Are The Leaked Britam Defence Emails Fake?

Are the Britam Defence emails fake? Let's take a look at some of the evidence.

We released a video on August 26th which referred to a set of documents and emails that been hacked from a company called Britam Defence. Britam defence acknowledges that they were indeed hacked but they say the emails are forgeries. At this point, after having been shown some technical evidence and having spent several hours deliberating it I'm inclined to agree with them. In this video I'm going to show you precisely why.

There were two emails from the leak, one entitled Sirian Issue.eml and the other is entitled Iranian Issue.eml. When I first found these emails I spent quite a while examining their headers and on individual inspection they seem to be consistent with the information contained in the other documents in the leak, but if you look at the headers of both of the emails side by side and compare them you'll find there's something wrong.

When I talk about looking at the headers what I mean is that you right click the email files and you open them in a plain text editor. By doing this you can see the hidden code that the email is comprised of.

These are the headers for Syrian Issue.eml and these are the headers for Iranian Issue.eml. Now I thought I had looked at everything that you could look at in these documents. For example I looked up the physical location of the ip addresses of the email server used in the eml files, and this traced to a server located in Singapore. This matched information contained in another file entitled Network_July_2012 which you can find by looking under the Iraq folder and under the subfolder entitled "Britam Internet Networks & Passwords".

Related: Help Us Help Obama Kickstart World War III! (Satire)

I had looked at the dates in the headers to make sure they were consistent, and nothing stood out except the fact that the creation date for both of the actual email files were on the same day even though they were sent on separate months. This however didn't set off any red flags because if you have an email database like this Inbox file I have here on my computer for example, it contains the data for multiple emails, but if you export those emails individually as eml files using an email client like thunderbird or a hacking script of some kind the resulting eml files will be new files and will show that they were created at that moment. So matching creation dates isn't a evidence of a problem.

Now here's the problem... if you look at the "for date" in the headers in both emails, they show that they were sent on two different days, but at the exact same hour, minute and second.

Related: Pulitzer Prize-winning investigative journalist Seymour Hersh Says Obama Lied About The Syrian Chemical Weapons Attacks

Just so that you can see it we'll line it up for you.
Thu, 16 Oct 2012 23:57:18 +0800
Mon, 24 Dec 2012 23:57:18 +0800
The one that says it was sent on Monday the 24th of December was the Syrian Issue.eml file. The one that says it was sent on Thursday October 16th of 2012 was the Iranian issue.eml file. They were supposedly sent 69 days apart and yet they were sent at precisely the same hour, minute and second of the day? There are about 5,961,600 seconds in 69 days, and you have to consider the other factors in this equation like the number of emails being sent on a daily basis in an organization and the likelihood that this freak occurrence would just happen to fall on these two particular emails that were of interest to the hacker. Without all the information regarding the number of variables involved it would be impossible to put together an absolute assessment of the odds, but the odds of the two both landing on the same hour, minute and second are very, very small, something akin to getting struck by lightning twice while standing in the exact same place in your backyard on two different days. Technically it's possible, not at all likely.

Now my first reaction when I saw this was to ask whether email server may have been programmed to send at that specific time of the day. This is possible. On the servers that I work with I program tasks to run on timed intervals, these are called cron jobs. However those timed intervals are usual set to go at standard dividing points of the hour like at the top of the hour, at the thirty minute mark or the 15 minute mark. You can program a task to run at a specific hour of the day if you like but who on earth would program in an odd time like this 23:57:18 as the send time? That's much harder to write in that 11:30 pm or 11 pm or 12 am, and though it's not technically evidence, the reality is that this is not how programmers think. Programmers like neat and easy to remember numbers that they can calculate from without lots of trailing minutes and seconds. I say this as a programmer I would never do this, and I have a very hard time imagining that someone running an enterprise level email server would do it.

Neither would it make sense logistically. We're talking about a security company here, they're going to want their emails to arrive in a timely fashion. So these emails would much more likely be sent every five or 10 minutes if there was any delay at all. On the email servers that I use the delay is just a few seconds, for gmail it can be a few minutes at times, but never hours. Is it realistic to think that a company makes its living war zones is going to have substandard communications speeds? I don't think so.

Taken all together with these kinds of odds my current assessment is that one or both of the emails are fake. I can't say that as an absolute any more than I can say that pink unicorns don't exist, but I would assert that the burden of proof falls on those who would try to defend their validity..

So if this is a forgery who was behind it? We may never know for sure, but there are a few things we can say:

1. Whoever did this is someone who is smart enough to edit the headers of an email file and set the ip address to an ip that would match information in other documents in the leak if they were checked. Most amateurs wouldn't even think to make sure this was right. That shows attention to detail.

2. It was someone with an excellent mastery of English. No spelling errors, no grammatical errors or odd turns of speech that you often see when someone is writing in a language that they learned late in life. Also the use of abbreviations such as CW for chemical weapon, and g-shell for gas shell, was clever. It made it look like the writer was trying to avoid saying something incriminating. This wasn't written by a poorly educated foreigner. It was either written by a very well educated and fluent foreigner or a native English speaker.

3.The person who created this email was someone who had access to passport scans and the resume of the person who the email says it is coming from. So they were either a hacker, they had contact with hackers, or they had internal access to the company.

This issue with the hours, minutes and seconds in the headers is either a really sloppy error or a brilliant trap. It's the kind of issue that would slip past most people. A savant type like Dustin Hoffman's character in Rain Man might see it right away, but a fairly tech savy reporter wouldn't be looking for that kind of problem because they would be analyzing the validity of each email individually.

How could it be a trap? Well for one thing it's a credibility trap. Whoever ever created these emails was trying trick someone, and the obvious target is the alternative media. Get people to inject this juicy little find into a case they are making against the U.S. government's policies then you just need to debunk the emails and people won't even look at the other evidence. Disregarding the other evidence in a case due to a problem with one element is a logical fallacy, but it's one that a large percentage of the population routinely falls for. So in that sense it is a psychological trojan horse. The editorial staff of at least two large media companies fell for it, Press TV and The Daily Mail. The last time I checked Press TV was still referring to it in an article. If you have connections with people working for Press TV you might want to consider sending this video to them.

Now regardless of whoever created these files and regardless of the intentions of the person who created them, my recommendation to you is that you do not spread them to anyone, and that you avoid integrating them into any case you may make in a debate or a presentation. If you have sent the files to others please contact those people and show them this video so that this doesn't go any further.

I understand it may be emotionally difficult to do this. None of us like having to make a retraction. But retractions are absolutely necessary if mistakes are made if we want to maintain the integrity of our message. The alternative media is up against powerful interests with enormous budgets and large staffs, all we have on our side is our dedication to getting to the truth. If compromise our standards when it may seem to benefit us, we lose that one advantage, and we can't afford to let that happen.

The Syrian war issue is way to important to weaken our case with bad intel, that's why we took down our previous video.
The corrected video can be found at the following link:

.

Get Notified of New Content
on StormCloudsGathering

Delivered By Feedburner