While Guccifer 2 left roughly 5 Russian “Fingerprints” in it’s 6/15/16 wordpress post that were widely reported on to suggest that Russia was the source of the Wikileaks DNC/Podesta document release, Guccifer 2 also left roughly 10 Chinese “Fingerprints” that do not appear to have been widely reported on.
A group of roughly 5 of G2’s wordpress documents with Russian “Fingerprints” of being last modified by Felix Edmundovich written in Cyrillic characters on a word document/computer with Cyrillic language settings activated were initially reported on as evidence to connect Russia to the upcoming Wikileaks DNC/Podesta publications.
A group of roughly 10 of G2’s wordpress documents with Chinese Fingerprints of being last modified by “朱德” (Zhu De), a famous Chinese general and a pioneer of the Communist Party of China, were also found in G2’s 6/30/16 wordpress documents. The files were edited with Chinese and Romanian language settings in force on either the document or computer at the time the edits were made.
Link to G2 WordPress Post from 6/30/18:
Names of Chinese “fingerprinted” files from G2 6/30/16 wordpress post:
- “Clinton Foundation Investments FINAL.docx”
- “copy_sortable-dnc-pac-research.xlsx” (Found in Wikileaks DNC archive without Chinese “fingerprints”)
- “Hillary Clinton Travel FINAL.docx”
Evidence of Chinese fingerprints in all 10 files:
A. Each File had a last modified by value of “朱德” (Zhu De), a famous Chinese general and a pioneer of the Communist Party of China.
Note – The basic metadata for each file can be independently verified by uploading each of the above 10 Chinese “fingerprinted” files to an online metadata viewer such as https://www.get-metadata.com/.
B. G2’s language settings from each .docx (document.xml) file in Chinese “Fingerprinted” document group were saved as: “<w:lang w:val=”ro-RO” w:eastAsia=”zh-CN”/>”.
Note2 – The language settings for each .docx (document.xml) file can be viewed in a text editor. The steps to independently verify the <w:lang w:val=”ro-RO” w:eastAsia=”zh-CN”/> language settings in each of the above Chinese “fingerprinted” .docx files is as follows:
- Download target G2 .docx file to desktop from G2’s 6/30/16 wordpress post.
2. Unzip the .docx file (Ex. PeaZip, Extract as New Folder).
3. Open the newly created folder in a text editor such as VSCode (Right click on the folder, select “Open with Code” to open with VSCode if VSCode is already installed).
4. Search the folder for the string “lang” to find the document.xml language settings on the target document.
5. Each .docx Chinese “fingerprinted” document should display “<w:lang w:val=”ro-RO” w:eastAsia=”zh-CN”/>” in the document.xml file.
“ro-RO” represents Romanian language settings (Language Code 1048) according to Microsoft’s reference guide.
“zh-CN” represents Chinese language settings (Language Code 2052) according to Microsoft’s reference guide.
“w:val” represents the language settings to be used for Western/Latin characters.
“w:eastAsia” represents the language settings to be used for Eastern/Asian characters.
MSFT OOXML language settings reference guide:
Forensic examination of .docx document language settings(w:lang in document.xml):
“Upon inspection of the XML structure of word/document.xml, they discover that the headline, 12/03-2014, is attributed with <w:lang w:val=”sv-SE”/>, as shown in Listing 4.2, while the rest of the document is attributed with <w:lang w:val=”en-GB”/>. This indicates that the document at some point has been edited on a computer with Swedish set as the default language, which could e.g. have been the suspect visiting an Internet café or a library while in Stockholm.”
Simple metadata viewer for office (.doc/.docx/.xlsx) documents: