BOMBSHELL: New Report Shows Guccifer 2.0-DNC Files Were Copied Locally—Not Hacked

originally posted by: Kettu
a reply to: GreenGunther

Okay, whatever. Trying to parse everything here because I failed to capitalize two letters.

And I'm sure the DNC servers are capable of pushing well beyond 23 megabytes per second, as they have to coordinate campaigns nation wide, and some of those files are quite large.

The only thing that truly matter is whether those two letters are capital or not. Your inability to recognize how utterly important it is only portrays your lack of knowledge which is obviously even greater than mine because I realized all of this immediately and I am technologically retarded.

a reply to: daskakik


That seems to make sense if I understand the timeline of the analysis correctly.
Leaker sticks a portable USB with a self-contained Linux OS into a LAN-connected DNC machine, copies directories & files directly off a LAN share.

- OR -
Leaker copies files directly off a LAN share to their local machine, perhaps collected over time, then sticks a USB drive in, with portable Linux, and copies files over.

There are a lot of variables to this, and a lot of possibilities of how it may have happened.

I don't think anyone would waste time compressing individual files and there are a a couple of zip files in there so, did they rar some and then close winrar and switch programs? The there are some that are uncompressed. Why not just one big rar?

Isn't there an option in WinRAR to compress subdirectories into their own nested archives? I thought you could even separately password-protect subdirectory archives. Been a long time since I needed to use WinRAR though.

originally posted by: PrairieShepherd
That seems to make sense if I understand the timeline of the analysis correctly.
Leaker sticks a portable USB with a self-contained Linux OS into a LAN-connected DNC machine, copies directories & files directly off a LAN share.

- OR -
Leaker copies files directly off a LAN share to their local machine, perhaps collected over time, then sticks a USB drive in, with portable Linux, and copies files over.

There are a lot of variables to this, and a lot of possibilities of how it may have happened.

Don't know about Linux but I just copied a couple rars to a usb drive in windows and they kept their original date. Not the current date. So they couldn't be used to calculate transfer speed.

So yeah, lot's of variables but the time-stamps don't actually support the claims in that report.

Isn't there an option in WinRAR to compress subdirectories into their own nested archives? I thought you could even separately password-protect subdirectory archives. Been a long time since I needed to use WinRAR though.

That wouldn't explain why there are loose files and zip files in the mix.

Obviously Guccifer 2.0 had to create the password protected file and it is 7-zip. Just came a cross a question on a forum asking why when extracting some folder dates have current dates and others have their original creation dates. Don't know why, seems to leave more questions than answers.

originally posted by: jadedANDcynical
dnshistory.org

So, with Amazon hosting democrats.org, I would venture to guess (could be wrong, if so please provide additional info) that Amazon hosts all DNC related data. Amazon likely has the capability for the kinds of upload speeds necessary to achieve the data transfer rates listed in the OP article, we'd need to know what sort of hosting package the DNC has and where the actual data came from in order to have a better idea of the capacity possible for uploading data.

 

That is sound reasoning, but I would like to provide some additional info:


I think we can say for all but certain that the leaked files was not hosted on Amazon - every account indicates that the DNC was in physical possession of the server.

This is backed up by the fact that the DNC - not Amazon - would not give possession of the server to the FBI, and that it was the DNC - not Amazon - that had the hack analysed (by Crowdstrike), and of course by Amazon never being mentioned in relation to the hack.

Amazon would have had to issue a statement on the matter if it had been one of their servers that had been hacked, and cannot imagine, that I would have missed that. (Or yes, I can imagine that - I just do not find it very likely)

If one would go through all the public details of the case I am fairly sure we would find its location mentioned. (I seem to remember that it was the Washington DC headquarters. I am not at all sure though)

a reply to: DupontDeux

Breaking=> Anon Twitter Acct ‘White Rabbit’ Just Dropped 28,000 Hillary Private Emails Online

Now this—

This afternoon we received an email with the following message:

First, I must remain anonymous for now. I would like to forward links to files that were sent to President Trump this morning & may be a big smoking Gun re: DNC hack/Russia, etc.
I am not the originator of these files and cannot vouch for their authenticity, just passing them along. They can be found here:
twitter.com...

www.thegatewaypundit.com...

a reply to: underwerks

My thoughts exactly isn't 23 Mbps a little slow for copying to a flash drive?

a reply to: conscientiousobserver

Look, it's MegaBYTES, I can't believe that after 9 pages people still don't know the difference between bits and BYTES.

