“Forensicators first decisive findings, made public in the paper dated July 9, concerned the volume of the supposedly hacked material and what is called the transfer rate—the time a remote hack would require. The metadata established several facts in this regard with granular precision: On the evening of July 5, 2016, 1,976 megabytes of data were downloaded from the DNC’s server. The operation took 87 seconds. This yields a transfer rate of 22.7 megabytes per second.
These statistics are matters of record and essential to disproving the hack theory. No Internet service provider, such as a hacker would have had to use in mid-2016, was capable of downloading data at this speed. Compounding this contradiction, Guccifer claimed to have run his hack from Romania, which, for numerous reasons technically called delivery overheads, would slow down the speed of a hack even further from maximum achievable speeds.”
Time stamps in the metadata indicate the download occurred somewhere on the East Coast of the United States—not Russia, Romania, or anywhere else outside the EDT zone.
In December 2016, VIPS released a memorandum criticizing allegations of
Russian interference in the 2016 United States elections as "evidence-free". The memorandum asserted that the
2016 Democratic National Committee email leak was the result of an internal leak and not a
Russian hack.
[10]
On July 24, 2017, VIPS released another memorandum which also argued that the DNC was not hacked, this time
based on a forensic analysis conducted by the anonymous entity "Forensicator" with whom they communicated via retired IBM employee Skip Folden. This analysis was based on DNC files released by
Guccifer 2.0.
[11] According to Patrick Lawrence's article in
The Nation, the memorandum argued that the metadata in these files were altered to add Russian fingerprints, and that file transfer rate proved they were transferred locally.
[12] Brian Feldman, writing in the
New York Magazine, criticized the report for relying on "the 'metadata' of 'locked files' that only [Forensicator] had access to" pointing out that these phrases were meaningless. Feldman described the claims in Patrick Lawrence's article as "too incoherent to even debunk" and criticized its use of "techno-gibberish".
[13]
According to John Hultquist of
FireEye: "The author of the report didn't consider a number of scenarios and breezed right past others. It completely ignores all the evidence that contradicts its claims." Rich Barger, director of security research at
Splunk, pointed out that the VIPS theory "assumes that the hacker downloaded the files to a computer and then leaked it from that computer" but overlooks the likelihood that the files were copied several times before they were leaked, potentially creating new metadata each time. Barger's comments were echoed by other cyber-security experts.
[14] The Guardian Project founder Nathaniel Freitas independently reviewed Lawrence's article on behalf of
The Nation, concluding that while "the work of the Forensicator is detailed and accurate," it did not prove the conclusions VIPS and Lawrence derived from it. Freitas stated that the high
throughput suggested by the relevant metadata could have been achieved by a hacker under several different scenarios, including through the use of a
remote access trojan, and that the leak hypothesis also requires "the target server ... to be physically on site in the building": "If the files were stored remotely 'in the
cloud,' then the same criticism of 'it is not possible to get those speeds' would come into play." In sum: "At this point, given the limited available data, certainty about only a very small number of things can be achieved."
[
Why the latest theory about the DNC not being hacked is probably wrong
Forensicator stories at Techdirt.
