The DNC "hack" was a leak from within the US and not Russia.
- Thread starter mikey mikey
- Start date
two sheds
Least noticed poster 2007
If memory serves me correctly this is a Windows scanner library file, either they are stupid or they think we're all stupid. Or perhaps both.
or incredibly cunning
Backatcha Bandit
is not taking your calls
Author of the above also wrote an interesting piece on the non-falsifiable nature of such claims:
Goes on to look at cognitive bias etc...
Faith-based Attribution
(Also gives this latest effort a good going over: FBI/DHS Joint Analysis Report: A Fatally Flawed Effort )
Goes on to look at cognitive bias etc...
Faith-based Attribution
(Also gives this latest effort a good going over: FBI/DHS Joint Analysis Report: A Fatally Flawed Effort )
J Ed
Follow Back Pro Expropriation
Well they have two options right, they could either say hey look this person was lying - his promises are for nothing, look at these Goldman Sachs and Exxon people he is employing. He isn't draining the swamp he's cutting out the middle man lobbyists and employing them directly, he is even more corrupt than we have been!
Or they can say that he is a Manchurian candidate of the USSR, simply insufficiently pro-America.
Bernie Gunther
Fundamentalist Druid
I think he's pushing that a bit further than I'd care to.
He does link some interesting stuff though. Espnecially the ESET "En route with Sednit" series ...
Much better detail on APT28 targets, tools and techniques than the US govt report and much more current than the stuff I posted a couple of pages back.
Last edited:
Backatcha Bandit
is not taking your calls
"The Sednit group - variously also known as: APT (Advanced Persistent Threat) 28, Fancy Bear, Sofacy, Pawn Storm, STRONTIUM and Tsar Tea"
For anyone else that's interested:
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf
Worth noting that ESET themselves caution us:
Well, OK. I guess we'd better do that.
From a probably somewhat cursory first reading, the 'determination' that the 'perpetrators' are 'Russian entities' appears to be mainly based on three factors:
1. The timing of the processing of the shortened URLS via bitly (containing target details); (Pt1 pg13)
2. The nature/identities of the targets themselves; (Pt1 pg13) and
3. "From the log files contained in the proxy open folder, we can infer that it was a Windows server configured in the Russian language (Python console error messages were output in Russian language)". (pt2 pg27)
Does that seem about right, or have I missed any other main factors?
I've not yet spotted the 'indicator of compromise' quoted in the FBI/DHS JAR anywhere in the ESET docs, either.
(...and yes, I probably am the only f***er on here without a hangover!
)
For anyone else that's interested:
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf
Worth noting that ESET themselves caution us:
Well, OK. I guess we'd better do that.
From a probably somewhat cursory first reading, the 'determination' that the 'perpetrators' are 'Russian entities' appears to be mainly based on three factors:
1. The timing of the processing of the shortened URLS via bitly (containing target details); (Pt1 pg13)
2. The nature/identities of the targets themselves; (Pt1 pg13) and
3. "From the log files contained in the proxy open folder, we can infer that it was a Windows server configured in the Russian language (Python console error messages were output in Russian language)". (pt2 pg27)
Does that seem about right, or have I missed any other main factors?
I've not yet spotted the 'indicator of compromise' quoted in the FBI/DHS JAR anywhere in the ESET docs, either.
(...and yes, I probably am the only f***er on here without a hangover!
)
Bernie Gunther
Fundamentalist Druid
Bear in mind, plenty of other security experts have previously investigated APT28 and have come to the conclusion that it's likely Russian and state sponsored, long before the current media event.
Technically they're unusually proficient and professional by malware standards, definitely a cut above the penis pill crowd. They're unusual in how often they use 0-days, implying either really good researchers in-house or a big budget to buy them on the open market. They tailor their attacks to targets, not just spear-phishing (like APT29, the other group found in the DNC networks) but actually building custom versions of their tools based on a wide and varied bag of tricks for specific jobs.
Their targetting (unlike APT29 who have had much more varied targets over their known history) is exclusively political and aligned with Russian political interests.
Analysis of compile times and linguistic factors over the (approaching a) decade or so that they've been in business has consistently indicated Russia.
FireEye have a nice table of outlining the relevant factors and you can find similar at Trend Micro, f-secure etc. I'm not really inclined to doubt that they're Russian and that they get their targeting from some area of state security even if they're nominally commercial security or criminals (assuming anyone can tell the difference in Russia)
APT28: A Window into Russia's Cyber Espionage Operations? « Threat Research Blog
Technically they're unusually proficient and professional by malware standards, definitely a cut above the penis pill crowd. They're unusual in how often they use 0-days, implying either really good researchers in-house or a big budget to buy them on the open market. They tailor their attacks to targets, not just spear-phishing (like APT29, the other group found in the DNC networks) but actually building custom versions of their tools based on a wide and varied bag of tricks for specific jobs.
