Guccifer 2.0: Game Over

defia@protonmail.com
340c 249a 8faa efc6 4bcb
5c2e 6fcd e104 d0b0 1fe2
Download Public Key

Last Updated: February 25, 2022

Follow @with_integrity

Tip-Jar / Donations

Latest Summary: Guccifer 2.0: Evidence Versus GRU Attribution

If you only have time to read one article on this site, it should be the article linked above as this covers all of the most significant discoveries and provides links to the original analysis as well as verifiable evidence.

UPDATES (February 25, 2022)

Corpus Updated

A document released from the FEC provides details of communications from Guccifer 2.0 to Russell Taub on August 15, 2016.

The corpus has been updated.


November 12, 2021

Corpus Update Complete

DM conversations Guccifer 2.0 had with Lee Stranahan and Aaron Nevins were missing from the corpus.

These have now been added and I've also added links to sources for all entries in the corpus.

The updated corpus is available here.


November 10, 2021

Additional Guccifer 2.0 Communications Documented

Additional communications from Wall Street Journal, Buzzfeed & Daily Caller are now documented and linked to here.

Corpus update is in progress, more on that to come soon...


October 28, 2021

More Guccifer 2.0 Communications Documented & Corpus Updated

Several Twitter DMs and other communications from Guccifer 2.0 were pointed out to me recently that I had not documented and that were missing from the corpus.

Additional communications are now documented and linked to here and here.

The updated corpus is available here.


October 27, 2021

Computer Weekly Editors Stonewall When Evidence Emerges

In August, I published an article discrediting Computer Weekly's latest hit-piece with new evidence.

The article shows that rumors and speculation from their author was wrong, reveals that statements I had made were concealed (and that Computer Weekly engaged in a deception through omission by claiming I hadn't responded) and that Computer Weekly's investigations editor (William Goodwin) continues to struggle with handling facts and evidence honestly, keeping Computer Weekly's readers in the dark when it comes to reality.

Since being presented with the new evidence, Goodwin has predictably returned to stonewalling once again..



Computer Weekly Stonewalls
When Evidence Emerges

The fact that editors Bryan Glick and William Goodwin commissioned another hit-piece from an author we had already legitimately discredited (and shown to have engaged in disinformation in the past) combined with the timing of this suggests the commissioning was motivated by malice.

It would seem Duncan Campbell, William Goodwin and Bryan Glick know they're in the wrong judging by the way they routinely hide from fair questions and stonewall when presented evidence discrediting their silly conspiracy fantasies.


February 12, 2021

ComputerWeekly Push More Propaganda, Editors Implicated In Disinfomaion

ComputerWeekly has published false allegations about my communications with Couch and Butowsky's attorneys, about communications between myself and ComputerWeekly's William Goodwin, about my company's infrastructure, about the intentions of Forensicator and myself (and purpose of our efforts) and much more.

They've published claims the author should have known to be false (disinformation), have managed to muddle up evidence from two different incidents, have re-used frames that turn reality upside down (and that we have already discredited with evidence in the past) and have egregiouly misled the public once again.



ComputerWeekly Uses Seth Rich
Settlements To Smear While Evading
Accountability For Their Previous False Allegations & Disinformation

Unfortunately, for ComputerWeekly, this adds to a list of problems we have in relation to their past publication of bogus conspiracy theories and disinformation.

The disinformation their author engaged in, the previous false allegations made and the fact that nobody at ComputerWeekly seems willing to accept evidence and be accountable is all documented in the following article:



ComputerWeekly's
Fake News Fiasco

There is much more I could say and demonstrate but, for now, I just wanted to get a basic rebuttal published so that journalists can see there are some serious issues with the latest hit-piece ComputerWeekly have published and that it contains demonstrably false information and gets a lot of things wrong.


December 25, 2020

Hosting for g-2.space has been extended for another two years.

