
Ask HN: Do you believe the Russia hacking story? - apeace
I&#x27;m interested to hear from security experts: have you seen any evidence of the claims in the media? From a technical perspective, do you believe that 1) Russia hacked the DNC and John Podesta, and 2) Russia provided exfiltrated data to WikiLeaks and under the pseudonym &quot;Guccifer 2.0&quot;?<p>Keep this on-topic for HN: what are the technical arguments being made that attribute these acts to the same attacker, and what are the technical arguments being made that the attacker is related to the Russian government?<p>I&#x27;m surprised that the tech community hasn&#x27;t been more vocal in demanding evidence for these claims. In 2010, Bruce Schneier was skeptical of claims that Stuxnet was created by the U.S., or even targeted a specific nuclear enrichment facility[0]. Of course, he later agreed that evidence showed it had targeted the Natanz plant[1]. This is the skeptical and scientific approach I expect from the tech community. Am I missing something the rest of the community has seen?<p>[0] https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2010&#x2F;10&#x2F;stuxnet.html<p>[1] https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2012&#x2F;02&#x2F;another_piece_o.html
======
ENOTTY
With regard to your first part of your first contention, that Russia hacked
the DNC, read the Crowdstrike report[1]. That will contain the most technical
indicators publicly revealed.

The second part, that Russia hacked John Podesta, is summarized mostly in
these analyses.[2][3] Basically some actor used a single bitly account to
create nearly 10,000 bitly links to sites that were obvious phishing domains
for Google logins. Many of these links targeted people who only Russia would
be interested in, for example, investigators of the MH17 shootdown,
journalists and academics with a Russia focus, and organizations in the former
Soviet states and Europe. Some of these domains were also linked to other
campaigns known to be linked to APT28 or 29 (i.e., Russia).

Your second contention, that Russia provided exfiltrated data to Wikileaks,
seems to rely mostly on classified intelligence. All the public evidence is
circumstantial. Up to you to believe it or not.

[1]: [https://www.crowdstrike.com/blog/bears-midst-intrusion-
democ...](https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-
national-committee/)

[2]: [https://www.secureworks.com/research/threat-
group-4127-targe...](https://www.secureworks.com/research/threat-
group-4127-targets-google-accounts)

[3]: [https://www.threatconnect.com/blog/russia-hacks-
bellingcat-m...](https://www.threatconnect.com/blog/russia-hacks-bellingcat-
mh17-investigation/)

------
bjourne
Read FireEye's reports about APT28 and APT29:

    
    
        http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf
        https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
    

They are finding various correlations, such as Russian language settings,
compile timestamps matching Russian work days, malware activity ceasing on
Russian holidays...

As a software developer, I can say that this "feels" par for the course for
software developed in large organizations. Software that does it's job but
obvious things, such as not realizing the developers workstation's locale
names are being added to the binary, is forgotten.

Note also that the accusations against Russia hacking the DNC aren't coming
out of the blue. The same evidence was there already in July when the emails
were published by WikiLeaks. It wasn't until _after the election_ that pundits
started to believe something other than Russia was behind the hack.

~~~
avenoir
> APT28 had consistently compiled Russian language settings into their
> malware. The second was that malware compile times from 2007 to 2014
> corresponded to normal business hours in the UTC \+ 4 time zone, which
> includes major Russian cities such as Moscow and St. Petersburg.

You'd think that a state-sponsored attack would be a little less careless.
This seems like a rookie give-away and makes me wonder if this is made to look
like Russia instead of being Russia. When I think of a state-sponsored attack,
I automatically envision something in the realm of Stuxnet in terms of quality
and the level of sophistication.

~~~
mcphage
What you're saying is, it looks like Russia, so it wasn't Russia. But if it
didn't look like Russia, then maybe it would have been Russia.

~~~
avenoir
Perhaps I shouldn't have made such a wild claim. I was just taken aback at the
lack of competence due to lots of giveaways hidden in plain sight. Hard to
believe that a state-sponsored cyber espionage actor doesn't realize that the
first thing investigators would do is disassemble the executable once it's
discovered. I guess everything's possible. @bjourne does make a good point in
his reply.

