Urban75 Home About Offline BrixtonBuzz Contact

The DNC "hack" was a leak from within the US and not Russia.

I liked this analogy:

imagine that the DNC breach wasn’t a network breach but a shooting (no one was injured). No one knows who the shooter was but he left behind his weapon, a Kalishnikov AKM.

The unknown shooter used a Russian-made weapon. Does that mean that the shooter is Russian? Or that the shooter works for the company, Kalishnikov Concern? Or even more likely in the crazy world of cyber investigations, that the designer of the AKM is also the shooter?

Police would certainly explore the possibility that the shooter may have been Russian but they wouldn’t exclude other suspects. And no investigator in his right mind would arrest the CEO of Remington Arms, Sig Sauer, Kalishnikov Concern or any other arms manufacturer because a gun they made was used in a crime.

In the physical world of crime investigation, common sense dictates that the perpetrator of a crime may use any weapon and not just one made in the country of his birth, and that the developer or manufacturer of the weapon most likely isn’t the criminal.

And yet, those seemingly crazy assumptions are made every day by cybersecurity companies involved in incident response and threat intelligence.

The malware was written in Russian? It was a Russian who attacked you.

Chinese characters in the code? You’ve been hacked by the Peoples Liberation Army.
Click to expand...

The DNC Breach and the Hijacking of Common Sense
 
Author of the above also wrote an interesting piece on the non-falsifiable nature of such claims:

the closest profession to the attribution estimate of a cyber intelligence analyst is that of a religious office like a priest or a minister, who simply asks their congregation to believe what they say on faith.
Click to expand...

Goes on to look at cognitive bias etc...

Faith-based Attribution

(Also gives this latest effort a good going over: FBI/DHS Joint Analysis Report: A Fatally Flawed Effort )
 
Bernie Gunther said:
You have to wonder if the US political/media class, like ours, has lost any remaining ability to interact with the public without spinning the shit out of everything by reflex.
Click to expand...

Well they have two options right, they could either say hey look this person was lying - his promises are for nothing, look at these Goldman Sachs and Exxon people he is employing. He isn't draining the swamp he's cutting out the middle man lobbyists and employing them directly, he is even more corrupt than we have been!

Or they can say that he is a Manchurian candidate of the USSR, simply insufficiently pro-America.
 
Backatcha Bandit said:
Author of the above also wrote an interesting piece on the non-falsifiable nature of such claims:



Goes on to look at cognitive bias etc...

Faith-based Attribution

(Also gives this latest effort a good going over: FBI/DHS Joint Analysis Report: A Fatally Flawed Effort )
Click to expand...

I think he's pushing that a bit further than I'd care to.

He does link some interesting stuff though. Espnecially the ESET "En route with Sednit" series ...

Much better detail on APT28 targets, tools and techniques than the US govt report and much more current than the stuff I posted a couple of pages back.
 
Last edited:
"The Sednit group - variously also known as: APT (Advanced Persistent Threat) 28, Fancy Bear, Sofacy, Pawn Storm, STRONTIUM and Tsar Tea"
Bernie Gunther said:
.. the ESET "En route with Sednit" series ...
Click to expand...

For anyone else that's interested:

http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf

http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf

http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf

Worth noting that ESET themselves caution us:

Some have directly attributed the Sednit group to some Russian entities.

Users would be wise to read the paper and make their own determination about who the likely perpetrators are, and read up on the indicators of compromise that will help them determine if they themselves might have fallen foul of the Sednit group.
Click to expand...

Well, OK. I guess we'd better do that. :)

From a probably somewhat cursory first reading, the 'determination' that the 'perpetrators' are 'Russian entities' appears to be mainly based on three factors:

1. The timing of the processing of the shortened URLS via bitly (containing target details); (Pt1 pg13)

2. The nature/identities of the targets themselves; (Pt1 pg13) and

3. "From the log files contained in the proxy open folder, we can infer that it was a Windows server configured in the Russian language (Python console error messages were output in Russian language)". (pt2 pg27)

Does that seem about right, or have I missed any other main factors?

I've not yet spotted the 'indicator of compromise' quoted in the FBI/DHS JAR anywhere in the ESET docs, either.

(...and yes, I probably am the only f***er on here without a hangover! :D :p )
 
Bear in mind, plenty of other security experts have previously investigated APT28 and have come to the conclusion that it's likely Russian and state sponsored, long before the current media event.

Technically they're unusually proficient and professional by malware standards, definitely a cut above the penis pill crowd. They're unusual in how often they use 0-days, implying either really good researchers in-house or a big budget to buy them on the open market. They tailor their attacks to targets, not just spear-phishing (like APT29, the other group found in the DNC networks) but actually building custom versions of their tools based on a wide and varied bag of tricks for specific jobs.

