
Dear Obama, from Infosec - rkcf
http://blog.erratasec.com/2017/01/dear-obama-from-infosec.html
======
jack9
> Russia's involvement is a huge issue

Not really. China's been doing much more overt theft and hacking for years. If
you think this is huge issue, you aren't paying attention. Russia got
information and then released it to the US public (which nobody wants to
authenticate or disavow). I consider this more of a good than a harm.

~~~
cyberpunk
I find this whole thing kind of baffling...

We (UK+US) have been doing this shit for years and much, much more obviously..

It's clearly an outrage though. Influencing the outcome of another countries
election is america's job! How dare those pesky russians have an interest in
getting a pro-ru govt installed in the US....

I mean, it's totally different to what we've been doing for decades
elsewhere... Right...

~~~
sergers
Exactly what I was thinking... While I know it's leaning to one side and
highly opinionated, I was watching Oliver Stone's untold history of the United
states, right after the election.

I actually felt some anger and disgust into how US has influenced other
nations and their own "democratic process" since it's beginning...

~~~
unclebucknasty
Not sure why that means we should be OK with the current situation though.
That logic is along the lines of "The U.S. has done some imperialistic stuff.
Nazi Germany did some imperialistic stuff. Let's call it a draw."

~~~
AnimalMuppet
Well, the US has orchestrated elections with considerable more manipulation
than Russia (allegedly) used here. The US has also overthrown governments that
it didn't like. So we can't call it a draw; morally we have to call it a loss
for the US. (That is, until you start thinking about things like Russia
rolling tanks into Warsaw in 1956 and Prague in 1968...)

~~~
unclebucknasty
Well, that's a lot to assume, including a.) that you know categorically that
the U.S. really has engaged in "considerably more manipulation" and b.) that
the quantity of manipulation alone determines the morality. For instance, does
manipulating two elections to depose brutal dictators add up to a "moral loss"
against manipulating one election of a peaceful, "benevolent" country to gain
access to its resources?

I don't want to go down the rabbit hole of arguing which interventions are
"more moral"\--just pointing out the flaw in your reasoning.

So, let's just concede that you are completely correct. That still doesn't
argue for the U.S. doing nothing in response, as some seem to suggest. It's
actually mind-blowing that people are offering that as a reason that the U.S.
should not protect its democratic process--allowing anyone to engage in an all
out assault on it with impunity.

------
rkcf
Before the GRIZZLY STEPPE report I found myself asking where the proof for the
insinuations of a Russian hack to influence the US elections was. I still ask
that question after the report was released. I find it completely plausible.
However, given the turbulence and hyper-partisanship of this election cycle, I
need a bit more than 'It was the Russians because we say so'.

~~~
dragonwriter
It was first attributed to the Russians by CrowdStrike. I have yet to see any
even remote indication of partisanship, especially _pro-Democratic_
partisanship by CrowdStrike or its ownership.

~~~
bcoates
CrowdStrike's partisanship is like the news media's: bias towards spectacle,
unwarranted certainty, and producing a coherent narrative facts be damned.

~~~
dragonwriter
Seems if that were true that they'd be pretty ineffective at their job as a
cybersecurity firm and easily outcompeted in the market.

~~~
bcoates
They don't get paid for the accuracy of their public pronouncements, it's just
a marketing tool to raise their profile. It doesn't prevent them from being
competent and maintaining clients.

Also, most clients would be more than happy to have someone proclaim that the
reason they got owned was because they were the target of spooky foreign state
actors and not because they're bad at security. There's no money in
downplaying the sophistication of an attack.

------
nl
Bloody Hell.

I find it very frustrating that intelligent people don't seem to follow
through their thought process here.

The intelligence community will _never_ be able to release enough information
to satisfy people. The information will either be so non-specific as to be
useless ("we had spies who told us" \- would anyone here believe that anymore
than they do now?), or so specific it will damage ongoing interests ("We have
communication intercepts between the hacking groups and the GRU/FSB, and there
they are, and here is how we got them" \- it's likely there are actual humans
involved in that process who will die if they are exposed).

It's fair to argue that this issue is _so important_ that burning some
resources is worth it, but no one is taking that angle.

Don't mistake this for defending the US report though. It was _terrible_ and
made the situation much more confused. Before the report it was much clearer
that Russian groups (either government or non-government) were involved, and
now people are (incorrectly) questioning even that because of the pathetic
report that was produced.

It's much more interesting to discuss the shared conclusion was formed that
"the Russians" were trying to throw the election to Trump (rather than just to
sow chaos).

