
Guccifer 2.0 Hacked Clinton Foundation - koolba
https://guccifer2.wordpress.com/2016/10/04/clinton-foundation/
======
micaksica
I don't trust this source anymore, Russian attribution or not.

Sources with a serious political bone to pick around an election can too
easily plant or modify data in these "dumps" to craft an artificial narrative.
With this "Guccifer 2.0" bit, we are past the land of hacktivism and well into
the land of information warfare, where misinformation is a tool more powerful
than real information when dosed correctly.

If this was a random dump a few years ago, I'd be more likely to trust it, but
let's also remember that we don't really have much of a way to verify this
stuff. That could be a directory structure on some random user's hard disk
full of fabricated documents for all we know.

EDIT: I'm also very curious to see how fast "Guccifer 2.0" stops their anti-
Clinton "hacktivism" as soon as the election is over. I'd get a great chuckle
out of the Russians hanging some patsy out to dry saying "look, we caught
him!" in a big show of false alliance.

~~~
27182818284
>Sources with a political bone to pick can too easily plant or modify data in
these "dumps" to craft an artificial narrative.

Which is where traditional news organizations come in play. When the tax
returns for Trump were dropped off, they had to verify them. For example, they
were particularly worried about a number whose first two digits were not the
same font as the other numbers. That seemed to indicate that maybe someone had
doctored part of it, but then they found the tax preparer who worked on it and
he explained why that was.

~~~
rm_-rf_slash
Great example, however the anti-establishment cohort seems to be worryingly
willing to perceive mainstream media as a vast liberal conspiracy while
happily devouring truth-poor, conspiracy-rich outlets like Infowars and
Breitbart.

~~~
toss1941
Are you saying that CNN, MSNBC, NYTIMES, ABC, CBS, NBC aren't all _extremely_
biased in favor of Hillary Clinton and Democrats in general?

~~~
rm_-rf_slash
I never said they were or were not. But that only sets the tone and the
coverage. Emails/Benghazi/Clinton Foundation got plenty of coverage by the
"liberal" media. The facts were found, and they moved on.

What's the old saying, facts have a liberal bias?

~~~
nibs
How well would you say modern "liberals" handle facts in the domains of:

\- IQ testing

\- Evolutionary psychology

\- GMOs

\- Child development

\- Economics

------
foxylad
Reading the comments below, I fear for our future. It seems no-one trusts
information from any source any more, which gives us an excuse to lazily
discount any critics of our own beliefs.

The US presidential election in particular seems to be condensing into two
very distinct sets of beliefs - one following a colourful businessperson, and
the other a jaded politician - both of whom should be pursuing comfortable
retirements instead of high office, in my completely irrelevant opinion (I'm
not from the USA). Both sides discount everything the other says, because "you
can't believe anything these days" and they can easily find their own media
outlet that agrees with their point of view.

My fear comes from the devaluing of the fourth estate. If the losing side on
this election hears anything but "it was a fair race, but we lost" from their
media, and given America's unhealthy predilection for firearms, you're not far
off a civil war.

~~~
msbot
As an American, thank you for stating what I thought was obvious.

------
lyschoening
I downloaded the archive. I think people should make their own picture of it.
There is a lot of content. The "Pay to Play" folder is just case studies of
pay to play having taken place and does not implicate the Clinton Foundation
in any foul play.

For instance, one document describes how a certain congressman, Brian Bilbray
(R), wrote H.R 4056 to stop inspections of drug and medical warehouses in
California before cashing in with donations from various medical companies. A
couple of other congressmen and women of both parties are listed as well in
the documents along with bills they passed and the companies that donated to
them.

The newest documents are from July 5th.

~~~
pawadu
Who conducted these studies and are any of them public?

------
tptacek
Just a note that Crowdstrike, the first (and most reputable) organization to
attribute "Guccifer 2.0" to Russia, is run by a rabid Republican.

And, of course, there's this --- which I just got from The Grugq's feed:

[http://foreignpolicy.com/2016/08/22/turns-out-you-cant-
trust...](http://foreignpolicy.com/2016/08/22/turns-out-you-cant-trust-
russian-hackers-anymore/)

~~~
grandalf
While Guccifer 2 may have all sorts of motives, the important question is the
legitimacy of the data and whether it reveals any sort of wrongdoing by US
elected officials. I personally hope it doesn't and that we can move on from
this scandal... But if it does, I'd also like to know.

~~~
tptacek
That doesn't follow logically, because we're meant to trust:

* That whoever this is hasn't left out information that doesn't fit the narrative they're selling

* Hasn't edited the information to suit their narrative

* Hasn't included wholly false information

This matters even more if we believe it's Russia, because falsified leaks are
part of Russia's M.O.

