BREAKING EXCLUSIVE: Joe Biden’s Former IT Director, Warren Flood, DNC, and HRC Operatives Could be Implicated in ‘Russia Hacked the DNC Email’ Narrative

On June 16, 2019, we presented arguments against the Mueller gang’s assertion that the DNC was hacked by Russians. Cyber expert Yaacov Apelbaum posted an incredible report with information basically proving that the DNC was not hacked by the Russians.

Today we have support showing that documents created by Warren Flood, Biden’s IT Director were used to perpetrate the Guccifier 2.0 hoax.

Last year we reported a series of arguments proving that there is no proof that Russians hacked the DNC.  These arguments came from cyber expert Yaacov Apelbaum whose first argument was this –

According to the WaPo (using CrowdStrike, DOJ, and their other usual hush-hush government sources in the know), the attack was perpetrated by a Russian unit lead by Lieutenant Captain Nikolay Kozachek who allegedly crafted a malware called X-Agent and used it to get into the network and install keystroke loggers on several PCs. This allowed them to see what the employees were typing and take screenshots of the employees’ computer.

This is pretty detailed information, but if this was the case, then how did the DOJ learn all of these ‘details’ and use them in the indictments without the FBI ever forensically evaluating the DNC/HRC computers? And since when does the DOJ, an organization that only speaks the language of indictments use hearsay and 3rd parties like the British national Matt Tait (a former GCHQ collector and a connoisseur of all things related to Russian collusion), CrowdStrike, or any other evidence lacking chain of custody certification as a primary source for prosecution?

A second point by Apelbaum was –

… that three of the Russian GRU officers on the DOJ wanted list were allegedly working concurrently on multiple non-related projects like interfering with the 2016 United States elections (both HRC and DNC) while at the same time they were also allegedly hacking anti-doping agencies.

Above are pictures of the individuals the FBI says were working on both the DNC/HRC email hacking and the Olympic doping projects.

The same guys were working on both projects which is all but impossible. (Do we really know if they’re even Russians?)

Apelbaum argues

The fact that the three had multiple concurrent high impact and high visibility project assignments is odd because this is not how typical offensive cyber intelligence teams operate. These units tend to be compartmentalized, they are assigned to a specific mission, and the taskforce stays together for the entire duration of the project.

And this riddle wrapped up in an enigma doesn’t stop there, in addition to shoddy cyber forensics, we also have all of the questionable MSM investigative work that links the attacker to the pseudonym Guccifer 2.0 and identifies him as a Russian.

Next Apelbaum questioned the Mueller gang’s assertion that the ‘hacker’ named Guccifer 2.0 was a Russian –

1. He used a Russian VPN service to cloak his IP address, but did not use TOR. Using a proxy to conduct cyber operations is a SOP in all intelligence and LEA agencies.

2. He used the AOL email service that captured and forwarded his IP address and the same AOL email to contact various media outlets on the same day of the attack. This is so overt and amateurish that its unlikely to be a mistake and seems like a deliberate attempt to leave traceable breadcrumbs.

3. He named his Office User account Феликс Эдмундович. The full name is assumed to be Фе́ликс Эдму́ндович Дзержи́нский which translates to Felix Edmundovich Dzerzhinsky, after the founder of the Soviet Secret Police. Devices and accounts used in offensive cyberspace operations use random names to prevent tractability and identification. Why would anyone in the GRU use this pseudonym (beside the obvious reason) is beyond comprehension.

4. He copied the original Trump opposition research document and pasted it into a new template (with an editing time of about 2 minutes). This resulted in a change of the “Last Modified by” field from “Warren Flood” to “Феликс Эдмундович” and the creation of additional Russian metadata in the document. Why waste the time and effort doing this?

5. About 4 hours after creating the ‘Russian’ version of the document, he then exported it to PDF using LibreOffice 4.2 (in the process he changed the watermark, lost a date field, and removed about 20 of the original pages). This was most likely done to show additional ‘Russian fingerprints’ in the form of broken hyperlink error messages in Russian. Why bother with re-formatting, re-editing, and converting the source documents? Why not just get the raw data out in the original format ASAP?

