Thomas Rid Profile picture
14 Oct, 20 tweets, 6 min read
CAUTION ADVISED with this morning's Burisma-Biden E-mail story. For several reasons. Image
First, the surfacing. This here is highly suspicious behavior. Especially when viewed in the context of a political campaign. Creative, anonymous, credibility-generating, somewhat plausible. Exactly how a professional would surface disinformation and potentially forgeries. Image
How hard would it be to do some research to identify a nosy, conservative, activist computer repair show owner likely to pass on political dirt, then lure him with stickers on the bait machine? Image
Also, the revealed emails are shared as image files, not in a file format that would contain header information and metadata. That makes it harder to analyze and verify the files. Image
Note that photos, which appear to look genuine, could be there simply to add credibility to forged emails surfaced along with the photos. This would be a standard tactic in disinformation operations. See…
Bottom line: *every individual little fact*—every email, every detail mentioned in an email—must be verified when data is surfaced in such a suspicious way, not just one piece of information, say a photo. It appears that The New York Post did not do that here.
To journalists considering writing about this toxic story: don't—unless you can independently verify more details. And even if you can verify something, acknowledge the possibility of disinformation up-front, especially against the backdrop of 2016. Not doing so is bad practice.
And for the record: I'm not a Biden supporter. I'm not even a voter in the United States. I research disinformation.
One more thing: it is also an old Cold War disinformation tactic to pass information, especially but not exclusively when forged, to low-brow newspapers that have high circulation and low standards of investigation. Ideal for surfacing and amplification.
Just to be clear, clearer than the NYP story itself: the claim is that Hunter Biden himself dropped off *three* MacBooks for data recovery services at the unidentified computer repair shop, on or just before 12 April 2019.

This claim is so specific that it should be verifiable. Image
Also, important, *even if* the computer repair quote and April dropoff can be verified as accurate, that would *still not prove* that emails leaked this morning or in the next days are accurate.
The NYP published some of the leaked emails as PDFs. The metadata show that the emails were generated from Mail on MacOSX (and likely unmodified after the PDF was generated). Two PDFs were created about six months after the alleged repair shop data recovery, on 29/9 and 10/10. ImageImage
We now know the computer store in question. It has excellent reviews. Redactions are hard.
The Biden Campaign, so far, has denied one specific detail: the meeting described in this email, displayed up-front in the NYP story. Note that this email was the only email displayed as an image file, not a (unmodified) PDF printout from Mail in MacOSX. Image
The metadata for this image show that it was edited and prepared for publication with Photoshop yesterday afternoon.

Using an image is perhaps cleaner than a PDF embed (so this might be an editorial decision). But the formatting inconsistency certainly raises even more suspicion Image
These PDF metadata here are getting a lot of attention. It is important to caveat that metadata can be forged, and it's hard to tell if the metadata were tampered with if a formal chain of custody was not observed when handling the artifacts
I see a lot of people rushing to judgement on this story, on both sides of the aisle, claiming to know what’s really going on. That is a mistake.
The whole point of this thread was to say: be careful, withhold judgment. Did Hunter Biden himself hand in the laptop? Still unclear. Did the machine contain hacked files? Unclear. Were forgeries added to the mix? Unclear. Was a foreign intelligence service involved? Also unclear
I will say one thing: if this is a foreign intelligence operation, it has a critical design flaw—one single individual could bring down the surfacing cover story by correcting the record: Hunter Biden. (But then, of course, intelligence operations sometimes have design flaws).

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Thomas Rid

Thomas Rid Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RidT

5 Nov
Trump’s very impressive results in 2020, even if he loses, should put another big nail in the coffin of the theory that he owed his win in 2016 to Russian interference (or Comey’s).
Yes. Healthy democracies face their problems and try to fix them, not blame them on others.
“Impressive“ because this election should not have been this close, not by any measure.
Read 5 tweets
23 Oct
An extraordinary find. We are apparently looking at the photo of a WhatsApp endpoint, a Blackberry, allegedly belonging to Hunter Biden, while logged into a Russian cellphone network. This picture is unlikely to come from the mysterious Delaware laptop. So many questions.
If this text was sent to Hunter, as opposed to received by him, that raises even more unpleasant questions: how did this photo make its way from an MTS ROS cellphone network to Fox News, and was Giuliani the conduit?
Read 4 tweets
19 Oct
Today's GRU indictment is an incredible document. The Five Eyes intelligence communities, I would suspect, must have stunning visibility into Russian military intelligence operations if today's disclosures are considered dispensable…
Note: Russian military intelligence camouflaged as North Korean
Whoever wrote that paragraph probably had a smirk on their face
Read 8 tweets
15 Oct
Oh, it appears that Rudy Giuliani misspoke to the WSJ this morning, about those leaked files. Here, I fixed it.… Also, let's add a few examples of hack-forge-leak. Image
March 2014 example of hack-forge-leak, from ACTIVE MEASUREs, p. 354–359. The real hacked emails, of a Ukrainian colonel, are in the "all" folder. Three juicy forgeries are in "more interesting" folder. Image
Two examples of forged emails slipped into this genuine March 2014 hack (and then leaked). ImageImage
Read 6 tweets
25 Sep
This week was remarkable: the FBI warned of new active measures; Facebook took down several noteworthy Russian influence campaigns and — rightly — warned of a potential hack-and-leak; and now the Washington Post has issued guidelines on how to deal with a hack-forge-leak.
On the one hand we collectively exaggerated the impact of the 2016 interference, by a large margin.¹ The result: foreign and domestic actors concluded disinformation works, and have invested resources accordingly.

¹ See ACTIVE MEASURES, chapter “Trolled”…
Foreign operators have improved their operational security, the evidence shows. But in active measures, OPSEC (usually) comes at the expense of effectiveness.
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!