~~~
grandalf
I'm not arguing that we should not keep those cautions firmly in mind when
interpreting this data dump.

A few points:

\- Some may be DKIM/DomainKeys signed, which could provide evidence of
tampering if the tamperer was unsophisticated enough to try tampering with a
signed message.

\- Any other party to any contested email could potentially produce a version
of the email that differed from the leaked one.

\- Chances are more than one group/individual hacked the server, so there
could be other sources of verification, though it would still be difficult to
determine which one to trust.

All in all, I hope that nothing interesting or troubling is found in the
emails and we can all move on from this issue. I'm also skeptical Russia had
anything to do with it.

~~~
tptacek
I know your politics are not the same as mine (I think we're both left of
center, but you're _way more_ left than I am), but I have to ask:

 _Why_ are you skeptical that Russia had anything to do with this? Serious
question!

* Russia is notorious for doing stuff like this online.

* Three threat intelligence firms --- including the two most reputable firms in the business, one of which is run by someone who hates Clinton --- publicly attributed the attacks to Russia.

* The basis of that attribution includes IOCs that weren't even publicly known before the attribution occurred, and would be difficult even for an expert to forge.

Clearly, anyone could have hacked the Clinton Foundation.

But I'm surprised people believe that it would be straightforward to hack the
Clinton Foundation in such a way as to leave a trail of IOCs leading back to
Russia. I think? you have to be an expert to do that.

~~~
grandalf
I have moved to the left on this sort of issue after there was no high level
official response or remediation after the Snowden revelations. I think many
people fail to grasp how vulnerable we are to surveillance and propaganda. I
have not seen any elected officials offer any reasonable reassurance or even
accept accountability for what appear to be excesses. This suggests to me
either fear or complicity, either of which are pretty bad news.

I think your questions contain the assumptions for my answer:

A state sponsored intelligence agency has the sophistication to forge the IOCs
(or not to). Russia has a state sponsored intelligence agency. Therefore, the
IOCs would not have been found unless the state sponsored agency responsible
for the leak wanted them found. Thus if the data was leaked by Russia, it
would have been accountable only if being held accountable offered a strategic
benefit.

I have not yet observed any strategic benefit to Russia doing this. In fact,
unless the hypothetical smoking gun is so significant that it will harm the
very likely election of HRC to the presidency (and _that_ was deemed
beneficial), I find it unlikely that Russia would have been willing to risk
the significant harm in diplomacy caused by being caught meddling in a US
election.

So I think the hack was either done by a less sophisticated group (likely
Russian) or by a different state sponsored group who chose to leave the trail
pointing to Russia. Considering that escalated US/Russia tensions will amount
to Billions in appropriations, there is clearly a financial incentive for
stewing the conflict. There is also a dedicated interest group in the US that
has tried to nudge the US into more direct conflict with Russia over the
Ukraine, etc. But the surprising factor has been how readily Clinton's
campaign jumped into finger pointing.

I do not see how it possibly benefits Clinton (or her diplomatic core in 2017)
to engage Russia in finger pointing and accusations of meddling in a US
election. If a response was warranted, it should (in my opinion) have been
measured, and it should have come from president Obama, and the issue should
not have become a rallying cry for HRC's campaign. It's absurd and
unprecedented for a candidate who does not hold office to levy such serious
accusations at a foreign government. If accusations are warranted there is an
existing group of officials whose job it is to deal with it.

The first version of the Russia finger pointing story didn't really get legs
and was not vetted by any named/credible infosec experts. The second round
was, by the firms you mention, and I believe at least one official made a
statement confirming the suspicion of Russian involvement.

So there is some unknown motive for HRC deciding to circumvent the proper
diplomatic method of resolving something as serious as election tampering by a
foreign country. I doubt it amounts simply to trying to leverage the news
cycle in a beneficial way, or even misdirection. It seems like too big a risk,
one that a former Secretary of State would be abundantly cognizant of,
especially if it really _was_ Russia and some retaliatory action would need to
be taken in the near future.