Their targetting (unlike APT29 who have had much more varied targets over their known history) is exclusively political and aligned with Russian political interests.

Analysis of compile times and linguistic factors over the (approaching a) decade or so that they've been in business has consistently indicated Russia.

FireEye have a nice table of outlining the relevant factors and you can find similar at Trend Micro, f-secure etc. I'm not really inclined to doubt that they're Russian and that they get their targeting from some area of state security even if they're nominally commercial security or criminals (assuming anyone can tell the difference in Russia)

Table-for-APT28.jpg


APT28: A Window into Russia's Cyber Espionage Operations? « Threat Research Blog
 
Last edited:
The biggest hackers in the world are governments through their "security agencies", but for them it isn't considered illegal because they hide behind what they call National Security.

Fuck them, if they can't secure there systems against software/malware freely available on the internet, they deserve all they get, the only people I have sympathy for are the people who are considered collateral damage who have their personal information plastered all over the 'net because someone didn't secure the system.

Take a look at "Unit 8200"
"90% of the intelligence material in Israel is coming from 8200," says Yair Cohen, who served 33 years in 8200 the last five (from 2001-05) as its commander. It employs as many as 5,000 personal and was responsible for Stuxnet.

One whistleblower claimed that 8200 is the middleman between all phone and computer traffic from with-in Palestine (it collects all data), he said he was told that if he could identify a gay Palestinian he was to report the name of that person to his boss, so that Palestinian could be blackmailed into providing information to the Israeli state, if they refused to comply their name and evidence would be passed to Hamas. They are not as claimed a defensive organization but an offensive organization who plant rouge software into tens of thousands of computers/mobile phones each and every year regardless if the state they target is considered friendly or not.
 
Oliver Stones take on this shenanigans . Superb piece of writing IMO and a string of good links at the end

 
Last edited:
“We are approaching the point in this case where there are only two reasons for why people say there’s no good evidence,” [Prof. Thomas] Rid, the King’s [College, London] professor, told Motherboard on Thursday. “The first reason is because they don’t understand the evidence—because the don’t have the necessary technical knowledge. The second reason is they don’t want to understand the evidence.”
Click to expand...
WT

Well, I can think of a third, Prof. :eek:

-

OK, cheers Bernie. So we've got:

The bitly times + compile times pointing to UTC+ 3/4/5
The targets themselves
The language in the Python console error messages + Portable Executable Resources language locales + Matt Tait's Tweets (which I'm struggling to find the source material for amongst other things).

I know I'm probably coming at this from a position of total cynicism regarding claims of this nature from the actors concerned, but I'm not really seeing much that constitutes real, hard evidence (of the sort that might stand up in a criminal case, for instance) of Russian State involvement. Plenty of circumstantial that could still be the results of efforts to frame the Russians by another party.

Not quite enough info to make a reasonably informed judgement - take, for instance, the 'bit.ly mistake' (ESET pt1):

We're told that on 16/3/15 some 800 links were created (from the one account that had been 'mistakenly' left public), then a little further on, we get the graphic showing the timings on the total links created - timings.png

But the actual timings (specifically, the grouping, or how long elapsed between each URL creation) are left a mystery. This detail is relevant, as it might give an indication as to whether the URLs were being created by an individual at a terminal (hence the apparent timezone being important) or as part of an automated process (therefore apparent timezone being less so). The picture is too low-res in the important areas.

Too many logical leaps being made on scant evidence, or rather, evidence being gathered to support the existing conclusion (Carr's 'faith-based' attribution thing - which, having read way too much of this stuff lately, now appears to me understated).

Fireeye:

APT28 is most likely supported by a group of developers creating tools intended for long-term use and versatility, who make an effort to obfuscate their activity. This suggests that APT28 receives direct ongoing financial and other resources from a well-established organization, most likely a nation state government. APT28’s malware settings suggest that the developers have done the majority of their work in a Russian language build environment during Russian business hours, which suggests that the Russian government is APT28’s sponsor.
Click to expand...
(p19)

The samples with Russian language settings were compiled between late 2007 and late 2013, as depicted in Figure 9. This consistency over a long timeframe suggests that the developers of APT28 malware were using a build environment with Russian language settings at least some of the time and made no effort to obscure this detail.
Click to expand...
(p26)

So making an effort to hide their activity points to their being Russian State, but making no effort to do so means..? Ooh, sneaky!

It just feels a little like anything that could be remotely attributed to Russia is being bulldozed into a pile. Another analogy I heard was that someone gets run over, someone sees a volvo leaving the scene, so there's an lynch mob out now looking for Stefan Löfven.

