Did the Russians Really Hack the DNC? Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U. S. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, ? The security firm claims that the techniques used were similar to those deployed in past security hacking operations that have been attributed to the same actors, while the profile of previous victims . Advanced search Language tools: Advertising Programmes Business Solutions +Google About Google Google.com The Hacking Evidence Against Russia Is Extremely Weak. The Hacking Evidence Against Russia Is Extremely Weak. By WashingtonsBlog washingtonsblog.com. Similarly, when a treasure trove of secret NSA tools were revealed. But then again, perhaps not. Regarding the point about separate intruders, each operating independently of the other, that would seem to more likely indicate that the sources have nothing in common. Each of the two intrusions acted as an advanced persistent threat (APT), which is an attack that resides undetected on a network for a long time. The goal of an APT is to exfiltrate data from the infected system rather than inflict damage. Several names have been given to these two actors, and most commonly Fancy Bear is known as APT2. Cozy Bear as APT2. The fact that many of the techniques used in the hack resembled, in varying degrees, past attacks attributed to Russia may not necessarily carry as much significance as we are led to believe.
Chinese Army link to hack no reason for cyberwar. ![]() Once malware is deployed, it tends to be picked up by cybercriminals and offered for sale or trade on Deep Web black markets, where anyone can purchase it. Exploit kits are especially popular sellers. Quite often, the code is modified for specific uses. Security specialist Josh Pitts demonstrated how easy that process can be, downloading and modifying nine samples of the Onion. ![]() Duke malware, which is thought to have first originated with the Russian government. Pitts reports that this exercise demonstrates . It comes as no surprise to us that this type of intelligence agency- grade malware would eventually fall into cybercriminals. Cybersecurity consultant Jeffrey Carr reacts with scorn: ! Petersburg and Moscow. Mark Mc. Ardle wonders, . It is unclear what relation . In a PDF file that Guccifer 2. Gawker. com, metadata indicated that it was it was last saved by someone having a username in Cyrillic letters. During the conversion of the file from Microsoft Word to PDF, invalid hyperlink error messages were automatically generated in the Russian language. But who is Guccifer 2. A Russian government operation? In the poorly secured DNC system, there were almost certainly many infiltrators of various stripes. Nor can it be ruled out that the metadata indicators were intentionally generated in the file to misdirect attribution. The two APT attacks have been noted for their sophistication, and these mistakes . To change the language setting on a computer can be done in a matter of seconds, and that would be standard procedure for advanced cyber- warriors. On the other hand, sloppiness on the part of developers is not entirely unknown. However, one would expect a nation- state to enforce strict software and document handling procedures and implement rigorous review processes. At any rate, the documents posted to the Guccifer 2. Wiki. Leaks. Certainly, none of the documents posted to Wiki. Leaks possess the same metadata issues. And one hacking operation does not preclude another, let alone an insider leak. APT2. 8 relied on XTunnel, repurposed from open source code that is available to anyone, to open network ports and siphon data. The interesting thing about the software is its failure to match the level of sophistication claimed for APT2. The strings in the code quite transparently indicate its intent, with no attempt at obfuscation. Oddly, for such a key component of the operation, the command- and- control IP address in both attacks was hard- coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command- and- control server. Using a DNS address would also allow the command- and- control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code. One of the IP addresses is claimed to be a . It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent- APPR and Shunnael. The report code- named these activities . Included in the report is a list of every threat group ever said to be associated with the Russian government, most of which are unrelated to the DNC hack. It appears that various governmental organizations were asked to send a list of Russian threats, and then an official lacking IT background compiled that information for the report, and the result is a mishmash of threat groups, software, and techniques. Indeed, as the majority of items on the list are unrelated to the DNC hack, one wonders what the point is. But it bears repeating: even where software can be traced to Russian origination, it does not necessarily indicate exclusive usage. Jeffrey Carr explains: . It can be reverse- engineered, copied, modified, shared and redeployed again and again by anyone. It is both foolish and baseless to claim, as Crowdstrike does, that X- Agent is used solely by the Russian government when the source code is there for anyone to find and use at will. For that matter, the majority of the content is taken up by what security specialist John Hinderaker describes as . In analyzing the source code, Wordfence discovered that the software used was P. A. S., version 3. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. The current version of the P. A. S. The sites are widely dispersed geographically, and of those with a known location, the United States has the largest number. A large number of the IP addresses belong to low- cost server hosting companies. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe Io. Cs are garbage. How they get from the facts (one person accessed Yahoo email) to the story (Russians hacked power grid). Lee is inclined to accept the government. In its analysis, Kaspersky Lab found that most of the group. But it does serve as an example of the uncertainty surrounding government claims about Russian hacking operations in general. Secure. List, however, finds that unlike the software. But nowhere does it do so. Mere assertions are meant to persuade. How much evidence does the government have? The Democratic Party claims that the FBI never requested access to DNC servers. In a case like this, the FBI would typically conduct its own investigation. Was the DNC afraid the FBI might come to a different conclusion than the DNC- hired security firm Crowdstrike? The FBI was left to rely on whatever evidence Crowdstrike chose to supply. During its analysis of DNC servers, Crowdstrike reports that it found evidence of APT2. APT2. 9 intrusions within two hours. Did it stop there, satisfied with what it had found? Or did it continue to explore whether additional intrusions by other actors had taken place? In an attempt to further inflame the hysteria generated from accusations of Russian hacking, the Office of the Director of National Intelligence published a declassified version of a document briefed to U. S. The information was supplied by the CIA, FBI, and National Security Agency, and was meant to cement the government. Not surprisingly, the report received a warm welcome in the mainstream media, but what is notable is that it offers not a single piece of evidence to support its claim of . Instead, the bulk of the report is an unhinged diatribe against Russian- owned RT media. The content is rife with inaccuracies and absurdities. Among the heinous actions RT is accused of are having run . The 2. 01. 6 election should have been a wake- up call for the Democratic Party. Instead, predictably enough, no self- examination has taken place, as the party doubles down on the neoliberal policies that have impoverished tens of millions, and backing military interventions that have sown so much death and chaos. Instead of thoughtful analysis, the party is lashing out and blaming Russia for its loss to an opponent that even a merely weak candidate would have beaten handily. Mainstream media start with the premise that the Russian government was responsible, despite a lack of convincing evidence. They then leap to the fallacious conclusion that because Russia hacked the DNC, only it could have leaked the documents. So, did the Russian government hack the DNC and feed documents to Wiki. Leaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to Wiki. Leaks is thought to have originated from an insider. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation- state. It has been pointed out that Russia could have used a third party to pass along the material.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2017
Categories |