
A Russian Expat Leading the Fight to Protect America - pmcpinto
http://www.esquire.com/news-politics/a49902/the-russian-emigre-leading-the-fight-to-protect-america/
======
legacynl
"Falcon had identified not one but two Russian intruders: Cozy Bear, ... and
Fancy Bear ..."

I'm not that knowledgeable about current hacking technologies so maybe this is
a dumb question, but how can they 'identify' the origin of these
spy-/malwares?

Wouldn't a group with equal or more knowledge be able to obfuscate their
origin?

I think it's kind of suspicious that Russian state hackers would send the data
to a server that's apparently already known to be owned by Russia.

~~~
strictnein
Reading a report on one of the groups, I believe they only worked during
Russian business hours, took off Russian holidays, etc. I mean, sure, you
could do all that from Tahiti, but you couple that with other indicators and
it starts to form a clearer picture.

~~~
legacynl
That is pretty flimsy, any other examples of those indicators?

~~~
strictnein
I was just offering an example of another indicator, not that it was proof of
anything by itself.

Some technical indicators: [https://www.crowdstrike.com/blog/bears-midst-
intrusion-democ...](https://www.crowdstrike.com/blog/bears-midst-intrusion-
democratic-national-committee/)

------
sschueller
CrowdStrike is very close to the FBI. I would take anything they say with a
grain of salt.

~~~
jessaustin
A headline with the phrase "Leading the Fight to Protect America" encourages
skepticism as well.

TFA, Alperovitch, and one supposes the ruling party as well, can't seem to
make up their mind about Alperovitch. For a security dude, he seems to make a
lot of political judgments. Maybe that's a natural part of the whole
attribution "know thy enemy" shtick, but it does undermine the impartiality of
his attributions. Then again, maybe they do need some help with diplomacy:

 _Administration officials asked Alperovitch to attend a meeting to consider
what to do. He was the only native Russian in the room._

~~~
hourislate
If you're to take the article at face value, I find the following interesting.

>"You have to let them save face," he told the group. "escalation will not end
well."

Why is it these so called Russian friends always encourage everyone to do
nothing, it's always something like "best not to do anything and just let it
go".

Seems like that would just encourage more of the same.

Now who knows what was really said and this is just an article that isn't any
official report. Its not like the Administration is going to tell Esquire
their plans. Never the less if that is what he said I would be hesitant to
trust such a person.

~~~
Bartweiss
> escalation will not end well

This seems like a good moment to differentiate what we _want_ to do from what
we _can_ do. One reading of this is "just ignore the bully and they won't make
things worse", which I agree is silly. But the other reading is "holy shit
guys, don't set a norm of publicizing state hacking efforts, _we will not look
good_."

Granting the claim that Russia did this, it's worth following up with the
possibility that the Equation Group auction was done to embarrass the TAO and
the US more broadly. A few people I've seen (including the grugq, who is
hardly a partisan) have suggested that it was revealed to threaten escalation
if the US keeps pushing to embarrass Russia over hacking.

In which case, the compliance argument may be totally reasonable. It wouldn't
be giving in, it'd just be counseling politicians that maybe they don't want
to take the moral high ground here.

------
binarray2000
> AND PUTIN'S WORST NIGHTMARE

Yes, we know that the "U.S. No Longer An Actual Democracy" [1] but, can the US
MSM at least TRY to make us think that it is? I mean, look at these:

[http://static3.businessinsider.com/image/54dca6ffeab8ea393e4...](http://static3.businessinsider.com/image/54dca6ffeab8ea393e4a3dec-800-/screen%20shot%202015-02-12%20at%208.12.25%20am.png)

[http://gdb.rferl.org/4881AF9E-1328-47C6-B468-559DBCE349DF_w9...](http://gdb.rferl.org/4881AF9E-1328-47C6-B468-559DBCE349DF_w974_n_s.jpg)

[http://gdb.rferl.org/4D8132DF-9979-4338-8545-2FE3A9B7E259_w9...](http://gdb.rferl.org/4D8132DF-9979-4338-8545-2FE3A9B7E259_w974_n_s.jpg)

[http://cdn.spectator.co.uk/content/uploads/2016/10/cover_spe...](http://cdn.spectator.co.uk/content/uploads/2016/10/cover_spec_22-oct_issues-426x570.jpg)

[http://cdn.static-
economist.com/sites/default/files/imagecac...](http://cdn.static-
economist.com/sites/default/files/imagecache/print-cover-full/print-
covers/20161022_cuk400.jpg)

(This is just a small excerpt. Search Google images for _putin cover page_.
Just for fun, Google search for _trump cover page_ as well.)

