Tuesday, May 20, 2008

“FARC” computers go back to the future!

Received Via Email
May 16, 2008 ·

Look what Interpol found on the “FARC” computers!

* 2,110 files with creation dates ranging between
20 April 2009 to 27 August 2009
* 1,434 files which show as having been last
modified between 5 April 2009 and 16 October 2010

Wait! Computer dates aren’t set in stone by the
immutable Atomic Clock in Denver? But that would mean…

Interpol’s Report Confirms that the Supposed FARC
Computers Were Manipulated

(The parts of the report they’ve not wanted to

Carlos Martínez/Pascual Serrano - Rebelión

Translation: Machetera

Last March 1, the Colombian Army attacked a FARC camp
in Ecuadoran territory. The army supposedly captured
three laptops, three flash drives and two external
hard disks. And it must be said “supposedly” because
said evidence was not obtained under established
police or judicial procedures, but rather through
military aggression in a foreign country, making any
evidence obtained thereby illegal and unusable in any
judicial procedure.

In order to give validity to this “evidence,” the
Colombian authorities asked Interpol to produce a
report certifying the “authenticity” of the archives
contained in the equipment. Yesterday, March 15, the
report was made public; a reading of which, calls
attention to the following conclusions:

First, a reference is made to “data classified as
ULTRA SECRETO” (Page 20 of the report) when part of
the data was already published in the El País

The most important is that the report itself
acknowledges in its “Finding 2b” (Page 30) that the
Colombian authorities manipulated the computers and
storage devices and that “Access to the data contained
in the eight FARC computer exhibits…did not conform to
internationally recognized principles for handling
electronic evidence by law enforcement.”

The study commissioned by the Colombian government
acknowledges that:

“Direct access may complicate validating this
evidence for purposes of its introduction in a
judicial proceeding, because law enforcement is then
required to demonstrate or prove that the direct
access did not have a material impact on the purpose
for which the evidence is intended.”

For example, further on in the document, Interpol says

“The operating systems of the three seized laptops
all showed that the laptops had been shut down on 3
March 2008 (at different times, but all three prior to
11:45 a.m., the time of receipt by the forensic
computer examiners of the Colombian Judicial Police).
The two external hard disks and the three USB thumb
drives had all been connected to a computer between 1
and 3 March 2008, without prior imagine of their
contents and without the use of write-blocking

That is, the Colombian Army used and modified the
archives contained in the computers, USB memory and
hard disks, before delivering them to the Colombian

For example, on page 31, the report says:

“83. Seized exhibit 26, a laptop computer, showed
the following effects on files on or after 1 March

* 273 system files were created
* 373 system and user files were accessed
* 786 system files were modified
* 488 system files were deleted

The report says that user documents (Word and the
like) are authentic, because they were not modified
between March 1 and the date of the examination,
however, the same report acknowledges the limits of
this statement because in Exhibit 31, there are:

* 2,110 files with creation dates ranging
between 20 April 2009 to 27 August 2009

* 1,434 files which show as having been last
modified between 5 April 2009 and 16 October 2010

It concludes that “these files were originally created
prior to 1 March 2008 on a device or devices with
incorrect system time settings. (Page 33)

What this means is that any user changing the time on
the operating system can create a document with any
date they please, either a prior or even a future one.

It must be stressed that in regard to the forensic
conclusions, the report literally says:

Without revealing the content of the data,
INTERPOL can state the following with regard to the
user files contained in the eight seized FARC computer

* 109 document files were found on more than
one of the exhibits
* 452 spreadsheets
* 7,989 e-mail addresses
* 10,537 multimedia files (sound and video)
* 22,481 web pages
* 37,872 written documents (such as Word
documents, PDF files, text format documents)
* 210,888 images

Of the above, 983 files were found to be
encrypted. (Page 27)

In other words, nowhere in the seized computers is
there a reference to them containing emails. Remember
that the reports from El País referred to emails and
published the files under the headline “Emails
captured from Raúl Reyes computer.” Therefore, where
did they get those emails? Or did they simply not
exist in the seized computers?

Finally, the report concludes (Page 35 and beyond)
with seven pages dedicated to recommendations to
police in member countries, telling them how
electronic evidence should be treated, recommendations
that were probably made because this case serves as an
example to police for how not to collect information
technology (IT) evidence. The only way in which one
might ensure the authenticity of documents contained
in IT archives is to obtain them under judicial
direction and from the outset, when they come into
custody of jurisdictionally independent authorities;
doing forensic testing on only one exact copy of the
contents of the hard disks and memory.

As it is, Interpol’s own report only casts more doubt
on the origin of the computer archives published by El
País in order to attack Venezuela and Ecuador.

This has also been pointed out by the U.S. academics
Miguel Tinker-Salas, Professor at the University of
California (Pomona) and Forrest Hylton, Professor at
New York University (NYU), who warned that the
information found in the computers said to be those of
Raúl Reyes, had been misused by the Colombian
government and Interpol.

Miguel Tinker-Salas, an expert on Latin American
subjects, indicated that there are number of
politically motivated misinterpretations assigned to
the contents of the computers. “One must recall that
Interpol can only say whether manipulation took place.
But it cannot say whether the elements it found are
original and it cannot certify the information.”
Moreover, he pointed out the problem inherent in the
fact that the report was disseminated from Colombia,
since this demonstrates that Interpol is defending the
interests of Álvaro Uribe’s government, supported by
the United States.

Forrest Hylton, of NYU, expressed the need for the
contents to be verified by an institution with a
greater degree of independence. “It’s likely that the
computers did survive the Colombian bombing, but the
problem is that we don’t know anything more, nor how
they were treated,” he said.

The reality is the Colombia did manipulate the FARC
computers. The media, the Colombian government and
Interpol’s managers have stressed the elements that
interest the media who headline their reports,
“Interpol Finds Documents Sourcing From Raúl Reyes’
Computer to be Authentic,” or “Police Agency says
Venezuela Financed the FARC” (El País). The most
eloquent evidence that these headlines are lies is
that the Interpol report, in order to ensure its
impartiality, was done by IT technicians who don’t
speak Spanish and didn’t have a political
understanding of what the files said. That’s what one
report said: “The experts come from outside the region
and didn’t speak Spanish, which helped eliminate the
possibility that they might have been influenced by
the contents of the data they were analyzing.” A
report from an IT technician who doesn’t understand
Spanish cannot possibly say that Venezuela financed
the FARC, because s/he wouldn’t have understood a
single word of what the files said.

The media misrepresentation has continued while the
Interpol report summary says:

The verification of the eight seized FARC computer
exhibits by INTERPOL does not imply the validation of
the accuracy of the user files, the validation of any
country’s interpretation of the user files or the
validation of the source of the user files.

El País headlined its report from Maite Rico and Pilar
Lozano, “Interpol Certifies that the FARC Computers
Were Not Manipulated,” with the subtitle: “Police
Organization Says the Laptops Belonged to Raúl Reyes.”

On the other hand, in passing supposed contents of the
computers that implicated Venezuela and Ecuador
through the filter of a friendly press, Colombian
authorities showed the world that they were more
interested in criminalizing these governments than in
allowing judges and security forces to work. If
they’re so interested in transparency, it would be
good to know what information the FARC had about
paramilitary crimes and the members of the Uribe
administration implicated in paramilitarism. Surely
there were was plenty of that in the hundreds of
gigabytes that are said to be contained in the disks.

Related News:

More than 48,000 Files Manipulated in Colombian

Machetera is a member of Tlaxcala

No comments: