The Obama administration is retaliating against Russia for hacking into Debbie Wasserman-Schultz’s email account. It would have been much better if the administration had reacted when Russia hacked into the White House’s and State Department’s computers in 2014, but, as Glenn Reynolds says, at that time only national security was at stake, while now, it’s something really important: the Democratic Party’s power.
So yesterday the administration released its long-anticipated report on Russian hacking. The Associated Press explains the report’s importance:
The U.S. on Thursday released its most detailed report yet on Russia’s efforts to interfere in the U.S. presidential election by hacking American political sites and email accounts.
The 13-page joint analysis by the Homeland Security Department and the Federal Bureau of Investigation was the first such report ever to attribute malicious cyber activity to a particular country or actors.
It was also the first time the U.S. has officially and specifically tied intrusions into the Democratic National Committee to hackers with the Russian civilian and military intelligence services, the FSB and GRU, expanding on an Oct. 7 accusation by the Obama administration.
So the report is really important. I read it yesterday, and had to triple-check to verify that this is the document the administration has been hyping.
The report can fairly be characterized as a joke. To begin with, 8 1/2 of its 13 pages consist of boilerplate advice to IT professionals, e.g.:
A commitment to good cybersecurity and best practices is critical to protecting networks and systems. Here are some questions you may want to ask your organization to help prevent and mitigate against attacks.
Right. So how about the Russians and Debbie W-S’s account? The information provided is absurdly thin. The bottom line:
The U.S. Government confirms that two different [Russian civilian and military intelligence Services] actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.
The “U.S political party” is of course the Democratic National Committee. But what is the evidence that the Russian government was behind the hack?
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
I assume that these claims are probably true, but they are conclusions, not evidence. Does the administration provide any evidence? This is as close as we get:
Indicators of Compromise (IOCs)
IOCs associated with RIS cyber actors are provided within the accompanying .csv and .stix files of JAR-16-20296.
description = “PAS TOOL PHP WEB KIT FOUND” strings:
$php = “ 20KB and filesize < 22KB) and #cookie == 2 and #isset == 3 and all of them }
I am not competent to interpret this information. No doubt some of our readers will weigh in, in the comments. But really: is this the best evidence the administration has that the Russian government hacked Debbie W-S’s email account? It seems remarkably feeble. The administration’s claim may be true. I have no idea whether it is or not. But the thinness of any persuasive evidence in a 13-page report that consists mostly of boilerplate advice to IT personnel inspires very little confidence.
COMMENTS FROM FACEBOOK
Tom Earnest ·Does anyone else get the idea that the O Admininstration is trying to kick up as much trouble as possible for the incoming T Administration ? YES, NOT ? Answer YES. I would be interested in who almost caused this big rift between the US and Russia; Who’s laptop had the code; where did they get it; why was it on the laptop ? Compare this last minute excitement / punnishment to that that occurred when National Security was at risk. O Admin has egg on their faces again – not nearly the wizards they claim to be. Difficult for them to accept defeat gracefully and in a responsible manner.
This report does not say why no RNC sites were compromised or what other, if any, government actors were compromised. Was the DNC the only fool to be compromised by the broadly sweeping phishing?
Does Wikileaks have different information than these Russian exfiltrations or was Russia just hosting Wikileaks?I don’t think Hillary wanted to win. She choked a week before and proof of that is she cancelled the firecrackers. Furthermore, she booked the glass convention centre that Trump built years before for her finale. Subconsciously that was the glass ceiling she couldn’t break because Trump built it.The anti-Trump coalition continues to do Putin’s bidding. What is the real import of this molehill? The more our Country can be divided the less effective we will be in putting America first. This coincides with the plutocracy’s goal of destroying America as a nation state. The coalition wants to conflate hacking the DNC’s emails with hacking our election process. There’s no concrete proof of the former and consequently no proof whatsoever of the latter. The coalition wants to hamstring our President-elect to block him achieving the goals he was elected for. A secondary objective is to keep anyone from looking into the voter fraud committed by the dems.It’s right there on the first of 13 pages. “The Russians did it.” How much more evidence do you need? ROFL! Little Paul Deuffert is actually ready to start WWIII on the inarguable evidence – “the Russians did it.”
