In the words of the memo

Our reply

[T]he intelligence-community assessment from January 6, 2017, which reflects the judgment of the CIA, the FBI, and the NSA, asserts as fact (absent categorical proof or evidence) that “Guccifer 2.0” accessed data from the DNC through a “cyber operation.” This could mean via the network, the cloud, computers, remote hacking, or direct data removal. However, “Guccifer 2.0” claimed access to the DNC server through remote hacking.

With this statement at the outset, the dissent injects uncertainty about what the words “cyber operation” might include in a way that clearly implies that the Russians could have gotten the DNC e-mails in some way other than through an Internet hack—a very key point. Yes, the January 6 report does use the phrase “cyber operation,” but President Obama’s intelligence chiefs, including former FBI director James Comey, have testified under oath that they accept CrowdStrike’s analysis regarding a “hack.” Moreover, intelligence officials have briefed The New York Times, The Washington Post, and other major news outlets about the alleged Russian role in a hack. In this light, focusing on the phrase “cyber operation” amounts to a word game.

Moreover, does the dissent have proof that the “Guccifer 2.0” “claim” is not fake news? Is the writer of the post at “Guccifer 2.0” actually the person(s) responsible for the data heist? The intelligence-community assessment was not backed up with facts; we cannot believe what it says until technical evidence is provided to prove it.

The third-party analysis of the “Guccifer 2.0” claims (including Adam Carter’s (g-2.space) and the Forensicator’s (theforensicator.wordpress.com/guccifer-2-ngp-van-metadata-analysis)) analyzed in the VIPS memo directly contradict these conclusions (while raising legitimate questions), but the VIPS memo asserts as a “slam dunk” fact the categorical conclusion of a local leak that is also not supported by the third-party analysis, either.

If we understand this sentence correctly, and the “third-party” analysis refers to the Forensicator, this assertion is wrong. From the data given, the analysis does support the conclusion, as it demonstrates that the Internet on July 5, 2016, could not support such an international hack.

There is also no evidence from the available metadata that can definitively state when the transfer or copying of the data took place, nor does the data prove that “Guccifer 2.0” had direct access to the DNC server or that the data was located on the DNC system when it was allegedly copied on July 5, 2016.

We have no evidence that the July 5 data was manipulated. Nor does the dissent present any. Furthermore, “Guccifer 2.0” bracketed it with his July 4 and 6 posts, which are repeatedly ignored by the dissent. The independent analysis makes no claim that “Guccifer 2.0” had direct access to the DNC server or that the data was located on the server at that time. The transfer rate was independent of the physical location of the data at the time of copy.

There is also no evidence from the available metadata that can definitively state when the transfer or copying of the data took place, nor does the data prove that “Guccifer 2.0” had direct access to the DNC server or that the data was located on the DNC system when it was allegedly copied on July 5, 2016.

We have no evidence that the July 5 data was manipulated. Nor does the dissent present any. Furthermore, “Guccifer 2.0” bracketed it with his July 4 and 6 posts, which are repeatedly ignored by the dissent. The independent analysis makes no claim that “Guccifer 2.0” had direct access to the DNC server or that the data was located on the server at that time. The transfer rate was independent of the physical location of the data at the time of copy.

The implications of this leap-to-conclusions analysis of the VIPS memo—which centers on claiming as an unassailable and immutable fact that the DNC “hack” was committed by an insider with direct access to the DNC server, who then deliberately doctored data and documents to look like a Russian or Russia-affiliated actor was involved, and therefore no hack occurred (consequently, ipso facto, the Russians did not do it)—are contingent on a fallacy.

There had to be direct access to the DNC server at some point, for that repository was the source of the data. The authors of the dissent are confusing the July 5 and June 15 incidents, for it was the latter that experienced the deliberate insertion of Russian “fingerprints.”

Data-transfer speeds across networks and the Internet measured in megabits per second (or megabytes per second) can easily achieve rates that greatly exceed the cited reference in the VIPS memo of 1,976 megabytes in 87 seconds (∼22.71 megabytes per second or ∼181.7 megabits per second), and well beyond 50 megabytes depending on the capacity of the network and the method of access to that network. Speeds across the network vary greatly, and sustained write speeds copied out to local devices are often quite a bit slower.

The dissent misses the key point of the difference between available speeds in early July 2016 and now. In addition, the above shows no awareness of the degradation of speed with distance and no awareness of the problem of transoceanic connections.

The environment around Trump, Russia, et al. is hyperpolarized right now, and much disinformation is floating around, feeding confirmation bias, mirroring and even producing conspiracy theories.

However, this VIPS memo could have easily raised the necessary and critical questions without resorting to law-of-physics conclusions that claim to prove beyond any shadow of a doubt that it was an inside-network copy only and then asserting the “fact” that the Russians (or anybody else for that matter) did not hack the DNC.

The authors of the dissent may not like the conclusions, but that is exactly what the independent analysis demonstrated, not just via metadata but also by actual network field tests.