I think there is room for exploration of the various motives that other state
actors might have had for leaking the docs, but my guess is that the goal is
to get the information into public view so that it cannot be used against HRC
later after she's elected. Only if the leaked information ends up containing
an election-risking smoking gun will it be plausible to believe that a state
actor released the information to _harm_ HRC.

~~~
tptacek
It's certainly possible that the infosec apparatus of the USG government, at
its highest levels, could forge a compromise of the DNC. They have the
requisite intelligence to leave the right trial of breadcrumbs to trick firms
like Crowdstrike.

But I don't think it's very plausible. Break this down a bit:

* Possibility 1: The NSA/CIA/DHS deliberately attack the Democratic National Committee --- a black-letter crime --- and deliberately create a fraudulent attribution to Russia. In the process, they reveal unflattering secrets about the party of the government still in power, and generate fodder for one of the most volatile Presidential elections in recent history. Plausibility rating: HIGHLY IMPROBABLE.

* Possibility 2: The attack isn't instigated by the US government, but rather some group of randos who the USG finds convenient to frame for the attack. Since the attribution work is performed simultaneously by US federal law enforcement and multiple attribution firms, a conspiracy must be generated between the firms (who are unanimous in their opinion) and law enforcement --- and, since the act of framing Russia is both deliberate and highly strategic, probably the executive branch of the US government at the highest levels. This is technically possible to accomplish, but would represent the most sophisticated and ambitious conspiracy undertaken by the US government in the last 50 years. Plausibility rating: EVEN LESS PROBABLE.

* Possibility 3: Both the USG and the attribution firms believe in good faith that they have a firm attribution to Russia. But they're wrong. For example, perhaps Russia seeded the last generation of their attack tools to a bunch of randos in Eastern Europe. Problem: tools, implants, and exploits are important IOCs, but they aren't the only ones, and the attribution depends on some IOCs that can't be seeded --- previously used staging servers and command and control systems. Plausibility rating: SLIGHTLY MORE PLAUSIBLE BUT STILL IMPROBABLE.

* Possibility 4: As bystanders we don't have a clear enough understanding of Russia's M.O. to gauge their intent. We agree broadly that Russia is highly competent and capable, and that this is a high-profile attack, so it's unlikely that they were just too dumb to set up fresh staging servers. So Russia is comfortable with the world knowing they're doing this; in addition to hamfistedly manipulating the election and supporting their favorite candidate --- we know Trump is their favorite candidate, they just filed a complaint to the U.N. to that effect!!! --- they're also communicating something to the US about their willingness to sow chaos and exploit it to their own ends. Plausibility rating: SUBJECTIVE.

~~~
grandalf
Those are good points and I generally agree with your probability assessment
and with the utter subjectivity (and un-knowability of the motive with the
currently available information).

The biggest current unknowns in my opinion are:

\- Why did the HRC campaign decide to circumvent normal channels and make
immediate accusations of Russian involvement?

\- Why did Clapper wait until today to make an official statement? Why did he
make an official statement at all?

One thing I've noticed about information campaigns is that they often seem to
rely upon the human tendency to replace AND with THEREFORE when news is
released piecemeal.

Hence, Server hacked AND campaign blames Russia AND Clapper blames Russia AND
_______ AND ________ AND ________ ...

These disparate facts will seemingly turn causal and will be attributable to
specific protagonists as the campaign develops.

Since HRC's team is essentially setting the agenda for the data points we've
received so far, I am expecting there to be a punchline, or some causal
narrative we're going to be asked to believe at some point in the future.

------
alistproducer2
Seems to me this should be verified as legit data before we start
disseminating this info, no? In this guy's screenshots there is literally a
directory titled "Pay to Play." A little on the nose isn't it?

~~~
koolba
> Seems to me this should be verified as legit data before we start
> disseminating this info, no?

The previous releases haven't been disputed so until proven otherwise, I'd say
this is legit as well.

> In this guy's screenshots there is literally a directory titled "Pay to
> Play." A little on the nose isn't it?

I'm not sure if that's the original directory listing or a grouping Guccifer
2.0 put together. Even if it's not, I wouldn't be particularly surprised if
there was a directory or Excel named " _Pay to Play_ " or equivalent. It's
still a ways away from naming it " _Bribe List_ " or " _Scamola Monies_ ".

