19

The New York Post recently published a story (October 2020) alleging it had found a cache of emails on a laptop apparently belonging to Hunter Biden that demonstrate widespread allegations of nepotism and corruption during US vice presidential spell of his father Joe Biden.

The story became controversial, especially among Trump supporters, when Twitter and Facebook blocked the distribution of the story's URL. As the New York Times reports:

Hours after the Post published its article, Facebook said on Wednesday that it had decided to limit the distribution of the story on its platform so it could fact-check the claims. Twitter said it was blocking the article because it included people’s personal phone numbers and email addresses, which violated their privacy rules, and because the article violated their policy on hacked materials.

The accuracy of the claims has been questioned by, for example, this Techcrunch analysis. The NYT report above says:

Some security experts expressed skepticism about the provenance and authenticity of the emails.

There are plenty of events in the claimed story about how the email cache was uncovered that TechCrunch found implausible. The New York Post have not, apparently, released (or possibly even investigated) any detailed technical evidence that the emails are authentic.

Are the published emails authentic?

matt_black
  • 56,186
  • 16
  • 175
  • 373
  • If this is about NYP's story, and FB blocking it, etc, then it's a current event, obviously. If this is about the contents of the emails, that's probably better, but you'll have to be more specific. If you want an analysis like TechCrunch's, that's simply off topic. –  Oct 15 '20 at 15:22
  • 1
    Then the politics: *"is this a case of media bias from a liberal media refusing to propagate the story?"* There's so much goofy about this question, I don't know what to suggest. –  Oct 15 '20 at 15:29
  • 2
    @fredsbend I thought the thread of the question was clear: it is about the *allegations* and the *evidence* related to them, **not** about the blocking of the story which is merely context explaining why the story is topical. The content of the claims are not fast moving but are clear and specific allegations and (apparent) evidence to back them. Your complaint about my final phrasing of the question is fair as what I said can clearly be misinterpreted so I've altered that sentence to be clear the question is about the claim and not the blocking of it. – matt_black Oct 15 '20 at 16:38
  • "The contract Hunter Biden signed said that if the computer wasn't picked up in 90 days it would be considered abandoned and the owner would obtain possession." https://townhall.com/tipsheet/bethbaumann/2020/10/17/rudy-giuliani-reveals-how-he-verified-the-data-on-hunter-bidens-hard-drive-n2578284 There is no hack as FB and Twitter claimed, a point raised in the Townhall article –  Oct 18 '20 at 13:09
  • 2
    @KDog that assumes that it was Hunter Biden who signed the contract which if far from validated even in the original story told by the shop owner. – matt_black Oct 18 '20 at 13:39
  • 3
    I don't believe a meaningful answer can be given because we lack too much information. All we can say is that the provenance of the published data has many weak links and unanswered questions. Hence I've voted to close as a current event. – Paul Johnson Oct 18 '20 at 14:00
  • I read today that Tony Bobulinski, who describes himself as a former partner of Hunter Biden, says he's a recipient of at least one of those emails, and adds his own details to understanding them. Now, I'm not trying to answer, instead, I'm making the case this is a current event (ie likely to change quickly and invalidate answers), thus I'm putting in the 4th close vote. –  Oct 22 '20 at 14:28
  • For sake of clarity I suggest adding timestamps to phrases like 'recently published'. – pinegulf Mar 31 '22 at 05:14
  • 1
    @pinegulf Done. Date of original story now added. – matt_black Mar 31 '22 at 08:12

2 Answers2

18

I don't know if all of the NY-Post-published emails are among those, but according to a WaPo investigation (published on March 30), a number of interesting emails from the cache carried cryptographic authentication.

Thousands of emails purportedly from the laptop computer of Hunter Biden, President Biden’s son, are authentic communications that can be verified through cryptographic signatures from Google and other technology companies, say two security experts who examined the data at the request of The Washington Post. [...]