In addition, no qualifiers, disclaimers, or dissenting views are provided in the VIPS memo, nor is any alternative theory presented.

The conclusions of our VIPS memo were definitive and included extensive support data if one looks at the websites that were referred to. The writers of the dissent made no attempt to weigh in on the article with a dissenting view or an alternate theory prior to publication of the VIPS memo. Like everyone else, they had two weeks.

It is important to note that it’s equally plausible that the cited July 5, 2016, event was carried out on a server separate from the DNC or elsewhere, and with data previously copied, transferred, or even exfiltrated from the DNC.

Yes, the claimed “hack” could have been done on a secondary computer (not “server”), but in either case had to come originally from the DNC server. This has no effect on the transfer rate, which precluded a “hack”—a point the authors of the dissenting memo keep missing.

However, independent of transfer/copy speeds, if the data was not on the DNC server on July 5, 2016, then none of this VIPS analysis matters (including the categorically stated fact that the local copy was acquired by an insider) and simply undermines the credibility of any and all analysis in the VIPS memo when joined with this flawed predicate.

The dissent refers to “independent of transfer/copy speeds,” but one cannot simply ignore them, as if they were irrelevant. Also, again, the “Guccifer 2.0” July 4 and 6 posts are being ignored. The dissent’s argument ignores the fact that on July 5, the data was transferred at a speed not obtainable from East Coast ISPs. The transfer rate, however, is entirely consistent with a USB port connected to a portable device such as a thumb drive.

As the author of The Nation article pointed out, our investigations continue. Recent data analysis gives additional support to our key finding—namely, that the speed of the data transfer from the DNC server (22.7 megabytes per second) far exceeded the capability of the Internet in early July 2016. We have now learned that the 22.7-megabytes-per-second speed was merely the average rate for the duration of the data transfer, and that a peak rate of 38 megabytes per second was reached during that transfer. A copy to a thumb drive could handle that peak speed; an Internet hack attempted from abroad could not.

In addition, a subsequent post by the “Forensicator” actually backs away from the VIPS memo and provides additional caveats, including the following statements (among several):

“The Guccifer 2.0 NGP/VAN Metadata Analysis describes a copy operation that (based on the metadata) occurred in the early evening on July 5, 2016. No claim is made in the report that the data might not have been copied earlier nor whether it might have been copied or leaked.”

This is correct, but has no bearing on the conclusions. Direct access was required in either case, whether the alleged “hack” occurred on the DNC server or on a copy made earlier by a person with direct access. The Forensicator is trying, with these later details, to assist those who were confused.

Furthermore, a recent article in the New York Post raises the specter of yet other alternative paths for one or more DNC data breaches. Scott Ritter, a VIPS member, also wrote an article in Truthdig that takes issue with the centerpiece claims of the VIPS memo.

He did, and without mentioning it to VIPS colleagues more technically experienced in these issues. And the Truthdig article contained misstatements of fact, as detailed in e-mails sent within VIPS, including to Ritter, on July 31 regarding claims that the VIPS conclusions are not supported by data, that the transfer rate is irrelevant, etc. It is not clear why the authors of the dissent think that referring to that article poses any challenge to the technical basis for the conclusion that the July 5 metadata was extracted onto a thumb drive. Again, no facts are presented to infer another path.

The bottom line: This VIPS memo was hastily written based on a flawed analysis of third-party analyses and then thrown against the wall, waiting to see if it would stick. This memo could have cited the critical questions raised in the third-party analyses of “Guccifer 2.0” while also asking why the three US intelligence agencies have yet to provide any actual hard proof following their January 6, 2017, assessment.

Flawed analysis? The dissent has presented no evidence of that. Many of the points raised suggest the authors do not fully understand the analysis. With respect to the alleged hacking and the intelligence-community assessment, the VIPS memo pointed to the parallel report to both the Office of Special Counsel and the attorney general, which covers those issues.

[remark added by J. Gruber:

"[Skip Folden] has drafted a more detailed technical report titled “Cyber-Forensic Investigation of ‘Russian Hack’ and Missing Intelligence Community Disclaimers," Source: https://consortiumnews.com/2017/07/24/intel-vets-challenge-russia-hack-evidence/

The VIPS memo is now increasingly politicized because the analysis itself was politicized. It deals only with alleged “Guccifer 2.0” hacking and makes the classic apples-versus-oranges mistake. In an ideal world, VIPS would at least retract its assertion of certainty. Absent real facts regarding proof of leaks or hacks (or both), how many hypotheses can one copy onto the head of a digital pin?

This paragraph is not only misleading, it also impugns the core apolitical nature of VIPS. Again, the dissent seems confused about the main subjects of this discussion and the VIPS memo’s key conclusion—that the July 5, 2016, intrusion into the DNC e-mails, which was blamed on Russia, could not have been a hack—by Russia or anyone else. In that very important forest it is difficult to see through all the bushes and trees on which the dissent chooses to focus.