~~~
travmatt
That's exactly Russian tradecraft - they build up trust with the leaks of true
information, then layer in false, damning allegations.

We'll likely see the worst lies directly before the elections, so as to aid
Trump the most.

~~~
vaishaksuresh
Even if we believe that this is a Russian conspiracy, why is it more important
than the actual corruption? Leaking DNC emails was probably illegal, but that
does not make the content any less damning.

~~~
travmatt
Did you mean to respond to me?

I just said that the Russian intelligence services will use the trust they've
established (by disseminating truthful information) in order to spread lies
when it comes closer to the election - do you not see harm in that?

Edit: Also, can you point to the 'actual corruption' that occurred? Not the
dirty tricks (which I agree happened), but the 'actual corruption' that you
are alleging occurred. So far I've heard plenty of people allege corruption,
but I've yet to actually see this corruption. With the contents of the DNC
emails it shouldn't be difficult.

~~~
vaishaksuresh
I see harm in what you're saying, but I also think the same thing applies to
the US media and corporations. Just because the hack was linked to Russia and
they have been at loggerheads with the US, you should not be using that
sentiment to discredit the actual information.

I don't know what you call 'actual corruption' but discriminating against
another candidate, not providing level playing ground and actively harming
another candidate's campaign, DNC chair stepping down because of corruption
and immediately getting hired in Clinton campaign all look pretty shady to me.
Illegal, maybe not but definitely corrupt.

~~~
travmatt
> Just because the hack was linked to Russia and they have been at loggerheads
> with the US, you should not be using that sentiment to discredit the actual
> information.

Correction, Russia is in hostilities with the United States, and is attempting
to weaken it's international standing and weaken it's treaties (primarily
NATO). It's currently headed by a dictator fond of murdering journalists and
dissidents, jailing and inciting violence against sexual minorities,
nationalizing multi-billion dollar corporations for his personal profit, and
literally (as in the actual definitive use) rigging elections - in addition to
invading his neighbors. There is no honest defense of Putin as a leader, and
there is no honest defense of why he should have a say in who America elects
as it's next president. I'd suggest that his involvement in the US electoral
process is poisonous, and if any US citizens are found to have conspired in
this effort with him, that should be considered treason.

And again, you seem to be intentionally mis-parsing my words. As I've now said
twice, Russian intelligence intentionally leaks truthful information so that
it may later spread deceitful propaganda. I've never argued that American
voters aren't entitled to know truthful disclosures about it's electoral
process. But again, as I've said twice, Putin has a track record of using this
credibility to later spread lies. With the understanding that Putin
intentionally spreads lies, it becomes abundantly clear as to why America
should treat everything he leaks with a healthy dose of skepticism.

With regards to the 'everyone else is doing it' what-aboutism, I'll pass. I
personally find it a tiring and intellectually lazy argument, and in any case
it's irrelevant.

>I don't know what you call 'actual corruption' but discriminating against
another candidate, not providing level playing ground and actively harming
another candidate's campaign, DNC chair stepping down because of corruption
and immediately getting hired in Clinton campaign all look pretty shady to me.
Illegal, maybe not but definitely corrupt.

To be clear, 'actual corruption' is orchestrating the submission of fraudulent
ballots (ballot-box stuffing), fraudulently disqualifying the ballots of
eligible voters, or otherwise attempting to alter the outcomes of American
votes.

I'm not sure if you're familiar with American politics, but otherwise these
'dirty tricks' are actually par the course - since forever, really. A
candidate who is unable to overcome them probably isn't qualified to become
president by dint of their amateurism. For some perspective, the DNC tried all
these tricks - and worse - on Obama as he wrested the nomination away from
Hillary. If you believe that Sanders could walk into the Democratic Party
after 30 years as independent and seize the nomination then you don't
understand party politics.

Lastly, the question of DWS's resignation. To be clear, no allegations against
DWS regarded 'actual corruption.' With that said, Putin timed his leaks
beautifully to sabotage the Democratic Conventions. If you'll remember, these
disclosures left the convention beginning in an upheaval and largely against
HRC. Since there is no person able to force the resignation of the DNC
chairperson, HRC faced a convention in open revolt against her and the
chairperson. Offering DWS a spot in her campaign allowed her to resign and
still save face, and allowed HRC to bring in a chairperson who could help
bring the convention to heel. DWS draws no salary from the campaign nor has
any responsibilities - we call this an honorary position. What you're calling
'actual corruption' I call deft political maneuvering.

