Russiagate Exposed: It’s a Fraud

The Truth that’s Being Hidden from the Public

Eric Zuesse

It has now been incontrovertibly proven that the time-stamps and other data in the Democratic National Committee (DNC) files that were leaked to Wikileaks are consistent with those files having been leaked by a person who was inside the DNC and not by an external hacker as has been presumed by all of the ‘news’-reports that this was a ‘hack’ of any sort — not from Russia nor from anywhere else outside the building, much less from outside the east coast time zone. There’s a very real scandal involved in this matter, but it is extremely different from the Russia-hack narrative, and it will be revealed here (for the first time anywhere) at the very end. But, first things first — and that’s what the previous investigators have now proven:

On July 9th, was published at Disobedient Media a report that not only discredits the ‘news’ reports that the Russian government (or anyone else in Russia) ‘hacked the election’ — discredits the very core of the Russiagate story — but that shows the ‘hacks’ were instead likelier leaks, to Wikileaks, by someone who had physical access to the computers at the Democratic National Committee, and who, in any case, was clearly and incontrovertibly operating only within the time-zone of America’s east coast — not at all in Russia, nor anywhere else outside that time zone.

In other words: it shows that the data itself provide indications that this was a leak instead of any hack at all: that the former UK Ambassador to Uzbekistan, Craig Murray (who claimed to have picked up the data-recording device from the leaker in DC and brought it to his friend Julian Assange at the Ecuadorean Embassy in London) was correct when he had said that he picked the file up from an insider who gave it to him in Washington DC — that the data themselves are more consistent with that than with the ‘hack’ interpretation of the narrative of how Wikileaks obtained these data.

So, now we have not only Murray’s testimony about it, and we have not only my own investigation showing that Murray had, in fact, been in Washington DC at the very time he says he had picked up the information physically in DC from the leaker there, but we also now have — as of July 9th — the technical proof of its having likely been transferred to Wikileaks by means of a leak instead of a hack. Even the data that were transferred are entirely consistent with this having been a voluntary release of this information.

Consequently, any ‘news’medium, after July 9th, which still ‘reports’ about Russiagate, which so much as even just suggests that people in Russia ‘hacked’ these data from the DNC, are now the lowest order of fake ‘journalism’, not an authentic journalistic operation at all, but pure propaganda. How long will it take for that lie (the Russiagate-myth) to stop being published as being established truth by the U.S. (and its allied) ‘news’ media? But it continues to be embellished, as if that basic storyline is likely or even definitely true. It is much likelier false than true.

Here then will be presented, first of all, a generally good summary dated July 15th, of this important new information, a summary of what was published on July 9th by Disobedient Media; and I am here publishing a transcript that I have made of this video, which was uploaded to youtube on July 15th, in which, by means of questions and answers, the gist of the findings in the July 9th report and of how the findings had been obtained, is set forth, in that July 15th video, which is titled, “TV Exclusive: Forensic investigator says DNC computer hacked locally”:

A forensics expert has determined that the DNC computers were hacked locally by someone with physical access to the DNC network and not by someone far away like the Russians. This story was broken online by the hot new investigative website called Disobedient Media. The forensic expert handed over the information to the reporter Elizabeth Vos. Joining me this time out of Iowa City Iowa is the managing editor of Disobedient, Ethan Lyle; Ethan, welcome to the show.

Thank you.

Ethan, no one has been sitting on this story you guys are. Tell us how you got this information and what we know.

Elizabeth Vos, Disobedient Media’s associate editor — a man named Adam Carter reached out to her. And he had an analysis from somebody online named The Forensicator.

Let me ask you: Who was Adam Carter? Adam Carter got this and gave it to you guys; who is he?

He’s an independent journalist [who had, in fact, long been working on this case]. And, so, [as Carter called to Vos’s attention] an anonymous blog of a forensic analyst looked at the data, and he had noticed that because of the transfer-speed and the timing of those transfers [it was actually only one transfer], that they were [the person was on the] east coast, and they [the files] had to have been accessed in the east coast. They were initially copied in the east coast, he guaranteed [the person actually demonstrated, not ‘guaranteed’] that … the likelihood of it [the file] being accessed initially from anywhere but the east coast, is impossible [proven so, by that analyst, “the forensicator”].

