US expert says controversial T&T email addresses are fake

(Trinidad Express) United States-based computer forensics expert Jon Berryhill has determined that the alleged e-mail addresses read out in Parliament last month by Opposition Leader Dr Keith Rowley to be fake.

In making his determination, Berryhill examined the e-mail addresses cited in the exchange, but not the content of the e-mails.

“No analysis, conclusions or opinions pertain to the individual messages’ content, instead, all analysis pertains to the surrounding text and formatting,” Berryhill noted in his executive summary.

Berryhill detailed 29 of the 31 e-mails in his report which contained either inconsistencies or evidence of tampering.

Berryhill, who runs Berryhill Computer Forensics in California, USA, has both Federal and State organisations listed among his client base, including the Bureau of Alcohol, Tobacco, Firearms and Explosives; the United States Immigration and Naturalization Service Investigations; and the California Department of Justice; California Department of Insurance, Fraud Division; and the California Employment Development Department, Investigation Division.

His expert opinion was sought by Prime Minister Kamla Persad-Bissessar’s lawyer, Israel Khan SC.

Khan, in a brief telephone interview yesterday, said he acted on behalf of the Prime Minister who requested an independent expert.

“I sourced an expert in the US and he did what he had to do,” Khan said.

In the 11-page report, Berryhill broke down the e-mail thread which Rowley used as the basis for his no-confidence motion against the Prime Minister and her Government on May 20.

“The analyses of this document provided overwhelming proof of its fraudulent nature,” Berryhill said.

Key among Berryhill’s findings was that the .con appendage in the e-mail thread was a “typo on the part of the forger” and that anan@gmail.com was not a valid e-mail address.

“Google’s automated system and several Internet e-mail validation systems report this is an invalid address. It has not been possible for many years to create a gmail account and e-mail address with less than six characters in the user name,” he stated in the report.

Having said that, Berryhill added that he was currently awaiting an “official response” from search engine Google’s legal team confirming that the e-mail address was not now valid and was not valid in September last year.

“The analysis of the document provided overwhelming proof of its fraudulent nature. There are many inconsistencies and questionable points that by themselves would easily lead any analyst to the conclusion that none of the documents can be trusted,” he said.

Berryhill noted some “fatal flaws” in the e-mail correspondence, which led him to “no other conclusion but that this document is a poorly-constructed fraud”.

He said there is evidence of “inconsistencies” and “tampering” throughout the e-mail thread, including e-mail addresses that appeared to be underlined deliberately instead of automatically by the system to indicate a “hot-link”; two e-mail addresses in the ‘from’ line and a colon instead of a semi-colon to separate multiple recipients which, he said, is not allowed in an e-mail format.

“Errors and inconsistencies in these fields are sure signs of tampering or editing,” he said.

Berryhill said the formatting in some of the e-mails seemed to be more consistent with autoformatting or the cut and paste function in Microsoft Word.

He said in one message the word ‘thought’ appears to have the ‘o’ written in by hand.

“This is a sign of tampering or editing,” he said.