Suspect provenance of Hunter Biden data cache prompts skepticism and social media bans

A cache of emails and other selected data purportedly from a laptop owned by Hunter Biden were published today by the New York Post. Ordinarily a major leak related to a figure involved in a controversy of Presidential importance would be on every front page — but the red flags on this one are so prominent that few editors would consent to its being published as-is.

Almost no news outlets have reported the data or its origin as factual, and Facebook and Twitter have both restricted sharing of the Post articles pending further information. Here’s why.

When something of this nature comes up, it pays to investigate the sources very closely: It may very well be, as turned out to be the case before, that foreign intelligence services are directly involved. We know that Russia, among others, is actively attempting to influence the election using online influence campaigns and hackery. Any report of a political data leakage — let alone one friendly to Trump and related to Ukraine — must be considered within that context, and the data understood to be either purposefully released, purposefully edited, or both.

But even supposing no global influence effort existed, the provenance of this so-called leak would be difficult to swallow. So much so that major news organizations have held off coverage, and Facebook and Twitter have both limited the distribution of the NY Post article.

In a statement, Twitter said that it is blocking links or images of the material “in line with our hacked materials policy.” The suspicious circumstances surrounding the data’s origin apparently do not adequately exclude the possibility of their having been acquired through hacking or other illicit means, and also the documents excerpted by the Post included unredacted contact information for Biden, making a double argument for their restriction, Twitter later specified. (CEO Jack Dorsey added that blocking links to the articles in DMs without explaining why was “unacceptable.”)

Facebook has not responded to a request for comment.

The story goes that a person dropped off three MacBook Pros to a repair shop in Delaware in April of 2019, claiming they were water damaged and needed data recovery services. The owner of the repair shop “couldn’t positively identify the customer as Hunter Biden,” but the laptop had a Beau Biden Foundation sticker on it.

On the laptops were, reportedly, many emails, including many pertaining to Hunter Biden’s dealings with Ukrainian gas company Burisma, which Trump has repeatedly alleged were a cover for providing access to Hunter’s father, who was then Vice President. (There is no evidence for this, and Joe Biden has denied all of this many times. Today the campaign specifically denied a meeting mentioned in one of the purported emails.)

In addition, the laptops were full of private emails and images, as well as personal videos that are incriminating of the younger Biden whose drug habit at the time has become public record.

The data was recovered, but somehow the client could not be contacted. The repair shop then apparently inspected the data, found it relevant to the national interest, and made a copy to give to Trump ally Rudy Giuliani before handing it over to the FBI. Giuliani, through former Trump strategist Steve Bannon, shared the data with the New York Post, which published the articles today.

There are so many problems with this story it is difficult to know where to begin.

  1. The very idea that a laptop with a video of Hunter Biden smoking crack on it would be given to a random repair shop to recover is absurd. It is years since his drug use and Burisma dealings became a serious issue of international importance, and professionals would long since have taken custody of any relevant hardware or storage. It is beyond the worst operational security in the world to give an unencrypted device with confidential data on it to a third party. It is, however, very much a valid way for someone to make a device appear to be from a person or organization without providing any verification that it is so.
  2. The repair shop supposedly could not identify Hunter Biden, who lives in Los Angeles, as the customer. But the invoice (for $85 — remarkably cheap for diagnosis, recovery, and backup of three damaged Macs) has “Hunter Biden” written right on it, with a phone number and one of the email addresses he reportedly used. It seems unlikely that Hunter Biden’s personal laptop — again, loaded with personal and confidential information, and possibly communications with the VP — would be given to a small repair shop (rather than an Apple Store or vetted dealer) and that shop would be given his personal details for contact. Political operators with large supporting organizations simply don’t do that — though someone else could have.
  3. Even if they did, the idea that Biden or his assistant or whoever would not return to pick up the laptop or pay for the services is extremely suspicious. Again, these are supposedly the personal devices of someone who communicated regularly with the VP, and whose work had come under intense scrutiny long before they were dropped off. They would not be treated lightly or forgotten. On the other hand, someone who wanted this data to be inspected would do exactly this.
  4. That the laptops themselves were open and unencrypted is ridiculous. The serial number of the laptop suggests it was a 2017 MacBook Pro, probably running Mojave. Every Mac running Lion or later has easily enabled built-in encryption. It would be unusual for anyone to provide a laptop for repair that had no password or protection whatsoever on its files, let alone a person like Hunter Biden — again, years into efforts to uncover personal data relating to his work in Ukraine. An actor who wanted this data to be discovered and read would leave it unencrypted.
  5. That this information would be inspected by the repair shop at all is very suspect indeed. Recovery of an ostensibly damaged Mac would likely take the form of cloning the drive and checking its integrity against the original. There is no reason the files or apps themselves would need to be looked at in the course of the work in the first place. Some shops have software that checks file hashes, if they can see them, against a database of known child sex abuse material. And there have been notable breaches of trust where repair staff illicitly accessed the contents of a laptop to get personal data. But there’s really no legitimate reason for this business to inspect the contents of the devices they are working on, let alone share that information with anyone, let alone a partisan operative. The owner, and avid Trump supporter, gave an interview this morning giving inconsistent information on what had happened and suggested he investigated the laptops of his own volition and retained copies for personal protection.
  6. The data itself is not convincing. The Post has published screenshots of emails instead of the full text with metadata — something you would want to do if you wanted to show they were authentic. For stories with potential political implications, it’s wise to verify.
  7. Lastly, the fact that a copy was given to Giuliani and Bannon before being handed over to the FBI, and that it is all being published two weeks before the election, lends the whole thing a familiar stink — one you may remember from other pre-election shenanigans in 2016. The choice of the Post as the outlet for distribution is curious, as well; one need only to accidentally step on one in the subway to understand why.

As you can see, very little about the story accompanying this data makes any real sense as told. None of these major issues is addressed or really even raised in the Post stories. If, however, you were to permit yourself to speculate even slightly as to the origin of the data, the story starts to make a lot of sense.

Say, for example, that Hunter Biden’s iCloud account was hacked, something that has occurred to many celebrities and persons of political interest. This would give access not only to the emails purported to be shown in the Post article, but also personal images and video automatically backed up from the phone that took them. That data, however, would have to be “laundered” in order to have a plausible origin that did not involve hackers, whose alliance and intent would be trivial to deduce. Loaded on a laptop with an obvious political sticker on it, with no password, left at a demonstrably unscrupulous repair shop with Hunter Biden’s personal contact details, it would be trivial to tip confederates off to its existence and vulnerability.

That’s pure speculation, of course. But it aligns remarkably well with the original story, doesn’t it? It would be the duty of any newsroom with integrity to exclude some or all of these very distinct possibilities or to at least explain their importance. Then and only then can the substance of the supposed leak be considered at all.

This story is developing. Inquiries are being made to provide further information and context.