In particular, there are verified emails illuminating a deal Hunter Biden developed with a fast-growing Chinese energy conglomerate, CEFC China Energy, for which he was paid nearly $5 million, and other business relationships. Those business dealings are the subject of a separate Washington Post story published at the same time as this one on the forensic examinations of the drive. [...]

Among the emails verified by Williams and Green were a batch of messages from Vadym Pozharskyi, an adviser to the board of Burisma, the Ukrainian gas company for which Hunter Biden was a board member. Most of these emails were reminders of board meetings, confirmation of travel, or notifications that his monthly payment had been sent.

Both Green and Williams said the Burisma emails they verified cryptographically were likely to be authentic, but they cautioned that if the company was hacked, it would be possible to fake cryptographic signatures — something much less likely to happen with Google.

One of the verified emails from Pozharskyi, which was the focus of one of the initial stories from the New York Post, was written on April 17, 2015. It thanked Hunter Biden “for inviting me to DC and giving me an opportunity to meet your father and spent [sic] some time together.”

When the email first emerged in the New York Post about three weeks before the 2020 election, the Biden campaign and Hunter Biden’s lawyer both denied that Pozharskyi had ever met with Joe Biden. Asked recently about the email, the White House pointed to the previous denials, which The Post has examined in detail.

But the files collection also had some evidence of post-capture activity:

Soon after that period of inactivity — and months after the laptop itself had been taken into FBI custody — three new folders were created on the drive. Dated Sept. 1 and 2, 2020, they bore the names “Desktop Documents,” “Biden Burisma” and “Hunter. Burisma Documents.”

Williams also found records on the drive that indicated someone may have accessed the drive from a West Coast location in October 2020, little more than a week after the first New York Post stories on Hunter Biden’s laptop appeared.

Over the next few days, somebody created three additional folders on the drive, titled, “Mail,” “Salacious Pics Package” and “Big Guy File” — an apparent reference to Joe Biden.

The WaPo story notes that some 22,000 emails were cryptographically verified, although the total number of emails on the drive was 129,000 (4.3GB). The drive itself had 217GB of files.

Also, some interesting emails could not be so verified:

Some other emails on the drive that have been the foundation for previous news reports could not be verified because the messages lacked verifiable cryptographic signatures. One such email was widely described as referring to Joe Biden as “the big guy” and suggesting the elder Biden would receive a cut of a business deal. One of the recipients of that email has vouched publicly for its authenticity but President Biden has denied being involved in any business arrangements.

Fizz
  • 57,051
  • 18
  • 175
  • 291
  • As an aside, can somebody explain what 'cryptographic authentication' means in the context of a cache of sent/received emails? What exactly about such an emails is 'authenticated' - sender, receiver, date, length, content? And how is it authenticated? against a public key of Google? of H.Biden? ...? – bukwyrm Apr 02 '22 at 12:43
  • 1
    @bukwyrm: Here's an article that goes into detail on DKIM and how the verification works, from back when the story originally broke; the emails were verified at that time. https://github.com/robertdavidgraham/hunter-dkim tl;dr the emails were cryptographically signed by the provider (Google in this specific case) which demonstrated the headers (including to and from addresses, date, etc) and body were authentic and had not been altered. It breaks down possibilities (for example, you cannot prove the email was actually sent on that date, just *with* that date.) – Shamshiel Apr 09 '22 at 18:17
15

Unproven, as of 10/19/2020.

There is no reliable proof either way whether these emails are authentic.

At best, these emails fit with established theory - either that Biden was corrupt, or that Russia is trying to interfere in US elections. However, fitting with already-believed theory is not proof.

After Fox passed on the story for credibility reasons, the political actor shopping it (Rudy Giuliani) brought it to the New York Post: Fox News passed up chance to run Hunter Biden email story amid credibility concerns, reports say

Further, at the Post, the original author, who wrote up the story, refused to put his name on it. It was posted under the by-line of a non-reporter.

No reporter put their name on it.

It is plausible that these are fakes, but it is also plausible that these are real.

