51 comments

[ 2.9 ms ] story [ 105 ms ] thread
"I have proof", but no proof is given.

Perhaps Reddit is just trying to stop a misinformation campaign.

IMO if you're not familiar with the story, this alone makes it worthy of deeper inspection:

"Would you like me to post the last modified times for all of the 35,813 emails? And include the Podesta email last modified times for comparison? Because the Podesta stuff was hacked."

Again, in my opinion, but there are major inconsistencies.

“I have proof” should be followed by the posting of said proof, not an angry response along the lines of “oh, sorry, the proof is too long to actually post; how dare you ask! You ignorant fool!”
So the proof that a certain set of files were not hacked by an expert hacking agency is that the last modified time stamps are not consistent with them...

I remember fooling my 9 year old sister by modifying the metadata for files when I was 14. I didn’t realize expert hackers are incapable of figuring out what I did as a 14 year old.

I can't stand to see this sort of logical inversion take place.

There are exactly two possibilities:

A. The timestamps weren't modified at all, and the modification time on the file truly represents the time at which they were written. ie: the timestamps are a roughly accurate indicator of transfer speed.

B. The timestamps were modified, but the hackers specifically went through the effort to calculate timestamps that align with 23MB/s, and then set those timestamps on the files.

Possibility B is much more contrived, is unfalsifiable, and yet you're defending it as if those that believe Possibility A are the real conspiracy theorists.

In reality, you're the conspiracy theorist! You're saying there must have been an explicit effort (say, a conspiration) to set modification times to align with 23MB/s. It's ridiculous.

There is a much more plausible explanation:

1. The timestamps reflect some process that occurred before the files were uploaded to the internet.

That's it. That's the plausible explanation.

* Secondary transfer to removable media that changed timestamps

* Transfer to network file server, likewise

* Archival

* Compression/decompression

* Encryption/decryption

* Analysis of files that touched them (set timestamp) to indicate completion

Basically any process that proceeded at an average of 23MB/s would produce that pattern. And note, that it doesn't preclude the possibility that the timestamps changed many times between when they were on the DNC server and when they were made public. So indeed, the 23MB/s could indicate removeable media was involved, but it could have been from one Russian intelligence officer's computer to another's.

Occam's razor: the simplest explanation is the most likely one: The timestamps reflect a process that occurred at a rate of about 23MB/s.

We just can't speculate on what process that is.

It'd be interesting to note which application was supposedly used to copy the files around.

eg `rsync -aP` widely used by SysAdmin/DevOps people specifically sets the timestamp of copied files to match their source.

How is it a conspiracy theory that the timestamps were modified? Timestamps aren't difficult to modify and it's not hard to imagine a script introducing jitter to make it realistic. It's also not a stretch to believe that real USB transfers were used to create the timestamp, but it doesn't indicate that the primary hack/exfiltration was done via a USB transfer.

I don't think you know what a conspiracy theory is or why they tend to be ridiculous.

It's hardly wild to think that a bad actor capable of exfiltrating sensitive data might also cover its tracks by easily modifying metadata of files that the bad actor itself is leaking. That's not a conspiracy at all, timestamps can be modified alone without much difficulty and without recruiting a conspiracy of people and institutions.

Binney's argument, however, is wildly conspiratorial. Let me highlight a quote from the AMA [1]:

> They all blocked any reference to the forensic evidence we were coming up with, publicly. They were all part of it. It includes the Mueller investigation and the Rosenstein indictments.

Apparently it's more likely that multiple political and judicial institutions were "part" of an effort to block critical evidence. But wait, there's more:

> The MSM doesn't want anyone to know it happened!

Ah, all the "mainstream media" outlets were also in on it! Apparently they also worked with the multiple political and judicial institutions to hide this fact from the people.

Apparently The Mueller report, the intelligence agencies, the Senate Select Committee on Intelligence are all wrong, were all part of an effort to hide important evidence, and even the many organizations that comprise the "Mainstream Media" are all in it together to stop people from knowing about it.