Scary, but the clown is supposedly a lawyer.Works at Secured Legal Services GroupPerhaps the sorriest part of this pathetic Administration is how they have completely destroyed all credibility of our intelligence agencies. Who cares what the CIA, DHS, FBI, NSA et al say about this? Obama has subverted them all and they are relegated to political hack status. Trump will have to burn down the agencies and rebuild. In the meantime, everything they say is highly suspect. Sad.
Maybe Trump and Putin can make an announcement from the Trump Tower in NYC that Russia is forming a joint task force charged with releasing all hacked documents; ask all world hacker’s and WikiLeaks to come forward with any illegally obtained information. The information will be made publicly available to the American people so that they may judge for themselves why the Obama Administration almost got us into a war with Russia.
Jeff Sessions will then step up to the podium and announce that if USG Classified documents are found, prosecutions by the USG will be levied against those who initially mishandled them. Any other violations of US law brought to light will also result in criminal prosecution.
President Trump can then come out and announce both the Russian Federation and liked minded Western Nations are going to create a new diplomatic organization that will take the place of the UN.
This would just about clean out the DNC with no push back from the public. It would destroy an Obama UN Secretary General appointment, and Fauxhontas.
It would pave the way diplomatically for the West and Russia to move forward in a new spirit of peace and cooperation.
You know someone in the Obama Administration is BS’ing when he tells the stenographers in the media that 17 intelligence agencies agree that the DNC hackers were Russian Government agents. The reason that we have 17 different intelligence agencies is that each specializes–none does everything. All any statement about 17 intelligence agencies means is that Coast Guard Intelligence and the rest have no objection to blaming the Russians.
What does the Drug Enforcement Agency have to say about hacking? What about the Department of Energy, which is responsible for evaluating intelligence on nuclear weapons? Does the National Geospatial Intelligence Agency have a satellite photo of the hackers? Even the only agency that can speak for the entire US intelligence appartus, the Office of the Director of National Intelligence, only runs the committee meetings–it has no means of analyzing evidence of a computer hack.
Doug BrockmanThe biggest worst crime here was attacking the sacred but seemingly incompetent DEMOCRAT party Had they attacked the GOP no such wailing and gnashing of teeth. This TRYiNG to use the IRS against democrats is impeachable. Actually using it against the tea party is entirely appropriate and warranted
At the tippity top of the report, in a box labeled “JOINT ANALYSIS REPORT”, it states:
“The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.”
Talk about a con job….
Don DeVaughn ·A .csv file is an elementary database file that has been in common use since about 1970 to transfer data from one database to another; for example, from an excel database to a Wordperfect database. By itself, there is nothing suspicous here. The “Yara Signature” references a common tool used by programmers who are looking for malware, and the code that is inside the brackets is a typical example of programming to find the malware. In my opinion, none of this points to any State action. All of this could have been used by technicians working for the DNC, trying to determine whether or not they had been “hacked.”
Arlie Ray Blackshear Jr ·In 2008, after Obama had won, the LIE-stream media crowed how sophisticated Obama’s tech savvy campaign was. How they had the “smarts” to run a multi level, multi tasking computer software driven campaign with social media driving voters and campaign donations to him and the DNC. It was a information technology juggernaut with the smartest programmers and hackers running circles around the electorate in cyberspace. Instantly, the campaign could answer any attack with a press release anywhere on any topic with their cyberspace war room. The smartest president ever, had the smartest campaign sta…See More
Gary Black ·There is absolutely nothing in the document that points to the Russian State as perpetrators. On the contrary, the only “evidence” points to techniques used by any unsophisticated hacker. I will contend the DNC was never hacked but rather leaked by an insider. Podesta was hacked but not by a state actor. Clinton’s secret server was no doubt hacked by State actors according to the FBI but nobody getting excited about that.
The “root kit” fragment shown in your post indicates absolutely nothing. It is typical of thousands of that type of infiltration and could have come from anywhere in the world. If they did not provide firm evidence this originated from Russia, it is a half-baked attempt to cast blame and fails miserably. I guarantee you it was thrown together under orders and with abysmal knowledge level of most journalists and their editors, it is a fraud.
