Court Reveals Wright's 2024 MYOB Email Was Manipulated to Support False Claims
2024-7-26 23:0:19 Author: hackernoon.com(查看原文) 阅读量:11 收藏

COPA v. Wright, Court Filing, retrieved on January 29, 2024, is part of HackerNoon’s Legal PDF Series. You can jump to any part of this filing here. This part is 42 of 42.

40. The MYOB Ontier email (aka ‘the Ramona Version’) dated 18 February 2024.

(a) Background

767. I deal with the MYOB Screenshots above. These comprise 3 documents which appear to be screenshots of MYOB accounting system records dating from 2009-2010. By way of example {L5/150/1}, which purports to show the sale of ‘node assets’ from Information Defense Pty Ltd to WIIL on 11 August 2009 for the sum of Aus$795,000. This, and other screenshots from the relevant MYOB account supposedly show Bitcoinrelated assets being transferred from Information Defense to other companies controlled by Dr Wright. These screenshots were amongst his Primary Reliance Documents. His evidence was that it was only in the first week of Bitcoin operation that he personally carried out mining. After that, he said it was done by Information Defense.

768. In his Chain of Custody schedule, he had said that these screenshots were taken by Ontier.

769. On Day 4 (8 February 2024), Dr Wright was cross-examined about the screenshots of MYOB accounting system records. He confirmed they had been taken by Ontier.

770. After this evidence had been given, Bird & Bird wrote to Ontier requesting information as to when the screenshots were made. Ontier then wrote to Shoosmiths with the requested information. Shoosmiths then obtained my permission to take instructions from Dr Wright (since he was still under cross-examination). Having taken instructions, Shoosmiths then passed on this information in a letter dated 9 February 2024 (M2/1000). Ontier were unequivocal:

“Dr Wright first provided this firm with log-in details for the MYOB accounting software on 9 March 2020 and we first accessed the software on that same date. We did not have access to MYOB in “late 2019” (line 8, page 2 of Bird & Bird’s letter).

We created a series of screenshots from that system on 9 and 10 March 2020, including screenshots that correlate with the screenshots which appear at Doc IDs: ID_004076; ID_004077; ID_004078; and ID_004079.”

771. Dr Wright was therefore faced with his previous solicitors, who are of good standing, providing the Court with confirmation that Dr Wright had never provided them with MYOB logins in 2019, contrary to his claims stated under oath.

772. Armed with the Shoosmiths letter, Counsel returned to the subject on Day 5 (9 February 2024). Dr Wright insisted that he had provided Ontier with access to the relevant MYOB account in late 2019. He challenged Ontier’s version when it was put to him on 9 February 2024, maintaining: “I also know, and I have the emails in disclosure stating that they had access from 2019” {Day5/44/24}.

(b) The email

773. The MYOB Ontier email was created to substantiate that assertion, and to support his case that the MYOB screenshots were genuine and thereby to support his claim to be Satoshi Nakamoto.

774. The effect of the tampering was to make the email appear to be a document supportive of Dr Wright’s evidence during his cross-examination that he had provided Ontier with login details to MYOB in 2019, contrary to fact.

775. The MYOB Ontier Email was forwarded by Dr Wright on Sunday 18 February 2024 at 11.39 to his wife, Ms Watts, who then forwarded the email on to Shoosmiths at 12.56 the same day, stating that the emails being forwarded were “communications between Simon Cohen from Ontier in respect of 2019 MYOB login.” Her email forwarded an email supposedly sent by Dr Wright to Simon Cohen of Ontier at 14.52 on 2 December 2019 which purports to show that Ontier were provided with login details to a MYOB account in late 2019. It was this forwarded email which is said to be a forgery.

776. The email from Ms Watts went on to explain that the email was being forwarded to show that Ontier’s position, that they had not received the login details in 2019, was false. Ms Watts was providing the email on Dr Wright’s behalf, after it had been sent by Dr Wright to her. In all the circumstances, it is plainly to be inferred that the information she supplied had come from him. Dr Wright was therefore deploying this email to undermine his previous solicitors and back up his own false evidence.