Wow, this is a secret and intimate collaboration between massive organizations on a scale we've never seen before. It's ridiculous.

It's not that I don't believe timestamps are usually accurate, it's that I don't believe easily modifiable timestamps is more reliable as evidence than the extensive intelligence and investigation carried out and reported by multiple independent institutions.

[1] https://www.reddit.com/r/IAmA/comments/igeixp/i_am_william_b...

i’m so glad we have reddit here to baby me and make sure no big bad “mis information” ever hits my precious ears. who knows what dangerous thing could happen. i might be forced to use critical thinking and evaluate claims on their values.

i’m so glad billion dollar corporations do my thinking for me :)

According to the subreddit mods:

> EDIT: OP is making very bold claims with insufficient proof. This AMA has devolved into a significant vector for disinformation. We have removed and locked it.

The headline is a bit misleading.

Is it “Reddit” as a company shutting it down, or an unpaid mod team?

Is the AMA mod team employed by the company?

Please don't enable the spread of disinformation.
How is this misinformation?
The basis of William Binney and Patrick Lawrence and other grifters is:

1. Filesystem timestamps are a reliable indicator of transfer speed, mechanism of transfer, or anything at all 2. It's impossible to transfer files over 23MB/s over the internet

The first is hard to disprove, admittedly. There might be some cases in which filesystem timestamps, which can be changed by all sorts of different things, are relevant.

The second though is laughably absurd. I don't know what internet the DNC server hosted in a colocation facility had. I do know for a fact that from my residential internet connection in Iowa I could transfer data well in excess of 23MB/s (a mere 184mbps) over the internet, even to servers in Russia.

From these two claims above, they state without any reservation that the DNC hack must have been an inside job, that Russia was never involved, etc. The intelligence community, the Mueller report, and multiple bipartisan Senate Select Committee on Intelligence reports all point to the hack being committed by Russian state actors.

> 1. Filesystem timestamps are a reliable indicator of transfer speed, mechanism of transfer, or anything at all

How do you figure they're not? Can you explain this?

Obviously they can be modified after the fact, but you seem to be presenting a wild theory that the timestamps were presumably modified after-the-fact to represent 23MB/s. That's a wild unfalsifiable theory with zero evidence. The most likely and reasonable explanation is that the timestamps line up with 23MB/s because they were actually transferred at 23MB/s.

> How do you figure they're not? Can you explain this?

Filesystem timestamps are based on local clocks, various command line arguments and tools to package up files can manipulate those timestamps, and there are ways to simply _set_ them to whatever one wants.

That the alleged transfer speed was 23MB/s is not proof of anything on its own, and it certainly isn't proof that it's impossible that it was a hack.

The allegation from Patrick Lawrence's 2017 article in The Nation, since repeated by countless grifters, has consistently been:

> “Transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance,”

This is so laughably false that you should immediately doubt anyone who repeats that as if it were a fact.

> Filesystem timestamps are based on local clocks, various command line arguments and tools to package up files can manipulate those timestamps, and there are ways to simply _set_ them to whatever one wants.

Right. I just said that in the comment you're replying to...

But that's a pretty wild theory you're presenting, isn't it? Why would they transfer at some speed, then go back and calculate timestamps to make it seem like the modified times line up with a transfer at 23MB/s? Isn't it much more reasonable to just assume that the files, y'know, were actually transferred at 23MB/s?

> That the alleged transfer speed was 23MB/s is not proof of anything on its own, and it certainly isn't proof that it's impossible that it was a hack.

Agreed. It's not proof. It's just evidence. But when there isn't proof to be had, what else can we go off of except evidence?

Because the evidence is nonsense! It's not proof of what the authors, Patrick Lawrence or William Binney, or anyone else, claim!

Their central thesis is, and it pains me to repeat this:

(This is a false claim.) "The DNC files could not have been transferred over the internet because a speed of 23MB/s is impossible."

That is demonstrably, laughably false. The fact that on Hacker News we're disputing whether or not it's possible to transfer files over 23MB/s is absurd! OF COURSE IT IS!