It's now been a year since I published my "Evidence Versus GRU Attribution" article:



Guccifer 2.0: Evidence
Versus GRU Attribution

Since then, the only rebuttal I've seen has consisted of people arguing that timestamps can be faked (without explaining why Russians pretending to be Romanian would plant evidence to suggest the operation's origins were in the US or why such evidence would generally be harder to find than the Russian breadcrumbs were). They seem to overlook that Guccifer 2.0's email, blogging and social media activities (and more) all provided clues pointing at the operation being based in the US.

Additionally, the article was updated earlier this year to cover the fact that a hole was discovered in a third party's "timestamp tampering" theory because their handling/processing of evidence and the scenario they proposed introduced its own chronological anomaly.

Updates addressing disinformation, conspiracy theories and propaganda will come in the New Year.


August 18, 2020

I've just realised that there was an article I wrote in 2019 that I didn't include in updates and it's probably worth bringing attention to.

The only time I ever saw the US Department of Justice acknowledge any of the countervailing evidence (relating to Guccifer 2.0) that I've reported on over the past few years is when they were challenged with one piece in the Stone case.

This involved a prosecutor within the department wrongly portraying an Eastern timezone indicator as relating to the timezone of alleged victims when it really relates to archival activity of Guccifer 2.0 in September 2016 (occurring at least a month after the files were acquired).



Did The Department of Justice
Misrepresent Digital
Forensics Evidence?


August 15, 2020

The timeline and corpus are now linked to rather than shown in frames (this is partly to reduce load times but also a step towards improving usability on mobile devices).

The timeline has been updated to include discoveries made since 2017 and to include things such as the Mueller report and the FBI's Stone arrest warrant published earlier this year.


July 2, 2020

  • Some speculative content has been removed as I felt it distracted from the evidence.
  • Elite VPN information has been moved to it's own article to reduce homepage clutter.
  • Article lists have been updated to focus more on those that relate to evidence.
  • More DMs have been added (and the corpus has been updated to include these).

If there's anything significant I've missed or any mistakes that need addressing please email me and let me know.


May 22, 2020

My latest article has just been published at Consortium News.

I argue that Guccifer 2.0 seemed to have an agenda to associate WikiLeaks with Russia and, because of this, it's fair to question Guccifer 2.0's intentions with regard to his effort to get an archive to WikiLeaks and to have them confirm receipt over insecure channels.



Guccifer 2.0's Hidden Agenda


May 11, 2020

I have finally received an answer to a question I asked three years ago.

We've learned that CrowdStrike never had evidence of the DNC emails being exfiltrated, that CrowdStrike's efforts at the DNC didn't seem to prevent hacking or involve monitoring of network activity and that the APT29 malware CrowdStrike discovered doesn't appear to have been the malware that the FBI were looking for in 2015.

I was going to write an article but others already have covered some of the latest revelations:



RAY McGOVERN: New House
Documents Sow Further Doubt
That Russia Hacked the DNC



Telling RussiaGate Transcripts

There's also:

Bombshell: Crowdstrike admits 'no evidence' Russia stole emails from DNC server (Pushback with Aaron Maté)

Final Nail In RussiaGate Coffin: CrowdStrike Admits "No Evidence" (Jimmy Dore Show)

Despite all of this, I'm not celebrating. That would be silly.

The Mueller report suggests that hackers accessed the DNC's Exchange server in, on or around May 25, 2016 to June 1, 2016 and that they did so via one of their US servers.

If that information didn't come from CrowdStrike then where did it come from?

We shouldn't be too hasty to disregard the likelihood of evidence existing from other sources. If nothing else, I at least expect the DOJ and FBI to have some evidence to support the above assertion.

I'm just grateful my question got answered eventually.


April 30, 2020

I recently became aware of some Twitter DMs (direct messages) featuring Guccifer 2.0 that I had missed, these have been added to the archive and corpus.

The corpus has also been updated to add information from the Roger Stone arrest warrant application that was made public on April 29, 2020.


April 16, 2020

To help reduce the chances of anyone fabricating evidence and corrupting the record, I've recorded MD5 and SHA-1 hashes of all of the files referenced in my previous article about Guccifer 2.0.