777. The email was sent by Dr Wright to his wife with the evident intent that she would pass on the doctored email to Shoosmiths to support his position, which she duly did.

778. On Friday 23 February 2024, less than a week after creating the forged MYOB Ontier Email, Dr Wright repeated his false evidence and his denial of Ontier's account, reiterating that Ontier had received MYOB login details in late 2019 and adding that he had the emails to prove the point {Day15/14/23}. Dr Wright was therefore relying on emails he knew he had recently forged when he stated under oath that such emails existed and supported his account.

779. The forwarded email was not in disclosure. In order to provide access to it, Dr Wright waived privilege in the MYOB Ontier email on 26 February 2024 and it was disclosed to the solicitors for COPA and the Developers. The circumstances of the disclosure were explained by Lord Grabiner KC in submissions on Day 16, which were made by reference to a bundle of documents, later tabulated into X/55 to X/59. The MYOB Ontier email is at X/56/2.

780. The genuine emails sent on 2 December 2019 were as follows (see X/59):

780.1. The first email in time was sent from [email protected] to Simon Cohen at Ontier at 12.38 with the subject header ‘Old ID Email’ and a single word message ‘Attached’, with Dr Wright’s signature block as Chief Scientist, nChain.

780.2. The second email in the chain was Simon Cohen’s reply at 1.45 pm, headed RE: [EXT] Old ID Email, in which Mr Cohen said ‘Thanks Craig. What does this relate to? Simon.’

780.3. The third email in the chain was Dr Wright’s reply at 15.56, headed Re: [EXT] Old ID Email, in which Dr Wright said ‘An old Information defense file about the IP. Including Blacknet. To my lawyer in Au. I will waive privilege with Michael.’

781. X/58 contains a three email string in which the first two emails are the same as in X/59. However the third email in the chain purports to have been sent from [email protected] at 14.52, subject: ‘[EXT] RE: [EXT] Old ID Email’ with the following content. Again, this is the email which is alleged to have been forged:

‘It links data we have in MYOB. When you log in you will understand - it is the WII and TTL accounts from 9/11 AP have already accessed this. Though- I do not like that they need admin - I disagree strongly that admin is ever needed in forensic captures and think this is a problem.

I sent a login to Alix Partners that they have ace[ted, so now I have added you.

Note - I do not have a direct login, and your user login will be from MYOB live directly - not me.

Regards,

Craig’

782. Fast forward to 18 February 2024. At X/56/1, the first email in time is [email protected] forwarding the three email string from X/58 to his wife Ramona Watts [email protected] on Sunday 18 February 2024 at 11.39 with the Subject: Simon. The second email in time is Ramona Watts forwarding all four emails to various people at Shoosmiths at 12.56, Subject: Fwd: Simon, Attachments: RE: [EXT] Old ID Email, with this message:

‘Please see communications between Simon Cohen from Ontier in respect of 2019 MYOB login. Ontier had said that they only received log in details in 2020, but they, as well as Ali Partners had it in 2019 as Craig had explained.’

(c) COPA’s Allegation

783. The MYOB Ontier Email purports to be dated 2 December 2019. However:

783.1. The transmission header of this document (the Ramona Version) records interaction with Google Gmail servers including an ESTMPSA id that is formatted in a manner which was not used by Google Gmail servers prior to February 2022. The internal content of the email is therefore anachronistic to the purported date on its face.

783.2. The internal metadata properties of this document (the Ramona Version) record that the image attached to it was added on 18 February 2024, during the true course of authorship of the email.

783.3. The Ramona Version of the email is a sent item retrieved from Dr Wright’s mailbox. Ontier has disclosed another version of the email, which was in fact received by them (the “18 Feb 2024 Received Version”). The internal metadata of the 18 Feb 2024 Received Version show that this email was sent to Ontier on 18 February 2024 and delivered to Ontier by way of a series of transmission hops between servers which took place in the course of 6 seconds between 11:06:06 and 11:06:11 on 18 February 2024. The series of transmission hops take place on the server infrastructure of third parties including Google, Mimecast, and Ontier before delivery to the intended recipient mailbox. Such third party servers accurately record the time at which they acted upon the email to cause it to be delivered. Further, Ontier have themselves stated that the MYOB Ontier Email “was in fact received on our systems on Sunday 18 February 2024”: {M3/22/1}.

