We Can Prove the Podesta Emails Released by Wikileaks Are Authentic…Here’s How

Submitted by Mike Krieger via Liberty Blitzkrieg blog,

screen-shot-2016-10-24-at-10-30-18-am

Anyone with half a brain or an ounce of honesty left, knows that the John Podesta emails released by Wikileaks are authentic. If they weren’t, everyone implicated in them would have immediately and aggressively denied their claims rather than simply change the subject by blurting out some incoherent nonsense about Russia and Vladimir Putin.

So while most of us were already confident in their authenticity, a key tactic of corrupt Democratic operatives has been to try to cast doubt on them being real in order to sway the minds of some of our more cerebrally challenged fellow citizens. As such, any technical proof that the emails are genuine is of great significance, and we can thank Robert Graham of Errata Security for providing this.

He first grabbed my attention on the topic a few days ago with a series of tweets:

https://twitter.com/ErrataRob/status/789621071200813056

https://twitter.com/ErrataRob/status/789621522314960896?ref_src=twsrc%5Etfw

He then expanded on his thoughts in a post published yesterday titled, Politifact: Yes we can fact check Kaine’s email.

Here’s what we learn:

This Politifact post muddles over whether the Wikileaks leaked emails have been doctored, specifically the one about Tim Kaine being picked a year ago. The post is wrong — we can verify this email and most of the rest.

In order to bloc spam, emails nowadays contain a form of digital signatures that verify their authenticity. This is automatic, it happens on most modern email systems, without users being aware of it.

This means we can indeed validate most of the Wikileaks leaked DNC/Clinton/Podesta emails. There are many ways to do this, but the easiest is to install the popular Thunderbird email app along with the DKIM Verifier addon. Then go to the Wikileaks site and download the raw source of the email https://wikileaks.org/podesta-emails/emailid/2986.

As you see in the screenshot below, the DKIM signature verifies as true.

screen-shot-2016-10-24-at-10-49-44-am

If somebody doctored the email, such as changing the date, then the signature would not verify. I try this in the email below, changing the date from 2015 to 2016. This causes the signature to fail.

screen-shot-2016-10-24-at-10-50-31-am

There are some ways to forge DKIM-signed emails, specifically if the sender uses short keys. When short keys are used, hackers can “crack” them, and sign fraudulent emails. This doesn’t apply to GMail, which uses strong 2048 bit keys, as demonstrated in the following screenshot. (No, the average person isn’t supposed to understand this screen shot, but experts can).

screen-shot-2016-10-24-at-10-51-59-am

What this means is that the only way this email could’ve been doctored is if there has been an enormous, nation-state level hack of Google to steal their signing key. It’s possible, of course, but extraordinarily improbable. It’s conspiracy-theory level thinking. Google GMail has logs of which emails went through its systems — if there was a nation-state attack able to forge them, Google would know, and they’d be telling us. (For one thing, they’d be forcing password resets on all our accounts).

Since DKIM verifies this email and most of the others, we conclude that Kaine is “pants on fire” lying about this specific email, and “mostly untrue” in his claim that the Wikileaks emails have been doctored.


On the other hand, Wikileaks only shows us some of the emails. We don’t see context. We don’t see other staffers certain it’s going to be somebody else for VP. We don’t see related email discusses that cast this one in a different light. So of course whether this (verified) email means they’d firmly chosen Kaine is “mostly unproven”. The purpose of this document isn’t diagnosing what the emails mean, only the claims by Hillary’s people that these emails have been “doctored”.

As a side note, I offer a 1-BTC (one bit coin, ~$600 at today’s exchange rate) bounty to anybody who can prove me wrong. If you can doctor the above email, then you win the bounty. Some rules apply (i.e. it needs to be a real doctored email, not a trick). I offer this bounty because already people are trying to cast doubt on whether DKIM works, without offering any evidence. Put up or shut up.

Once the above gets in front of a wider audience, expect Russia demonization from Democratic hacks to go exponential.

Great work Mr. Graham.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
This entry was posted in Politics / World News. Bookmark the permalink.
  • Paranoid Factoid

    I don’t think so. DKIM will prove header data in the envelope (from/to/subject/date) is accurate. But it says nothing about payload content (the actual message). This approach doesn’t verify the validity of those messages.

  • Anonymous

    There’s already a comment here (which for some reason is only displayed if I disable Disqus’s JavaScript…?) claiming that the message body isn’t included in the DKIM hash and that the whole argument is moot. That’s not entirely correct and in this particular case outright wrong.
    The message body does contribute to the DKIM hash. There’s an optional parameter “l” (lowercase L, for “length”) which allows for truncation of the body before it is hashed. Effectively, this means that anything past the first “l” bytes can be modified without the DKIM check failing.
    However, GMail (and most other providers, in my experience) does not use this parameter, and the default behaviour is to use the entire body.
    Wikipedia has a good explanation of how DKIM works. If you want all the gory details, have a look at RFC 6376.

  • Tony Gro

    anyone can generate a DKIM key http://dkimcore.org/tools/keys.html

    • r3verend

      what is your point? Anyone can generate a ssh key but that doesn’t mean I can falsify your private/public key pair.