You don’t need “root kit” to phish for passwords , it is something done all the time by various people for many reasons (nearly always in a quest for ill-gotten gain). Number one: never ever respond to any email claiming some kind of account problem requiring an immediate “password” change or reset. A “helpful” screen will often be provided to help and it may look very legitimate. No credible organization will use this approach.
More bread and circus from the Obama people. What judge at the Federal level would allow this rubbish as evidence?
I am competent to evaluate such things, unfortunately there is not enough information to evaluate properly and what information is provided is, as you mentioned, generic security advice.
Lastly, if these “hacks” (they’re not really hacks or cracks, just phishes) were properly done, there would be absolutely no known point of origin or useful path available to blame on anyone.
For them to conclude “it’s the Russians” without any correborating information through other channels is ludicrous. The “report” mentioned no such correboration.No, we are retaliating against Russia for using material stolen from a major domestic political party to influence a US election. It arguably is an act of war.
Scott Wallace ·So to make sure I understand this right, stealing private emails from those with political influence or information or thinking of some sort, in order to better insure a political outcome of one’s liking, is something that can be considered legitimate grounds for armed violence? Not arguing against, just want to make sure we get universally applicable ground rules established.
Consider, this is the same administration of rogue agents and if you like your doctor, you can…….
It’s cases like this that rely on past credibility. In this instance there is none.
Bill Wilson ·Who, at this point, would believe one word said by this administration? There has never been a more thoroughly discredited and documented nest of liars. They lie as a matter of strategy. When caught out on open mics or other fora, they admit this.I’m not sure I can draw the conclusion that pulling emails off of a political party’s server is equal to hacking a government server. At least as far as resulting in significant government retaliation. It seems asymmetrical.What if a high level US politician gets drunk and passes out on a park bench…while passed out a folder with some secret information falls onto the walkway… someone picks up this information and discovers it is highly prized strategic concerns from a super power and they keep it. This would be the equivalent to what happened to Hillary… dunno about the rest of the DNC.
Christopher Mayerle ·
There is a giant leap of logic based on what the FBI & DHS are claiming is “evidence.” There was spearphishing, which is done by Russian government and non-government actors…and Nigerian royalty trying to hide their ill-gotten gains in my bank account and snot-nosed American, European, NorK, Venezuelan, etc. hackers.
Oh, but they used malware that Russians sometimes use, which is also used by Nigerian royalty and snot-nosed American, European, NorK, Venezuelan, etc…. Once malware is used, any competent hacker can modify it for their own personal use.
They used a fake domain, just like the Russians…and Nigerian royalty and snot-nosed American, European, NorK, Venezuelan, etc….
Whoever did the hack is probably smart enough to cover their tracks. So, unless there is some HUMINT out there telling us who it really was, the joint report really lends no credence to the story.
Only Congress can figure it out. The last time they tried, none of the intelligence agencies showed up. A stern letter will follow.
If the Russians did hack it still doesn’t explain the incentive to have Trump over Hillary. Yes, I know Trump was saying nice things about Putin but everyone already knows that the Dems are patsys and the Russians have hilLIARy’s emails and much more with which to blackmail her to get what they want.
I have another thought. If the Russians were somehow involved with the leaks and assuming they have every reason for another feckless Dem admin, I think they were fooled by the polls and just wanted to weaken the presumptive winner when she becomes president.
And for all their trouble, presuming that the Russian agents were behind this, they uncovered, what? The Democratic party’s strategies on how to win the public over into accepting the 48.37 sets of transgendered pronouns?
If this is the case, then I almost feel sorry for the Russian agents who had to read this crap. I personally wouldn’t but then again, Putin isn’t my boss.
Matt Dermott Tucker
It’s the Rooskies!
– Black Lives Matter attacking police, people studying in libraries, and people trying to eat at local restaurants
– Obamacare premiums skyrocketing past monthly mortgage payments
– Blue Collar Union jobs being shunted aside for Environmentalists and Globalization
– A corrupt nominee that rigged her own primary coronation
– Said nominee calling a significant portion of the country “iredeemable deplorables”
– SJWs making constant nuisances of themselves
– Priveleged college snowflakes coming from multi-million dollar families and paying the value of a mid to upper level Merc or BMW a YEAR going on hunger strike because they feel “oppressed”…See More