~~~
petre
This _Russians hacked the election_ narrative is just like _Saddam has WMDs_
back ten years ago, only more dangerous. So unless any hard evidence comes to
light, we can safely dismiss it as propaganda and not get too excited about
it.

~~~
extra88
It's not "just like" that because people in the Bush administration were
pressuring the CIA to say the thinnest of evidence proved he had WMDs and was
trying to get nukes then repeated the claim again and again.

Cut to 2016 where none of the intelligence branches claim Russians "hacked the
election," they claim they hacked the DNC and other political organizations
for political ends. There's no evidence that anyone in the Obama
administration pressured the CIA, let alone multiple other intelligence
branches to make those claims. There have been concerns that Russians tampered
with voting machines themselves but they only things LEOs, intelligence
branches, and other representatives of the Executive branch have been saying
is when they've looked, they've found no evidence that it happened. So, not
like "Saddam has WMDs" 14-15 years ago.

~~~
nailer
It's being used as a shield for the DNC leaks (eg, make the issue that the
leak happened, rather than e.g. that the government deliberately played down
the Benghazi attacks, DNC had already chosen Hillary as the nominee and was
working to undermine Sanders), and to delegitamise the new administration, in
the same way Iraq WMD was being used as an excuse to build the US's position
in the Middle East.

~~~
extra88
Those are not analogous at all.

------
yakcyll
Pardon my ignorance, but as a non-American, I still have no bloody clue what
the election hacking was about.

That, plus, it shouldn't matter who has done it, since (especially if it was
Russia) they most likely won't be persecuted for it. What the focus should be
put on is making sure this won't happen again - but that the general public
isn't very interested in.

~~~
camus2
> Pardon my ignorance, but as a non-American, I still have no bloody clue what
> the election hacking was about.

There was no "election hacking", a DNC executive failed for a fishing scam,
there is absolutely no proof whatsoever that it was the Russians.

It's interesting how liberals became CIA and FBI shills in less that 2 weeks
after the election, while ignoring the wide spread corruption in their party.
Now maybe Russia did it, it doesn't make the content of the emails less true.
There is also an interesting display of anti Russian xenophobia on liberal
media, which proves that the party of "progress" is also capable of the worst
when it comes to hate speech and warmongering, now labelling anyone who
disagree as "traitor".

~~~
akhilcacharya
> while ignoring the wide spread corruption in their party

Because the crime of breaking in is far more disturbing than what was found,
given that even the "victim" brushed it off? If you ask people what the worst
part of the emails was, they point to out-of-context blurbs that are either
common practices or misleading.

I have legitimate cause for concern when the President to be inaugurated does
not believe intelligence about an American adversary.

~~~
Inconel
>concern when the President to be inaugurated does not believe intelligence
about an American adversary

I dislike Trump for many reasons but, based on the track record of the US
intelligence community over the course of the last 10-15 years, if he
approaches the intelligence briefings that are fed to him with the same
skepticism that he has displayed for climate science, I can only see that as a
positive.

~~~
curt15
Do we want him to brush off the next "Bin Laden determined to strike US"
intelligence reports? Let's not forget that the Iraq WMD fiasco was due in
large part to Bush being fixated on hitting Iraq even before 9/11 happened and
putting his thumb on the whole intelligence process. Obama on the other hand
has demonstrated no such predispositions toward confronting Russia and was
even criticized by the GOP earlier in his presidency for being too friendly
toward them (the US already tried a "reset" with Russia not too long ago).

------
hartator
Assange repeatably - and again tonight - said he was sure it wasn't Russia.

I think it's worth something to consider the main visible actor opinion.

~~~
santoriv
I have the same level of skepticism towards Assange that I do for the US
intelligence community, but for different reasons.