Guccifer 2.0 Evidence
MD5/SHA Hashes

I have also updated my article about NBC News getting out of their depth and publishing fake news. (NBC's author, editors and source are all evading accountability, seem to be completely incapable of substantiating their claims and, despite making claims about "proof", refuse to respond when they are challenged to produce it.):



NBC Ignores Evidence, Publishes
Fake News About CrowdStrike Theories

There will be a new article coming out soon regarding Guccifer 2.0's dishonesty in relation to WikiLeaks, the fact that he might not have been the source for the DNC's emails (based on the size of the archive sent) and that, due to what we already know about the persona, it seems Guccifer 2.0 sought to harm the reputation of WikiLeaks.


February 24, 2020

There have been some good articles published recently over at AMGreatness by author Michael Thau relating to RussiaGate and Guccifer 2.0. His latest does an excellent job of shining a light on the absurdity of Guccifer 2.0, what the persona's efforts achieved with regards to creating a pseudo-Russian connection to WikiLeaks and questions CrowdStrike's activities at the DNC in 2016.



The Monstrous Lie
Behind CrowdStrike

 


December 24, 2019

A few days ago I published an article that demonstrates skepticism of the attribution of Guccifer 2.0 to the GRU is justified by verifiable evidence and that no conspiracy theories are needed.



Guccifer 2.0: Evidence
Versus GRU Attribution

Some of Guccifer 2.0's Russian breadcrumbs were created through deliberate processes and some of the evidence providing Russian signals seems contrived.

When digging beyond the Russian breadcrumbs scattered on the surface, there are conflicts that point to other locales (eg. US).

Regarding timezone indicia, we have found more unique types of timezone indication that point to US timezones than Russian.


November 13, 2019

A couple of weeks ago I posted an article about the DNC's emails, highlighting the fact that the Special Counsel seem to have missed out the activity that occurred on May 23, 2016.



Why Were Miranda's Mails
Missed By Mueller?

Regarding the article in my last update (concerning NBC's publication of fake news), I did reach out to a number of NBC News executives asking them to provide evidence to support the claims that they have published and asked why they didn't bother to confirm Campbell's claims with primary sources such as myself or Bill Binney.

It's been over a month and I've heard nothing back from them.

It's fair to assume that they cannot substantiate all of the claims they've made.

I really wish the mainstream press would verify what they publish and show some regard for journalistic integrity.


October 6, 2019

On October 3, 2019, NBC published an article by Ben Collins that featured a false conspiracy theory origin story.

It also incorporated debunked smears against myself from Duncan Campbell.

As a result of this, I have now debunked NBC and numerous other mainstream media outlets that ran with the same story.



NBC Ignores Evidence, Publishes Fake News About CrowdStrike Theories & Smears Those Who Report The Truth


September 23, 2019

Been a while since the last update.

I'm currently working on an article covering all available countervailing evidence related to Guccifer 2.0 in aggregate. I'm hoping to have it ready for publication before the end of the year.

I said something in my previous update that I needed to follow up on, so, here's the update on where we are with the ridiculous Campbell/ComputerWeekly smears and conspiracy theory nonsense:



"Briton Ran Pro-Kremlin Disinformation Campaign" Story Thoroughly Debunked


June 8, 2019

At the end of July 2018, Duncan Campbell wrote a hit piece defaming several people (though primarily targeting myself). He promoted a conspiracy theory (that was soon debunked) and came up with a technical theory supposed to support a premise that Guccifer 2.0 had tampered with timestamps in the NGP-VAN archive.

Yesterday, scrutiny of Campbell's tampering theory was published:



The Campbell Coincidence

I will soon publish a brief recap on the situation with ComputerWeekly, highlighting how their hit-piece has disintegrated over the past year.

I'm also preparing to release further evidence relating to journalistic malpractice. I don't want to release it but, if necessary, I will. The final decision on this will be made on August 1, 2019.


June 1, 2019

Forensicator published a new article on April 22 (just after my last update here) that looked at Guccifer 2.0's files showing that some seem to have been acquired even before the GRU-attributed activities reportedly occurred:



A Closer Look at Guccifer 2's DNC Email Attachments

On April 29, Forensicator published another article revealing more evidence that suggests Guccifer 2.0 was deliberately planting both Russian and Romanian indicators in documents he had released:



More Evidence that Guccifer 2 Planted His Russian Breadcrumbs

My article about the Special Counsel report was published on May 6.