Their targetting (unlike APT29 who have had much more varied targets over their known history) is exclusively political and aligned with Russian political interests.
Analysis of compile times and linguistic factors over the (approaching a) decade or so that they've been in business has consistently indicated Russia.
FireEye have a nice table of outlining the relevant factors and you can find similar at Trend Micro, f-secure etc. I'm not really inclined to doubt that they're Russian and that they get their targeting from some area of state security even if they're nominally commercial security or criminals (assuming anyone can tell the difference in Russia)
APT28: A Window into Russia's Cyber Espionage Operations? « Threat Research Blog
Last edited:
1%er
Well-Known Member
The biggest hackers in the world are governments through their "security agencies", but for them it isn't considered illegal because they hide behind what they call National Security.
Fuck them, if they can't secure there systems against software/malware freely available on the internet, they deserve all they get, the only people I have sympathy for are the people who are considered collateral damage who have their personal information plastered all over the 'net because someone didn't secure the system.
Take a look at "Unit 8200"
"90% of the intelligence material in Israel is coming from 8200," says Yair Cohen, who served 33 years in 8200 the last five (from 2001-05) as its commander. It employs as many as 5,000 personal and was responsible for Stuxnet.
One whistleblower claimed that 8200 is the middleman between all phone and computer traffic from with-in Palestine (it collects all data), he said he was told that if he could identify a gay Palestinian he was to report the name of that person to his boss, so that Palestinian could be blackmailed into providing information to the Israeli state, if they refused to comply their name and evidence would be passed to Hamas. They are not as claimed a defensive organization but an offensive organization who plant rouge software into tens of thousands of computers/mobile phones each and every year regardless if the state they target is considered friendly or not.
Fuck them, if they can't secure there systems against software/malware freely available on the internet, they deserve all they get, the only people I have sympathy for are the people who are considered collateral damage who have their personal information plastered all over the 'net because someone didn't secure the system.
Take a look at "Unit 8200"
"90% of the intelligence material in Israel is coming from 8200," says Yair Cohen, who served 33 years in 8200 the last five (from 2001-05) as its commander. It employs as many as 5,000 personal and was responsible for Stuxnet.
One whistleblower claimed that 8200 is the middleman between all phone and computer traffic from with-in Palestine (it collects all data), he said he was told that if he could identify a gay Palestinian he was to report the name of that person to his boss, so that Palestinian could be blackmailed into providing information to the Israeli state, if they refused to comply their name and evidence would be passed to Hamas. They are not as claimed a defensive organization but an offensive organization who plant rouge software into tens of thousands of computers/mobile phones each and every year regardless if the state they target is considered friendly or not.
Casually Red
tomorrow belongs to me
Oliver Stones take on this shenanigans . Superb piece of writing IMO and a string of good links at the end
Last edited:
ViolentPanda
Hardly getting over it.
Something, something "through a Scanner darkly".
Backatcha Bandit
is not taking your calls
WT
Well, I can think of a third, Prof.
-
OK, cheers Bernie. So we've got:
The bitly times + compile times pointing to UTC+ 3/4/5
The targets themselves
The language in the Python console error messages + Portable Executable Resources language locales + Matt Tait's Tweets (which I'm struggling to find the source material for amongst other things).
I know I'm probably coming at this from a position of total cynicism regarding claims of this nature from the actors concerned, but I'm not really seeing much that constitutes real, hard evidence (of the sort that might stand up in a criminal case, for instance) of Russian State involvement. Plenty of circumstantial that could still be the results of efforts to frame the Russians by another party.
Not quite enough info to make a reasonably informed judgement - take, for instance, the 'bit.ly mistake' (ESET pt1):
We're told that on 16/3/15 some 800 links were created (from the one account that had been 'mistakenly' left public), then a little further on, we get the graphic showing the timings on the total links created -
But the actual timings (specifically, the grouping, or how long elapsed between each URL creation) are left a mystery. This detail is relevant, as it might give an indication as to whether the URLs were being created by an individual at a terminal (hence the apparent timezone being important) or as part of an automated process (therefore apparent timezone being less so). The picture is too low-res in the important areas.
Too many logical leaps being made on scant evidence, or rather, evidence being gathered to support the existing conclusion (Carr's 'faith-based' attribution thing - which, having read way too much of this stuff lately, now appears to me understated).
Fireeye:
(p19)
(p26)
So making an effort to hide their activity points to their being Russian State, but making no effort to do so means..? Ooh, sneaky!
It just feels a little like anything that could be remotely attributed to Russia is being bulldozed into a pile. Another analogy I heard was that someone gets run over, someone sees a volvo leaving the scene, so there's an lynch mob out now looking for Stefan Löfven.