783.4. By contrast, the timestamps shown on the face of the MYOB Ontier Email are manipulated, and backdated, causing the face value content of the document to appear to date from 2 December 2019 contrary to fact.

784. Another email has been disclosed by Ontier which was genuinely sent and received on 2 December 2019 at 14.52, from Dr Wright to Mr Cohen of Ontier: {M3/20/1} (the “Ontier Version”). This (genuine) Ontier Version, and the (forged) MYOB Ontier Email (the Ramona Version), both follow two earlier emails, creating in each case a short three email chain. The two earlier emails in each chain are materially identical between the two chains, being (a) an email timed at 12.38 on 2 December 2019 from Dr Wright to Mr Cohen of Ontier and (b) Mr Cohen’s response at 1.45pm on the same day. Those earlier emails are genuine emails sent between those individuals on the times asserted on their face.

785. The authentic Ontier Version email contains no reference to MYOB logins in any part of its chain, and it carries a subject line indicating that it relates to an “Old ID Email”. That abbreviation (ID) is plainly in context a reference to Dr Wright’s company Information Defense. The genuine Ontier Version email timed at 14.52 from Dr Wright to Mr Cohen states that the details provided in the earlier emails in the chain relate to “An old Information defense file about the IP. Including Blacknet”.

786. The MYOB Ontier Email was forged on 18 February 2024 in the following manner. First, a new email with new text (“It links data…”) was created as a reply to Mr Cohen’s email of 2 December 2019 (timed at 1.45pm), and that was done with the local computer clock backdated to 2 December 2019. Second, that new email was sent to Mr Cohen at Ontier, who (as Dr Wright was aware) no longer worked at the firm. Third, the internal content of the resulting email was then manipulated between 11.06am and 11.39am on 18 February 2024 in order to alter the internal timestamps recorded in the header of that email. Fourthly, the resulting copy of the email (i.e. the Ramona Version) was then sent by Dr Wright to Ms Watts and then by her to Shoosmiths, Dr Wright’s intention being that it would then be deployed in support of his case in these proceedings.

787. In his sixth report, Mr Madden gave a coherent explanation of the sequence of creation and sending of the various emails, which accounts for their transmission header information and timestamps: see Madden6 [36] {G/11/14}. His evidence accords precisely with COPA’s case, as set out above.

(d) Dr Wright’s contention

788. In Wright15, Dr Wright appears to have been originally prepared to say that the genuine email sent to Mr Cohen in 2019 with different content (which did not mention MYOB) was spoofed, since his statement says that an entry in the transmission header of that email indicates spoofing. That story appears to have been dropped before or during cross-examination, where he claimed that there had been two replies to Mr Cohen’s email on 2 December 2019. The first was said to be the genuine 2019 email of which Ontier had a copy and the second was said to be a reply matching that forwarded by Ms Watts to Shoosmiths. Dr Wright also claimed that there were other emails including a follow up on 5 March 2020 that were other parts of this chain: {Day19/9:13} and following.

789. Dr Wright claimed that the email he had sent to Ms Watts which she forwarded to Shoosmiths was genuine, but that the same email in substance sent to Ontier on 18 February 2024 was spoofed by some unknown bad actor. To explain the fact that both emails were sent on the same day, Dr Wright suggested that this bad actor must have bugged his house. He claimed that all this had been done because this unknown individual wanted doubt to be cast on the email Dr Wright was forwarding to his wife by making it look like there was an attempt to forge the email earlier that day. Dr Wright said there were hundreds of people who could have done this as they all had access to his emails. He also claimed that he was migrating away from his rcjbr.com email address as his main email account to tuliptrading.net due to the Kleiman litigation. Dr Wright claimed that the 18 February 2024 timestamp in the nChain logo in the version of the email sent to Shoosmiths by Ms Watts was due to someone using Outlook (presumably his wife, although it was not entirely clear).