It covers various troubling omissions, conflicts & problems with volume 1, part 3 of the report (the part primarily relating to Russian hacking allegations and the Guccifer 2.0 persona):



The Mueller Report - Expensive
Estimations And Elusive Evidence

On May 27, Forensicator published another article, this time revisiting the "HRC_pass.zip" with a surprising finding: it's likely that a USB device was used around the same time as US timezone settings were recorded being in effect just prior to the archive being constructed (this time, in the central timezone and within a week of Guccifer 2.0 appearing):



Transfer Rate Suggests Guccifer 2 used a Thumb Drive in the US Central Timezone


April 22, 2019

I've added some items to the timeline regarding Guccifer 2.0 and DCLeaks.

Although not directly related to Guccifer 2.0, Forensicator recently published a highly detailed analysis of the leaked DNC emails that WikiLeaks released in 2016 that is worth checking out:



Sorting The WikiLeaks
DNC Emails

I'm currently working on article about the Mueller report but this will probably not be ready for a couple of weeks due to my current workload elsewhere.

Following this, I'll have a very brief recap on "ComputerWeekly's Fake News Fiasco" (detailing what has happened since the hit-piece was published, outlining the new evidence and explaining what my plans are to get this situation resolved).


March 16, 2019

Here's a brief update on all of Guccifer 2.0's indications of activity in US timezones that have been discovered by independent analysts/researchers during the past two years:



Guccifer 2.0's US
Time Zone Indicators

Bizarrely, in terms of total unique types of indication of timezones, the US may be ahead of Russia when it comes to Guccifer 2.0 evidence.

Finally, a slightly off-topic "heads up" for those of you who have followed recent reporting on the DNC emails: Expect to see further details enter the public domain in the not-too-distant future.


March 3, 2019

Last year, while distracted by having to deal with smears, lies and conspiracy theories, two things emerged in the public domain in relation to Guccifer 2.0 that, due to the commotion, I unfortunately missed.

One of these was evidence that further supported the premise of Guccifer 2.0 being active in the central (US) time zone (bringing us to 4 or 5 examples of indications in that timezone now depending on whether you count Twitter and WordPress activity separately).

The discovery (originally revealed by a third party researcher/analyst in August 2018) was recently covered in a blog post by Forensicator:



When USB’s Fly: Recent Research Supports Forensicator’s Controversial Theory

In addition to this, a study carried out last year on a corpus of Guccifer 2.0's text has apparently provided a strong indication that the persona was likely to be Russian in origin (through analyzing lexical errors with the aid of Google Translate).

The study was mentioned in a document published in relation to the 14th American Association for Corpus Linguistics (AACL) Conference held in September 2018.

In conjunction with other observations, this would seem to suggest that Guccifer 2.0 (or at least one of those behind the persona) may have been a Russian who had substantial capacity to speak English (based on his lack of struggling with syntax where Russians would typically struggle) but that struggled with correct translations for certain terms.


View Previous Updates


Third-party cookie notice: Viewing previous updates may include embedded YouTube videos (which will result in third party cookies from YouTube being loaded by your browser). Please only click on "View All Updates" if you accept the inherent consequences that come with seeing embedded YouTube videos in your browser.

CONTENTS

1. Introduction
2. Guccifer 2.0 Timeline
3. Guccifer 2.0's Claims Discredited
4. Contrived Breadcrumbs & Signal Mimicry?
5. Actions, Consequences & Convenience For Anti-Leak Narratives
6. Guccifer 2.0's Initial Proof Of Hacking The DNC Wasn't From The DNC
7. Guccifer 2.0 Corpus
8. Guccifer 2.0 Activity Timezones

APPENDICES

Additional Articles
3rd Party Articles


(1) Introduction

We have been told by the US Department of Justice that Guccifer 2.0 was a GRU officer.