Lastly, Bernie Sanders lost by over 3,000,000 votes. To suggest that the
nomination should go to him is in defiance of the idea of a democracy, unless
you are alleging that Hillary Clinton manufactured or stole 3 million votes.

"I wouldn't use the word 'rigged,' because we knew what the rules were. But
what is really dumb is that you have closed primaries, like in New York State,
where 3 million people who were Democrats or Republicans could not
participate. Where you have a situation where over 400 superdelegates came on
board Clinton's campaign before anybody else was in the race, eight months
before the first vote was cast. That's not rigged. I think it's just a dumb
process, which has certainly disadvantaged our campaign." \- It seems Bernie
himself would align much more closely with my interpretation of reality than
yours.

~~~
vaishaksuresh
You've obviously made up your mind, so I'm not going to reason with you. As
far as I am concerned, who leaked things should not be the point of
discussion. The point of discussion should be if it is truthful or not. If it
is, then the problem is not Russia, it is the internal corruption. Calling
something par the course does not make it right. I am not invested in any of
the candidates, but I think just because it was unfair in the past, it should
be unfair now. I don't want to go into the whole email discussion, but it was
proved multiple times that the private server wasn't an accident but
intentional setup and that confidential material was transmitted. How is there
no ramification for that?

~~~
travmatt
You seem to be caught in the notion that you acquire information in a vacuum,
and that propagandists don't subtly alter or omit information as to further
their own interests. Best of luck with that.

With regards to Sanders, as best I can tell, you seem to be upset that your
candidate wasn't exempted from both the political process and the democratic
process. I'm unsympathetic to people who cry after they lose a game and want
the rules changed for themselves, which is essentially what you're arguing for
now. Sanders joined public service at the same time the Clintons did, if he
wanted to gain power on a national stage there was nothing stopping him. The
tricks utilized against him are nothing compared to the sustained attacks the
Clintons have weathered for 25+ years, much less what Barack overcame in a
single election. Everyone else seems to get along just fine, but for some
reason we're all supposed to stop and rewrite human nature when Sanders
supporters learn how the world actually works.

If you think all these games are unfair, they are - and so what? They're
nothing compared to the politics played on the international stage by Putin,
Xi Jingping et al. There's no imaginary referee that you can go run to
whenever someone is mean to you internationally, just as there isn't one in an
election locally. I expect my president to find ways to adapt, just as I would
when a hostile nation tries to sabotage their political process. FWIW, Sanders
himself understands this fully, hasn't complained or cried about it, and is
using his opportunity to the fullest to effect positive change in the world.

The final fact you seem keen to ignore is that Clinton won her nomination by
over 3,000,000 votes. For some reason the clear will of the electorate isn't a
good enough reason for you to accept her nomination, and instead you insist
that this process be ignored so your preferred candidate is instead nominated.

As for the email 'scandal', I'll again pass. I'm equally unsympathetic to
people who try and change topics to avoid admitting they're wrong.

~~~
vaishaksuresh
You seem to think I am invested in Sanders, which I can tell you is not true.
Heck, I can't even vote. You go on your elaborate rant about how the system
has always been unfair and Clintons are brilliant to utilize it in their favor
and nobody should complain about it, yet you fail to feel the same way about
Trump or Putin. Propaganda has always been used and misinformation has been
used to influence large groups of people to do stupid stuff. If the large
group decides to buy into the propaganda and elect Trump, why are you
complaining? I am digressing here from my original point that people are too
focussed about the source and not enough about the contents and its validity,
but going by what you've already said, you seem to be ok with everything being
wrong as long as it favors Clintons. I am done discussing this.

~~~
travmatt
You seem to keep straw-manning my argument - again I never proposed that
voters aren't entitled to the information contained in the emails. The notion
that you seem to be arguing against is Putin is a skilled propagandist who
subtly alters and omits information to further his agenda - again which is
solely to weaken the United States. Again, he has a proven track record of
doing this. That's why I advocate learning about issues from multiple reputed
sources who can vet information and contextualize it, and not take as fact
random Wordpress sites set up by Russian intelligence services.

Lastly, if you've read my last few replies they are all saying that these are
fair tactics, and candidates who can't respond to them probably don't deserve
our votes. I'm sorry you took this as meaning I'm pro-Clinton and against
everyone else, but I'm usually for people basing their votes and opinions on
facts.