As for why the timestamps might reflect that speed, there are many possible reasons:

* That was the actual speed of the initial transfer/dump from the DNC - whether over the internet or to a USB2 flash drive

* The timestamps were planted to provide plausible deniability or disinformation

* The timestamps were the result of a program producing files at a rate of 23MB/s, such as: a secondary transfer to a flash drive after the hack occurred, an archival or unarchival process, a compression or encryption process, copying to a network storage server, or an analysis process step that touched each file and averaged 23MB/s.

Since there are many possible ways to get to 23MB/s, it's not proof, or even evidence, of what the authors claim.

His evidence is incredibly flimsy at best and his point about transfer speeds is flat out wrong.
If it's misinformation then that means no one is allowed to view it out of curiosity? Surely if you watch misinformation with the prior knowledge that it is misinformation you aren't susceptible to said misinformation?
That's outrageous. If someone is a public figure, they should be allowed to speak.
They allowed him to speak. The mods also made it clear that unsubstantiated claims (from users or the guest) would not be productive and would devolve - yet he did it anyways.

I think it's safe to say the audience was aware of his POV, so expected more than regurgitation.

Who will substantiate the substantiators?
The central component of the allegation that the DNC leak was an inside job as opposed to a hack has been repeated by writers at Consortium News and by journalist Patrick Lawrence:

> Key among the findings of the independent forensic investigations is the conclusion that the DNC data was copied onto a storage device at a speed that far exceeds an Internet capability for a remote hack.

Here's the article from Patrick Lawrence in 2017 (https://www.thenation.com/article/archive/a-new-report-raise...) and a quote:

> “A speed of 22.7 megabytes is simply unobtainable, especially if we are talking about a transoceanic data transfer,” Folden said. “Based on the data we now have, what we’ve been calling a hack is impossible.” Last week Forensicator reported on a speed test he conducted more recently. It tightens the case considerably. “Transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance,” he wrote. “Further, local copy speeds are measured, demonstrating that 23 MB/s is a typical transfer rate when using a USB–2 flash device (thumb drive).”

I have two issues here:

1. The basis for this allegation is nonsense. Filesystem timestamps using local clocks are not a reliable indicator of transfer speed.

2. Back in 2017, I lived in Cedar Falls, Iowa. I was fortunate to live in a place with a municipal fiber optic internet connection, and I wrote to The Nation and to Patrick Lawrence and tweeted at them back then. I was able to get far in excess of 23 MB/s using my residential internet connection to servers in Russia, from Iowa. Here's a screenshot I took back then: https://twitter.com/AaronFriel/status/896072426143993856

I raised this with Patrick Lawrence, aka @thefloutist, on Twitter back then and the article in The Nation was never retracted or fact checked, and this absurd claim keeps being repeated.

The argument isn't that 23MB/s is so outrageously fast that it must be from a USB drive and couldn't be from the internet. The argument is that 23 MB/s is a peculiar number because it is so close to USB 2 max throughput (480Mbit in spec, but practically closer to 280Mbit due to bus access overhead and underlying storage limitations.) It's not at all unreasonable to expect that a USB2 mass storage device would cap out around there for write speeds on a larger USB 2 flash drive.

What's more relevant is the jitter on the timestamps. IF it was just an average of 23MB/s, I'd agree with you. But what I suspect is that it's sustained 23MB/s with little variation.

Putting aside wild theories about the timestamps being intentionally modified to represent a USB transfer, a sustained 23MB/s with no variation is awfully characteristic of a USB transfer.

This is again absurd.

You have simply regurgitated a series of numbers without evidence. Meanwhile:

The Mueller report and grand jury indictments against Russian state actors, the intelligence community's public statements, and the bipartisan assessment of the Senate Select Committee on Intelligence all dispute these coincidences.

Your numbers do not make sense. You write 480mbps, then you write 280mbps, but 23MB/s is 183mbps. It's also a perfectly reasonable sustained speed to get for a file transfer over the internet!