However:

When it comes to Guccifer 2.0, there is currently more hard evidence in the public domain that justifies questioning of the GRU attribution than there is hard evidence to support it. Much of this evidence also points at another possibility for Guccifer 2.0's origins

This site was created to archive evidence relating to Guccifer 2.0 and to document discoveries made regarding the persona and it's activities. Since this project started in 2017, many things have been discovered and most of these discoveries are inconsistent with what we are expected to believe.


(2) Guccifer 2.0 Timeline

View Guccifer 2.0 Timeline

(3) Guccifer2.0's Claims Discredited

CLAIM: Hacked the DNC's servers - STATUS: Discredited

We've already addressed Guccifer 2.0's fabrication of evidence to support his claim of hacking the DNC but there's more about the hacking that doesn't add up.

Guccifer2.0 stated in an interview with Lorenzo Franceschi-Bicchierai (for Motherboard / Vice News) on the 21st of June, that he breached the server using a "0-day exploit of NGP-Van".

ThreatConnect, although still apparently unswayed from their assessment that Guccifer2.0 is a collective of Russians, did report some very useful facts that serve to debunk Guccifer2.0's claims.

a) NGP-Van is a cloud-hosted web-service separate from the DNC network, the claimed method of breach was discredted by ThreatConnect. - It was noted that phishing for credentials would be far more practical for exploiting such a service.

b) He makes claims of lateral movement within the DNC network - but doesn't realize that his effort to match the reporting of Crowdstrike falls down due to his own misinterpretation of that. - CrowdStrike's report mentions lateral movement in terms of the "BEAR" infrastructure across the whole of the Internet rather than movement within the DNC network - it looks like Guccifer2.0 s trying to make claims that correlate with what he has inferred from CrowdStrike's reportage.

c) To quote ThreatConnect at the time (and no much has been reported to contradict it since): "As it stands now, none of the Guccifer 2.0 breach details can be independently verified".

d) Guccifer 2.0's initial proof of hacking the DNC was fabricated from a set of Podesta attachments.

CLAIM: Wikileaks Source for DNC Mails - STATUS: Unverified

Circumstancial evidence does exist for this, of course,

Guccifer 2.0 put considerable effort into trying to convince people he was the source for the DNC email leaks that ended up in the public domain on July 22nd. He was clearly trying to associate himself with WikiLeaks from the moment he appeared.

The best evidence of him being a source for the DNC emails is the fact that Guccifer 2.0 asked WikiLeaks to confirm receipt of DNC emails on July 6, 2016 and WikiLeaks later confirmed receipt of an archive on July 18, 2016.

However, the size of the archive has been described as "about 1gb" and "1gb or so", while the full DNC email tranche, compressed, comes in at somewhere between 1.8 and 2GB (depending on compression used).

So, even if we assume this was an archive of DNC emails, where did the rest come from and can we be sure that all of the emails WikiLeaks published weren't therefore from a different source providing a larger collection of emails?

(Note: Guccifer 2.0 was offering Democratic staff emails to Emma Best after the DNC emails were published. For these to still have value at that point in time they would need to be different emails to those that were released. Can we be sure that what WikiLeaks published was what Guccifer 2.0 had sent?)

WikiLeaks has maintained that they did not publish the material shared by Guccifer 2.0 and we still don't know exactly whose emails the archive contained (assuming the archive did contain emails).

CLAIM: Hacked Clinton Foundation - STATUS: Discredited

On October 4th, 2016 - Guccifer2.0 claimed to have hacked the Clinton Foundation. He followed this up by posting an archive containing files that were from previous leaks and other organizations.

Ultimately, Guccifer 2.0 never produced anything that actually shows such a hack had taken place and these claims were dismissed by mainstream sources too.


(4) Contrived Breadcrumbs & Signal Mimicry?

The early evidence of Guccifer being Russian was interesting, especially considering we're told this was an operation intent on deflecting from Russian culpability.

Guccifer 2.0 chose to...

Guccifer2.0 covered itself and its files in the digital equivalent of "Made In Russia" labels through deliberate processes and decisions made about which infrastructure to hide behind. Most of these were blatant and quickly found. Guccifer 2.0 was being called out as a Russian within a day of appearing (almost a week before the persona claimed to be Romanian).

