[tootie]

I don't get either of their arguments. Yes, 180mbps is pretty fast for residential internet, but it's certainly not hard to get nor is there any reason to believe he was using residential broadband. The MS Word thing I didn't follow at all.

[Clubber]

From what I can tell, he's also basing the transfer speed on last modified dates. I'm not overly familiar with the details of Linux last modified date, but I don't believe there is a history of last modified, it's just a single date per file. If that's the case, it only indicates the time of the last copy, which could have been from the downloads (or whatever) folder to a thumb drive after the download.

The data was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy and this is a characteristic of the the Linux ‘cp’ command (using default options).

Don't get me wrong, I wouldn't put it past either political party to do something like this, but the evidence seems somewhat weak if I'm understanding it correctly.

[kbenson]

Apparently they've never heard of rsync and -t (--times), which is implied by -a (--archive), which is recursive and copies all relevant data for archival purposes, and is the first flag I use with every single rsync command? There are plenty of file copying/syncing techniques that preserve timestamps, and if the files were previously copied to/from a device that did not (such as a thumb drive to the computer they were eventually stolen from), then it would stand to reason that the modification times would represent the times of that prior copy operation.

I mean, file timestamps have been used by some really smart people to make intersting assumptions about what's going secretly on in very interesting ways, such as Tsutomu Shimomura reportedly looking at library access times while covertly on the same remote system as Kevin Mitnick to make assumptions about what he was compiling (I don't recall the source, it may even be made up), but this isn't one of them.

[saghm]

It's also completely trivial to arbitrarily change the "last modified" date of a file to literally anything you want on Linux with `touch -t`.

[nikita2206]

I understood it as he compared last modified of two files that were downloaded consecutively. Now if you take the difference between those last modified dates that would be the time spent downloading one of these files (which one is up to which date was greater). That is assuming that files were being copied synchronously one by one (like cp would do)

[jgacook]

According to the website of "Adam Carter" (linked in the article: http://g-2.space/) the 180MBPS is only unusual if you assume the hacker was Russian - it's very fast for a VPN connection and, according to Carter's website, is consistent with USB 2 download speeds.

For more about the MS Word stuff, here's the page on that: http://g-2.space/intent/

[xdissent]

Possibly relevant tidbit from a recent Guccifer 1.0 interview: He used 'Russian proxy servers because they were “the fastest.”' I imagine they're referring to VPNs. http://www.foxnews.com/us/2017/08/11/guccifer-calls-fox-from...

[mjevans]

Was this based on file timestamps in some archive?

I'll grant that it could also be related to some way the files were prepared in the interim, but it is at least worthy of considering where that metadata might have come from or been replaced through normal activity or intentional operations.

[ajross]

It was. And in fact afaict the archive was never public.

[kbenson]

It's very easy to copy files preserving timestamps, in which case the timestamps would not represent the time to copy the files during the break in, but the time to copy them to the medium they were stolen from. Did anyone bother to check whether the files were created on that system, or copied originally from some USB disk? Or even copied to the server from some workstation across a gig network but that workstation was copying directly from a plugged in USB drive? There are so many ways to have timestamps originally sourced from USB type transfer speeds in the chain of file management at some point that this is ridiculous.

[zurn]

With most reasonable VPN technologies (IPsec, OpenVPN) there is nothing that would slow down throughput other than CPU processing. And 180 Mbps is not close to VPN CPU bottleneck speeds.

[jerkstate]

Here's some technical background on the MS Word thing: http://g-2.space/intent-conclusion.html Make of it what you will

[SimbaOnSteroids]

There were Cyrillic characters in regards to some of the meta data attached to some leaked word documents.