Guccifer 2 and the Podesta Emails

I’ve posted below the first forty documents that Guccifer 2 leaked on his/her WordPress site between June 15 – June 21, 2016.  What I’ve done is cross reference these leaks, which Guccifer 2 himself/herself said were from the DNC, with Wikileaks’ DNC email publication. My research shows that none of these Guccifer 2 DNC documents are in Wikileaks’ DNC documents. That’s not to say they didn’t show up at all in Wikileaks.  They did.  They showed up in Wikileaks’ Podesta emails, not the DNC emails.  At least almost half of them did.  The other half I was not able to locate at all in Wikileaks.  Please feel free to cross reference this list yourself with Wikileaks (sometimes you have to be creative in your search or use the attachment or filename search) because I’m only human here, folks. Furthermore,  I believe that debunking information only gets us closer to the truth.

Take a look.

June 15, 2016

Guccifer 2 released eleven documents that he/she claimed were “extracted when hacking into DNC’s network.”

  • Donald Trump Report
  • First “Democratic Party list of donors” screenshot
    • Not found
  • Second “Democratic Party list of donors” screenshot
    • Podesta Email Only 7.15.13 (Wikileaks attachment Donors.xlsx)
  • Third “Democratic Party list of donors” screenshot
    • Not found
  • Secret Document from Hillary’s PC titled “Promises and Proposals—National Security and Foreign Policy”
    • Not found
  • 2016 GOP presidential candidates
  • HRC election plans
  • National Security Transition Planning
    • Not found (My notes say that I had found this previously in the Podesta emails but who’s the idiot that didn’t save the Wikileaks’ link the first time? Yup, that would be me.)  Thank you to OneOfTheGods and nakedname who left the link to this in the comments below.
    • Podesta Email Only 8.7.2008 (Wikileaks attachment)
  • 2.19.16 Friends of HRC List_HFA16 Giving History
    • Not found
  • 4.16 Commitment Sheet_0404416 Update
    • Not found
  • 7.1.15 Commitment Sheet
    • Not found


June 18, 2016

Guccifer 2 released twenty documents on June 18, 2016 noting he/she took these documents from the DNC network—not the DCCC.

  • First “donor data” screenshot (with link included)
    • Not found
  • Second “donor data” screenshot (with link included)
    • Not found
  • Third “donor data” screenshot (with link included)
    • Not found
  • Financial Report
    • Not found
  • Hillary for America Fundraising Guidelines from Agent Letter
  • HRC Personal and Purpose Driven ROY
  • 2016 Red to Blue Memo
    • Not found
  • 2015 JHS Roster
    • Not found
  • 2015-03-22 Memo for Senior Staff
    • Podesta Email Only 3.21.15  (Wikileaks attachment ) *Notice John Podesta’s name has been removed in the Guccifer 2 document
  • 2015-2016 Contribution Limits (DCCC)
    • Not found. However, something similar is found in the Podesta emails. See 4.4.15 attachment “Hillary for America Contribution Limits.” Is it just me or does Guccifer 2’s document look like the header and date has been added?
  • confirmed attendees april 2016
    • Not found
  • Convention Memo -12-15
    • Podesta Email Only 1.03.15 (Wikileaks attachment)
  • Copy of DC Ind $1k Up
    • Not found
  • HFA Paid Media Traffic 3 9 16
  • Memo for Fundraising Staff
  • presidential campaign 2016
  • Private Memorandum to Ashton Carter 3.17.15
  • STAFF1
    • Not found
  • WJC HFA Requests 9.16.15
  • Wyss Democracy Strategy 03 06 15


June 21, 2016

  • 2016er Attacks—HRC Defense Master Doc
    • Not found
  • 04.29.15 CGEP
    • Podesta Email Only 4.29.15 (Wikileaks attachment “04.29.15 CGEP“)
  • 2016 Democrats Positions Cheat Sheet 7-7-15
    • Not found
  • 20150426 MEMO- Clinton Cash Unravels
    • Podesta email only 4.27.15 (Wikileaks attachment)
  • Attacks on Clinton Family Members
    • Not found
  • Clinton Foundation Donors $25K+
    • Not found
  • Clinton Foundation Vulnerabilities Master Doc FINAL
    • Not found
  • Clintons PFD 2015
    • Not found. Although HRC’s 2016 Financial Disclosure Form is in Wikileaks DNC emails. See attachment
  • HRC Defense – Emails
    • Not found
  • HRC Travel – Private Jets FINAL
    • Not found

I have compiled two lists from the documents above:  G2 (alleged DNC) documents found in Wikileaks’ Podesta emails and the G2 (alleged DNC) documents I could not find in any Wikileaks’ publications.  And to be clear, there is not one G2 document released on these three days (that’s as far as I researched) that I found in Wikileaks’ DNC email publication.