As Patrick Lawrence's source described:

> “Transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance,”

This is obviously false, obviously disinformation, obviously wrong. Anyone could prove it wrong in 2017, I did, and I emailed, wrote, and tweeted at Patrick Lawrence and The Nation in 2017 and it was never retracted. It doesn't belong in any reporting, period, let alone reporting on the hack of the DNC servers.

> Your numbers do not make sense. You write 480mbps, then you write 280mbps, but 23MB/s is 183mbps.

There's a series of bottlenecks. The spec bottleneck is 480mbit, but it's further constrained by bus access to something like 280mbit, which is further constrained by the underlying storage medium to something in the ballpark of 20MB/s to 30MB/s. It depends on the particular flash chip in the device. Try it yourself with a handful of older usb2 drives and see.

> > “Transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance,”

You're being uncharitable. Maybe what he's saying isn't that the overall transfer rate is impossible over the internet, but he's saying that a sustained unvarying 23MB/s transfer is unlikely over the internet. I think most reasonable techies would agree that the former isn't true (aka: I agree with you), but the latter is a much more interesting claim. It's definitely not total nonsense, as you're making it out to be.

It is absolutely total nonsense and it is the basis for the following proposition:

(The following is not true!) "It is impossible to transfer files at a speed over 23MB/s over the Internet."

If we accept that proposition as true, then yes, there is maybe a world in which we can discredit the DNC hack as an inside job, if we conditionally also believe that the timestamps accurately reflect the transfer speed and not, say, the result of the files being transferred at some point after the hack.

For example, if the hackers transferred the files to a thumb drive. Or to a file server. Or they archived the files then unarchived them with fresh timestamps and the rate of decompression was ~23MB/s. There are many, many different ways to get file timestamps that reflect a transfer speed of 23MB/s at any point after the initial transfer.

These are the two key propositions to believe the inside job argument.

On the other hand, grand juries, the intelligence community, the Mueller report, and the bipartisan consensus of the Senate Select Committee on Intelligence all agree those propositions are nonsense.

It provides some indication that it may have been transferred to USB at some point.

That point could be directly from the server, or from the hacker's computer to a USB drive, or from a USB drive to another computer.

It says nothing about the original hack.

Imagine being a russiagate conspiracy theorist in 2020
I had that speed to the US West Coast over Hyperoptic gigabit in 2017 from London. Very steady. There are qualifiers that are missing from the claim, I agree.
Agreed. A work colleague at Red Hat in the UK back in ~2014/2015 had a FTTH home internet connection, and he could download from public servers at 70MB/s.

So, ~20MB/s isn't "simply unobtainable" though I agree the figure is suspiciously like USB2 speeds for cheapo flash drives. eg the ones with slow write speeds

I mean the better question is what speed did the ISP provide at the termination. And if this was moved off-site then uploaded at a higher speed.

27MB/sec is nothing crazy on regular commercial plan.

Now if they have information that they office had a crappy 100/20mb TWC plan... Sure

It's not only the speed. All of the timestamps of the files are even numbers, which is indicative of a FAT file system.

> "The directory entry for the FAT file system only has a 5-bit field for storing the number of seconds in the time. This limits the number stored in the field to the range 0-31, which is multiplied by two to obtain the number of seconds."

The timestamps appear to have been copied to a FAT filesystem (common for USB devices) on May 25, 2016.

https://turcopolier.typepad.com/sic_semper_tyrannis/2019/04/...

(comment deleted)
Binney seems like such an interesting person who stood up for what most folks on HN would probably agree with - that the government had been overreaching in surveillance - and he was mostly sidelined for his opinions.

People shunned by the establishment often end up being abused by the enemies of the establishment - so in this case, Fox and Infowars who would love to give this guy time on air.

He could be right, but I think his lack of awareness of why he might be wrong has really hurt him, he seems to like the attention he's been missing for the past twenty years, so I guess we're all human.