790. As COPA submitted, Dr Wright’s story requires a series of almost impossible events to have occurred. It is worth setting out this supposed sequence of events because it shows the depths of absurdity to which Dr Wright had to descend in order to try to defend his plain forgery.

791. Dr Wright’s version of events requires the following to have happened:

791.1. On 2 December 2019, he forwards an email to Simon Cohen of Ontier which concerns documents related to Information Defense. Mr Cohen replies by asking what this relates to. Dr Wright then writes two separate replies in short order: (a) first (at 14:52) an email referring to MYOB data which has no obvious relevance to the previous emails and which actually provides no login details {X/56/2}; and (b) second (at 15:56) an email which is relevant to the rest of the chain and concerns Information Defense (i.e. the one COPA says is real) (the “Ontier Version”) {X/59/1}.

791.2. The second of those December 2019 emails remains on Ontier’s system until February 2024 and is ultimately accessible to the firm when they come to investigate at that time. For some reason, the first of them is lost and not accessed when Ontier come to investigate in February 2024.

791.3. At some point before 18 February 2024, somebody opposed to Dr Wright (let’s call them the “Bad Actor”) gets hold of a native version of the first of those emails (the one talking about MYOB log in details). Dr Wright has no idea who this Bad Actor could be, since hundreds of people have had access to his emails.

791.4. On 18 February 2024, Dr Wright decides to forward to his wife (Ramona Watts), and she decides (independently) to send to Shoosmiths, a copy of the email from 2 December 2019 talking about MYOB log in details (the “Ramona Version” – {X/56/2}). (The email was forwarded by him at 11:39, so the decision must have been made some time before then.) Very unluckily for Dr Wright, the Ramona Version email contains forensic signs of having been created on 18 February 2024 (the ESTMPSA timestamp format and the encoded timestamp for the image file) which the only expert evidence indicates could not be explained in the way he says. Madden6 {G/11/14}. The time stamp in the image file, usually created when the email starts being composed, is 10:17 on 18 February 2024.

791.5. At 11:06 on 18 February 2024, the Bad Actor sends to Ontier a spoofed version of the 2 December 2019 email concerning MYOB login details (the “18 February 2024 Received Version”) {X/58/1}. Assuming that the timing of this in relation to Ms Watts’ email is not a gigantic coincidence, what must have happened is as follows. The Bad Actor must have discovered (through an undiscovered bug in Dr Wright’s house) that the Ramona Version was about to be sent to Shoosmiths. The Bad Actor must have discovered this even before Dr Wright had sent the Ramona Version to Ms Watts. The Bad Actor must have spotted their chance, sprung into action and spoofed a copy of the original version of the Ramona Version email, doing so in such a way that it appeared to come from Dr Wright (something the only expert evidence indicates is at least exceptionally difficult, if not impossible, on the forensic materials). The Bad Actor must have managed to complete the spoofing in time to send the email at 11:06 (when it arrived on Ontier’s systems).

791.6. Tragically falling into the Bad Actor’s trap, Dr Wright forwards the Ramona Version email to Ms Watts at 11:39 and Ms Watts forwards it on to Shoosmiths at 12:56.

791.7. In the days that follow, the Bad Actor waits as, despite their resourcefulness and despite Dr Wright having fallen for the trap, it seems likely that the trap may have no effect. Shoosmiths do not raise any queries with Ontier and the MYOB issue goes unmentioned.

791.9. The Bad Actor’s spoofed 18 February 2024 Received Version email is discovered by Ontier and everything falls into place, as Ontier inform Shoosmiths that they do have that email with a date header of 2 December 2019, but that the email metadata shows it was sent to Mr Cohen (who has left Ontier some time ago now) on 18 February 2024 {X/57/1}.

791.10. At this point the Bad Actor’s luck transcends good fortune, and Dr Wright’s misfortune is compounded, because (despite maintaining meticulous records in all other respects) Ontier must also have lost the original true MYOB email that Dr Wright originally sent on 2 December 2019, as that is apparently nowhere to be found.

