[jgacook]

According to the website of "Adam Carter" (linked in the article: http://g-2.space/) the 180MBPS is only unusual if you assume the hacker was Russian - it's very fast for a VPN connection and, according to Carter's website, is consistent with USB 2 download speeds.

For more about the MS Word stuff, here's the page on that: http://g-2.space/intent/

[xdissent]

Possibly relevant tidbit from a recent Guccifer 1.0 interview: He used 'Russian proxy servers because they were “the fastest.”' I imagine they're referring to VPNs. http://www.foxnews.com/us/2017/08/11/guccifer-calls-fox-from...

[mjevans]

Was this based on file timestamps in some archive?

I'll grant that it could also be related to some way the files were prepared in the interim, but it is at least worthy of considering where that metadata might have come from or been replaced through normal activity or intentional operations.

[ajross]

It was. And in fact afaict the archive was never public.

[kbenson]

It's very easy to copy files preserving timestamps, in which case the timestamps would not represent the time to copy the files during the break in, but the time to copy them to the medium they were stolen from. Did anyone bother to check whether the files were created on that system, or copied originally from some USB disk? Or even copied to the server from some workstation across a gig network but that workstation was copying directly from a plugged in USB drive? There are so many ways to have timestamps originally sourced from USB type transfer speeds in the chain of file management at some point that this is ridiculous.

[zurn]

With most reasonable VPN technologies (IPsec, OpenVPN) there is nothing that would slow down throughput other than CPU processing. And 180 Mbps is not close to VPN CPU bottleneck speeds.