Detailed analysis of Guccifer 2.0's Russian breadcrumbs can be found here and here.


(5) Actions, Consequences & Convenience For Anti-Leak Narratives

The documents Guccifer 2.0 posted online were mostly of little value. We saw many stale files (some going back to 2008 or further) and some documents covered things already known and reported on in the public domain long ago (eg. TARP funds controversy already covered by OpenSecrets.org in 2009, etc).

The DCCC documents didn't reveal anything particularly damaging. It did include a list of fundraisers/bundlers but that wasn't likely to harm the reputation of Clinton and her campaign (the fundraising totals, etc. are likely to end up on sites like OpenSecrets, etc within a year anyway). The leaked financial data and personal details of donors wasn't damaging to the Clinton campaign but will have caused headaches for the Democratic party.

The apparent leaking of personal contact numbers and email addresses of 200 Democrats, while controversial, didn't cause more than inconvenience.

Almost everything Guccifer 2.0 released failed to expose anything significantly damaging to the reputations of the campaign many assume he was working against. The persona's apparent access to Podesta and DNC emails (and the fact that more damaging revelations emerged there) suggests that the persona could have released more damaging material than they chose to if they had wanted to.

Guccifer 2.0 did a great job of giving the press reasons to condemn leaking and leaks before WikiLeaks had even published the first DNC email.


(6) Guccifer 2.0's Initial Proof Of Hacking The DNC Wasn't From The DNC

There were multiple documents shared with The Smoking Gun, Gawker, Ars Technica and others. These were presented by Guccifer 2.0 to claim credit for hacking the DNC, however, they don't really appear to have come from the DNC.

The metadata on the first five documents that Guccifer 2.0 released are as follows:

File Created By Time Modified By Time
1.doc Warren Flood 1:38pm Феликс Эдмундович 2:08pm
2.doc Warren Flood 1:38pm Феликс Эдмундович 2:11pm
3.doc Warren Flood 1:38pm Феликс Эдмундович 2:12pm
4.doc Blake 1:48pm user 1:48pm
5.doc jbs836 2:13pm Феликс Эдмундович 2:13pm

Research was carried out on the documents that had Flood's name on them and it was discovered that they all originated from the same document.

In 2018, further research revealed how the first document ("1.doc") was constructed. It was found to have been a combination of two documents that we only ever saw as attachments to Podesta's emails (ie. not found in any other leaks).

Guccifer 2.0 appears to have set his local time to GMT+3 and used a copy of Microsoft Word 2007 with the username set to "Феликс Эдмундович" (Iron Felix, founder of the soviet secret police who died around a century ago) to open a document that was originally authored by Warren Flood in 2008 titled "Slate_-_Domestic_-_USDA_-_2008-12-20.doc" (which is attached to Podesta email #41518).

He then stripped out the content, altered the watermark to change it from "CONFIDENTIAL DRAFT" to just "CONFIDENTIAL" and added Russian language stylesheet entries.

Guccifer 2.0 then copied the contents of a document originally authored by Lauren Dillon titled "12192015 Trump Report - for dist.docx" (which is attached to Podesta email #26562) and copied the body content from that into the Russified document he had prepared in the steps outlined above.

This is how "1.doc" was created. It was two documents that were mangled together on the day Guccifer 2.0 appeared.

The body content was then stripped out and the empty Russified document was then saved two times (to create two pre-tainted template documents). Content from another two documents (also found as Podesta attachments) were then copied into each of the pre-tainted templates.

This was no accidental mishandling of files.

Guccifer 2.0's initial proof of hacking the DNC was a fabrication (apparently merging two Podesta attachments) and the persona seems to have lied about the source of it's material.

Detailed analysis covering this (and a lot more) can be found here, an overview of what Guccifer 2.0 did to produce his first documents is here and the original discovery relating to matching RSIDs across several documents is here.

Guccifer 2.0's fabrication of evidence and lying about the source of the evidence provided false corroboration for several claims that were published in the Washington Post just one day before his appearance.