23 megaBYTES per second
23 megaBYTES per second
23 megaBYTES per second
23 megaBYTES per second

23 megaBYTES per second
23 megaBYTES per second
23 megaBYTES per second
23 megaBYTES per second


Will people PLEASE quit saying 23 mbps? thats bits, not BYTES!!! grrrr

I just wanted to chime in about the claimed data rate. Due to me having been a network admin in some decent sized data centers the mentioned speed sounds about right. From my experience 23-25 mbytes per second is exactly what I get when copying files across 1 gig switches (most "access" switches are 1 gig which equals about 100 Mbytes per sec) into an encrypted volume (veracrypt) on a USB drive using a Linux machine using high encryption.

The USB drive isn't too fast but it's based on several factors. Encryption takes it's toll on the copy speed. If you are not using a dedicated ASIC (Application Specific Integrated Circuit, a chip designed to do something specific like encryption very fast) Then you will get much less speed in the copy because your computer's processor is having to do encryption and decryption on the fly which is processor intensive. Of course it depends on the speed of both processors on each end also.

But, in short, 23 Mbytes per sec sounds very believable. To the computer unwashed this is a meaningless number but to people like me it raised an eyebrow.

a reply to: Apollumi

A quick look and veracrypt is blamed for slow performance. Sorry but unless someone can say for sure that is what they were using your anecdote is neither here nor there.

Also, why encrypt something you are going to leak? Seems to me people are trying to make the "facts" fit the conclusion.

originally posted by: RuffNick
a reply to: DupontDeux

Breaking=> Anon Twitter Acct ‘White Rabbit’ Just Dropped 28,000 Hillary Private Emails Online

Now this—

This afternoon we received an email with the following message:

First, I must remain anonymous for now. I would like to forward links to files that were sent to President Trump this morning & may be a big smoking Gun re: DNC hack/Russia, etc.
I am not the originator of these files and cannot vouch for their authenticity, just passing them along. They can be found here:
twitter.com...

www.thegatewaypundit.com...

hmm. Interesting. I wonder if this will be found to be legit.
This might need its own thread?

ETA: Actually, it looks like these are the same emails that were on WikiLeaks, per other reports.

originally posted by: verschickter
a reply to: baburak

Bull#, the internet connection at my old employe was 1:1 symetric up-/downstream. Private != Business plan

Yep, not the same as buying home internet access through an ISP. To get that speed from their network over the internet versus LAN access would take more then a couple of T3s.

That makes LAN access seem more probably but I ave not seen what type of connection was in use.

originally posted by: roadgravel
To get that speed from their network over the internet...

The speed is extrapolated from time-stamps which may or may not indicate downloading.

Nobody knows if "that speed" is valid.

a reply to: BlueAjah

Yea, didn't give it a thread of it's own as it was not verified they were new emails.

a reply to: DupontDeux

Yeah, I bounced back and forth with BlueAjah about some other DNC servers which were hosted elsewhere and may even have been their mail servers.

I was trying to help out the ones trying to shoot holes in the story since they seem to be drowning.

I'm a nice guy like that.

originally posted by: daskakik

originally posted by: roadgravel
To get that speed from their network over the internet...

The speed is extrapolated from time-stamps which may or may not indicate downloading.

Nobody knows if "that speed" is valid.

Sure but we talking about if those were correct. It is open to being incorrect also, of course.

a reply to: roadgravel

It is pretty much all they are basing the report on and I just proved it, at least to myself, that copying to a usb (in windows) doesn't create a new time-stamp. I'm looking at DNC.rar on my usb drive with a date of 09/01/2016 10:48 a.m.. I must have copied with a time machine.

a reply to: daskakik

There are two dates, created and modified. Some of discussion covered how the OSs, programs and media affected those two.

Wasn't the created date retained.

a reply to: daskakik

From the report:

The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).

That must have been the created date. It was last year.Not today. I can't calculate transfer rate based on that time-stamp.

a reply to: BlueAjah

Unless it wasn't, in which case the whole thing is wrong.

Have you downloaded and looked at the files?