So, what that means in layman’s terms is again that the DNC computer network which the media tells us and the DNC tells us was hacked by the Russians, … that it was physically accessed by someone within close proximity of the DNC?

Correct. Given metadata and … the transfer and the stop times in between them, the only likely scenario is that it was accessed from inside of the Local Area Network of the DNC or with a USB drive into a computer [in] which you would have to be inside the building.

Now, I don’t want to sound like a conspiracy theorist because there’s a lot more work to be done here, but … those computers were hacked five days prior to Seth Rich’s untimely demise if I’m not mistake, is that not correct?

That’s correct and it’s important to state that this does not indicate that Seth Rich was the person that accessed the files, because they [the DNC] won’t turn over their logs to the FBI. There’s no way to tell which credentials were used to get into the system.

Since you have broken this story online, has anyone in law enforcement reached out to you?

No, they have not.

Anyone from CNN, Fox News, MSNBC, the New York Times?

Absolutely not. (3:51)

At this stage, this cover-up by the government and press is even bigger than the crime by the pro-Clinton DNC insiders (which had used, as I’ll indicate, the chief PR agency for NATO, to do this — to generate and spread this lie) who are trying to provoke even more fear and hatred of Russia than they already have cooked-up and generated. Adam Carter on July 16th, said that “The MSM have kept this hidden from viewers for almost 150 days”, but certainly it has been hidden now, after it was conclusively proven, on July 9th.

Here, then, are the openings of those more detailed sources reporting on this, first being the news-report by Elizabeth Vos, and then the original analysis by The Forensicator (which report Vos was restating well in non-technical terms):


New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked

9 July 2017, Elizabeth Vos

New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.

The document supplied to Disobedient Media via Adam Carter was authored by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis indicates the data was almost certainly not accessed initially by a remote hacker, much less one in Russia. If true, this analysis obliterates the Russian hacking narrative completely.

The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title “NGP-VAN.”  This should not be confused with the separate publication of the DNC emails by Wikileaks. This article focuses solely on evidence stemming from the files published by Guccifer 2.0. …

Guccifer 2.0 NGP/VAN Metadata Analysis


8 July 2017: Thanks go out to Elizabeth Vos at Disobedient Media who was the first to report on this analysis; her article can be read here. Thanks also to Adam Carter who maintains the web site — the one stop shop for information that relates to Guccifer 2.0. You can reach Elizabeth and Adam on Twitter.


This study analyzes the file metadata found in a 7zip archive file, 7dc58-ngp-van.7z, attributed to the Guccifer 2.0 persona. For an in depth analysis of various aspects of the controversy surrounding Guccifer 2.0, refer to Adam Carter’s blog, Guccifer 2.0: Game Over.

Based on the analysis that is detailed below, the following key findings are presented:

• On 7/5/2016 at approximately 6:45 PM Eastern time, someone copied the data that eventually appears on the “NGP VAN” 7zip file (the subject of this analysis). This 7zip file was published by a persona named Guccifer 2, two months later on September 13, 2016.

• Due to the estimated speed of transfer (23 MB/s) calculated in this study, it is unlikely that this initial data transfer could have been done remotely over the Internet.

• The initial copying activity was likely done from a computer system that had direct access to the data. By “direct access” we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high speed network (LAN).

• They may have copied a much larger collection of data than the data present in the NGP VAN 7zip. This larger collection of data may have been as large as 19 GB.  In that scenario the NGP VAN 7zip file represents only 1/10th of the total amount of material taken.

• This initial copying activity was done on a system where Eastern Daylight Time (EDT) settings were in force. Most likely, the computer used to initially copy the data was located somewhere on the East Coast.

• The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).

• A Linux OS may have been booted from a USB flash drive and the data may have been copied back to the same flash drive, which will likely have been formatted with the Linux (ext4) file system.

• On September 1, 2016, two months after copying the initial large collection of (alleged) DNC related content (the so-called NGP/VAN data), a subset was transferred to working directories on a system running Windows. The .rar files included in the final 7zip file were built from those working directories.