(7) Guccifer 2.0 Corpus

View Guccifer 2.0 Corpus

Guccifer 2 Twitter DM Sources:
Robbin Young | Cassandra Fairbanks | Roger Stone | Anon1 | Lee Stranahan | HelloFLA (aka Aaron Nevins) | Flipper4Trump | Charlie Grapski | Lorenzo Franceschi-Bicchierai | Thomas Rid | Emma Best | John Bambenek | Raphael Satter | Additional sources


(8) Guccifer 2.0 Activity Time Zones

Zone Details
GMT +3 / +4 First batch of documents released on June 15, 2016
GMT -5 Archival of "HRC_pass..zip" on June 21, 2016
GMT -7 Track changes on documents edited on June 18 and June 30, 2016
GMT -5 Email chain with The Smoking Gun on June 27, 2016
GMT -4 Editing documents with LibreOffice on July 6, 2016
GMT -4 NGP-VAN archiving process on September 1, 2016
GMT -5 Based on above applied to the CF.7z archive. October 4, 2016.
GMT +3 In screenshots posted by Guccifer 2.0 on October 18, 2016 (w/ conflicting US date format)
GMT -5 Statistical analysis of all Twitter activity in the public domain
GMT -5 Statistical analysis of all Blogging activity in the public domain

 

Featured Articles On Guccifer 2.0

Guccifer 2.0: Evidence Versus GRU Attribution

Guccifer 2.0 Evidence MD5/SHA Hashes

Guccifer 2.0's Hidden Agenda

Isolated RTF/RSID Evidence / Correlating With Metadata

Guccifer 2.0's First Five Documents: The Process

Facebook Detected Russian Hackers Setting Up Guccifer 2.0 Account?

Guccifer 2.0 Twitter And Blogging Activity Fits Central (US) Timezone

Guccifer 2.0's US Time Zone Indicators

Guccifer 2.0's VPN Node Was Publicly Accessible And Not Exclusive

Articles On Other RussiaGate Topics

The Mueller Report - Expensive Estimations And Elusive Evidence

Why Were Miranda's Mails Missed By Mueller?

The Man Who Cried Volf


3rd Party Research & Further Reading

Guccifer 2.0 NGP/VAN Metadata Analysis (archive)
Forensicator

Did Guccifer 2.0 Plant His Russian Fingerprints? (archive)
Forensicator

Guccifer 2.0's Russian Breadcrumbs (archive)
Forensicator

Guccifer 2 Returns To The East Coast (archive)
Forensicator

Guccifer 2's West Coast Fingerprint (archive)
Forensicator

More Evidence That Guccifer 2 Planted His Russian Breadcrumbs (archive)
Forensicator

Transfer Rate Suggests Guccifer 2.0 Used A Thumbdrive In Central US Timezone (archive)
Forensicator

Media Mishaps: Early Guccifer 2 Coverage (archive)
Forensicator

Guccifer 2.0 CF Files Metadata Analysis (archive)
Forensicator

The Campbell Coincidence (archive)
Forensicator

A Closer Look At Guccifer 2's DNC Email Attachments (archive)
Forensicator

Time Zone of Guccifer 2 cf.7z (archive)
Stephen McIntyre

Guccifer 2 Email Time Zone (archive)
Stephen McIntyre

Guccifer 2 and “Russian” Metadata (archive)
Stephen McIntyre

Guccifer 2: From January to May, 2016 (archive)
Stephen McIntyre

The HRC_pass..zip documents (archive)
Bruce Leidl

This Fancy Bear's House Is Made of Cards: Russian Fools or Russian Frame-Up
tvor_22

Russia and Wikileaks - The Case of The Gilded Guccifer
tvor_22

Doc 1 – Part One: Manipulations, Fonts & Fakery (archive)
David Jonathan Blake

Doc 1 Part 2: Binary Chunks. (archive)
David Jonathan Blake

Doc 1: Part 3 … Back to Romania! (archive)
David Jonathan Blake

Did Russia Really Hack The DNC? (archive)
Gregory Elich

Guccifer 2 and the Podesta Emails (archive)
by JimmysLlama