“FARC” computers go back to the future!

Look what Interpol found on the “FARC” computers!

  • 2,110 files with creation dates ranging between 20 April 2009 to 27 August 2009
  • 1,434 files which show as having been last modified between 5 April 2009 and 16 October 2010

Wait! Computer dates aren’t set in stone by the immutable Atomic Clock in Denver? But that would mean…

Interpol’s Report Confirms that the Supposed FARC Computers Were Manipulated

(The parts of the report they’ve not wanted to emphasize)

Carlos Martínez/Pascual Serrano – Rebelión

Translation: Machetera

Last March 1, the Colombian Army attacked a FARC camp in Ecuadoran territory. The army supposedly captured three laptops, three flash drives and two external hard disks. And it must be said “supposedly” because said evidence was not obtained under established police or judicial procedures, but rather through military aggression in a foreign country, making any evidence obtained thereby illegal and unusable in any judicial procedure.

In order to give validity to this “evidence,” the Colombian authorities asked Interpol to produce a report certifying the “authenticity” of the archives contained in the equipment. Yesterday, March 15, the report was made public; a reading of which, calls attention to the following conclusions:

First, a reference is made to “data classified as ULTRA SECRETO” (Page 20 of the report) when part of the data was already published in the El País newspaper.

The most important is that the report itself acknowledges in its “Finding 2b” (Page 30) that the Colombian authorities manipulated the computers and storage devices and that “Access to the data contained in the eight FARC computer exhibits…did not conform to internationally recognized principles for handling electronic evidence by law enforcement.”

The study commissioned by the Colombian government acknowledges that:

“Direct access may complicate validating this evidence for purposes of its introduction in a judicial proceeding, because law enforcement is then required to demonstrate or prove that the direct access did not have a material impact on the purpose for which the evidence is intended.”

For example, further on in the document, Interpol says that:

“The operating systems of the three seized laptops all showed that the laptops had been shut down on 3 March 2008 (at different times, but all three prior to 11:45 a.m., the time of receipt by the forensic computer examiners of the Colombian Judicial Police). The two external hard disks and the three USB thumb drives had all been connected to a computer between 1 and 3 March 2008, without prior imagine of their contents and without the use of write-blocking hardware.”

That is, the Colombian Army used and modified the archives contained in the computers, USB memory and hard disks, before delivering them to the Colombian police.

For example, on page 31, the report says:

“83. Seized exhibit 26, a laptop computer, showed the following effects on files on or after 1 March 2008:

  • 273 system files were created
  • 373 system and user files were accessed
  • 786 system files were modified
  • 488 system files were deleted

The report says that user documents (Word and the like) are authentic, because they were not modified between March 1 and the date of the examination, however, the same report acknowledges the limits of this statement because in Exhibit 31, there are:

  • 2,110 files with creation dates ranging between 20 April 2009 to 27 August 2009
  • 1,434 files which show as having been last modified between 5 April 2009 and 16 October 2010

It concludes that “these files were originally created prior to 1 March 2008 on a device or devices with incorrect system time settings. (Page 33)

What this means is that any user changing the time on the operating system can create a document with any date they please, either a prior or even a future one.

It must be stressed that in regard to the forensic conclusions, the report literally says:

Without revealing the content of the data, INTERPOL can state the following with regard to the user files contained in the eight seized FARC computer exhibits:

  • 109 document files were found on more than one of the exhibits
  • 452 spreadsheets
  • 7,989 e-mail addresses
  • 10,537 multimedia files (sound and video)
  • 22,481 web pages
  • 37,872 written documents (such as Word documents, PDF files, text format documents)
  • 210,888 images

Of the above, 983 files were found to be encrypted. (Page 27)

In other words, nowhere in the seized computers is there a reference to them containing emails. Remember that the reports from El País referred to emails and published the files under the headline “Emails captured from Raúl Reyes computer.” Therefore, where did they get those emails? Or did they simply not exist in the seized computers?