• The computer system where the working directories were built had Eastern Daylight Time (EDT) settings in force. Most likely, this system was located somewhere on the East Coast.

• The .rar files and plain files that eventually end up in the “NGP VAN” 7zip file disclosed by Guccifer 2.0 on 9/13/2016 were likely first copied to a USB flash drive, which served as the source data for the final 7zip file. There is no information to determine when or where the final 7zip file was built.


The Guccifer 2 “NGP VAN” files are found in a password protected 7zip file; instructions for downloading this 7zip file can be found at

Technical note: the size of the 7zip file is 711,396,436 bytes and the MD5 sum is: a6ca56d03073ce6377922171fc8b232d.

This .7z file contains several .rar files – one for each top-level directory, as shown below.

The times shown above are in Pacific Daylight Savings Time (PDT). The embedded .rar files are highlighted in yellow. The “*” after each file indicates that the file is password encrypted.  This display of the file entries is shown when the .7z file is opened. A password is required to extract the constituent files. This aspect of the .7z file likely motivated zipping the sub-directories (e.g. CNBC and DNC) into .rar files; this effectively hides the structure of the sub-directories, unless the password is provided and the sub-directories are then extracted. …

Finally, here, is the issue of NATO’s role in this. Elizabeth Vos’s article goes on to say:

This article focuses solely on evidence stemming from the files published by Guccifer 2.0, which were previously discussed in depth by Adam Carter.

Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.

The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” Carter’s website was described by Wikileaks as a useful source of primary information specifically regarding Guccifer 2.0.

She had gotten that information from the founder of Disobedient Media, William Craddick. However, Craddick’s assumption that Soros was involved in this particular operation is not supported by any evidence he links to or otherwise cites. Craddick’s article, which was published back on 5 April 2017, “Cyber Firm Behind “Russian Hacking” Claims Has Ties To Soros-Supported Think Tank”, simply assumed that the Atlantic Council was a Soros operation. The actual fact is that the Atlantic Council is far bigger than Soros or any other single billionaire who backs it. And, all that Craddick actually shows is that the cyber firm behind the ‘Russian hacking’ claims has ties to the Atlantic Council. That’s a very big difference: this was, in fact, a NATO-connected operation, not merely an operation by one billionaire who is behind NATO. The Atlantic Council is the main PR agency for NATO; it actually was set up in 1961 by founders and associates of NATO for that very purpose. So, to mention Soros’s name as the alleged source for this particular smear-Russia operation is a big mistake, and is importantly misleading. If Soros has had anything to do with this operation (‘Russiagate’), then neither Craddick nor his Disobedient Media has, as of yet, presented any evidence of it. For them to not only state such a connection in their ‘news’ story, but to headline that ‘news’ report with “Soros” instead of with “NATO,” is irresponsible, a major error on their part, especially because their ‘news’ report provided no evidence for that allegation, and also because Craddick and his website appear to be tragically ignorant of the most fundamental fact about the Atlantic Council — its being NATO’s chief propaganda-arm.

Russiagate isn’t merely a fraud and a smear by the Democratic Party; it is a fraud and a smear by NATO. NATO represents the entire U.S. aristocracy — not merely that aristocracy’s Democratic Party contingent, but both contingents (and certainly not just one billionaire, such as Soros).

In order to understand the historical origin of this operation, I have explained that here. In order to understand the economic interests that are behind it, I’ve explained that here.

CORRECTION (& SUMMARY): The initial version of this news-report was too certain that there is no way that a possibility exists that this was a hack instead of a leak. I have revised the opening here in order to rectify that false assumption that it couldn’t even possibly have been a hack. What remains of this article is that not only Craig Murray’s testimony, but also the data themselves, are consistent with the leak-interpretation of the information-transfer’s source, and — the most important thing in this news-report — that the ‘news’-articles that have been published which allege this to have been a hack from Russia are sourced from operatives of NATO’s main PR agency, the Atlantic Council.


Investigative historian Eric Zuesse is the author, most recently, of  They’re Not Even Close: The Democratic vs. Republican Economic Records, 1910-2010, and of  CHRIST’S VENTRILOQUISTS: The Event that Created Christianity.