Only Found In Wikileaks’ Podesta Emails

  • 12.19.15   Donald Trump Report
  • 07.15.13   Second “Democratic Party list of donors” screenshot
  • 05.26.15. Strategy on GOP 2016ers.doc
  • 04.05.15  HRC Election Plans
  • 04.04.15  Hillary for America Fundraising Guidelines from                                         Agent Lette
  • 02.05.16  HRC Personal and Purpose Driven ROY
  • 03-22.15  Memo for Senior Staff (Podesta name is removed in G2 doc
  • 01.03.15   Convention Memo -12-15
  • 03.09.16  HFA Paid Media Traffic 3 9 16
  • 03.25.15. Memo for Fundraising Staff
  • 03.02.15  Presidential campaign 2016
  • 03.30.15 Private Memorandum to Ashton Carter 3.17.15
  • 09.17.15  WJC HFA Requests 9.16.15
  • 03.06.15  Wyss Democracy Strategy 03 06 16
  • 04.29.15 CGEP
  • 20150426 MEMO—Clinton Cash Unravels

Not Found In Any Wikileaks Publications

  • First “Democratic Party list of donors” screenshot
  • Third “Democratic Party list of donors” screenshot
  • Promises and Proposals—National Security and Foreign Police
  • 2.19.16 Friends of HRC List_HFA16 Giving History
  • 4.16 Commitment Sheet_0404416
  • 7.1.15 Commitment Sheet
  • First “donor data” screenshot
  • Second “donor data” screenshot
  • Third “donor data” screenshot
  • Financial Report
  • 2016 Red to Blue Memo
  • 2015 JHs Roster
  • 2015-2016 Contribution Limit (although similar doc is in Podesta emails
  • confirmed attendees april 2016
  • Copy of DC Ind $1K Up
  • Staff1
  • 2016er Attacks—HRC Defense Master Doc0
  • 7.07.15  2016 Democrats Positions Cheat Sheet 7-7-15
  • Attacks on Clinton Family Members
  • Clinton Foundation Donors $25k+
  • Clinton Foundation Vulnerabilities Master Doc FINAL (G2 document has two corrections in it dated 3.30.15
  • Clintons PFD 2015
  • HRC Defense—Emails
  • HRC Travel—Private Jets FINAL

So what does this all mean? Well, that’s a great question and frankly, I’m not sure.  You would think that if Guccifer 2 dumped legitimate DNC documents that they would be found in Wikileaks’ DNC emails and attachments but that doesn’t appear to be the case.  So here’s some scenarios I’ve come up with:

  • G2 leaked DNC documents that Wikileaks never received from their DNC email source
  • G2 leaked DNC documents that Wikileaks received from their DNC email source but did not publish them
  • G2 leaked DNC documents that were found in both the DNC and Podesta emails but Wikileaks only received them from their Podesta email source
  • G2 never leaked any DNC documents

I have a bunch of other ones rattling around my brain, some crazier than the next. As for the above, if G2 leaked legit DNC documents why didn’t Wikileaks’ source give those to them? Were the documents that I couldn’t find in Wikileaks never sent through DNC or Podesta email? That seems a little absurd but I suppose anything’s possible.

