If you haven't read why the alleged GCHQ slide showing spying on Cryptome.org's users could have been made by anyone, I recommend you do so before reading this http://that1archive.neocities.org/subfolder1/gchq-cryptome-slide.html. In summary, I showed that the information on the slide could have been mocked up, depsite matching the logs for Cryptome.org. Cryptome has denied the accuracy of my data, while oddly accusing me of stealing the data, and leaves me with no alternatives to posting the data online for others to review and verify.

The data came from Cryptome itself, on a pair of USBs they mailed to me https://archive.org/details/cryptome-archive. Within those USBs were server logs that include user IPs (spanning several months), .htaccess files, and a pwd file. After finding the data in the USB Cryptome had just sent me, I sent an email attempting to verify it hadn't been included as something extra that was not for public distrubition:

Subject: Quick USB question
From: Michael Best 
To: John Young 
Double checking that the USBs that you sent were prepared as-is and no different from any other versions, except updated through August 14 2015.

John Young sent back an accusatory email:

To: Michael Best 
From: John Young 
Subject: Re: Quick USB question
Don't know. Updates generated scratch. Prepare to be surprised if not deceived by anything digital or analogue or intergalactic. Especially if authenticated, signed, sealed, shipped through thickets of traps and contaminants. You know that, though, and are just being humorously baiting and entrapping. Like Archive.org and Wikipedia and gosh the whole mess seething with malevolence.

I replied to John:

Subject: Re: Quick USB question
From: Michael Best 
To: John Young 
Don't mean to bait or entrap, but asking questions with too much context can be leading. I'm not worried about hidden payloads or anything, I want to make sure that it was (as far as you know) the vanilla version of the August 2015 archive and you hadn't purposefully included any extra information for me to peruse before I posted my findings publicly.

Since John made a point out of the USBs being generated from scratch every time, I couldn't be sure how long the data had been available. After some digging, I found a copy of Cryptome's archive apparently uploaded by coderman[at]gmail.com AKA bandmon. You can find that torrent here https://thepiratebay.mn/torrent/11113511/Cryptome_archive_2014-06-02. I downloaded the torrent to a remote server, unzipped the files and confirmed there were log files there as well.

It was my strong preference *not* to post this, but since Cryptome has refused to validate the data, there is no other way to authenticate it than to release it to the public along with how to find that information in the Cryptome USBs/CDs and their various mirrors. It was not my intention to humiliate Cryptome or expose their users, only to demonstrate that the slide allegedly proving the GCHQ has spied on Cryptome.org could have come from anywhere. Despite being accurate, the information is not proof of surveillance or anything nefarious. In short, the alleged GCHQ could have been produced by GCHQ as an internal mockup, or forged by anyone with access to an internet connection.

In addition to the links below, you can also download a complete copy of the dataset from Cryptome https://archive.org/details/cryptome-archive as well as download a .zip of all of the leaked logs http://that1archive.neocities.org/cryptome/cryptome-leaked-logs.zip and peruse them in your own time.