Mystery Solved

I’m surprised I don’t read Wonkette more often.

Rachel Maddow did a BIG SCOOP on Thursday night, and we think it’s a pretty big fuckin’ deal. To cut to the chase, somebody (she doesn’t know who YET) used her “Send It To Rachel” tool to send her something that looks like a highly classified document about collusion between Donald Trump and Russia, but is actually a FORGERY. WHOA IF TRUE, right?

It is pretty “whoa,” in fact I was about to sit down and type something up on it until I saw Wonkette scooped me.

What’s fascinating about this weird forgery is that it appears to have been copied off the highly classified document NSA contractor Reality Winner sent to Glenn Greenwald’s The Intercept. Remember how The Intercept published a bombshell on Monday, June 5, that Russians had specifically targeted voting machine manufacturers and election officials during their 2016 cyberwar against American democracy, and that they got further than anybody ever knew? […]

Maddow found the EXACT SAME MARKINGS and the EXACT SAME CREASE on the document she got. Forgery detected! (Later in the segment she explained that there were several other screwy things about the document, including that it actually named a high-up American citizen/Trump campaign person. According to the intelligence experts Maddow consulted, this type of document, if real, wouldn’t name an American all willy-nilly like that.)

There was one intriguing mystery left: the file received by Maddow was created on June 5th, 2017, at 12:17:15, yet the Intercept’s article went online at 13:44 15:44. How could the person who sent the document get access to it before the article was published? I was about to sit down and type about that instead, but…

That’s because time stamps on the documents published by The Intercept designate the creation date included in the PDF we publish on DocumentCloud: In this case, that occurred just over three hours prior to publication of our article. Both versions — the one we published and the one Maddow received — reflect the same time to the second: literally the exact moment when we created and uploaded the document.

In other words, anyone who took the document directly from The Intercept’s site would have a document with exactly the same time stamp as the one Maddow showed. Thus, rather than proving that this document was created before The Intercept’s publication, the time stamp featured by Maddow strongly suggests exactly the opposite: that it was taken from The Intercept’s site.

Ah, thank you Glenn Greenwald. It looks like the Intercept has an automated system to process their documents. Downloading the original for myself, I can tell they use an old-ish copy of ImageMagick to do the grunt work. This probably helps them redact information; the boxes they use to cover information look digitally made, yet are burnt into the source images that make up the PDF. This could have the pleasant side-effect of wiping away the original document’s metadata, if it was digital. On the other hand, I also see the original title was “GRU-final,” which probably didn’t come from the Intercept.

I get something slightly different from Greenwald when I dump the document’s info, though.

File Modification Date/Time : 2017:06:05 13:43:03-06:00
PDF Version : 1.4
Linearized : No
Create Date : 2017:06:05 12:17:15
Modify Date : 2017:06:05 12:17:15
Page Count : 5

In his case, the bolded bit reads “2017:07:06 21:33:15-04:00,” the exact time he downloaded his copy. My tool is slightly newer than his, however, which could easily explain the discrepancy.

So, that’s one mystery solved: the person or people who sent the document to Maddow used the Intercept’s document as a base. That still leaves who sent it, though. Was it the Kremlin,  someone associated with Trump, or somebody else? That one is in the hands of Maddow’s team.

(A hat tip to Lynna, OM in PZ’s Political Madness thread, for the Wonkette article.)

[HJH 2017-07-08: Damn time zones. And I was even going to mention them in my original post…]