Apelbaum next discussed Guccifer 2.0 –

The likely explanation for all of this fancy footwork in manipulating the document’s language, property fields, and content is the following sequence of events:

  • A US based user who operates from the West coast and East coast changes his MS Word 2007 and OS system language settings to Russian.
  • The user opens and saves a document (‘source’) called “12192015 Trump Report – for dist-4.docx” originally composed by Lauren Dillon as an RTF file and then opens it again.
  • The user opens a second document originally generated by User Warren Flood on a computer registered to Company GSA (‘destination’) named “Slate_-_Domestic_-_USDA_-_2008-12-20-3.doc”, he deletes its content, saves the empty file as and RTF, and opens it again.
  • The user copies the content of the ‘source’ RTF document and pastes it into the ‘destination’ empty RTF document.
  • The user makes several modifications to the content of the document such changing the watermark from “CONFIDENTIAL DRAFT” to “CONFIDENTIAL”.
  • The user saves this document into a file called “1.doc”. This document now contains the text of the original Lauren Dillon “Donald Trump Report” document and it also has Russian language URL link error messages in its body. The user also produces a pdf version of this document.
  • A user first publishes “1.doc” to various media outlets including WaPo and then uploads a copy to the Guccifer 2.0 WordPress website (which interestingly is hosted in the US).

The user name Warren Flood in the metadata most likely refers to Vice President Joe Biden’s former information technology director at the White House (who had a GSA registered copy of MS Office).

On June 21, 2016, a week after the DNC leak went public, Lorenzo Franceschi-Bicchierai, a reporter with Vice Motherboard interviewed a person who identified himself as “Guccifer 2.0”. During their on-line chat session, the individual claimed that he was Romanian. His alleged poor Romanian language skills were later used to unmask his Russian identify.

Guccifer’s use of contraction like “can’t”, and “couldn’t “ and definite/indefinite articles like “a” and “the” suggests that he is in fact a native English speaker. This also applies to his technical vocabulary and phrasing. Regardless of how bad Guccifer 2.0’s Romanian might appear, the fact is that we don’t know who Bicchierai was texting, if the conversation was a hoax, nor if it was staged.

Yesterday we noted that based on the process itself, it is highly unlikely Russians hacked the DNC:

Esteemed NSA whistleblower Bill Binney reported in June 2019 that there was no way Russians hacked the DNC based on the speed of the transfer of the data that was hacked. But according to Apelbaum the transfer speeds is a minor issue here. It’s just an indicator that it would have been difficult for Guccifer 2 who was sitting in Romania to access the DNC system remotely.

Per an illustration from Apelbaum, Guccifer 2 is depicted as the red devil icon below:

This illustration shows the Crowdstrike was obviously false in its claims that Russia hacked the DNC.

This is because:

1. If Guccifer 2 did it from Romania (the red devil icon on the left of the illustration), he needed a 23 MB/s transfer rate. At the time of this hack in 2016, Romania was only supporting 16MB/s speeds. But to do that he had to go through all of the red hell in the middle of the illustration, which I don’t believe he did based on the poor technical skill set he demonstrated during his interview with Motherboard vice.

2. If the leak came from the inside and the US (the half green half red icon in the right side of illustration), he had the opportunity and the full 23 MB/s transfer rate because he just plugged-in a USB drive to the computer. He also didn’t need any hacking skills because he most likely had full local system access.

The Russian story doesn’t stick, Apelbaum closed with this –

The bottom line is that in every instance where we can evaluated Crowdstrike’s conclusions, they come back as wrong or intentionally misleading. It all amounts to a lot of political PR and little verifiable forensics. So, if we want to go beyond the speculative trivia, the pseudo-science, and the bombastic unverified MSM claims, we have to ask the real tough questions, mainly:

