FEBRUARY 21, 2023
On February 4, 2023, Byline Times published an article featuring criticism of misreporting in The Nation in 2017. The article was originally rejected for publication by CJR in 2020 and 2022 before being published by Byline Times.
While some critcism is valid, the article conceals critical facts and contains false information, including information that their author knew to be false before he started writing the article.
Unfortunately, as a result of publishing this recent piece, Byline Times subjected their readers to false claims, invented facts, and disinformation that was already debunked over four years ago.
This article aims to shed light on the inaccuracies present in the Byline Times article, disclose details of events surrounding The Nation's article, and, address issues with the output of a digital forensics expert and journalist named Duncan Campbell.
Campbell has been found to be actively involved in a sustained disinformation campaign for the past five years, knowingly spreading false information to various publications in spite of facts and evidence he has long been aware of.
In June 2016, a hacker known as "Guccifer 2" claimed responsibility for the hacking of the Democratic Party. Evidence of a Russian connection was quickly discovered, including an apparent association to the GRU due to the name of the founder of the Soviet secret police (which later became the GRU) being present in meta data of documents released by the persona on the day it appeared.
While investigators and media outlets were quick to accept the apparent Russian involvement, others were skeptical and some experts involved directly in early investigations even explained how Guccifer 2.0's hacking claims were improbable or implausible.
Among the staunchest of skeptics were members of the Veteran Intelligence Professionals for Sanity (VIPS), a group of former US intelligence community insiders and whistle-blowers. In late 2016, they published a memo titled "US Intel Vets Dispute Russia Hacking Claims," in which they argued that evidence was insufficient and that they believed material was leaked rather than hacked.
In January 2017, VIPS published another memo, calling for former President Obama to provide evidence of Russian hacking.
In February of that year, unrelated to anything VIPS were doing, I initiated a project titled "Guccifer 2.0: Game Over," aimed at gathering, organizing, and examining evidence related to Guccifer 2. I chose to write under the pseudonym "Adam Carter" to protect myself from potential harassment.
In June 2017, efforts to investigate Guccifer 2 were given a significant boost thanks to the involvement of a seasoned analyst.
A digital forensics analyst, who chose to operate under the name "Forensicator," reached out to me, having learned of my interest in Guccifer 2.0 through my project. Forensicator informed me of his plans to analyze some of Guccifer 2's material and asked if I was interested in his findings. I eagerly agreed.
Throughout his analysis, Forensicator shared notes and observations with myself and a journalist at Disobedient Media.
In July 2017, Forensicator published his first findings, which I highlighted on my site, and Disobedient Media reported on theirs.
The first evidence Forensicator analyzed was an archive that Guccifer 2.0 released in September 2016, commonly referred to as the "NGP-VAN archive."
Forensicator discovered that the files in the archive had been transferred or copied on July 5, 2016, at rates consistent with a thumb drive transfer, as indicated by the disk-writing rates observed. He also found that following this activity, evidence indicated that the device Guccifer 2.0 was using to handle the files had its system time zone set to the Eastern (US) time zone.
see: "Guccifer 2 NGP-VAN Metadata Analysis"
It is important to note that Forensicator did not advocate for the activity he reported on being an exfiltration event. Furthermore, he made no reference to insiders, leaks, leakers, or leaking.
Following the publication of Forensicator's work, it became apparent that it had drawn the attention of several members of VIPS. However, instead of seeking clarifications through Forensicator's website (which allowed for communication with Forensicator through comments), I was approached by a VIPS associate requesting Forensicator's email address.
After consulting with Forensicator, it became clear that he did not want direct email contact, however, he was willing to answer questions relayed to him.
I ended up having to act as a mediator in order to facilitate the exchange of questions and answers between VIPS members and Forensicator.
On July 24, 2017, VIPS released another memo entitled "Intel Vets Challenge ‘Russia Hack’ Evidence," stating that forensic studies of the "Russian hacking" into Democratic National Committee computers revealed that on July 5, 2016, data was leaked, not hacked, by a person with physical access to the DNC computer.
Soon after the memo came out, I was contacted by VIPS member Scott Ritter who sought clarification on the July 5, 2016 date. After consulting with Forensicator, I relayed to Ritter that there may have been activity prior to the date that was not known, and that the activity on that date would have erased any evidence of prior activity (ie. exfiltration may have been earlier and this could have been subsequent activity for all we knew).
A week and half later, on August 9, 2017, an article by Patrick Lawrence was published in The Nation with the headline "A New Report Raises Big Questions About Last Year’s DNC Hack." The article cited the views, statements, and interpretations of several VIPS members regarding Forensicator's research.
I vaguely recall VIPS members and associates looking into Guccifer 2.0's activity around July 5, 2016 and finding something in Guccifer 2.0's output that they felt corroborated the premise of exfiltration on that date.
