Q’s Clues: Fire and Fury

On January 5, 2018, Michael Wolff’s book Fire and Fury: Inside The Trump White House was made publicly available for purchase.

Wikileaks would later share a link to a slightly modified version of this book on January 8, 2018 in the UK. In order to reduce confusion when comparing the applicable records, the screenshot above and the content below is in UTC+0, as the UK was on UTC+0 at the time. There are helpful online tools which readers can use to localize these times, if so desired.

Wikileaks tweet (with time and date in UTC+0 displayed)
Wikileaks tweet (with full URL displayed)

As The Washington Post noted on the 8th of January, “At some point after WikiLeaks tweeted the PDF file, Google took it down. Anyone who clicks on the link is directed to a page that says the file can’t be accessed, because it violates Google’s terms of service.”

This event would not be of any particular note, if not for the alterations within the pirated PDF that Wikileaks promoted. Following Wikileaks tweet, anons on 4chan and 8chan began discussing how 2 of the chapter titles had been altered to contain a Q.

The title for Chapter 6 had been altered to read “At HQME” and Chapter 10’s title had been altered to read “GQLDMAN.” When Q posted at 03:10:25 UTC+0, the message indicated that those alterations to the book were not a coincidence. Thus, the altered book served as a ‘QProof’ and fueled further speculation and intrigue.

This was not the first time that altered books were used as ‘QProofs.’ As a matter of fact, I previously wrote about separate instances which took place beginning in early November 2017. In one case, alterations had been made to some chapter titles. As I wrote then, “By comparing the chapters within the table of contents to the standard chapters, we find that four of the 12 titles contain notable alterations.”

Was Q correct to imply that the alterations to Fire and Fury weren’t a coincidence? It certainly seems so. The individual or group which were responsible for taking Michael Wolff’s book and converting it into a PDF clearly intended to add those Q’s as a message. It also appears possible, if not likely, that the choice of chapters was also deliberate. The first three chapters were titled ELECTION DAY, TRUMP TOWER, and DAY ONE, but the available ‘O’ in each chapter was left unaltered in the PDF. In all, 14 of the 22 chapter titles contained an ‘O’ which could have been changed into a ‘Q.’ However, as seen in the earlier 8chan screenshot, using Chapter 6 and Chapter 10 could then be used to point to JULIAN, who so happened to spread the link to the modified eBook.

In comparison to the case of the added Q’s, the case involving the meaning of the chosen chapter numbers is a bit less solid, but still worth noting. It could simply be a matter of opting to only alter 2 of the 14 applicable chapter titles as a way to drive speculation and interest. That can’t be ruled out.

The morning of January 8th (UTC+0) was one of Q’s busier ‘QProof’ days. The very next Q post (#500) included a mention of “Fire & Fury,” which ensured that 8chan users could be certain that the 2 chapters that Q mentioned were from that book. Q would go on to post several other purported QProofs that morning, but those are not our focus here.

What is noteworthy is how this directly relates to certain happenings on 8chan. This slightly modified pirated version of Fire and Fury didn’t emerge in a vacuum. When Q moved from 4chan to 8chan, they ended up on Paul Furber’s board there. As I’ve detailed in a Twitter thread, Furber eventually began trying to block Q from being able to validate their identity by disabling the tripcode feature on his board. After the first attempted lockout in December 2017, Q was on high alert. Meanwhile, Furber and the rest of the board would learn that Q has other ways to validate themselves, so simply disabling tripcodes was no deterrent.

We can only speculate as to Furber’s motives here. Had he simply grown envious of all the attention Q was seemingly getting, or did he intend on blocking Q out so he could hijack the persona? I personally believe it is the latter, considering the message he sent out in January 2018 following his removal of Q’s current tripcode from the board’s whitelist. The whitelist allows for only pre-approved tripcodes to be entered. By removing Q’s from the list, this would block Q from using their uncracked tripcode. In a long message to his board, he declared that if Q posted using their current tripcode, “IT IS A LARP” (live action role play). Furthermore, other parts of Furber’s message would, in effect, give him the power to decide what else Q had to say, if anything.

However, Q was not so easily deterred and had a number of tricks up their sleeve to validate themselves, despite what Furber had done. Moreover, as a result of Furber’s repeated attempts to silence them, Q migrated to a different board on 8chan which was not under Furber’s control. This prompted Furber to attempt to get that board nuked and he also tried to get moderator credentials for that board so that he could block Q there, as well. Furber also used his power and influence as moderator to try to convince others on 8chan and elsewhere that Q had been replaced by a LARP. In the midst of all these happenings, CodeMonkeyZ (Ron Watkins) had to step in and point out that Furber’s assertions were baseless. Furber had created such a scene by using his position as a moderator that CodeMonkeyZ didn’t really have a choice in the matter, since he was the only one who outranked Furber.