Every time I try to drill down onto the facts regarding 'Russian' attribution, they seem to slip away into a nebulous, circular labyrinth of cross referencing between the different commercial entities involved. Take that first link: The Dukes: 7 Years Of Russian Cyber-Espionage - which offers their white paper: https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf - which blandly states (p26):
Kaspersky Labs has previously noted the presence of Russian-language artefacts in some of the Duke malware samples [9]
Click to expand...
- we follow the reference:
9. Mikko Hypponen; F-Secure Weblog; Targeted Attacks and Ukraine; published 1 April 2014; [Online]. Available:
News from the Lab Archive : January 2004 to September 2015
Click to expand...
...and we find a document used as a phishing decoy that appears to come from the Ukrainian Ministry of Foreign Affairs! Of which Kaspersky say:
We don't know where the attacker got this decoy file from. We don't know who was targeted by these attacks. We don't know who's behind these attacks.
Click to expand...
And so on an on down the rabbit hole.

All this is before we even get to the question of whether the DNC emails were actually 'hacked', as opposed to 'leaked'.

I can't help thinking that if there were anything substantive in the claims regarding Russian State attribution, it would be being rammed down our throats, without the need to go off trying to pick the peanuts out of this shit.

I think I should just STFU and settle down with a nice cup of WMTea and a slice of yellowcake... for at least 45 mins. :)
 
If we look who's heading up this senate enquiry thing it'll be a laugh . John McCain and Lindsay Graham for starters . 2 guys who want to go to war with Russia, Syria and Iran simultaneously . Also 2 guys Trump has publicly humiliated , called McCain a loser and Graham a whining kiss arse and even gave his cell phone number out live to a press conference .
More importantly 2 guys who've already declared the committees findings before the committee was even formed . 2 nut jobs . Thats who's overseeing this thing . Them and some democrats .

Farce .
 
I don't see the identification of APT28/29 as Russian and likely state linked (mainly on the grounds of targeting) as the problem with this story. Those groups have been around for years and have been identified as such by multiple security research groups with no obvious connection to CIA or Hillary campaign spin.

I don't even find it tremendously difficult to imagine the Russian state, who are clearly extremely fucked off about the US-sponsored colour revolutions, fucking with US politics by way of a response. I mean, it doesn't seem all that likely, but why the hell not?

"You like Orange Revolutions? Here's something orange you might not like so much!"

I just haven't seen any evidence for it beyond a fairly plausible claim that traces of those groups were found at the DNC, which is a long way from making the case that's being made.

Like Matt Taibbi, I can see the familiar signs of the spin machine being used to promote that narrative without convincing evidence to back it up, and I'm seeing associated fuckery (like the Guardian's embarrassingly crude "Assange endorses Trump" smear job) as further reason to be suspicious of the agenda behind promoting this narrative.
 
Last edited:
This hack is bollocks as is blaming Russia, it is all just a distraction from clear political corruption.

What is the real story here? Is it that someone hacked into the DNC or is it that the information revealed by the hack clearly showed that senior members of the DNC were trying to subvert democracy by undermining Bernie Sanders's presidential campaign.

I submit it is the 2nd point and the reason Obama and others want to keep the hack at the top of the news is because they don't want people talking about a major political party in the USA undermining the democratic rights of voters to choose the person they wanted to be nominated to run for President. The leaked emails clearly show that the DNC who should have shown neutrality throughout the campaign were actively trying to stop one candidate while supporting an other.
 
So the CIA just staked its entire reputation on a made up story that will fall apart as soon as the real hackers either post an anonymous admission with evidence or if law enforcement catches them.
They did so to pick a fight with the incoming administration and legislature for reasons no one can explain.
And they have sought to massively harm US Russian relations for no reasons other than they are bad people who like to ruin things for everyone.

Perhaps they did fabricate it all. Perhaps they have fucked up monumentally. But as much as their presentation was unconvincing, there seems to be some big holes in the alternative i.e. its all a big con job, it does not make geopolitical or "beltway" Washington politics for the agencies.

Acceptance or other wise of this story does seem to map very close to peoples opinions on the Democratic Party.
 
ferrelhadley said:
So the CIA just staked its entire reputation on a made up story that will fall apart as soon as the real hackers either post an anonymous admission with evidence or if law enforcement catches them.
They did so to pick a fight with the incoming administration and legislature for reasons no one can explain.
And they have sought to massively harm US Russian relations for no reasons other than they are bad people who like to ruin things for everyone.

Perhaps they did fabricate it all. Perhaps they have fucked up monumentally. But as much as their presentation was unconvincing, there seems to be some big holes in the alternative i.e. its all a big con job, it does not make geopolitical or "beltway" Washington politics for the agencies.

Acceptance or other wise of this story does seem to map very close to peoples opinions on the Democratic Party.
Click to expand...

I'm quite prepared to accept that the Russians had both means and motive . They patently did . What I'm not prepared to accept is their guilt without any evidence .

