
Ask HN: Why is russian election hacking so easy to identify? - mkoryak
You would think that a nation state would have the resources to make identification hard.<p>Some reporters were recently able to trace some evil emails sent from a server belonging to &#x27;fancy bear&#x27;.<p>If you are fancy bear, wouldnt you have multiple servers around the world or maybe a botnet?
======
enkiv2
The short answer is that they probably wanted to be identified. After all,
it's an intelligence operation, so it serves several disinfo/doublecross-
related purposes simultaneously.

The -bear APTs (fancy, fuzzy, etc.) had already been associated with russian
military intelligence for _years_ , by the civillian cybersecurity community,
posting evidence of that on the public internet, before the election.

(There's always the possibility that some other organization is posing as
russian military intelligence & using a well-known APT to spoof their own
work. But, supporting multiple sides of a conflict in a way that leaves clear
evidence is standard MO for russian intelligence since the 90s -- though
typically, russian intelligence will publically take credit for the ops later
on.)

It's important to understand that the primary purpose was probably not to get
a particular candidate elected, but instead to undermine public trust in the
election apparatus. (The easiest way to do that is to take advantage of the
fact -- generally known among security people but not among normies -- that
the election apparatus actually is pretty insecure.) Actually influencing
election results is secondary to making sure american citizens argue over
whether or not they were influenced by a foreign power.

------
pepsi
[https://techcrunch.com/2017/07/20/microsoft-fancy-bear-
lawsu...](https://techcrunch.com/2017/07/20/microsoft-fancy-bear-lawsuit-
poulsen/)

------
auganov
Usually you'd want to reuse existing hacking infrastructure that is people,
exploits, operational practices etc. These are bound to leave fingerprints.

Doing everything from scratch to ensure secrecy would take significant
resources. With no guarantee of success.