Every time I try to drill down onto the facts regarding 'Russian' attribution, they seem to slip away into a nebulous, circular labyrinth of cross referencing between the different commercial entities involved. Take that first link: The Dukes: 7 Years Of Russian Cyber-Espionage - which offers their white paper: https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf - which blandly states (p26):
- we follow the reference:
...and we find a document used as a phishing decoy that appears to come from the Ukrainian Ministry of Foreign Affairs! Of which Kaspersky say:
And so on an on down the rabbit hole.
All this is before we even get to the question of whether the DNC emails were actually 'hacked', as opposed to 'leaked'.
I can't help thinking that if there were anything substantive in the claims regarding Russian State attribution, it would be being rammed down our throats, without the need to go off trying to pick the peanuts out of this shit.
I think I should just STFU and settle down with a nice cup of WMTea and a slice of yellowcake... for at least 45 mins.
Casually Red
tomorrow belongs to me
If we look who's heading up this senate enquiry thing it'll be a laugh . John McCain and Lindsay Graham for starters . 2 guys who want to go to war with Russia, Syria and Iran simultaneously . Also 2 guys Trump has publicly humiliated , called McCain a loser and Graham a whining kiss arse and even gave his cell phone number out live to a press conference .
More importantly 2 guys who've already declared the committees findings before the committee was even formed . 2 nut jobs . Thats who's overseeing this thing . Them and some democrats .
Farce .
More importantly 2 guys who've already declared the committees findings before the committee was even formed . 2 nut jobs . Thats who's overseeing this thing . Them and some democrats .
Farce .
Bernie Gunther
Fundamentalist Druid
I don't see the identification of APT28/29 as Russian and likely state linked (mainly on the grounds of targeting) as the problem with this story. Those groups have been around for years and have been identified as such by multiple security research groups with no obvious connection to CIA or Hillary campaign spin.
I don't even find it tremendously difficult to imagine the Russian state, who are clearly extremely fucked off about the US-sponsored colour revolutions, fucking with US politics by way of a response. I mean, it doesn't seem all that likely, but why the hell not?
"You like Orange Revolutions? Here's something orange you might not like so much!"
I just haven't seen any evidence for it beyond a fairly plausible claim that traces of those groups were found at the DNC, which is a long way from making the case that's being made.
Like Matt Taibbi, I can see the familiar signs of the spin machine being used to promote that narrative without convincing evidence to back it up, and I'm seeing associated fuckery (like the Guardian's embarrassingly crude "Assange endorses Trump" smear job) as further reason to be suspicious of the agenda behind promoting this narrative.
I don't even find it tremendously difficult to imagine the Russian state, who are clearly extremely fucked off about the US-sponsored colour revolutions, fucking with US politics by way of a response. I mean, it doesn't seem all that likely, but why the hell not?
"You like Orange Revolutions? Here's something orange you might not like so much!"
I just haven't seen any evidence for it beyond a fairly plausible claim that traces of those groups were found at the DNC, which is a long way from making the case that's being made.
Like Matt Taibbi, I can see the familiar signs of the spin machine being used to promote that narrative without convincing evidence to back it up, and I'm seeing associated fuckery (like the Guardian's embarrassingly crude "Assange endorses Trump" smear job) as further reason to be suspicious of the agenda behind promoting this narrative.
Last edited:
Backatcha Bandit
is not taking your calls
I guess if they don't like it, they'll just have to (umpa)lump it?
Anyway... lest we forget: Consigned to the memory hole: the content of the DNC leaks
1%er
Well-Known Member
This hack is bollocks as is blaming Russia, it is all just a distraction from clear political corruption.
What is the real story here? Is it that someone hacked into the DNC or is it that the information revealed by the hack clearly showed that senior members of the DNC were trying to subvert democracy by undermining Bernie Sanders's presidential campaign.
I submit it is the 2nd point and the reason Obama and others want to keep the hack at the top of the news is because they don't want people talking about a major political party in the USA undermining the democratic rights of voters to choose the person they wanted to be nominated to run for President. The leaked emails clearly show that the DNC who should have shown neutrality throughout the campaign were actively trying to stop one candidate while supporting an other.
What is the real story here? Is it that someone hacked into the DNC or is it that the information revealed by the hack clearly showed that senior members of the DNC were trying to subvert democracy by undermining Bernie Sanders's presidential campaign.
I submit it is the 2nd point and the reason Obama and others want to keep the hack at the top of the news is because they don't want people talking about a major political party in the USA undermining the democratic rights of voters to choose the person they wanted to be nominated to run for President. The leaked emails clearly show that the DNC who should have shown neutrality throughout the campaign were actively trying to stop one candidate while supporting an other.
Backatcha Bandit
is not taking your calls
I do like The Intercept.
The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.
The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.
camouflage
gaslit at scale.
for anyone who still has the interest to spend energy on this DNC hack flimflam...