As regards this , I'll assume it's simply I'll thought out rather than disingenuous

They did so to pick a fight with the incoming administration and legislature for reasons no one can explain.
And they have sought to massively harm US Russian relations for no reasons other than they are bad people who like to ruin things for everyone.


This move delegitimises the incoming administration . By portraying it as a Russian creation , and even a Russian puppet, it creates very real grounds for its removal in the longer term . And in the short term attempts to decide its geo political policies for it . To gravely weaken any political attempt to engage in rapprochement with Russia . To veer away from the policy and course of confrontation that powerful factions in the US have embarked upon . And which the expected Clinton administration was the embodiment of .

The motives behind this move if it turns out to be a fabrication are pretty obvious .
 
Casually Red said:
This move delegitimises the incoming administration . By portraying it as a Russian creation , and even a Russian puppet, it creates very real grounds for its removal in the longer term .
Click to expand...
And basically signing the agencies death warrant as an agency as no US administration will tolerate a government agency that plays in domestic politics to that degree.
 
Casually Red said:
This move delegitimises the incoming administration . By portraying it as a Russian creation , and even a Russian puppet, it creates very real grounds for its removal in the longer term . And in the short term attempts to decide its geo political policies for it . To gravely weaken any political attempt to engage in rapprochement with Russia . To veer away from the policy and course of confrontation that powerful factions in the US have embarked upon . And which the expected Clinton administration was the embodiment of .

The motives behind this move if it turns out to be a fabrication are pretty obvious .
Click to expand...

Whilst the above may well be true, I would also point out that "Russian interference" is the only excuse as to why they lost that has seemed to stick for those at the top of the Democratic Party / Clinton campaign who would otherwise be forced to confront the magnitude of their defeat. "We lost because they cheated" is a lot more palatable than "We lost because we were absolutely appalling, at everything" after all.
 
There's also the pre-disposition in the defence / intelligence establishment (see the stuff I was posting a couple pages back) to worry about Russian influence / cyber operations as a sort of blowback from the 'color revolutions'

What I think happened was that the threat model already existed the sort of circles Hillary's crowd move in and the DNC picked up on it
 
Bernie Gunther said:
There's also the pre-disposition in the defence / intelligence establishment (see the stuff I was posting a couple pages back) to worry about Russian influence / cyber operations as a sort of blowback from the 'color revolutions'
Click to expand...
So this is your theory as to why the CIA fabricated evidence of Russian involvement.

To be brutally frank. That is 911 troofer level of logic.
Now for the classic "what I really meant was...." re-positioning.
 
ferrelhadley said:
So this is your theory as to why the CIA fabricated evidence of Russian involvement.

To be brutally frank. That is 911 troofer level of logic.
Now for the classic "what I really meant was...." re-positioning.
Click to expand...

Why would the CIA need to fabricate evidence of Russian involvement in this? I would have thought the Russians would have been able to access Podesta's emails, just as probably every intelligence agency of any kind of significance would be able to.
 
agricola said:
Why would the CIA need to fabricate evidence of Russian involvement in this? I would have thought the Russians would have been able to access Podesta's emails, just as probably every intelligence agency of any kind of significance would be able to.
Click to expand...
Well perhaps you see Bernie Gunther's comment different to me.
There's also the pre-disposition in the defence / intelligence establishment (see the stuff I was posting a couple pages back) to worry about Russian influence / cyber operations as a sort of blowback from the 'color revolutions'
Click to expand...
It seemed to me to be an explanation for the motivation of the CIA to fabricate evidence.

But if this was a small group of hackers they can blow apart the CIA by anonymously posting evidence it was them that obtained the emails. How does the risk\reward for the CIA as an institution and its long term aims stack up to going public with this stuff unless it really believed a foreign agency had interfered, or "interfered" if you prefer, with the US election?

There is no real compelling evidence to say the CIA is correct. But for all the insinuations they are wrong, how where is the logic as to why they have taken the risks to either fabricate or go public on something that was likely not the Russians?
 
You must log in or register to reply here.

Similar threads

Silas Loom
Blaming Russia
2 3
Replies
89
Views
3K
Dogsauce
Dogsauce
Flavour
  • Poll
Who will win the 2024 US election?
50 51 52 53 54
Replies
2K
Views
44K
Dillinger4
Dillinger4
editor
Russia sues Google for $20,000,000,000,000,000,000,000,000,000,000,000
Replies
29
Views
611
Elpenor
Elpenor
mojo pixy
Give me a reason not to embrace the far-right
2 3 4
Replies
93
Views
3K
Lotte
L
frogwoman
Gunmen attack synagogue, churches and police station in Dagestan (Russia)
Replies
18
Views
874
JimW
JimW
Back
Top Bottom