recognize that you're on the right path when all the pieces of the puzzle start clicking together and you see how and why I've come to the conclusions I have.

Thanks goes out to Forensicator, u/tvor_22, strontiumdog, "Clever Librarians" and MANY other people (too many to name here without this being a massive list of names but I'll figure something out so everyone who would like credit has a way of claiming it for acknowledgement in the near future) for all their contributions, ideas and support.

Thanks also to Disobedient Media, H.A Goodman and Tim Black, ZeroHedge, Tracy Beanz, Rick Amato, Hard Bastard, BullTruth Magazine, Sane Progressive, "Clever Librarians" (again) and many more (same thing as mentioned above regarding credit) for helping to get the word out to their followers, viewers, readers or subscribers AND for trying to take care to get that information out without mixing things up or conflating/spinning/etc.

...and yes, I will get to articles on broader topics for publishing elsewhere (which some of you know about) soon, I promise... I just had to get this update out to get some clarifications out, make sure people are armed with rebuttals to deal with the objections, smears, lies and spin that we've seen, which I anticipate will escalate going forward and will persist if people don't know how to recognize its various forms and quickly disarm it.