  1. What are the reasons behind Crowdstrike creating and propagating the false myth about the Ukrainian artillery app hacks?
  2. Is Guccifer 2.0 even a real hacker, or is he just the alter ego or a collaborator working with/for Lorenzo Franceschi-Bicchierai, Podesta, the DNC, or the HRC campaign?
  3. How did Guccifer 2.0 circumvent all of the security and system logs during several weeks of repeated visits to the DNC network while downloading close to 2 GB of data?
  4. Why is this entire operation riddled with so many amateurish mistakes?
  5. Why haven’t the FISA judges handling the Russian collusion applications (and the Stone and Flynn Judges) ask to see hard evidence from the IC/DOJ/FBI regarding the Crowdstrike claims?
  6. Who authorized Sara Latham, and Kristin Sheehy, both, Obama transition team employees to send to Podesta’s unsecure Gmail account Warren Flood’s “Confidential” government communications regarding USDA personal?
  7. Considering the strong possibility that Guccifer doesn’t exist, who then collated the documents that were leaked on June 14th? How did they get these documents form Podesta on/prior to June 14th 2016, when WikiLeaks only started publishing the Podesta emails on October 7th 2016?
  8. Why was WaPo selected as the recipient of the pre-leaked version of the documents (prior to June 14th)?
  9. Why would the Russians use the WaPo, the official ‘mouth piece’ of a certain federal agency and the most anti-Russian papers in the country? Why not publish through the WSJ or Fox?
  10. Why would the Russians leak the most damaging document to Trump, the opposition research titled “Donald Trump Report” if they are trying to promote him?
  11. In her July 26, 2016 letter to James Comey, Loretta Lynch, the Attorney General called the leak a “pernicious crime”. In the same letter, she demanded a response to her question “Has the FBI deployed its Cyber Action Team to determine who hacked the DNC?”. In this vein, why haven’t the Feds deploy a cyber action team or investigate all leak related individuals like DNC staff, Podesta and his people, the WaPo reporter that broke the story, etc.?
  12. Why haven’t the Feds seized the US based WordPress server and its logs to identify the administrator of the site, the sources of uploads to it, and the payment method used for hosting it?

We also know that WikiLeaks stated numerous times that Russia did not provide them with the emails they leaked in 2016 and Julian Assange stated that WikiLeaks had nothing to do with Russia.

But of course the Mueller gang never interviewed WikiLeaks in an effort to determine how they received the Clinton emails. Of course the Mueller team could not risk WikiLeaks saying the emails were not received from Russia which would destroy their Russia hacked the DNC fairy tale.

Today we identify another anomaly that suggest that the editor of the file (who claims to be Guccifer 2.0) was most likely operating in the US:

Apelbaum obtained a parts of the Word and PDF versions of the purported DNC Opposition research document showing the original English template and the pasted version into a Russian template and resulting subsequent broken hyperlink error messages in Russian:

In the image above, on the left it shows the Word doc properties of the document created at 1:38 PM on June 15, 2016. The Company name is given as GSA. This appears to be the General Services Administration (US gov agency), which shows as the Company for MS Office documents created via GSA-registered copies of MS Word. What is not obvious is that both of these documents (the MS Word and the converted PDF) continue to show a US based date format of MM/DD/YYYY.  This format is unique because most world location use the format DD/MM/YYYY. So, if the editor of this document was really operating from Romania or Russia his data format should match his country location.

The supposed author of this document is Warren Flood as is noted at the bottom left of the diagram above.  He was Vice President Joe Biden’s IT Director at the White House (which does use GSA registered software).


In terms of the big picture, it is possible that whoever added the Russian fingerprint did this as part of laying the ground work or for future unmasking. We know that in June 2016 the Obama administration (via people like Susan Rice, John Brennan, and Samantha Power) started unmasking Trump campaign officials on the pretext of ‘Russian interference’.  This June 2016 activity overlaps with dates of the Guccifer 2.0 saga.

So, it is possible that Guccifer 2.0 and MSM outlets like the NYTimes who promoted him were part of a larger campaign to affirm Russian interference with the DNC hacks.

If this is indeed the case, then it means that the DNC email leak could implicate Obama officials/contractors or/and DNC in document all in an effort to tie Russia to the DNC email heist.

Based on information available today, there is no way Russians hacked the DNC. This was made up from the start.  If we eliminate the fictious Guccifer 2.0 as the source of the leaked documents, then we are left with Obama administration, HRC, and DNC personal as the only link to the Russian hoax.


Photo of author
Joe Hoft is a Radio Host at, Author, Former International Corporate Executive in Hong Kong for a Decade, and a Contributor at TGP since 2016. Joe is the author of five books, including his new bestseller, "The Steal: Volume II - The Impossible Occurs" which addresses the stolen 2020 Election and provides an inventory of issues that prove that the 2020 Election was uncertifiable and never should have been certified for Joe Biden.

You can email Joe Hoft here, and read more of Joe Hoft's articles here.


Thanks for sharing!