[DiogenesLamp]

but they could have been created as the files were first copied across the local network in preparation for their exfiltration from the local network.

In theory yes, but that does not serve our political interests to mention this possibility, so I would borrow a page from the Liberal Media, and only mention such things as support our narrative. Truth be D@mned, this is war.

There are many reasons why a hacker may have copied the files locally first. He may have wished to review them before stealing the "good" ones.

And how many hours would this have required to wade through a couple of gigabytes worth of data? The theory that there was a local copy prior to a lower speed transfer through the internet is a very weak theory.

Then again, when it comes to Market Ticker and Karl Denninger it is always a good idea to keep your eyes open and look for ulterior motives.

It's always a good idea to do that with everyone, but then i'm quite the cynic nowadays.

[Garth Tater]

In theory yes, but that does not serve our political interests to mention this possibility, so I would borrow a page from the Liberal Media, and only mention such things as support our narrative.

And then when this fact is brought out at a later date to slam "our" narrative, what then? Hiding the truth from yourself or your allies, even in war, is not a good idea.

And how many hours would this have required to wade through a couple of gigabytes worth of data? The theory that there was a local copy prior to a lower speed transfer through the internet is a very weak theory.

And what if the hacker was looking for a particular piece of information? Getting data out of a well protected network can be as difficult as getting in to the network. Size tells. A small data file can slip through a lot easier than a huge mass of data. For all we know, the hacker found the file he was looking for and sent it out and then, after exfiltrating the one important piece of information, bundled up all of the rest of the emails in one piece and sent it out with his fingers crossed hoping it wouldn't get flagged and stopped on the way out. It's a weak theory only for someone that has no experience in the field. Intrusion Detection Systems have been watching what goes out as closely as who and what comes in for a long time.

You also ignored my examples of copying the files to a local directory where the hacker had administrative rights and could thereby run other processes on the files before sending them out - such as hiding them in images or videos (very useful in getting past the IDS.) You're not ignoring this because it doesn't fit your narrative, are you? I could think of a dozen other reasons for copying the files locally but they would probably all be "weak" reasons involving unimportant things like bypassing log files and remaining unnoticed by the IDS. Weak things indeed.

It's always a good idea to do that with everyone, but then i'm quite the cynic nowadays.

Me too, but Karl is a special case and deserves special scrutiny. He is extremely smart and like many geniuses he is a very flawed person. When I saw him hiding a fact that I knew he knew I also knew there was a reason for his deception. We may never know why he decided to hide this fact, but he does and he's doing it for a reason. And, did I mention he voted for Barack Obama? He's not one of "us".