Note that there are recent (around 4/1/22) articles about some content likely being validated. Hopefully another answer will surface to detail what's currently known. This answer is accurate as of the date it claims, so leaving it as is.

Another note - comments below link to a DKIM key that was posted on 10/29/20. This would be proof-positive of the emails it signed to most techies. Unclear whether this was public any earlier than that.

Timeline:

  • Original story 10/14
  • Answer above 10/19
  • DKIM public at least by 10/29
  • Election Day 11/3
Laurel
  • 30,040
  • 9
  • 132
  • 118
bharring
  • 299
  • 1
  • 4
  • 10
    I think this answer might be improved by pointing out that if the information was distributed as part of a misinformation campaign, it is quite likely that *some* of the emails are authentic, presumably obtained by hacking, mixed with faked emails to add plausibility. – antlersoft Oct 20 '20 at 13:31
  • 4
    @antlersoft As part of a suspected misinformation campaign because at this point there is no solid evidence either way. Even though there is a lot of questions about how and why this all happened we don't have solid proof about it. – Joe W Oct 20 '20 at 15:26
  • 7
    This The Hill story that "50 former intelligence officials warn NY Post story sounds like Russian disinformation" seems relevant here: https://thehill.com/homenews/campaign/521823-50-former-intelligence-officials-warn-ny-post-story-sounds-like-russian – jeffronicus Oct 20 '20 at 16:33
  • 6
    Getting an anti-Biden story accepted by Fox is a pretty low bar. If it failed that then there are real reasons to be doubtful. – DJClayworth Mar 28 '22 at 13:16
  • 2
    This may have been a good answer when it was written, but it no longer reflects all the known facts, so should be downvoted until it's updated, IMO. – Jayson Virissimo Mar 31 '22 at 19:58
  • @JaysonVirissimo Wouldn't the more prudent thing be to add a new answer, and then update that further? The answer here is valid and accurate. There being new information means a newer answer could have more meaningful details. But does that make this inaccurate? What does this site usually do for answers that were right, but better answers manifested in the future? – bharring Apr 01 '22 at 23:54
  • 1
    @JaysonVirissimo: It did not reflect even the facts at the time: in fact, the emails had already been cryptographically verified in October 2020. Of course, the goalposts had already moved at that time to *yes, at least SOME of the emails must be real, but suppose hypothetical Russian agents had planted false emails among them.* To this date the only hard evidence either way has been positive evidence as to their authenticity: the only evidence the IC has provided has been "it's the kind of thing the Russians might do." – Shamshiel Apr 09 '22 at 18:21
  • @Shamshiel Let's make sure we're clear and accurate in our claims. As I recall, the keys, metadata, or anything else that could be used to verify (cryptographic or otherwise) the contents of the laptop itself were notably *not* shared. There were other parties to emails who had vouched for some of the emails. Source the specific claim, and I'll update the answer to reflect what was known when it was written. The only hard evidence -from the laptop- at the time listed, AFAIK, was forged documentation (despite the underlying emails likely being true). – bharring Apr 11 '22 at 00:07
  • 2
    @bharring: https://github.com/robertdavidgraham/hunter-dkim (this is the same method that mainstream outlets have now decided to use.) What documentation was forged? I had not heard that and skimming through wikipedia, I don't see any mention of that. – Shamshiel Apr 11 '22 at 09:42
  • @Shamshiel - https://github.com/robertdavidgraham/hunter-dkim/commit/38e01d7041955d99574d9a13764c79a4c31f874b - committed Oct 29. This is the sort of information I was looking for on 10/19/2020. Can you find a source showing that this was available 10/19, a few days after the story broke? One of the big complains was that they had the keys, but published PDFs and other dumps. So they had the info to publicly prove authenticity, but refused to share it. Obviously that whole line of discussion changed by 10/29, though. There was talk about PDF dump being manipulated. I'll see if I can find – bharring Apr 11 '22 at 11:32