------
feklar
Guccifer 2.0 could also just be who he claims to be, which is an ethnic
Romanian hacker living in Moldova who launches attacks through Russian servers
because he/she knows any kind of US state dept req for evidence from that
server will be ignored. I would assume this to be a personal beef against the
Obama/Clinton admin for locking up Guccifer 1.0 by somebody in his crew not
automatically assume nefarious nation state actors are behind the leaks.

------
devindotcom
FYI, foundation and campaign both denied to me that the hack happened or that
the docs are theirs:

[http://techcrunch.com/2016/10/04/clinton-foundation-
denies-h...](http://techcrunch.com/2016/10/04/clinton-foundation-denies-hack-
claims-by-guccifer-2-0/)

The Hill thinks it's snippets from the DCCC hack in July:

[http://thehill.com/policy/cybersecurity/299236-alleged-
gucci...](http://thehill.com/policy/cybersecurity/299236-alleged-
guccifer-20-hack-of-clinton-foundation-raises-suspicions)

------
Aqwis
Given the presence of folders such as "Intern Sandbox", this seems more like
the general Samba server of the foundation accessed by a wide variety of
employees than quote "the private server of the Clinton clan".

~~~
greensoap
There is no claim this is the private server. It says right in the title
"HACKED CLINTON FOUNDATION."

~~~
strictnein
That line "the private server of the Clinton clan" is taken verbatim from the
site.

It's not claiming that this is from HRC's private email server, just that this
is from a different internal server.

------
akshayB
People are finding it offensive that someone robbed the bank while watching
the video footage and saying that it was not legal to film. But they are
ignoring the fact that something wrong happened (bank was robbed). Of-course
there is an issue of trust with the source but in that case why is Clinton and
Clinton foundation not coming forward and discussing what happened and be
transparent about it.

------
grandalf
I wonder if the data dump contains a smoking gun. While I could never vote for
either of major party candidates for a variety of reasons, it would be nice if
there were clear evidence of HRC's guilt or innocence in the emailgate matter.

~~~
neaden
I mean, some would say that a large FBI investigation clearing her, hours
spent answering questions in front of congress, and every major media
organization being unable to find anything criminal would be as clear evidence
of her innocence as you could ever hope for? I mean, what are you looking for
for proof at this point?

~~~
ethanbond
Certainly the FBI has never let a plutocrat off the hook before!

In any case, the FBI said there were classified emails on her server.
Classification is not an issue of markings it's an issue of contents. The
question then becomes whether the presence of those files was due to
negligence. I would contend that it takes obscene levels of negligence to
remove classified information from SIPRNet and have it appear on your personal
email. It's just not something that happens accidentally. I'd also contend
that her use of an unsecured phone against the explicit guidance of the NSA
qualifies as gross negligence.

Most importantly, the question of guilt should be ascertained by a court, as
it is with us peons. Anyone else would have been charged. Maybe not convicted,
sure! A court could totally discover that it was an honest mistake that was
easy to make. But many Americans feel that it's the court who decides that, as
designated by our Constitution.

~~~
paulmd
Just because it's classified _now_ doesn't mean that it was classified at the
time it was sent. And in fact it's possible for an email to be retroactively
classified after the fact.

A document doesn't even have to contain classified information to be
retroactively classified. For example, let's say a merchant who once gave the
USG a tip on something sensitive is petitioning the State Department for the
release of some of his goods that are being unreasonably tied up in Customs.
Someone else does a reply-all "oh yeah that guy has been helpful to us in the
past, let's see what we can do for him" \- thus revealing past involvement in
a classified matter. Boom, that first email is actually now classified -
despite the fact that it itself contains no sensitive information - because
someone could look at that conversation and discern from the fact that it
suddenly became classified that this obviously somehow had to do with a
classified matter.

The standards for handling classified materials are extremely strict and
there's lots of ways to end up with classified materials in unclassified
places that don't rise to the standard of gross negligence. The people
involved are public figures whose job title straddles classified and
unclassified spheres, they can't be locked inside a SCIF indefinitely, and
reasonableness has to be viewed in that light.

