The Gupta spinners of the dark arts have consistently targeted anyone outside of the warm embrace of the family. From amaBhungane’s Sam Sole to Trevor Manuel, from former editors Peter Bruce (Business Day), Ferial Haffajee (City Press) to former Public Protector Thuli Madonsela, ANC Deputy President Cyril Ramaphosa, EFF leader Julius Malema and auditing firm KPMG, the Gupta bots have launched a crude, amateurish and relentless attack that appears to be modelled, in part, on Bell Pottinger’s earlier blueprint of fake Twitter profiles which retweet propaganda and fake news in an endless loop.
Some of the accounts created are so obviously fake they would be funny if it weren’t for the tragedy of State Capture and the damage it has wreaked on South Africa’s body politic. No South African would fall for names like Bheka Reddy, Dikotsi Voster, Anesu Nel or Bophelo Visser.
The logical conclusion is that whoever set up these Twitter accounts must have run a generic list of South African names through some sort of programme to come up with these ridiculous sockpuppet accounts.
An investigation by Scorpio has revealed that one of the names linked to the www.wmcleaks.com website around which most of the online pro-Gupta activity is centred is former Sahara Computers IT “engineer” Saurabh Aggarwal, who joined the Gupta-owned company in 2008 and who at the time listed his address as 3, Saxonwold Drive, Saxonwold. Yup, right next door to the mother ship at No 5.
The website describes itself as “missioned to reveal some exclusive leaks about the misdoings of the white capitalists” and adds that there is no “big team” or “big names” behind it. In fact it has no names at all as the entire site is anonymous insofar as the identity of the owners is concerned.
Articles are published under a “Staff Writer” byline and no contact information is provided for website administrators. Digging deeper, the site’s Whois.com information indicates the site was registered by PrivacyProtect.org, an entity that registers domain names for individuals who wish to maintain their anonymity. All four of the sites use a similar service to conceal the identity of the domain owners.
Considering that it is a WordPress site, an enumeration of the usernames used to log into and change the site indicated that the sole username for “Staff Writer” is lknskjfbiouadfb – again, not exactly transparent. These measures point to the fact that the authors of the site went to great lengths to remain anonymous and hide their identity.
However, on 19 June 2017 the site published an “exposé” about former Business Day Editor Peter Bruce and an apparent extra-marital affair. Bruce was also the target of a campaign earlier when his and other media houses’ Twitter accounts were spoofed and used to retweet the by-now familiar narrative of #whitemonopolycapital and #handsoffguptas.
The PDF on Bruce is a seven-page document with several photographs and little or no context, apparently by the site’s nameless “investigative photojournalist”.
Metadata analysis of the images used on the site indicates that the author used Adobe Photoshop CS6 to compile and crop some of the images, and the photographs used in the PDF were taken using a Motorola phone.
The metadata contained in the PDF was much more interesting. The document was created using Microsoft Word 2016, which has the capability to save files in PDF format. The document was created by a user identified only as “Saurabh”, and was drafted on 18 June 2017 at 21h57 +05:30. The +05:30 time stamp in this case indicates that the computer used to draft the Word document was set up to operate in a time zone that was +05:30 to Greenwhich Mean Time, and only a single country in the world uses that particular time stamp: India.
Thus it appears that the nameless investigative photojournalist who ordered or co-ordinated the stalking of Bruce is based in India. A simple search of “Saurabh” and “Sahara” identified a PDF presentation between Sahara and Alcatel quoting a certain Saurabh Aggarwal as an IT Manager at Sahara Computing during 2013. From there a search of his LinkedIn profile identified this person as Saurabh Aggarwal, an IT Manager at Sahara from 2008 to December 2010. After his stint at Saharah he joined the Gupta-owned The New Age, until his departure in February 2014 to join ANN7.
Photo: Saurabh Aggarwal’s South African visa (Source: #GuptaLeaks)
Aggarwal left ANN7 in February 2015 and joined Kaseya IT, an internationally-hosted IT Services provider. He is currently stationed in their offices in New Delhi, India.
Scorpio has attempted to contact Aggarwal through his current employer as well as through his Facebook profile but has been unsuccessful.
The PDF has subsequently been removed from the website but is still listed as a file and can be accessed at www.wmcleaks.com/wp-content/uploads/2017/06:
Informed of the discovery by Scorpio that Aggarwal was behind the smear campaign, Bruce on Wednesday said that he had every intention of taking the Gupta family to court for crimen injuria.
Over and above the websites are the Twitter accounts used to promote the fake news websites.
The Twitter account @WMC_LEAKS was created on 2 May 2017, and has since made 54 tweets mostly comprising retweets and “breaking” news stories pointing to a few websites: www.wmcleaks.com, www.wmcscams.com, www.wmc-scams.com and www.dodgysaminister.com. These sites maintain the familiar narrative of fingering “white minority capital”, Johann Rupert, Pravin Gordhan and others for the current political crisis that the country faces.
The by-now-expected sockpuppet accounts propped up these tweets with retweets. All the the usual hallmarks are apparent – the “borrowed” profile pictures, the paucity of own tweets and the propensity to retweet anything remotely related to #whitemonopolycapital.
The Disqus commenting platform used by all four of the sites showed up a few familiar faces – Anesu Nel is a sockpuppet account identified as far back as November 2016. Probing their Disqus accounts also indicates that these accounts commented on one or more of the four sites indicated above within the past week, with no other comments made on any other sites.
The comments themselves appear awkward and contrived, at times to the amusement of the actual persons commenting on the article. Grammatical errors abound, and the impression is left that these accounts are, once again, merely a pseudonym for unknown individuals pushing a particular agenda.
The worrying trend is the evolution of these sockpuppets, and the lengths these unknown individuals are willing to go to in order to maintain the narrative. In November 2016, the sockpuppets were content to simply retweet any tweets that suited this narrative and be done with it.
In January 2017, they started spoofing credible news sites such as Radio 702, the Mail & Guardian and the Daily Maverick, and added biographies and profile pictures to their Twitter accounts. In June 2017 they resorted to creating entire websites, publishing and commenting on fake news stories and drafting “exposés” on individuals deemed antagonistic of the manufactured “white monopoly capital” narrative. And all of this from the luxurious abode of anonymity. But not for long. DM
Main photo: The front page of WMC LEAKS.
"We are afraid to care too much for fear that the other person does not care at all." ~ Eleanor Roosevelt