In a new report Guccifer 2’s Russian Breadcrumbs, Forensicator analyzes metadata left in the various documents that Guccifer 2 modified and then published on his WordPress blog. Some new discoveries are made, some revisited. Forensicator concludes that Guccifer 2’s consistent intent was to plant clues which connected Guccifer 2 to Russia. Except for one head fake, when Guccifer 2 was Romanian for a day.
This report builds on two previous articles: Did Guccifer 2 Plant his Russian Fingerprints? and Media Mishaps: Early Guccifer 2 Coverage. In those reports we analyze Guccifer 2’s first batch of documents that were published on his WordPress blog. We demonstrate that Guccifer 2 likely planted his “Russian fingerprints” into those documents. Those “Russian fingerprints” were widely covered by mainstream media and provided circumstantial support for the idea that Guccifer 2 was in fact a Russian operative (or a team of operatives), in spite of his rather clumsy attempts to cover his tracks.
We introduce our conclusions and results first. Following that material is the detailed analysis that provides the factual basis for the conclusions. Those details may be primarily of interest to other researchers and to those who are more technically inclined.
In this report, we take the position that most of Guccifer 2’s metadata modifications were deliberate. Our position is at odds with mainstream media’s recital of events.
The MSM narrative, as best we understand it, is that Guccifer 2 initially slipped up — disclosing documents that were last saved using a user id written in Cyrillic; that user id made reference to a famous Russian spy chief.
Further, Guccifer 2’s first document, which he shared with two media outlets had Russian error messages embedded in the PDF’s that those media outlets published. These error messages became known as Guccifer 2’s “Russian fingerprints”, presumably left behind by accident. In Did Guccifer 2 Plant his Russian Fingerprints? we demonstrate that the process which Guccifer 2 likely used to plant those Russian error message was complex and deliberate.
An important point to make here is that Guccifer 2 modified 36 documents, published in several batches, and each batch has metadata that can be linked to Russia (or in one batch, Romania). Guccifer 2 often made minimal changes to a document apparently with no rhyme or reason; yet, Russian (Romanian) indications were the only tangible result that those changes had in common. Guccifer 2 explained away his document tweaks as simply a result of his desire to plant his hacker “water mark” (signature). The media accepted this explanation and viewed it as a clumsy (and obvious) effort to cover his initial (alleged) mistakes. We have a different opinion. We think that Guccifer 2’s main intent was to implant metadata that implicates Russia.
Please refer to the report for further details.