~~~
ethanbond
"For example, seven e-mail chains concern matters that were classified at the
Top Secret/Special Access Program level _when they were sent and received._
These chains involved Secretary Clinton both sending e-mails about those
matters and receiving e-mails from others about the same matters. There is
evidence to support a conclusion that any reasonable person in Secretary
Clinton’s position, or in the position of those government employees with whom
she was corresponding about these matters, should have known that an
unclassified system was no place for that conversation. In addition to this
highly sensitive information, we also found information that was properly
classified as Secret by the U.S. Intelligence Community at the time it was
discussed on e-mail (that is, excluding the later “up-classified” e-mails)."

\- The FBI, emphasis mine

------
themgt
Anyone have the full 820MB file want to put it on BitTorrent?

~~~
tholford
magnet:?xt=urn:btih:npxasqsrhd23n2txatlm46q3jt7zivyv&dn=Guccifer%202.0%20Clinton%20Foundation%20Hack&xl=860107251&fc=2

~~~
defgeneric
torcache.net doesn't resolve, site seems down.

EDIT: working now!

~~~
tholford
can confirm it's working:
[https://i.imgur.com/J6CBwVy.png](https://i.imgur.com/J6CBwVy.png)

------
tholford
torrent magnet mirror:

magnet:?xt=urn:btih:npxasqsrhd23n2txatlm46q3jt7zivyv&dn=Guccifer%202.0%20Clinton%20Foundation%20Hack&xl=860107251&fc=2

e: can confirm it's working:
[https://i.imgur.com/J6CBwVy.png](https://i.imgur.com/J6CBwVy.png)

~~~
jfreak53
+1 works here also

------
kanzure
Dunno what's in there or whether it's anything at all.

sha256 hashes:

    
    
      51c1773a5645627ae533cf7538334100ae3addd588420af646dbffd8362c0002  hfscmemberdonationsbyparty6101.xls
      5bfc9b2a7ceba5050660b13ceb8d50e62d7ef51437a44406f955e8551e7444e4  master-spreadsheet-pac-contributions.xls
      4a0c19a5f1c12b277f464948de3f98055b7d23af4d2853ffb333fbe62dcd2f43  master-west-tracker-2-5k-1-1-2010-7-10-2015.xlsx
      7a46fb8c52d1fb749da7f7939841da375c00ff02655f2f3c610d43ad25ed25d8 7zip archive file thing
    

and the first 461249036 bytes of the 7zip archive:
f8b8d5d9590ad2500292472331985354dbf76d1e684e98e515ddd2f35f7ab446

base64-encoded timestamps (no attestations yet):

    
    
      hfscmemberdonationsbyparty6101.xls.ots AE9wZW5UaW1lc3RhbXBzAABQcm9vZgC/ieLohOiSlAEIUcF3OlZFYnrlM891ODNBAK463dWIQgr2Rtv/2DYsAALwEJ+/8QVNwjCGL8Qo8E3VpzsI8CAw7FtbOMYWY+nDUrgozGaDzaPq0rgSMZHqLdXtUlELqAj/8BAb7WlCzXO6AjZwbx2+//YACPEEV/QGaPAILSwTKT89rooAg9/jDS75DI4uLWh0dHBzOi8vYWxpY2UuYnRjLmNhbGVuZGFyLm9wZW50aW1lc3RhbXBzLm9yZ/AQguLuJBZpEax2QVcjgJVk+wjxBFf0BmjwCGmZIPqXOnJqAIPf4w0u+QyOLCtodHRwczovL2JvYi5idGMuY2FsZW5kYXIub3BlbnRpbWVzdGFtcHMub3Jn
    
      master-spreadsheet-pac-contributions.xls.ots AE9wZW5UaW1lc3RhbXBzAABQcm9vZgC/ieLohOiSlAEIW/ybKnzrpQUGYLE8641Q5i1+9RQ3pEQG+VXoVR50ROTwEPJWW7+JrCWFOgYYXZo+fmwI8SCrh54VlUgs9HhMJqzcct20LkZBjKlbXIUi8eLM3XIFzgj/8BAb7WlCzXO6AjZwbx2+//YACPEEV/QGaPAILSwTKT89rooAg9/jDS75DI4uLWh0dHBzOi8vYWxpY2UuYnRjLmNhbGVuZGFyLm9wZW50aW1lc3RhbXBzLm9yZ/AQguLuJBZpEax2QVcjgJVk+wjxBFf0BmjwCGmZIPqXOnJqAIPf4w0u+QyOLCtodHRwczovL2JvYi5idGMuY2FsZW5kYXIub3BlbnRpbWVzdGFtcHMub3Jn
    