Finally, the report concludes (Page 35 and beyond) with seven pages dedicated to recommendations to police in member countries, telling them how electronic evidence should be treated, recommendations that were probably made because this case serves as an example to police for how not to collect information technology (IT) evidence. The only way in which one might ensure the authenticity of documents contained in IT archives is to obtain them under judicial direction and from the outset, when they come into custody of jurisdictionally independent authorities; doing forensic testing on only one exact copy of the contents of the hard disks and memory.

As it is, Interpol’s own report only casts more doubt on the origin of the computer archives published by El País in order to attack Venezuela and Ecuador.

This has also been pointed out by the U.S. academics Miguel Tinker-Salas, Professor at the University of California (Pomona) and Forrest Hylton, Professor at New York University (NYU), who warned that the information found in the computers said to be those of Raúl Reyes, had been misused by the Colombian government and Interpol.

Miguel Tinker-Salas, an expert on Latin American subjects, indicated that there are number of politically motivated misinterpretations assigned to the contents of the computers. “One must recall that Interpol can only say whether manipulation took place. But it cannot say whether the elements it found are original and it cannot certify the information.” Moreover, he pointed out the problem inherent in the fact that the report was disseminated from Colombia, since this demonstrates that Interpol is defending the interests of Álvaro Uribe’s government, supported by the United States.

Forrest Hylton, of NYU, expressed the need for the contents to be verified by an institution with a greater degree of independence. “It’s likely that the computers did survive the Colombian bombing, but the problem is that we don’t know anything more, nor how they were treated,” he said.

The reality is the Colombia did manipulate the FARC computers. The media, the Colombian government and Interpol’s managers have stressed the elements that interest the media who headline their reports, “Interpol Finds Documents Sourcing From Raúl Reyes’ Computer to be Authentic,” or “Police Agency says Venezuela Financed the FARC” (El País). The most eloquent evidence that these headlines are lies is that the Interpol report, in order to ensure its impartiality, was done by IT technicians who don’t speak Spanish and didn’t have a political understanding of what the files said. That’s what one report said: “The experts come from outside the region and didn’t speak Spanish, which helped eliminate the possibility that they might have been influenced by the contents of the data they were analyzing.” A report from an IT technician who doesn’t understand Spanish cannot possibly say that Venezuela financed the FARC, because s/he wouldn’t have understood a single word of what the files said.

The media misrepresentation has continued while the Interpol report summary says:

The verification of the eight seized FARC computer exhibits by INTERPOL does not imply the validation of the accuracy of the user files, the validation of any country’s interpretation of the user files or the validation of the source of the user files.

El País headlined its report from Maite Rico and Pilar Lozano, “Interpol Certifies that the FARC Computers Were Not Manipulated,” with the subtitle: “Police Organization Says the Laptops Belonged to Raúl Reyes.”

On the other hand, in passing supposed contents of the computers that implicated Venezuela and Ecuador through the filter of a friendly press, Colombian authorities showed the world that they were more interested in criminalizing these governments than in allowing judges and security forces to work. If they’re so interested in transparency, it would be good to know what information the FARC had about paramilitary crimes and the members of the Uribe administration implicated in paramilitarism. Surely there were was plenty of that in the hundreds of gigabytes that are said to be contained in the disks.

Related News:

More than 48,000 Files Manipulated in Colombian Computer

Machetera is a member of Tlaxcala, the network of translators for linguistic diversity. This translation may be reprinted as long as the content remains unaltered, and the source, author, and translator are cited.

About these ads

2 responses to ““FARC” computers go back to the future!

  1. Hi, thanks for translating this!
    Please note that findings #92 through 95 of the Interpol report on
    page 33 state that the various drives contain hundreds of files that
    are incorrectly date stamped, i.e. stamped for 2009, well into the
    future.

    This is consistent with a scenario of insertion of forged files after
    initial seizure on March 1 and before they were turned over to the
    Colombian National Police on March 3. Interpol stated in Finding 2b
    on page 30 that the way the computers and drives were handled during
    this timeframe did not comply with international standards.

    Although Interpol says they found “no evidence” that this forgery
    insertion scenario is true, they made it clear throughout this report
    that such inquiries were completely outside their scope of work.

    In other words they found no evidence but it is also true that they
    were explicitly not allowed to look for it.

  2. I’ve mirrored this post.
    Thanks for the translation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s