As a result of Furber insisting that Q was now a LARP and having some limited success convincing others, this would appear to be a factor in the generation of a ‘QProof.’ Since Michael Wolff’s book had just been publicly released for purchase on January 5, 2018 and was the subject of a significant amount of public attention, what better way to validate Q than to release a pirated copy onto the internet which might undercut Wolff’s sales, with a couple Q calling cards edited into those chapter titles. If that’s not a flex, I don’t know what is.

Now here’s where things get really interesting. The content we reviewed earlier regarding this Fire and Fury PDF was dated January 8, 2018 UTC+0. Wikileaks and Q’s posts about this publication were the primary reasons that anyone knew that a pirated copy of the book had been put online.

During the previous day, January 7th (UTC+0), the Russian Project Lakhta operation promoted the same link to that Fire and Fury PDF.

Note: For those who are unfamiliar, Twitter converts URLs to a t.co address which shortens the original URL. The Project Lakhta database contains those shortened t.co URLs, which then can be run through a separate URL analysis to reveal the original URL (as seen below)

Project Lakhta post and t.co URL redirect
URL from Wikileaks Fire and Fury tweet

For comparative purposes, the URL from the aforementioned Wikileak’s Fire and Fury tweet is included directly above. The URL address in the Project Lakhta post and Wikileak’s post are identical.

Aside for the promotion of that Fire and Fury PDF which contained the two modified Q chapter titles, there are two other items of note within the Project Lakhta post. Firstly, before Q would even reference these modified chapters on the 8th, this post ended with #qanon. Secondly, this post falsely attributed the ‘leak’ to Trump. So, anyone reading this post would get the false impression that Trump must’ve been behind it, rather than the actual perpetrator. At the very least, claiming that Trump did it would help sow some confusion, even for those who might investigate the claim further. And for those who support Trump, this framing might cater to their worldview, where Trump is just playing 4D chess and outsmarting Michael Wolff.

Trump was not behind this, nor was Wikileaks, although Wikileaks was the primary initial reason the Fire and Fury PDF gained traction and attention. It existed online prior to Wikileaks’ promotion of it. The above Project Lakhta post and other posts establish this as a fact. Notably, the above date of Project Lakhta’s post is only in reference to when that retweet took place. The tweet itself could have been posted on the 5th, 6th, or 7th. Following the book being made available for purchase on the 5th of January, it could have been pirated and released online on that day or the following two days. The date of the tweet itself is unclear as the account has since been suspended.

While what’s been reviewed thus far seems sufficient enough to cover this Fire and Fury case, we can dig a bit deeper. The @TheSkankworks acct may be suspended, however there is a secondary acct which is still around.

The bio for @SkankworksAgile is quite something. But to be clear, this account doesn’t seem designed to attract much attention, at least most of the time. The bio below has been updated since I documented it around 10 days ago, but here’s an archive of the account from before that update, for reference.

Another interesting feature of this account is that for a substantial portion of the time it’s been on Twitter, it repeatedly posted the same content. However, the repetition was spaced out in such a way as to make it harder to detect. Anyone visiting the account during this timeframe wouldn’t immediately detect the repetition unless they scrolled through the tweets for awhile. A very small subset of this content can be found below.

Much of this repetitive content looks like generic fortune cookie notes, mixed with generic quotes. For an account that isn’t trying to draw too much attention, this makes some sense. Most people wouldn’t have noticed this account and if they did, they’d have seen generic content without catching the repetition. All these types of tweets are going out into the void, not in reply to any other users, which also helps keep this account off the radar until necessary. A review of the archives of the since-suspended @TheSkankworks account reveals that much of the activity was just like the activity we see on @SkankworksAgile. The only difference in most cases, as seen below, are the hashtags.

We see a change when the acct is being used to send a message that it wants to be seen. Suddenly it starts replying to other users, pushing the usual pro-Kremlin content that has been covered on this site many times before.

The reply to Russia Today is just one of many and in this case, the reply ‘affirms’ that Russia Today is the real news and UK journalists are fake news. Targeting Eliot Higgins and/or Bellingcat is relatively standard fare for these sorts of accounts. None of this is exactly shocking. I personally find the semi-automated repetitive posting method to be a bit more remarkable. It is rather clever, I must say.

To summarize, a spammy pro-Kremlin operative pushed a link to a pirated Fire and Fury PDF which contained a ‘Q’ signature in two chapters. That post included #qanon, even though Q had said nothing publicly about this book yet. This was retweeted by the Project Lakhta operation on January 7, 2018 (UTC+0).

On January 8 (UTC+0), Wikileaks promoted a link to that same pirated and modified book. Then Q would note those modified chapter titles in post #499. This was used as a QProof and served to validate the idea that Q was no ordinary individual. It certainly appears that Q is not ordinary, in the least. But Q also wasn’t a high level US government insider, despite their proclamations and insinuations. There’s simply too much evidence which contradicts that claim.