      master-west-tracker-2-5k-1-1-2010-7-10-2015.xlsx.ots AE9wZW5UaW1lc3RhbXBzAABQcm9vZgC/ieLohOiSlAEISgwZpfHBKyd/RklI3j+YBVt9I69NKFP/szP75i3NL0PwECNNaSuV5nHJqQGT5n5WTz8I//AQMknmv3F3NyESp7Ow+Cn3yAjxBFf0BlnwCEQzTeYwIFcnAIPf4w0u+QyOLi1odHRwczovL2FsaWNlLmJ0Yy5jYWxlbmRhci5vcGVudGltZXN0YW1wcy5vcmfwELFiiilTg6xTNjRwu99l1rsI8QRX9AZZ8AjdZKNzisiu/gCD3+MNLvkMjiwraHR0cHM6Ly9ib2IuYnRjLmNhbGVuZGFyLm9wZW50aW1lc3RhbXBzLm9yZw==
    
      7zip archive file thing.ots AE9wZW5UaW1lc3RhbXBzAABQcm9vZgC/ieLohOiSlAEIekb7jFLR+3Sdp/eTmEHaN1wA/wJlXy88YQ1DrSXtJdjwEKN6Nyd+xj8sWc25Nt0NUfcI//AQL93M/7A7UD0pU3WoG8n/oAjxBFf0FrfwCNr+imB1DeIQAIPf4w0u+QyOLCtodHRwczovL2JvYi5idGMuY2FsZW5kYXIub3BlbnRpbWVzdGFtcHMub3Jn8BDbdnqJhhOxvFc6qurtv8wWCPEEV/QWtvAIbtLZAw4bKxcAg9/jDS75DI4uLWh0dHBzOi8vYWxpY2UuYnRjLmNhbGVuZGFyLm9wZW50aW1lc3RhbXBzLm9yZw==
    

above is from [http://pastebin.com/JEdqgDNW](http://pastebin.com/JEdqgDNW)

(Using [https://petertodd.org/2016/opentimestamps-
announcement](https://petertodd.org/2016/opentimestamps-announcement) for
timestamps here. Note that someone could modify the files, make a new hash and
timestamp the hash before the above timestamps get confirmations. Actually
there's a long list of other disclaimers that should be inserted here. Learn a
hash, and such.)

~~~
egberts1
Looks like a real deal.

[https://virustotal.com/en/file/51c1773a5645627ae533cf7538334...](https://virustotal.com/en/file/51c1773a5645627ae533cf7538334100ae3addd588420af646dbffd8362c0002/analysis/)

------
josho
Let's put aside the politics for a moment.

Is it really that easy to compromise a server, or is a high profile high value
target really handling security so poorly?

It makes me wonder if one of my machines were actively being attacked if the
intruder would be able to break in.

~~~
dewyatt
I suspect it's the social aspect that would make a hack like this relatively
easy.

It's really easy to get in to a network when there are hundreds or thousands
of individuals you can target via phishing, etc.

On the other hand, targeting just _your_ machines could prove more difficult
since there's only one of you.

------
defgeneric
File listing:

tree | xclip -i -sel clip

[http://pastebin.com/C34b8V8e](http://pastebin.com/C34b8V8e)

------
untog
Well, this seems like nonsense.

To clarify: not all of it is. That's the smart part about hacks like this. The
screenshots of individual donor lists they've provided look quite plausible.
But then, a lot of that information is already publicly available.

But a directory named "Pay to Play"? A spreadsheet that conveniently matches
up donor amounts to the amount of TARP funding allocated to that company? Come
on. It's absurd.

~~~
trendia
"Pay to Play" is referring to specific SEC legislation, not the common use of
the word.

no comment on the rest of the leaks, just wanted to clarify that

------
wcummings
None of this seems very scandalous to me, am I missing something?

~~~
trendia
You've read all the documents in the 800MB dump already? It's hardly been up
for an hour.

------
jfreak53
Download site is dead, too much traffic, and there is already a violation
report against it. That was quick. Anyone got the file to put on Torrent so we
can actually download?

~~~
tholford
[https://news.ycombinator.com/item?id=12639259](https://news.ycombinator.com/item?id=12639259)

