Dirty Techniques

By Adam Carter --- August 20th, 2017

Crooked Criticisms

On Wednesday, 9 August, 2017, Patrick Lawrence wrote an article that featured in The Nation. It caused a range of reactions. The quickest and most voluminous was of course outrage from DNC loyalists and operatives who immediately took aim at The Nation's editor Katrina vanden Heuvel demanding that she remove the article immediately and calling for Lawrence to be fired, some even framing the act of publishing the article as a betrayal of their trust by The Nation.

However, we can see from the comment activity on the site (which is restricted to subscribers) that the article is actually quite popular, a majority of comments (and the comments getting the most up-votes) were those that were positive and supportive of Lawrence and the story.

Within 24 hours, the first hit-piece oozed out of New York Magazine's web site and set the tone for several sleazy strawman attacks that would soon follow:

10 August 2017 - Brian Feldman, New York Magazine

14 August 2017 - Joe Uchill ft. Sam Biddle, The Hill

15 August 2017 - Erik Wemple, The Washington Post

15 August 2017 - Matt Tait Contributes Nonsense

The DNC also provided a comment referring to the intelligence agency assessments, which, in the case of Guccifer 2.0, were discredited 6 months ago. They also called everyone "conspiracy theorists", even though it's their conspiracy theory that has been discredited.

My rebuttals to these so far:

New York Magazine (Feldman)

TheHill (Uchill ft. Biddle), WAPO (Wemple) & Matt Tait

The DNC

...now, it's time to look at TechDirt's effort...

Headlines vs Headlies

Headlines are titles for articles, they define the subject and they provide context while remaining concise.

Headlies are different. They're imposters that appear to be titles for articles but that also contain bullshit, they create misconceptions before a reader has even really started to read the article and can effectively misinform even the laziest of readers..

For example, the following is a headlie:

The actual research doesn't rely heavily on a conversion error at all. "Stupid", "No 'Forensic Expert'", etc are baseless attacks on Forensicator's character. "DNC Hack" is vague and leaves the door open to conflation with the malware discovered and other elements that are unrelated to Guccifer 2.0 and inherently aren't things that analysis even tries to prove/disprove.

Debunking The Article or Debunking The Research?

It is true that the criticism levied in the article is primarily relating to objections over the article. However, it's not always made clear that this is the case and the article reads as though it's an admonishment of Forensicator's research in a few areas (when the reality is that Forensicator's research and his exact conclusions are omitted and no links are provided to it).

The reports lean heavily on anonymous cybersecurity experts calling themselves "Forensicator" and "Adam Carter," who purportedly took a closer look at the metadata attached to the stolen files. Said metadata, we're breathlessly informed, indisputably proves that the data had to have been transferred from inside of the DNC network and not over the internet, since the internet isn't supposedly capable of such transfer speeds:

Where's the proof they were 'stolen'? Forensicator didn't find a single indicator to support such a premise in the NGP-VAN archive and what we can see about Guccifer 2.0's activities on the day he emerged show he was someone trying to frame Russia.

Forensicator's actual analysis doesn't rely on the rate of the transfers being over a certain limit, instead it involved testing transferral of the files (contained in the archive) over various Internet configuration and on a variety of devices, with USB2.0 transfer rates being the most consistent with the average speeds observed.

If this was really about whether speeds can be beaten, Forensicator could have used the peak rate which is up near 36MB/sec (288mbps), however, this was never the basis for Forensicator's conclusion and those promoting it as such are misrepresentating it (at least, they are if their criticism is being levied at Forensicator).

22.7 megabytes per second (MB/s) sounds impossibly fast if you don't know any better. But if you do the simple conversion from megabytes per second to megabits per second necessary to determine the actual speed of the connection used, you get a fairly reasonable 180 megabits per second (Mbps).

22.7MB/s matched the USB2.0 transfer rates, in testing, which was the point really made by Forensicator in his analysis. - Also, speeds expressed as MB/s and mbps are both valid and both are capable of being used as a measurement of the exact same thing. - Forensicator didn't screw up or miscalculate anything, Karl Bode, on the other hand, implied that MB/s doesn't indicate "actual" speed, which is ridiculous bullshit that I'm disappointed TechDirt's editor didn't pick up on.

Even then, the hacker in question could have used any number of tricks to hide his or her location and real identity from a high-bandwidth vantage point, so the claim that the hacker couldn't achieve 180 Mbps through a VPN is simply nonsense.

Bode provides nothing to support his claim that 180Mbps via VPN over considerable distances (to actually include what was cited in the report - transoceanic), was possible in mid-2016. - Even testing now, a year later, shows the rate to be a struggle to achieve with a large majority of providers (and that's without cranking up the target speed to the peak 36 MB/s rate observed).

Obviously this raises some questions about what kind of cyber-sleuths we're talking about when they can't do basic conversions or look at some fairly obvious broadband speed availability charts.

The ACTUAL analysis covers the conversions. Forensicator even wrote an article about it specifically but it seems Bode was too busy looking for a pedantic, sleazy & condescending way to smear us that he forgot to check in on reality.

As for speed availability, I believe VIPS are investigating and may be able to provide some insight on this in the near future.

And it also raises some questions about why reporters thought flimsy anonymous experts were the perfect remedy to the other flimsy anonymous leaks they hoped to debunk.

If we were 'flimsy', Bode would be able to debunk the assertions made about Guccifer 2.0's fabricated Russian fingerprints, a key finding that he makes no mention of along with omitting all the rest of my research, if we were 'flimsy', Bode wouldn't be attacking Forensicator over a 3rd party's interpretations of his conclusions and would actually challenge the analysis itself - but he doesn't, he just lazily and dishonestly smears.

While The Nation couldn't even be bothered to do the simple calculation to determine the speed of the connection used by the hacker was relatively ordinary, in a story titled "Why Some U.S. Ex-Spies Don't Buy the Russia Story," Bloomberg actually did the conversion to get the 180 Mbps speed, and still somehow told readers that such speeds were impossible.

We see a repeat of Bode's severely misguided effort to push a misconception that MB/s is somehow an illegitimate means of measuring speed, it's not though, so, he's just deceiving TechDirt's readers here.

Yes, all but impossible! Provided you ignore that DOCSIS 3.1 cable upgrades and fiber connections deliver speeds consistently faster than that all around the world every day -- including Romania. False claims and sloppy math aside, after the Bloomberg column ran, several actual, identifiable intelligence experts also came forward doubting the legitimacy of the supposed intelligence sources for these stories altogether:

The first US provider fully transitioned to DOCSIS 3.1 was Mediacom, that wasn't until the end of 2016 - but of course, this is still the same argument being had about transfer speeds being attainable which diverges from (and misrepresents the basis of) Forensicator's actual analysis.





I'm sure there will be plenty more of this to come and I'll be sure to keep responding for as long as people are trying to (or are paid to) unduly degrade the research.