I believe this was reflected in the article in The Nation, where it states:
On July 5, Guccifer again claimed he had remotely hacked DNC servers, and the operation was instantly described as another intrusion attributable to Russia. Virtually no media questioned this account.
Forensicator, concerned about misinterpretations of his findings and any confusion that may have arisen, wrote a follow-up clarification stating that he did not concur with the argument that the observed activity necessarily constituted an exfiltration and that he had not actually argued for this in his original report.
see: Corrections & Clarifications
It is important to note that my conversation with Ritter and the existence of Forensicator's article distancing himself from the premise of July 5, 2016 being exfiltration were both known to the author of the Byline Times piece before he started writing the article. This was established on August 1, 2018 when analyst Stephen McIntyre disclosed communications he had previously had with Campbell.
(ABOVE: Screenshot of email sent from Duncan Campbell to Stephen McIntyre in 2017)
Below are claims that feature in the Byline Times article and that have either been invented out of whole cloth (and contradicted in subsequent output in 2021) or that have been demonstrably false for years (with Campbell aware of this before he even started authoring the article).
This is a baseless claim by Campbell that he was never able to demonstrate, and, clearly, the implication here is that we had invented the identity and therefore, invented Forensicator.
In 2021, Campbell seems to have finally accepted that Forensicator is a source (though calls me a "cut-out" for a team he imagines to be behind the Forensicator identity).
I haven't hacked for over twenty years. (I've been a developer and then a CTO.)
Additionally, another claim in the Byline Times piece suggesting that Disobedient Media were a source for "hard evidence" is unfounded and it is far more likely that The Nation article was simply referring to Guccifer 2.0's material.
The claim that Disobedient Media or myself invented Forensiactor's name is completely baseless. Forensicator's report did not argue for an "inside job" (and Forensicator explicitly dissented against such an interpretation of his work).
In 2018, Campbell originally framed this as:
The Guccifer 2.0 files analysed by Leonard’s g-2.space were “manipulated”, he said, and a “fabrication”.
In the month following the publication of Campbell's first hit-piece, William Binney confirmed in an interview that his statements about fabrications were NOT related to anything proprietary to Forensicator or myself. Binney made it clear that his comments pertained to Guccifer 2.0's material and the evidence left behind by the operation, and were not intended to suggest any fabrication on the part of Forensicator or myself.
In the Byline Times article, we see Campbell use the same statement but alter the context to apply specifically to material from Forensicator.
I believe Campbell was deliberately distorting Binney's words out of context and capitalizing on ambiguity to mislead the public into falsely believing that Binney was accusing Forensicator of fabrication.
Campbell presented information in such a way that it will clearly mislead people into thinking Binney was making allegations against Forensicator and it looks like Campbell has been deliberately exploiting ambiguity to achieve this.
In the paragraph preceding this, Campbell references Forensicator's report, yet, in this following paragraph, Campbell attributes claims to Forensicator that Forensicator didn't make and that Forensicator had explicitly disagreed with.
Attributing a statement to Forensicator that didn't come from him and concealing his disagreement with the premise is deception.
It was already established on August 1, 2018, that Duncan Campbell knew that this was not Forensicator's argument and that Forensicator had argued against it in 2017.
Campbell likes to refer to Forensicator as a "supposed digital forensics expert."
However, Forensicator's body of work speaks for itself and showcases a level of digital forensics expertise that far surpasses Campbell's contributions on these matters.
Examples of Forensicator's work in this area include:
Forensicator's work, demonstrating considerable expertise in digital forensics, stands in stark contrast to Campbell's approach, which has devolved into a pattern of baseless smears and misinformation.
In 2017, Duncan Campbell was caught spreading false information and pushing bogus conspiracy theories about Forensicator and myself to associates.
In private exchanges, Campbell falsely claimed that "The Russians" were paying me, that Russians were using scripts on one of my sites, that my site was "linked to follow-on operations supporting Russia", that one of my sites was reaching out to the CIA and that there were fabrications on my site (and then claimed this about Forensicator's site, unable to substantiate the claim in either case). When challenged to substantiate all of these claims, Campbell either backpedaled, changed his story or wouldn't respond to the challenges and failed to provide evidence to support his claims.
Campbell was also asked, repeatedly, by a VIPS associate, to support his rumors and allegations with evidence and to explain his motives but Campbell avoided answering this and provided no evidence.
In 2018, Campbell produced a hit-piece in which he concealed what he knew about Forensicator and was shown to have produced claims that he knew to be false prior to publication. This was established just one day later with evidence in the public domain showing what Campbell knew and when he knew it.
In 2019, Campbell took to Twitter to allege a "scam" because "funny data with US timezone only appeared in one specially tampered document dump".