~~~
hourislate
Did you ever consider the Russians didn't care if they were caught or
intentionally left clues to let the American Administration understand that
they were responsible?

------
pingswept
I scanned through the 25-page unclassified report released a couple of days
ago. I found no technical details, which I'm afraid means that the question
devolves to whether you trust the FBI, CIA, and the NSA, (plus the non-
technical arguments about Putin's motivations in the report, which I found
reasonably compelling).

It seems to me that it would be difficult to get all three agencies to agree
that Russia was behind the DNC email hack if that weren't true, so I suspect
it's probably true, but not with great certainty.

~~~
phkahler
That lack of technical details is pretty much all I need to hear. The whole
thing smells of politics. The media have certainly been trying to conflate all
of it in an attempt to make people think Trumps victory is invalid - and even
worse, a plot by Putin.

------
alistproducer2
Watching so-called "liberals" defending the CIA is really the icing on the
cake for the last 8 years. The tribalism in this country transcends
principles. As long as your team is the one winning, it doesn't matter what it
does. If your team is losing, no alliance is too strange, no principle is too
important to be cast aside in pursuit of destroying the enemy.

Do I like Donold Trump? Not a chance. Does my dislike of Trump make me more
conducive to believe spies and spooks more than I did before November? Not
really.

~~~
stinkytaco
I think you are creating a strawman. One does not have to approve of the CIA
to think that they are correct. Indeed, if one believes the CIA and NSA are
adept at collecting intelligence on the American people, it follows that they
might also be good at collecting it on Russia. There does not have to be an
"alliance" to agree on established facts.

Indeed, I would argue that your point that if one disproves of CIA tactics
that everything the CIA says or asserts is now somehow in question is probably
more "tribalistic" than viewing data and agreeing on facts. That smacks of
conspiracy theory.

Whether or not this makes any of this true is another story, but tribalism is
a bad response.

~~~
alistproducer2
How much one decides to believe a particular statement from organizations that
claim never to be able to provide proof is entirely dependent on one's need
for that statement to be true. If that statement provides for the destruction
of "the other side" people are much more likely to believe it.

>everything the CIA says or asserts is now somehow in question

The CIA is an agency where everyone is taught to lie. They of course call it
something else, tradcecraft, but they are, by profession, liars. A good spy
knows to trust no one, especially not other spies.

~~~
gvd
What is the motive for the CIA to lie?

~~~
alistproducer2
Is this a serious question?

------
setra
Watching various media outlets they tend to say something along the lines of:
"Russia hacked the election!". Reporting on the hack of the DNC / Podesta,
followed by saying that Russia attempted to influence the US election. Both of
which are documented and true events. However they attempt to conflate the two
in presentation into the literal "Russia hacked John Podesta and Clinton to
help Trump". Which is not justified from the limited amount of information
available. Similarly they will talk about voting machine hacks, followed by
Russia's attempted influence, and in presentation giving you the impression
that "Russia hacked US voting machines".

~~~
morganvachon
I think the first (Russia hacked to install Trump) is more likely than the
second (Russia _successfully_ hacked US voting machines). I draw this
conclusion only because of things I had noticed long before the hacks came to
light, mostly Trump's ambiguity regarding his relationship with Putin and
Russia from a business point of view. It didn't help his position when he
started appointing Russia-friendly cabinet members.