If Assange received a email dump from a source, how could he possibly know
with absolute certainty that the Russian government didn't have any
involvement? The only thing I can think of is if he or one of his very trusted
associates executed the attacks themselves. Isn't it possible that the Russian
government orchestrated the attacks and then handed the data off to a third
party? He has the same burden of proof as the CIA. ...and yes I understand
that Wikileaks can't reveal its sources but one should not really make such
claims if they can't be backed up with evidence.

~~~
bcoates
I think he's saying between the lines that his source is a insider, and it's
either a leak or an internal hack. That's the only way he could have any
reliable information at all about the source.

~~~
3131s
Assange strongly implied that the emails were leaked by Seth Rich.

Not sure if I believe that though, since it seems that Assange would have
proved it by now if it were true. Maybe he's withholding the proof as
leverage, or maybe he's lying. I do trust Assange much more than the CIA
though.

~~~
badlucklottery
>I do trust Assange much more than the CIA though.

But do you trust Assange more than the 17 US intelligence agencies? And the
actual president? And members of congress (including many Republicans who
would directly benefit from any intelligence pointing another way)?

At this point it's getting close to Assange vs the world. Even Trump won't
directly say the Russians weren't involved anymore, he's just muddying the
water with "can you really ever prove anything" talk.

~~~
tremon
_But do you trust Assange more than the 17 US intelligence agencies? And the
actual president?_

Yes. Does that really surprise you?

~~~
badlucklottery
Not surprised but definitely saddened a bit. Because at this point I doubt
anything is going to dispel the conspiracy for you if you think it's that
widespread. Anyone who disagrees will merely be "in on it".

------
tomohawk
The following is a a good fact sheet that puts the hacks in context with some
others, and contains some details that don't seem to be reported on:

[https://sharylattkisson.com/eight-facts-on-the-russian-
hacks...](https://sharylattkisson.com/eight-facts-on-the-russian-hacks/)

For example, Wikileaks says that they did not get the info from Russia, and
this is corroborated by the former British ambassador.

------
losvedir
This story is so frustrating. I feel like this is my "Gell-Mann Amnesia"
moment, and it's turning me off from WaPo, NYTimes, NPR, and all the sources I
used to read.

It's so bizarre to me how big this story has become only _now_ when the DNC
hacks themselves were done back in June. It's certainly hit a fever pitch
since Trump's election, but I can't tell if that's from his tweeting and
provocation, or from the Democrats angst at losing the election and trying to
save face.

Regardless, compared to China hacking us and stealing our fighter jet plans or
the data breach of 18 million personnel records from OPM, compromising the DNC
and releasing some authentic but mildly embarrassing emails seems so... minor,
I guess. Every time people say "hacking the election" it makes me so
frustrated since it minimizes the very _real_ fear of _actual_ election
hacking the more we're moving to electronic voting machines, that Bruce
Schneier talks about. It's also no surprise that half[0] of Clinton voters
believe "hacking the election" means that Russia actually fucking tampered
with the vote tallies now.

Surely any impact of the DNC email release months ago was minor compared to
say, Comey re-opening the Clinton case right before the election. And I dunno,
does an article in the BBC or The Economist count as foreign influence? What
about the Snowden leaks to The Guardian?

The evidence that APT28/29 were in the DNC servers is _moderately_ compelling,
I think. I can't find the data on the connection between APT28/29 and GRU/FSB,
though. In any case, it's clear Russia _could_ have not left a trace if they
were so inclined. Maybe they didn't think it was such a big deal so they were
a little sloppy? Certainly, a priori, it's hard to imagine the amount of
attention releasing DNC and Podesta emails would have gotten.

[0] [https://today.yougov.com/news/2016/12/27/belief-
conspiracies...](https://today.yougov.com/news/2016/12/27/belief-conspiracies-
largely-depends-political-iden/)

------
exabrial
Sorry, come again, what part of the election did 'Russia' hack again? I
thought it was a private organization.

~~~
akerro
The one that's spelled 'none'. WikiLeaks claimed many times Russia wasn't
involved, NYT admitted they faked the story. It's nothing more than liberal
tears who can't deal with losing elections in a system they were creating and
shaping for years.

~~~
CN7R
Last sentence was a bit caustic. Should WikiLeaks even be considered as a
reliable source after Assange demonstrated his political bias against Hillary?
Also, can you provide a link to NYT admitting to publishing a fake story?
Thanks.

