Guccifer 2.0 Chat — The Rebuttal

The Second Part of The Guccifer 2.0 Chat Hoax

Continued from Part 1, The Guccifer Chat Hoax

In the event you haven’t read part 1 of this article, I’ll give you a quick rundown.

My first article was a straight fact based analysis of the photos which were screen captured from a Twitter direct message exchange alleged to have taken place between actress and model, Robbin Young and a yet to be identified hacker who goes by the name of Guccifer 2.0.

I mentioned in my first article I had no previous background on this story other than what I had read in passing — in other words, I had not been investigating any aspects of the story, nor was I familiar with either participant. I had no prior bias — no dog in the game so to speak — by finding any anomalies or proving anybody’s argument one way or the other.

The controversy over this alleged direct message exchange has been renewed as the public’s interest in the unsolved murder of DNC staffer Seth Rich has increased.

The validity of this particular exchange does have implications. If the exchange is genuine between a hacker, who some believe responsible for the hack into the DNC’s servers, and Ms. Young, then his reference to “Seth” being his whistleblower is a pretty substantial argument for Seth Rich being the person who leaked the information to WikiLeaks.

Ideally, an article of this sort is best with a response from the parties involved. I did reach out to Ms. Young, and indirectly to Guccifer 2.0 through her, for input. I always give the benefit of the doubt to the people over the technology until proven different.

Here is the message I sent to Ms. Young prior to publishing:

My intent was not to smear or play gotcha journalism with Ms. Young. I was looking forward to her input on my findings since I was unable to find any other explanation outside of photo manipulation.

As I mentioned in my message, I cannot find any motive for anyone, including Ms. Young, for manipulating the photos in the way presented.

Who benefits?

Now, I am able to append the article with a response by Twitter user @KKNoMates (I’ll refer to him as K) who took it upon himself to take another look at my findings. Ms. Young asked him to present his findings to me.

Ms. Young maintains she did not perform any manipulations on any of the photos of the chat between herself and Guccifer 2.0. This first screenshot was provided by Ms. Young to K. The date shows it to be more recent than the ones used in my article.

Regardless, the original didn’t contain any anomalies in question. *If Ms. Young would provide a new screenshot of one the pages showing the icon anomalies featured in my original article, it would be more helpful to her cause.

I will come back to this screenshot later.

K puts forth his theory on what could have caused the anomalies I found in my investigation:

K is correct about the anomalies appearing throughout the entire chat, as well as sections which display the icons properly. He is also correct in stating there is never more than one anomaly per screenshot.

This would be proper in a real chat as the symbols only appear as the mouse or cursor moves over the screen — as one set of icons appear, all others disappear. The icons appearing would follow the position of the cursor — there should never be more than one set of icons anywhere on the screenshots.

He is suggesting since there are no examples of multiple sets of icons, it is consistent with a genuine chat, and he is correct on that point as well.

K’s primary argument is the possibility of a software glitch in the version used at the time of the original screenshots.

There is no doubt Twitter has had, and still has, bugs and glitches so this is a reasonable theory.

I will add one more point which was brought up by a reader of the original article — if someone wanted to doctor this chat and make it virtually impossible to detect, they should have:

  • erased all of the text bubbles on a page so only the two user icons remained.
  • conducted a separate chat with a friend or a fake account and said exactly what they wanted to appear in the manufactured chat.
  • copy and pasted the new chat bubbles, with icons and all, into the first chat.

This method would actually have been easier and made it highly unlikely someone like myself would have been able to spot. It’s the way I would have chosen had I wanted to fake a chat.

For the sake of being thorough, I have to bring attention to one more anomaly I noticed in Ms. Young’s most recent screenshot from the beginning of the article, (and below).

In the new screenshot on left, the 3 chat bubbles on Ms. Young’s side of the chat are together — no break, with one date stamp underneath.

The original screenshot — the one used in my original article, has a break after the first chat bubble and it’s own date stamp, followed by the remaining two chat bubbles and another date stamp.

They are split even though all three of the lines occurred on the same date.

Left- new screenshot / Right- original screenshot used in first article

Am I being overly particular? Possibly. It is likely a software glitch. The new shot looks legitimate.

Having said that, I was unable to recreate this scenario.

Giving every possible benefit of the doubt to Ms. Young, I still wanted to duplicate her results to eliminate any questions.

The date stamping of the lines only become meaningful in a chat which is older than one day.

If you are participating in a chat, you will see the text bubbles switch from separate with it’s own date stamp to clumped together with one stamp for all— and vice versa.

But once the chat ages past a full day, the date stamps seem to become fixed in whatever configuration the chat ended. It does not appear to randomly switch positions regardless of the platform being used.

I tried to recreate Ms. Young’s results by going through several old chats of my own. I randomly picked one chat at a random point in it’s timeline for testing.

I proceeded to open that same chat at that same spot on two different Macs with both Chrome and Safari browsers, as well as the stand alone Twitter app for Mac — every instance was identical. The layout with date stamps fixed in place never varied.

Mac Sierra Chrome Browser

I moved on to a Windows 7 machine and Chrome browser — same result.

Windows 7 Chrome Browser

Last, I checked it on Windows 10 with the Edge browser, the stand alone Windows Twitter app, and the Chrome browser (which appears to be what Ms. Young used)

Still, every instance of the chat and it’s date stamps were identical.

Left- Windows 10 Twitter App / Right- Windows 10 Chrome Browser

Out of curiosity, I contacted the other participant of my chat and had her check the same point in the conversation from her perspective.

Even in her copy, with myself as the guest instead of the host, the timestamps maintained the identical positions.

What does this mean? Most likely— nothing.

All I can conclude is I was not able to recreate the scenario Ms. Young did — to take a new screenshot of a saved Twitter chat and have the date stamps show up in a different configuration.

In summary, I appreciate the civility and effort K went to debunk my initial findings and for bringing his observations to my attention; which he did at the request of Ms.Young. I respect his professionalism in carrying a dialogue with me concerning his points.

The software itself is what I would consider to be the strongest argument. I can attest I have cursed at Twitter products on more than one occasion.

Ultimately, I leave it up to the reader t0 decide for themselves. I have no personal issues whatsoever with Ms. Young — I based my article wholly on the facts of what I found.

*If someone in contact with Ms. Young would ask if she would like to contribute a new screenshot of one of the problem photos shown in my first article, I would be happy to add it as a stronger piece of confirmation to the chat’s legitimacy.

It would be interesting to have Guccifer 2.o make a statement regarding this chat. As far as I know, he hasn’t been heard from for quite some time. I would welcome the opportunity should he resurface.

I would be interested to hear from anyone who might try duplicating the results I aimed to achieve with the direct messages and the date stamps. Leave a comment if you are successful.

HM

Postscript — regarding Adam Carter aka @with_integrity who runs the website Guccifer 2.0 — Game Over. He offers a theory of his own regarding the hacks/leaks of the DNC along with assorted other information associated with these events.

Although my last article is featured in his timeline, I had not known nor talked with Adam prior to my piece.

I approached him while I was preparing my research as he has the most extensive notes on what and when things transpired. I don’t try to reinvent the wheel — since he was much more familiar with the topic, I offered him the use of my findings.

Contrary to any claims otherwise, that is the extent of collaboration between Adam Carter and myself.