Here Is The US Intel Report Accusing Putin Of Helping Trump Win The Election By "Discrediting" Hillary Clinton | Zero Hedge
Here Is The US Intel Report Accusing Putin Of Helping Trump Win The Election By "Discrediting" Hillary Clinton | Zero Hedge
Bernie Gunther
Fundamentalist Druid
I wonder how many of those Tor exit nodes are run by the NSA though?
Backatcha Bandit
is not taking your calls
Would that explain the 'moderate' confidence? ferrelhadley
There is no love between us anymore.
So the CIA just staked its entire reputation on a made up story that will fall apart as soon as the real hackers either post an anonymous admission with evidence or if law enforcement catches them.
They did so to pick a fight with the incoming administration and legislature for reasons no one can explain.
And they have sought to massively harm US Russian relations for no reasons other than they are bad people who like to ruin things for everyone.
Perhaps they did fabricate it all. Perhaps they have fucked up monumentally. But as much as their presentation was unconvincing, there seems to be some big holes in the alternative i.e. its all a big con job, it does not make geopolitical or "beltway" Washington politics for the agencies.
Acceptance or other wise of this story does seem to map very close to peoples opinions on the Democratic Party.
They did so to pick a fight with the incoming administration and legislature for reasons no one can explain.
And they have sought to massively harm US Russian relations for no reasons other than they are bad people who like to ruin things for everyone.
Perhaps they did fabricate it all. Perhaps they have fucked up monumentally. But as much as their presentation was unconvincing, there seems to be some big holes in the alternative i.e. its all a big con job, it does not make geopolitical or "beltway" Washington politics for the agencies.
Acceptance or other wise of this story does seem to map very close to peoples opinions on the Democratic Party.
Casually Red
tomorrow belongs to me
I'm quite prepared to accept that the Russians had both means and motive . They patently did . What I'm not prepared to accept is their guilt without any evidence .
As regards this , I'll assume it's simply I'll thought out rather than disingenuous
They did so to pick a fight with the incoming administration and legislature for reasons no one can explain.
And they have sought to massively harm US Russian relations for no reasons other than they are bad people who like to ruin things for everyone.
This move delegitimises the incoming administration . By portraying it as a Russian creation , and even a Russian puppet, it creates very real grounds for its removal in the longer term . And in the short term attempts to decide its geo political policies for it . To gravely weaken any political attempt to engage in rapprochement with Russia . To veer away from the policy and course of confrontation that powerful factions in the US have embarked upon . And which the expected Clinton administration was the embodiment of .
The motives behind this move if it turns out to be a fabrication are pretty obvious .
ferrelhadley
There is no love between us anymore.
And basically signing the agencies death warrant as an agency as no US administration will tolerate a government agency that plays in domestic politics to that degree.
agricola
a genuine importer of owls
Whilst the above may well be true, I would also point out that "Russian interference" is the only excuse as to why they lost that has seemed to stick for those at the top of the Democratic Party / Clinton campaign who would otherwise be forced to confront the magnitude of their defeat. "We lost because they cheated" is a lot more palatable than "We lost because we were absolutely appalling, at everything" after all.
Bernie Gunther
Fundamentalist Druid
There's also the pre-disposition in the defence / intelligence establishment (see the stuff I was posting a couple pages back) to worry about Russian influence / cyber operations as a sort of blowback from the 'color revolutions'
What I think happened was that the threat model already existed the sort of circles Hillary's crowd move in and the DNC picked up on it
What I think happened was that the threat model already existed the sort of circles Hillary's crowd move in and the DNC picked up on it
Casually Red
tomorrow belongs to me
I doubt the Kennedy family would agree with that assertion.
ferrelhadley
There is no love between us anymore.
So this is your theory as to why the CIA fabricated evidence of Russian involvement.
To be brutally frank. That is 911 troofer level of logic.
Now for the classic "what I really meant was...." re-positioning.
agricola
a genuine importer of owls
Why would the CIA need to fabricate evidence of Russian involvement in this? I would have thought the Russians would have been able to access Podesta's emails, just as probably every intelligence agency of any kind of significance would be able to.
Backatcha Bandit
is not taking your calls
Not to mention every 14 year old.
ferrelhadley
There is no love between us anymore.
Well perhaps you see Bernie Gunther's comment different to me.
It seemed to me to be an explanation for the motivation of the CIA to fabricate evidence.
But if this was a small group of hackers they can blow apart the CIA by anonymously posting evidence it was them that obtained the emails. How does the risk\reward for the CIA as an institution and its long term aims stack up to going public with this stuff unless it really believed a foreign agency had interfered, or "interfered" if you prefer, with the US election?
There is no real compelling evidence to say the CIA is correct. But for all the insinuations they are wrong, how where is the logic as to why they have taken the risks to either fabricate or go public on something that was likely not the Russians?
Similar threads