And why wouldn’t Wikileaks publish these documents if they had them? That makes even less sense—and the argument that maybe Wikileaks wanted to distance themselves from G2 because they were working with the Russians doesn’t makes sense either because the absence of G2 documents would make it more obvious that they were trying to distance themselves.  And don’t forget, just because I didn’t find them doesn’t mean some of them aren’t in Wikileaks (my guess is that more of the ones I couldn’t find are indeed in the Podesta emails). Or, if G2’s DNC documents were found in both DNC and Podesta emails (which wouldn’t be terribly weird) and Wikileaks’ source for the DNC and Podesta emails are one and the same why did Wikileaks’ source refrain from giving them certain DNC documents? Did Wikileaks refrain from publishing them in July, 2016 knowing full well that some of them (the ones they had) would come out later in the Podesta emails?

And when did Wikileaks’ source give them the DNC and Podesta emails? I have to assume it was before Guccifer 2 started publishing because of Assange’s interviews in June, 2016 which seemed to have set off this entire bowl of baffling G2 tomfoolery. Ugh, moving on…

Lastly, what if G2 never hacked the DNC in the first place?  It’s really not hard to believe after looking over Adam Carter’s research at g-2/space . He’s done an astounding job at debunking G2 as a Russian hacker.  In fact, metadata shows G2 may be DNC insider, Warren Flood.  However, it still doesn’t explain why G2 leaked documents that were either not found in Wikileaks’ publications or only found in the Podesta emails.

Am I thinking too much about this?  Is there a simpler explanation for this that I’m not seeing?

Leave a comment, your theories, or corrections below or you can tweet/DM me at @jimmysllama. Thanks!



Post Disclaimer

This is an Op-ed article. The information contained in this post is for general information purposes only. While we endeavor to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information contained on the post for any purpose. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site.

The views or opinions represented in this blog do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.

The owner will not be liable for any errors or omissions in this information nor for the availability of this information.  The owner will not be liable for any losses, injuries, or damages from the display or use of this information.


  1. Nice work, Llama. It really does look like Guccifer 2.0 and the person who supplied WikiLeaks with material were two different parties, which is not what the DNC wants us to believe.

    Possibly related to this question is the fact that Charles Delavan’s story about insisting Podesta must change his password is most likely untrue, for the reasons outlined in Slate. As an IT manager, I have written many of these emails myself, and it makes no sense for Delavan to have stated not once, but twice, that his password needed to be changed immediately IF he knew the phishing email was a fake. A typo I could understand, but not a whole email.

    Now, this story about Podesta getting phished specifically seemed to have appeared no earlier than an October 20, 2016 article in Motherboard (“How Hackers Broke into John Podesta and Colin Powell’s Gmail Accounts”), which was 13 days after Wikileaks announced they would be posting ‘The Podesta Emails’. So I believe the DNC folks had some reason for making up the typo story once they learned Podesta’s emails were about to be released. Here are some ideas:

    They may have realized the WikiLeaks’ Podesta Emails release could have revealed through analysis that they were not acquired by Guccifer2, and they needed to show there was another hacker on the loose.
    Or, given the doubts some people had about Guccifer2’s origins, they may have wanted to show there was another “hacker”, and one that could be more easily tied to Russian intelligence services.
    Or, it may have been that Podesta didn’t want to seem like an idiot for clicking the link and simply asked his IT guy to take the blame instead. I think this is unlikely because Podesta comes off looking bad regardless.

    Why else would the DNC want to suggest this was not the work of their Guccifer2 creation?

    There is little doubt Podesta did receive a phishing email. The question is whether he actually clicked the link, AND entered his credentials, AND whether the spearphishers recognized the importance of this man’s account (out of the thousands they had targeted), AND copied all his email, AND provided it to WikiLeaks. Since established organizations receive many such phishing attempts on a daily basis, it’s not surprising they were able to find examples that could be used as “evidence”.

    If Mr. Podesta was not, in fact, spearphished successfully, we have to wonder whether an insider would have been able to access those emails. Did he rely entirely on Google’s cloud to store his emails, or was there a local copy on his computer as well? And if so, how many people had permission to copy it?

    Lastly, it is interesting to read SecureWorks’ analysis of the phishing attacks that was posted on June 16, 2016, right after all this Russian hacking news first broke. They are very specific about who was targeted in the organization, but there is no mention of Podesta at this point.

    1. Hi Kernel. I’m someone with zero technical knowledge who is, nonetheless, very interested in this story. I’ve studied Adam Carter’s web page a lot and researched some of the concepts involved like VPN’s, but I still don’t know much so sorry if I’m missing obvious stuff.