~~~
donaldmorganjr
DKIM verification shows that everything from the Podesta leaks is real.

------
jaboutboul
First of all this piece should be lauded and it is this type of transparency
that ALL administrations should adhere too. Granted without revealing
sensitive sources.

Second, the Russians didn't hack the election. As far as we'll all know, no
voting machines were compromised. It may have been some email accounts of
campaign officials (about which Wikileaks has already publicly stated the
leaks didn't come from Russia). So starting off with the propagandist and
frankly bullshit headline "Russia hacked the election" is in and of itself
already portraying an extremely false narrative. Dangerous. Very dangerous.

------
peterwwillis
Does anyone here think that Russia would not try to influence our elections if
they had the chance?

I guess i'm confused as to why we should care if they did. Even if Trump
didn't win through fair elections, he was still nominated by us. I think
that's damning enough to say we deserve him.

------
xname2
Did Russians tell DNC chairwoman to leak debate questions to the HRC team? Did
Russians tell DNC to backstab Bernie Sanders? It is so crazy that democrats
and liberal main stream media are trying so hard to avoid discussing the real
problem. And they truly believe that people are stupid enough to no seeing
which problem is more important.

~~~
slowmotiony
...but you were not supposed to know!

------
msimpson
I have this argument almost every day. Thanks for writing it down.

------
GrumpyNl
Its so simple. Know the difference between hacking and leaking.

------
wbillingsley
Realistically, "Russia tried to access US politicians' emails" isn't news.
Surely that has been true every day of every week for at least twenty years.

And realistically, the public is not likely to be surprised by it either. It's
barely 3 years since we found out the NSA spied on the United Nations, its own
allies, and the Pope. And every day the news is full of western governments
wanting to legislate back doors into our iPhones so they can read all our
emails. Did anyone think notorious bad guy Putin would have his spy agencies
twiddling their thumbs thinking "no, we mustn't - it'd be wrong"?

"Foreign government tried to influence our election" has probably lost a lot
of its sting too, since Obama weighed in on the Brexit referendum, and every
world politician and their dog weighed in on what they thought of Trump.

Honestly, I don't think much of the public cares how Podesta's emails got
released, any more than they care how Trump's open-mike tape got released. And
embarrassment aside, I doubt the public thinks any of the leaks had much
impact on the result. I imagine much of the public muttering "Trump's a letch,
the Democrat higher-ups and parts of the media have a love-in, and politicians
think of the public as a mixture of easily-led minions and ignoramuses. Yup,
we'd pretty much guessed that already..."

I think the "news" in this is why a famously competent, articulate, and
measured president (Obama) is being a bit ham-fisted in his response, suddenly
upping the reaction quite late in the day.

If I can theorise for a mo -

The Democrats, and parts of the Republican party, are still coming to terms
with the surprise that they didn't win, and therefore believe that surely they
will be back in power in four years' time. So they want to make it as hard as
possible for Trump to deviate from longstanding policy in the meantime.

Moving to taking a hard diplomatic line on China and a soft line on Russia
(rather than the other way around) would be a huge strategic shift from past
policy, that would be quite hard to unpick. For nearly 40 years, the US
strategic position has been to reach out to China, and that the US's chief
strategic opponent has been Russia.

I wonder if the Democrats and GOP are starting to come to grips with where
Trump's views really are a bit of a departure from the recent past:

\- he's decided many of the things the US and Russia compete on these days
aren't especially important to the US's interests, so it's not worth
considering them the US's biggest opponent

\- he's decided that the way to argue/posture with China on points of
difference is to use the economy (eg, threat of tariffs) and more belligerent
diplomacy (eg, threat of recognising Taiwain), rather than the military (eg,
Freedom of navigation operations)

\- he's decided the US should stop trying to act as an altruistic
international arbiter, and instead attach unswerving value to being the US's
friend (eg, moving embassy in Israel to Jerusalem)

And of course, he seems to think the US is in a position where it can be a bit
of a dick about things if it wants to. For most of us, we have to be nice
people to work with or people won't work with us. But I guess if you're the US
it's quite hard for people to say "well I won't work with the world's biggest
economy then".

------
kgdinesh
Thanks Obama.