I think I will cancel my monthly support for Reddit, partly over this and partly because I find it less valuable than Twitter and HN and don't visit that often anymore.

BTW, in general I support whistle blowers - they play an important part in free and open governments. I have heard Bill Binney before and thought that his experience and opinions were interesting.

Ever since my service in the Navy I've thought that whistleblowers (1) should definitely speak out, and (2) should be prepared to suffer the consequences.
What do you think these consequences should be?

What do you think of the consequences suffered by those who were exposed?

Consequences for the whistleblower should depend on the laws that were in place when (or if) they broke the law. For example, Edward Snowden probably committed treason and that carries a harsh penalty but it is good that he leaked the NSA classified docs.

Not sure what you mean by exposed, but I think the same logic applies. Those who suffered harm should get redress. Those who committed harm should be punished.

while i disagree with the Forenaicator's theory that file time stamps prove it was Seth Rich and not GRU, i think this is shameless censorship by Reddit.

Aaron Shwartz would be disgusted by what Reddit has become.

instead of censorship, the correct approach would be to refute Binney and Forensicator's claims with counter evidence. file time stamps can be trivially modified to whatever you want and so cannot be trusted. as we saw from the CIA Vault7 leaks on Wikileaks, CIA had dozens and dozens of programs for forging metadata in files to frame foreign govts with attribution, which is one of the biggest reasons why the whole narrative that Russia hacked the DNC is on shaky ground.

(comment deleted)
"we have an economic phenomenon sometimes called the lemons problem. Suppose you want to sell a used car, and I’m looking for a car to buy. From my perspective, I have to worry that your car might be a “lemon”—that it has a serious mechanical problem that doesn’t appear every time you start the car, and is difficult or impossible to fix. Now, you know that your car isn’t a lemon. But if I ask you, “Hey, is this car a lemon?” and you answer “No,” I can’t trust your answer, because you’re incentivized to answer “No” either way. Hearing you say “No” isn’t much Bayesian evidence. Asymmetric information conditions can persist even in cases where, like an honest seller meeting an honest buyer, both parties have strong incentives for accurate information to be conveyed."

Yudkowsky, Eliezer. Inadequate Equilibria: Where and How Civilizations Get Stuck (pp. 49-50). Machine Intelligence Research Institute. Kindle Edition.

Calculating transfer rates based on time-stamps is ridiculous. At any point from source to destination, the individual files making up the emails could have been aggregated, transferred, and then disaggregated, potentially multiple times. Preserving time meta-data during these sorts of operations can go wrong even when one is trying to preserve it. The delta file times could simply reflect the transfer rate of the final disaggregation step in the chain. This could have been a from a directly connected storage device over a less than full-disk-speed interface, or from such a device accessed over a network.
Reddit is just another propaganda arm in the same vein as FB, Twitter and the rest.

As usual when these things come up, jedberg is very quiet.

I looked at the linked thread and don't see anything to substantiate the claim in the title here. It looks to me like the thread was shut down by the AMA mods, not the Reddit Admins.

https://www.reddit.com/r/IAmA/comments/igeixp/i_am_william_b...

> While this is a fascinating topic from a notable public figure, the mod team would like to remind everyone not to believe everything they read on the internet. Normally, we’d hesitate to allow an AMA with a topic like this at all, but Mr. Binney meets our notability qualifications better than most, and he has the support today of a US Senate candidate. Consequently, we think it’s important we offer them this platform to share their views. That being said, we have a policy against disinformation being shared on this subreddit: we won’t hesitate to remove harmful disinformation if posted by the OP or users, particularly if it’s harmful to innocent people or spreads incorrect information about elections and voting. We also encourage all users and AMA participants to review Reddit’s site-wide rules carefully before posting - it would be quite easy to let this AMA venture into territory that would get it shut down by the Reddit Safety teams. > > EDIT: OP is making very bold claims with insufficient proof. This AMA has devolved into a significant vector for disinformation. We have removed and locked it.

Thank God those subreddit admins are keeping us safe from disinformation. We wouldn't want anyone to think.