791.11. On 26 February 2024, Lord Grabiner KC runs in detail through the set of newly disclosed emails, including the 18 February 2024 Received Version, having accepted that privilege has been waived. There is no mention in Court of this 18 February 2024 Received Version having been spoofed. It is to be assumed that Dr Wright tragically failed to mention that to his counsel, as no doubt they would otherwise have noted the point in their presentation to the Court.

791.12. On 29 February 2024, Dr Wright prepares Wright15 {E/34/1}. He forgets to mention, in spite of his claims to be a leading IT security expert, that the 18 February 2024 Received Version is a fake email which must have been planted by this unknown Bad Actor. Instead, he spends his time arguing that the “received-spf: none…” entry in the Ontier Version email (which he later accepts in cross-examination is a real email) suggests that that is a spoofed email.

792. The second possible account is that Dr Wright faked an email (the Ramona Version) to back up his story and had it sent to Shoosmiths. Having read Madden6, he flailed around for a cover story and initially came up with (in Wright15) one which involved denying the authenticity of the Ontier Version email, relying on server DNS records he had changed the day before. Then he either changed his mind or got confused when being cross-examined about which email he wanted to claim was fake. Ultimately, he was forced to claim that an unknown Bad Actor (from a cast of hundreds) spoofed an email with the same content as one he says is genuine in order for him to say that he has been set up.

793. I agree with COPA that simply setting out these competing versions makes clear how absurd was the account to which Dr Wright was ultimately driven. In all of this, the responsibility for the forgery and lies sits firmly at Dr Wright’s door. No blame attaches to any of the solicitors who acted on his behalf at various times. Indeed, both Ontier and Shoosmiths behaved entirely properly and their actions enabled the forgery to be exposed.

(e) The timestamps and other points raised by Dr Wright.

794. In his sixth report, Mr Madden explained that the supposed 2 December 2019 email forwarded by Ms Watts to Shoosmiths on 18 February 2024 cannot be authentic to its stated date, because (i) the logo image attached has an encoded timestamp dating it to 18 February 2024 (Madden6 [13] {G/11/8}); and (ii) the email bears an ESTMPSA timestamp in a format which was not used before early 2022 (Madden6 [25-30 {G/11/12}). Dr Wright’s account of these timestamps (at {Day19/15:18} and {Day19/20:11}) was disputed by Mr Madden as providing no answer ({Day19/60:22} and following). It was not seriously disputed, beyond Dr Wright’s counsel asking whether specific tests had been performed, which Mr Madden explained as not feasible: {Day19/90:19} and following.

795. Dr Wright’s attempt under cross-examination to argue that the email received by Ontier on 18 February 2024 must be spoofed, based on its transmission header information, was rejected by Mr Madden: {Day19:63:11} and following. Mr Madden defended that position cogently under cross-examination: {Day19/83:13} to {Day19/88:23}. There was no countervailing expert evidence.

796. Other emails which Dr Wright referenced during his attempted explanation, such as the supposed 5 March 2020 email follow up to Oliver Cain, have not been disclosed. Privilege has been waived in relation to this topic, so the Court can infer that no such emails exist.

797. There has also never been any disclosure of this 2019 MYOB email sent to Ontier from any one of the hundreds of other sources that Dr Wright says have copies of his native emails.

798. The story about Dr Wright swapping his email accounts does not make sense and again appeared to be intended to distract and confuse the issue.

(f) Conclusion

799. I am entirely satisfied that the MYOB Ontier Email was forged by Dr Wright.

About HackerNoon Legal PDF Series: We bring you the most important technical and insightful public domain court case filings.

This court case retrieved on January 29, 2024, judiciary.uk is part of the public domain. The court-created documents are works of the federal government, and under copyright law, are automatically placed in the public domain and may be shared without legal restriction.


文章来源: https://hackernoon.com/court-reveals-wrights-2024-myob-email-was-manipulated-to-support-false-claims?source=rss
如有侵权请联系:admin#unsafe.sh