Still, I don't think you can draw a direct line from Trump to Putin regarding
the hacks themselves; in other words, Trump didn't order the attacks, he just
reaped the benefits.

~~~
FoeNyx
> in other words, Trump didn't order the attacks

Yep, he did not order it, he only asked kindly for some help

> “Russia, if you’re listening, I hope you’re able to find the 30,000 emails
> that are missing,”

------
tyingq
The hack was cheap, low-tech phishing and social engineering. Almost anyone
could have sponsored it. That makes it difficult to attribute to anyone in
particular.

------
rweba
There are 3 possibilities:

1) Russia hacked the election

2) Russia did not hack the election but the intelligence community wrongly
believes they did

3) Russia did not hack the election and the intelligence agencies don't
believe they did but have decided to lie to the American people for their own
reasons.

Some of the reasons to believe they did:

[1] They had the motivation

[2] They have the capability

[3] They have done similar attacks in the past (as has the US)

[4] Russian linked hacking groups like Fancy Bear have been tied to the
attacks

[5] The choice of targets and leaked information appeared to benefit Russia.

I think there is enough evidence to point to Russia hacking as the most
probable explanation.

------
droithomme
The Podesta emails were acquired by someone who downloaded them from gmail
after Podesta voluntarily gave his password in response to a standard mass
phishing email that many other people got as well. I don't think this is
reasonably called hacking, it's more social engineering or scamming. It also
doesn't seem to be spear phishing (a targetted attack) given that large
numbers of people got the same emails.

Wikileaks says the DNC leaks were given to them personally by an insider. This
is not a hack either.

Did foreign state intelligence services hack or try to hack servers of
political operations in the US? Undoubtedly. That's their job and we've seen
that there's not a lot of sense or security awareness by a lot of politicians,
so it's likely a lot gets through.

Did foreign states give the info to Wikileaks? There's no evidence of that,
and there's evidence from those who are in a position to know, such as
Wikileaks, to the contrary.

~~~
captainmuon
Is there hard proof though that the Podesta leak was just a mass fishing by-
catch and it was nothing else? It would be trivial for a hacker to place false
emails as a red herring.

What I find more interesting than the origin of the leaks is that almost
nobody is talking about their content. Little in the US, almost not at all
internationally. The only reporting about the Podesta leaks I noticed was that
they occurred, and that some people described as cranks were discussing them
on reddit - but at least in Germany no discussion of the contents, and in US
media not much more. Same for the DNC leaks. The "pied piper" memo, where
Democrats were hoping Trump would win the primaries... And how they tried to
undermine Sanders - how did that not cause more outrage?

------
petermcd
Researchers traced the phishing link back to a bitly account that wasn't
password protected. When they saw the other links in the account, they were
able to decode the email address each link corresponded to. This unveiled that
gaining access to Podesta's emails was part of a coordinated attack against
the Clinton campaign. See [http://motherboard.vice.com/read/how-hackers-broke-
into-john...](http://motherboard.vice.com/read/how-hackers-broke-into-john-
podesta-and-colin-powells-gmail-accounts)

The second question is one of attribution (i.e. "Who did it?"). That's harder.
I believe it was the Russians, but that's based more on faith in the U.S. and
British intelligence services getting this one right than a smoking gun
linking back to the Kremlin.

------
wonderflpancake
EXECUTIVE SUMMARY: Trump had RT and Fox News. Clinton had MSNBC, CNN,
Politico, NY Times, Washington Post, and most other MSM.

The whole report sounds so whiney and political. It reminds me of the
evergoing effort by the left to dismiss Fox News (or flip the tables, its the
same thing). Its an admission that the news that got out, justly or unjustly,
wasn't the news they wanted to get out.

The media still purposely confuses the story. It was never about voter
machine/count hacking. It was about narrative and whether or not the leaks
changed hearts and minds.

------
3131s
I'm not inclined to trust the US government, but more importantly it seems
like the focus on Russia is a distraction (whether or not Russia is
responsible). What's important is the content of those emails.

------
kapauldo
This is a bizarre question. It's tantamount to asking "do you think the fbi
and cia lied to the american people?"

~~~
ticviking
When you put it that way...

What about Iraq? Or MKUltra, or Iran-Contra?

That does not mean they lied this time, but that context makes this question
less bizarre than many seem to think

------
AndrewKahr
I think the U.S is very behind when it comes to cybersecurity. We are throwing
kids who are talented into prison and giving them felonies at a young age
because the U.S does not understand them. If they get a felony for minor drug
possession or messing around online as a teen, they have this negative feeling
towards law enforcment and choose private sector.

But hey, isn't the private sector the new law enforcement? I recall the FBI
not even requesting the DNC server for forensic analysis, we just passed it
off to a 3rd party. [https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-
for...](https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for-access-
to-hacked-computer-servers?utm_term=.ruGN32mgm#.cnKw0V1E1)