      First, I couldn’t make sense of why Charles Delavan was saying to change the password if he thought the email was illegitimate, so I was very happy to hear someone knowledgeable confirm my take.

      But Charles Delavan’s email telling Podesta to change his password seems to be in the Wikileaks Podesta releases.
      So doesn’t that mean that Delavan’s story about sending the email has to be true? If so, I think the only explanation is that CD messed up and thought it was a real email and the typo story is a lie so he doesn’t look so bad.

      Second, thanks for providing the Motherboard article reference as I was wondering when the first public mention of the Podesta phishing attack was. I went to it before finishing your post and went to the SecureWorks link from there. And I couldn’t find any mention of Podesta so when i returned to your post I was happy to see that I wasn’t making a mistake. But do you have any ideas where Motherboard got the Podesta information? I’ve read the MB article several times and they definitely seem to be leaving the impression that the information came from the SecureWorks post but, as you say, that seems to be false.

      1. Hi Audrey, sorry I didn’t see your response until now. I am reaching the same conclusion you did, that regardless of the truth of Delavan’s explanation, it seems very likely that Podesta received a phishing email, and it didn’t matter what Delavan had advised the DNC staff since either way the phish provided enough reason to explain how Podesta was hacked.

        I suppose you’re right that he just wanted to avoid looking like he had been fooled by the fake email. (Another reason he could have given, but didn’t, would be that he was desperate for Podesta to turn on 2-factor authentication, and was only using the phish as motivation to get him to enable it.) However, it could also be possible that someone saw this as a clever ploy to create a narrative that would be attractive to the MSM.

        Still, I have my doubts that Podesta actually clicked the link and entered his credentials into the fake form. Here is what SC Media wrote in their October 21, 2016 article (“Russia behind Podesta hack, report”):

        “Update: In a followup call with SecureWorks, a spokesperson clarified that the company doesn’t have any insight into whether Podesta actually clicked through on the phish.”

        It’s curious also that SecureWorks does not mention Podesta in their June 16, 2016 report when there was such a clear email trail of it happening in March.

        With respect to the Motherboard article, as you say, they do not reveal the source, writing only about “a source close to the investigation”. Here’s the definitive quote:

        “That’s the link that opened Podesta’s account to the hackers, a source close to the investigation into the hack confirmed to Motherboard.”

        It’s worth noting here that SecureWorks is owned by Dell, which is hardly an independent organization. It works closely with US intelligence agencies and was the company Snowden was working at when he downloaded the NSA trove.

        Their description of the connection of the alleged phishing campaign of 2015 with the more recent publicized campaign in 2016 is curiously lacking in specificity. They never actually say that the 2016 phishers used the same Bitly account as the 2015 phishers. It’s just implied, and there is a weird use of the term “activity” in their 6/26/16 report, that sounds like they were trying to avoid a more specific term:

        “In June 2016, CTU researchers published analysis of a TG-4127 campaign that targeted email accounts linked to Hillary Clinton’s 2016 presidential campaign and the U.S. Democrat National Committee. The activity used the same technique as a 2015 spearphishing campaign that targeted more than 1,800 Google Accounts.”

        They then go on to provide in-depth analysis of the 2015 attack that was primarily focused on Russian and Ukrainian targets, later following up with the statement “the 2015 campaign did not focus on individuals associated with U.S. politics” in the 6/16/16 report (“Threat Group-4127 Targets Hillary Clinton Presidential Campaign”). They could be two completely different phishing campaign instigators for all we know. It would really help if Secure Works were to release their list of all the targeted email accounts.

        It’s also notable that they only “assess with moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.” That phrase is then carefully defined:

        Moderate confidence generally means that the information is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.


  2. a number of June 18, 2016 documents are in cf.7z dossier: 10k-do-not-email-list.xlsx
    copy-of-dc-ind-1k-up.xlsx 2015-jhs-roster.xlsx, 10k-2013-2-18-16-email-suprression-list.xlsx
    2016-red-to-blue-memo.pdf 2016-email-blast-list-3-17-16.xlsx

    cf.7z and ngpvan.7z dossiers are subsets of much larger archive.

Leave a Reply