Thomas Rid Profile picture
Oct 14, 2020 20 tweets 6 min read Read on X
CAUTION ADVISED with this morning's Burisma-Biden E-mail story. For several reasons. Image
First, the surfacing. This here is highly suspicious behavior. Especially when viewed in the context of a political campaign. Creative, anonymous, credibility-generating, somewhat plausible. Exactly how a professional would surface disinformation and potentially forgeries. Image
How hard would it be to do some research to identify a nosy, conservative, activist computer repair show owner likely to pass on political dirt, then lure him with stickers on the bait machine? Image
Also, the revealed emails are shared as image files, not in a file format that would contain header information and metadata. That makes it harder to analyze and verify the files. Image
Note that photos, which appear to look genuine, could be there simply to add credibility to forged emails surfaced along with the photos. This would be a standard tactic in disinformation operations. See amazon.com/Active-Measure…
Bottom line: *every individual little fact*—every email, every detail mentioned in an email—must be verified when data is surfaced in such a suspicious way, not just one piece of information, say a photo. It appears that The New York Post did not do that here.
To journalists considering writing about this toxic story: don't—unless you can independently verify more details. And even if you can verify something, acknowledge the possibility of disinformation up-front, especially against the backdrop of 2016. Not doing so is bad practice.
And for the record: I'm not a Biden supporter. I'm not even a voter in the United States. I research disinformation.
One more thing: it is also an old Cold War disinformation tactic to pass information, especially but not exclusively when forged, to low-brow newspapers that have high circulation and low standards of investigation. Ideal for surfacing and amplification.
Just to be clear, clearer than the NYP story itself: the claim is that Hunter Biden himself dropped off *three* MacBooks for data recovery services at the unidentified computer repair shop, on or just before 12 April 2019.

This claim is so specific that it should be verifiable. Image
Also, important, *even if* the computer repair quote and April dropoff can be verified as accurate, that would *still not prove* that emails leaked this morning or in the next days are accurate.
The NYP published some of the leaked emails as PDFs. The metadata show that the emails were generated from Mail on MacOSX (and likely unmodified after the PDF was generated). Two PDFs were created about six months after the alleged repair shop data recovery, on 29/9 and 10/10. ImageImage
We now know the computer store in question. It has excellent reviews. Redactions are hard.
The Biden Campaign, so far, has denied one specific detail: the meeting described in this email, displayed up-front in the NYP story. Note that this email was the only email displayed as an image file, not a (unmodified) PDF printout from Mail in MacOSX. Image
The metadata for this image show that it was edited and prepared for publication with Photoshop yesterday afternoon.

Using an image is perhaps cleaner than a PDF embed (so this might be an editorial decision). But the formatting inconsistency certainly raises even more suspicion Image
These PDF metadata here are getting a lot of attention. It is important to caveat that metadata can be forged, and it's hard to tell if the metadata were tampered with if a formal chain of custody was not observed when handling the artifacts
I see a lot of people rushing to judgement on this story, on both sides of the aisle, claiming to know what’s really going on. That is a mistake.
The whole point of this thread was to say: be careful, withhold judgment. Did Hunter Biden himself hand in the laptop? Still unclear. Did the machine contain hacked files? Unclear. Were forgeries added to the mix? Unclear. Was a foreign intelligence service involved? Also unclear
I will say one thing: if this is a foreign intelligence operation, it has a critical design flaw—one single individual could bring down the surfacing cover story by correcting the record: Hunter Biden. (But then, of course, intelligence operations sometimes have design flaws).

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Thomas Rid

Thomas Rid Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RidT

May 3, 2023
Some of you asked. So here are a few reflections on how I've started using Twitter moving forward—and whatever will come to replace it. Some of you may want to do the same.

Because this approach works even if—when, really—Twitter itself has disappeared.
This, btw, was good nytimes.com/2023/04/18/mag…
Posts on Twitter, or Mastodon, are a bit like public events with drinks afterwards: crucial for inspiration, for meeting people, for keeping up-to-date. But what really matters are the human-to-human connections, not the platform of choice. Bear with me.
Read 9 tweets
May 3, 2023
Hugely significant, precedent-setting outcome of the biggest insurance trial related to a cyberattack ever (I think): NotPetya was not "hostile or warlike action," insurers must pay $1.4B to Merck, ruled New Jersey appellate division judges Monday wsj.com/articles/merck…
Perhaps not how you articulate a winning argument. Image
The full court opinion is a fascinating read njcourts.gov/system/files/c… Image
Read 12 tweets
Apr 16, 2023
This story is interesting. But it straight-up takes my quote out of context. Not great.

Bottom line: I told @josephmenn that I *do not* believe the Russian figures and boasting intercepted and publicized here is credible, in line with historical precedent washingtonpost.com/technology/202…
GlavNIVT's "report" should be treated with a great deal of caution. Surprised the analyst writing this didn't include a stronger caveat. Image
Quoting me as the main person supporting the "drew alarm" line there strikes me as a very poor choice. I was not and am not alarmed by this figure. It is exactly the kind of boasting and self-deception that you would expect from a disinformation shop in an authoritarian system. Image
Read 6 tweets
Feb 19, 2023
This week Google/Mandiant published a blockbuster report on cyber ops in the context of the Russian invasion of Ukraine. Google is probably, next to Microsoft, the company with the most high-res visibility into CNE/CNA in and around the war. A few thoughts blog.google/threat-analysi…
This report is impressive work by a company that has invested an extraordinary amount of resources into defending Ukraine. Google, like Microsoft, deserves credit for doing the right thing and for publishing a big-picture, analytical report on cyber operations in Ukraine.
Also worth nothing that these two firms probably have more comprehensive telemetry than most SIGINT agencies today. Each of them.
Read 12 tweets
Jan 23, 2023
Last week I was a student for five days, five hours per day—with ChatGPT fully integrated into teaching. Here's what we learned, just in time for Spring Term (which starts tomorrow. Class was Malware Analysis, taught by @juanandres_gs @alperovitch) alperovitch.sais.jhu.edu/five-days-in-c…
AI isn’t going to replace people. People who use AI well will replace people who don’t use AI well.
Our little educational experiment with ChatGPT @alperovitch made it into the FT, of sorts Image
Read 4 tweets
Mar 1, 2022
Just wow wow wow. The Ukrainian newspaper Pravda leaked what appear to be personal data of 120,000 Russian soldiers fighting in Ukraine — if confirmed as accurate, we're probably looking at one of the best-timed and most devastating leaks of all time pravda.com.ua/news/2022/03/1…
6,616 pages of names, registration numbers, and places of service of Russians personnel — *just for volume comparison*, and nothing else: that's more pages than were ever published out of the Snowden cache. Image
Ukrayinska Pravda is a serious outlet, claiming to have a "reliable source." Intel penetrations of Russian gov and mil targets appear to be off the charts. GRU and others have a long history of catastrophic OPSEC. Still, I would want to see some independent confirmation here.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(