Read on Twitter
THREAD: what conclusions can we make about the source of the julian assange wikileaks DNC email leaks?
For context, we are talking about two releases of DNC emails. The first wikileaks release was over 20,000 emails with attachments on July 22, 2016 included emails from 7 DNC email (exchange server) accounts.
The 2nd wikileaks release was claimed as over 8000 emails but including duplicates its about 20000 or the approximate same size dump as the 1st. The 2nd release was on November 6, 2016, just two days before the election. It included emails from 3 source DNC email accounts.
The source accounts were certainly not people of value even though some higher DNC people of value did get caught up in damaging email content. (Like Debbie Wasserman Schultz)
We can determine the source accounts by looking at the email header source. All emails sitting on an exchange server account fit in one of three categories.
1. External received: meaning someone outside sent the email to a DNC account.
1. External received: meaning someone outside sent the email to a DNC account.
2. Internal received: meaning an email sent from someone with a DNC exchange server account sent the email to someone also within the same DNC exchange server
3. Sent email: Meaning someone with an account on the DNC exchange server sent the email. This type would include both sent internally and externally.
When you look at the wikileaks leaks you can easily determine which type of the 3 categories it fits in if you know what to look for in the email source header structure. It's pretty straightforward and details explained elsewhere like here. https://theforensicator.wordpress.com/sorting-the-wikileaks-dnc-emails/
I am purposefully ignoring some of the conclusions of theforensicator. Attribution is not the intentions here. This thread is more about conclusions we can make about the source(s).
This provides the exchange server email accounts as the source of the leaks (a total of 10 accounts) The first 7 accounts are listed here
Next thing of value is a file modified date. The 1st wikileaks dump included file attachment modified dates. The modified date usually gets updated when a file is created, copied, or changed.
The wonderful thing about those modified dates they are very close in time after the last email timestamp for each account.
Now the modied date can be modied (manipulated) but since each modified date appears so close after the last actual email timestamp for each account that's not what happened.
But in fact this became public info after the 1st wikileaks release in July and then that data field in the November release was stripped of modified dates before release (or during capture) by the provider or wikileaks, likely the provider.
The modied dates tell us a lot. The account .eml files were prepared sequentially by account starting in March 22, 2016 ending March 25, 2016. (for the 1st drop)
These files were prepared from the live exchange server data at the time it was being prepared.
Remember it's over 20000 files and done over a 4 day period. Either in groups or likely all at once the data would then need to be packaged for delivery via something like rar.exe to zip it into one compressed file.
Another possibility is the files were prepared directly to a media that is moveable like a thumbdrive.
Remember this modified date is extremely important. It was an overlooked piece of evidence as it was prepared and published with the 1st leak.
The modified date can be seen on the wikileaks files from an online web file access tool like websniffer (go here and hit the submit button) thanks to @with_integrity for the info. https://websniffer.cc/?url=https://wikileaks.org/dnc-emails//get/5040
To be continued...
If you like this thread please contribute to save my restaurant and bar. I need your help. I have been financially devastated by the covid19 disaster. Please donate to my GoFundMe and share this.
https://www.gofundme.com/f/savecaptaincooks?sharetype=teams&member=4388752&utm_medium=copy_link&utm_source=customer&utm_campaign=p_na+share-sheet&pc_code=ot_co_dashboard_a&rcid=288d7c6f43a446c5a405694843f4ffa7
More on the wikileaks source coming soon.
If you like this thread please contribute to save my restaurant and bar. I need your help. I have been financially devastated by the covid19 disaster. Please donate to my GoFundMe and share this.
https://www.gofundme.com/f/savecaptaincooks?sharetype=teams&member=4388752&utm_medium=copy_link&utm_source=customer&utm_campaign=p_na+share-sheet&pc_code=ot_co_dashboard_a&rcid=288d7c6f43a446c5a405694843f4ffa7
More on the wikileaks source coming soon.
@threadreaderapp unroll Master Frodo.
