CAUTION ADVISED with this morning's Burisma-Biden E-mail story. For several reasons.
First, the surfacing. This here is highly suspicious behavior. Especially when viewed in the context of a political campaign. Creative, anonymous, credibility-generating, somewhat plausible. Exactly how a professional would surface disinformation and potentially forgeries.
How hard would it be to do some research to identify a nosy, conservative, activist computer repair show owner likely to pass on political dirt, then lure him with stickers on the bait machine?
Also, the revealed emails are shared as image files, not in a file format that would contain header information and metadata. That makes it harder to analyze and verify the files.
Note that photos, which appear to look genuine, could be there simply to add credibility to forged emails surfaced along with the photos. This would be a standard tactic in disinformation operations. See amazon.com/Active-Measure…
Bottom line: *every individual little fact*—every email, every detail mentioned in an email—must be verified when data is surfaced in such a suspicious way, not just one piece of information, say a photo. It appears that The New York Post did not do that here.
To journalists considering writing about this toxic story: don't—unless you can independently verify more details. And even if you can verify something, acknowledge the possibility of disinformation up-front, especially against the backdrop of 2016. Not doing so is bad practice.
And for the record: I'm not a Biden supporter. I'm not even a voter in the United States. I research disinformation.
One more thing: it is also an old Cold War disinformation tactic to pass information, especially but not exclusively when forged, to low-brow newspapers that have high circulation and low standards of investigation. Ideal for surfacing and amplification.
Just to be clear, clearer than the NYP story itself: the claim is that Hunter Biden himself dropped off *three* MacBooks for data recovery services at the unidentified computer repair shop, on or just before 12 April 2019.
This claim is so specific that it should be verifiable.
Also, important, *even if* the computer repair quote and April dropoff can be verified as accurate, that would *still not prove* that emails leaked this morning or in the next days are accurate.
The NYP published some of the leaked emails as PDFs. The metadata show that the emails were generated from Mail on MacOSX (and likely unmodified after the PDF was generated). Two PDFs were created about six months after the alleged repair shop data recovery, on 29/9 and 10/10.
We now know the computer store in question. It has excellent reviews. Redactions are hard.
The Biden Campaign, so far, has denied one specific detail: the meeting described in this email, displayed up-front in the NYP story. Note that this email was the only email displayed as an image file, not a (unmodified) PDF printout from Mail in MacOSX.
The metadata for this image show that it was edited and prepared for publication with Photoshop yesterday afternoon.
Using an image is perhaps cleaner than a PDF embed (so this might be an editorial decision). But the formatting inconsistency certainly raises even more suspicion
These PDF metadata here are getting a lot of attention. It is important to caveat that metadata can be forged, and it's hard to tell if the metadata were tampered with if a formal chain of custody was not observed when handling the artifacts
I see a lot of people rushing to judgement on this story, on both sides of the aisle, claiming to know what’s really going on. That is a mistake.
The whole point of this thread was to say: be careful, withhold judgment. Did Hunter Biden himself hand in the laptop? Still unclear. Did the machine contain hacked files? Unclear. Were forgeries added to the mix? Unclear. Was a foreign intelligence service involved? Also unclear
I will say one thing: if this is a foreign intelligence operation, it has a critical design flaw—one single individual could bring down the surfacing cover story by correcting the record: Hunter Biden. (But then, of course, intelligence operations sometimes have design flaws).
• • •
Missing some Tweet in this thread? You can try to
force a refresh
An observation on the Taurus leak that I have not seen elsewhere (could have missed it):
The intercepted recording starts with BG Frank Graefe, in Singapore, saying "Hallo," to which the response is "Moin Moin Herr General, Hauptmann Irrgang hier." "Servus." (A common greeting)
Irrgang: "I would add you now, if you like."
Graefe: "Thank you."
Then: automated Webex voice: "You are accessing the conference now."
My interpretation: the general, from a hotel room in Singapore, likely did not join by URL, but called a staff officer to phone-connect him into the meeting. The intercept likely started before entering the Webex session. So that leaves us with two most probable scenarios:
Some of you asked. So here are a few reflections on how I've started using Twitter moving forward—and whatever will come to replace it. Some of you may want to do the same.
Because this approach works even if—when, really—Twitter itself has disappeared.
Posts on Twitter, or Mastodon, are a bit like public events with drinks afterwards: crucial for inspiration, for meeting people, for keeping up-to-date. But what really matters are the human-to-human connections, not the platform of choice. Bear with me.
Hugely significant, precedent-setting outcome of the biggest insurance trial related to a cyberattack ever (I think): NotPetya was not "hostile or warlike action," insurers must pay $1.4B to Merck, ruled New Jersey appellate division judges Monday wsj.com/articles/merck…
Perhaps not how you articulate a winning argument.
This story is interesting. But it straight-up takes my quote out of context. Not great.
Bottom line: I told @josephmenn that I *do not* believe the Russian figures and boasting intercepted and publicized here is credible, in line with historical precedent washingtonpost.com/technology/202…
GlavNIVT's "report" should be treated with a great deal of caution. Surprised the analyst writing this didn't include a stronger caveat.
Quoting me as the main person supporting the "drew alarm" line there strikes me as a very poor choice. I was not and am not alarmed by this figure. It is exactly the kind of boasting and self-deception that you would expect from a disinformation shop in an authoritarian system.
This week Google/Mandiant published a blockbuster report on cyber ops in the context of the Russian invasion of Ukraine. Google is probably, next to Microsoft, the company with the most high-res visibility into CNE/CNA in and around the war. A few thoughts blog.google/threat-analysi…
This report is impressive work by a company that has invested an extraordinary amount of resources into defending Ukraine. Google, like Microsoft, deserves credit for doing the right thing and for publishing a big-picture, analytical report on cyber operations in Ukraine.
Also worth nothing that these two firms probably have more comprehensive telemetry than most SIGINT agencies today. Each of them.
Last week I was a student for five days, five hours per day—with ChatGPT fully integrated into teaching. Here's what we learned, just in time for Spring Term (which starts tomorrow. Class was Malware Analysis, taught by @juanandres_gs@alperovitch) alperovitch.sais.jhu.edu/five-days-in-c…
AI isn’t going to replace people. People who use AI well will replace people who don’t use AI well.
Our little educational experiment with ChatGPT @alperovitch made it into the FT, of sorts