A forensic report claiming to show that a Democratic National Committee insider, not Russia, stole files from the DNC is full of holes, say cybersecurity experts. “In short, the theory is flawed,” said FireEye’s John Hultquist, director of intelligence analysis at FireEye, a firm that provides forensic analysis and other cybersecurity services. “The author of the report didn’t consider a number of scenarios and breezed right past others. It completely ignores all the evidence that contradicts its claims.” The theory behind the report is that it would have been impossible for information from the DNC to have been hacked due to upload and download speeds. The claims have slowly trickled through the media, finding backers at the right -wing site Breitbart in early June. Last week, the left-wing magazine The Nation published a 4,500-word story on the allegations. The claims are based on metadata from the leaked files, which were published on WikiLeaks during the 2016 presidential election.
Metadata is information recorded in a file for archiving purposes and is not displayed when a file is open. It can include the last date a file is modified and note what software and devices were involved in creating the file, among other information.
When files are copied to a new device, the metadata can record the time each file finishes being duplicated as the time it was “last modified.”
A blogger named “The Forensicator” analyzed the “last modified” times in one set of documents released by Guccifer 2.0. Based on the size of the documents and the times they were downloaded, Forensicator calculated that a hacker was able to copy the files at a speed of more than 20 megabytes per second.