“Guccifer2.0 stated in an interview with Lorenzo Franceschi-Bicchierai (for Motherboard / Vice News) on June 21, 2016, that he breached the server using a “0-day exploit of NGP-Van”.
ThreatConnect, although still apparently unswayed from their assessment that Guccifer2.0 is a collective of Russians did report some very useful facts that serve to debunk Guccifer2.0’s claims.
(…) “Russia-Tainted Metadata” Reportage Mostly Ignored A Key Piece of Metadata
Warren Flood (Credit: LinkedIn)
There is a key fact about some non-Russian metadata that nobody seems to have reported and it certainly seems to be of critical importance – and that is the document creation timestamps…
There were multiple documents shared with TheSmokingGun, Gawker, ArsTechnica and others.
The first document, “1.doc” (mirror), was given considerable coverage, while the name “Warren Flood” was reported, the date in the report (rather than in the metadata) was reported and so it was attributed to Warren Flood on December 19, 2015.
Gawker incorrectly claimed the metadata showed the document was created in 2015 when it actually indicated the document was created by Warren Flood at a much later date.
The truth is that the metadata shows the document being created 30 minutes before Guccifer2.0 appears to have gotten his hands on it:
Modified by Феликс Эдмундович on 15th of June at 14:08
The other document, “2.doc” (mirror) was not mentioned so much, but it too had interesting metadata:
Modified by Феликс Эдмундович on 15th of June at 14:11
How did this get missed? – My guess is that people who investigated were using MS-Word. Recent versions of MS-Word tend to show limited metadata from RTF1 format files, for example, MS-Word 2010 shows:
If you open “2.doc” in OpenOffice though, you will spot what first alerted me to the timestamp correlations in the first place:
If you look at the raw data of “1.doc” you can see an ever closer correlation:
UPDATE (18 Feb 2017)
It was pointed out to me that I’d only focused on 2 documents and that there were more released by Guccifer2.0. – He had actually released a set of 5 RTF1-format documents, all had creation/modification dates as 15th of June and another one of them had Flood listed as it’s creator:
MD5 sums and mirror links are provided below in case the originals are altered or removed in future:
(Live links at source link)
A more detailed look at the actual contents of documents (eg. RSIDs of different changes and correlations across files) gives further clues about the procedures used to intentionally stick “Russian fingerprints” on some of the files.
Who is Warren Flood? (UPDATED June 3rd, 2018)
Warren Flood was Biden’s former IT director at the White House.
A document that Flood authored in 2008 and that was attached to one of John Podesta’s emails, was used by Guccifer 2.0 as a template into which he then copied the contents of the Trump Opposition Research, copied from this file (which is also attached to this leaked email). It is Flood’s document that the “CONFIDENTIAL” text in the background derives from.
The copy of the Trump research Guccifer 2.0 had was actually a document originally authored by Lauren Dillon (DNC research director) and modified (and sent to John Podesta) by Tony Carrk (Research Director at Hillary for America). (Read more: Adam Carter/g-2.space, 2/18/2017) (Archive)