At this point in time, additional evidence pointing to a US origin had already been reported on in relation to Guccifer 2.0's emails with the Smoking Gun (Central), blogging and social media activity (Central & Central), documents released in July 2016 (Eastern), an archive created in June 2016 (Central), from documents released by Guccifer 2.0 in June 2016 (Pacific), and, based on Forensicator's earlier research, it also appears the operation was subsequently handling additional files that were originally part of the July 5, 2016 activity while in the Central time zone. Even if we exclude the last of these, that still leaves us with six additional sources/incidents that yielded evidence pointing at Guccifer 2.0's activities being in US time zones that had already been reported on by the time Campbell spewed this nonsense. Additionally, by this time, other evidence had already been reported on showing Guccifer 2.0 had taken screenshots on a device configured to use the US date format.
Following this, Campbell started working on an article containing invented 'facts' and disinformation that he hoped to have published by CJR. This was ultimately declined for publication by CJR in 2020.
In 2021, another article authored by Campbell was published by Computer Weekly, containing information that both Campbell and his editor, William Goodwin, would have known to be false. The article also made extremely misleading suggestions that grossly mispresented my own position in relation to a libel case between two other parties, essentially flipping reality upside-down and cynically exploiting the topic of Seth Rich to draw an audience to their smears and disinformation.
In 2022, Campbell tried again to have disinformation published by CJR but, again, his article was declined.
In 2023, claims that Duncan Campbell has known to be false for over five years were published by Byline Times without any note about the inaccuracies and the fact Campbell's claims included proven disinformation and claims that Campbell had already contradicted since the article was originally written.
On February 8, 2023, Campbell was asked, in front of National Union of Journalists (NUJ), the Independent Press Standards Organization (IPSO) and editors at both Computer Weekly and Byline Times to explain why he persists with concealing what he knows and why he knowingly pushes false information to the public. At the time of writing, Campbell is yet to respond.
Forensicator, myself and others have produced a lot of evidence relating to Guccifer 2.0 that I think the public deserves to know about. There is no disinformation campaign there.
Campbell, in contrast, clearly cannot be honest about what we've discovered and it appears he has an agenda that requires him to consistently deceive the public.
Duncan Campbell has been running a disinformation campaign for over four years while falsely accusing others of doing so. The cessation of Campbell's efforts to knowingly disseminate false information should have taken place on August 1, 2018 when it was proven that Campbell had produced disinformation, yet, in spite of facts and evidence he has long been aware of, Campbell seems to be determined to persist with this dishonest campaign.
Byline Times Founder and Executive Editor, Peter Jukes was contacted on February 5, 2023 regarding the issue of disinformation in his publication and has admitted that the publication relied on CJR (Columbia Journalism Review) apparently fact-checking and approving the article in 2020.
I'd like to sympathize with Jukes position here, however, a couple of years had passed since Campbell authored the article, the article was ultimately declined for publcation twice by CJR, and, Campbell seems to have changed his mind about at least one of his assertions, so, Byline Times should have carried out their own verification ahead of publishing.
The response from Jukes was disclosed to CJR as I felt they should know that they were being blamed for Byline Times publication of false information.
On February 17, 2023, CJR editors were asked to explain how they missed Forensicator's dissenting views (that Campbell was concealing and misleading readers about) and why I received no queries seeking to verify Campbell's allegation against myself.
At the time of publication, CJR have provided no response.
The evidence of Forensicator's dissent has been in the public domain since 2017.
The evidence of Campbell's disinformation has been in the public domain since 2018.
At the time of writing, Byline Times is actively disseminating information which their author has known to be false since 2017.
Byline Times Executive Editor and Founder Peter Jukes, who has responsibility to ensure the integrity of the publication, has been notified of the problems and provided both links above, so, he should be well aware that his publication is disseminating false information.
As a result of this going out in print, not only should Byline Times place a notice on the article online, they should also publish a correction noting that Campbell concealed the truth about Forensicator from readers and knowingly disseminated false information in the Byline Times piece.
Update March 5, 2023
Byline Times editors Hardeep Matharu and Peter Jukes have been contacted since publication of this report and provided links to the evidence again. They have been asked what they are doing to resolve this situation and have chosen not to respond.
It is now fair to say that Byline Times is intentionally concealing the truth from its readers, disregarding accuracy and perpetuating proven disinformation under the leadership of Peter Jukes and Hardeep Matharu.
Update May 8, 2023
Shortly following my previous update, I was blocked by the Twitter accounts of Byline Times and Peter Jukes.
If anyone out there is subscribed to the print edition of Byline Times and can confirm whether their print edition also contains Campbell's false claims (regarding Forensicator concluding an exfiltration on July 5 or the claims about the origin of Forensicator's name), please let me know.
If there are any concerns or issues regarding accuracy that anyone would like to speak with me about, please feel free to contact me on: tim.leonard@protonmail.com