Is this objective, non-partisan, peace-oriented media? Or lying, partisan and
warmongering media?

Where are the evidences that Russia or Putin himself are breaking into US
servers? No one provides one.

Why is this not a headline news:

James Clapper: Non-state actor likely to blame for massive cyberattack

[http://www.cbsnews.com/news/james-clapper-non-state-actor-
li...](http://www.cbsnews.com/news/james-clapper-non-state-actor-likely-to-
blame-for-massive-cyberattack/)

Where is Joe Biden to threaten Russia after these revelations by Clapper?

Listen, I want to live in peace and prosperity and not have to die (or be
maimed) in some war or to be a refugee or to have to build my home. And, I
hope, neither do YOU.

[1] Don't believe me. Believe the son of the US billionaire Herbert Sandler:

[https://wikileaks.org/podesta-
emails/emailid/3723#efmAMnANJA...](https://wikileaks.org/podesta-
emails/emailid/3723#efmAMnANJANLAN9)

~~~
rahrahrah
One thing I learned from following the US elections for a year is that all
those people saying "omg free media is soooooo important in a democracy"
turned out to be absolutely right.

The subtlety is that "controlled media" isn't just "state-owned media"
(something that the US media loves pointing out about RT for example). If you
have a system where incentives are put in place so that the media has an
interest in presenting an image of those in power which is the image that
those in power would like to present, then the media won't show you an
objective picture. In the case of democracies (and here I'm not only talking
about the US) these incentives are what's called "access". That is, the idea
that if someone in the media wants to call an insider in the government, that
guy will take the call. Media companies who don't have this access aren't seen
as serious and lose viewers. That is why media in the US (and most
democracies) isn't really free (for the most part; there are exceptions):
because if they're seen to be very anti-establishment, they won't get any
access.

Here's a thought experiment. Imagine that we institute by law a "Chinese wall"
[1], of the type that banks already have, between government and media.
Prediction: the first time this idea will be proposed, both the government and
the media will hysterically oppose this idea. The government because they lose
on of the most important forms of control that they have over the media, and
the media because they lose their competitive advantage over any well informed
youtuber with smart things to say.

[1]
[https://en.wikipedia.org/wiki/Chinese_wall](https://en.wikipedia.org/wiki/Chinese_wall)

~~~
maxerickson
What does compliance with your rule look like? The media only talking to
designated spokespeople on recorded video? The media just publishing press
releases? How do they investigate things that the government PR doesn't want
to discuss?

I have a problem with the way access is traded on, but I think the solution is
to convince some media companies to have some backbone (we invited Titus J.
Stuffington on tonight, he didn't want to talk about the bribes he took, we
decided not to get some damn fool to defend the bribes in his stead), not to
ban them from talking to government officials.

~~~
rahrahrah
I hear you, this is the old debate of incentives versus regulation: which one
should you use in order to extract the outcome you believe is better. I don't
know.

The problem with "convince media companies" to have backbone is one of
incentives. Media companies are fighting amongst them, and if the incentives
are such that the ones that "have a backbone" will always lose to the ones
that don't, then your approach is a non-starter (and I believe this is
currently the case because viewers demand that the media company have
"access").

So how could you align a media company having a backbone with it winning in
the media company competition? Well, for example by targeting a niche audience
that hates seeing media companies pandering for the establishment. With that
audience, your media company would win. Of course, only small companies target
small niches. Then the question becomes: is that audience big enough that the
big established media companies notice and want to gun for it?

Then there's an additional complication which is that with your method media
companies aren't _really_ calling out poor bad governmental behaviours, but
only having the appearance of doing so. That is, they try to appeal to the "no
bullshit crowd" by calling out minor pre-negociated points, while still
cuddling with the government on the things that really matter.

It's a complicated world.

~~~
maxerickson
Again, what does compliance with your rule look like? How do journalists do
journalism if they can't talk to key players in the stories they investigate?

~~~
rahrahrah
Again, I don't know.

Maybe the answer isn't that they can't talk altogether, but that regulations
should be put in place for communications. For example, if a journalist wants
to talk to a government official they can do so whenever the government
officla say so, but the _full_ content of the conversation has to be made
available to all media companies before any one of them can publish anything.
The downside with this approach is that it removes the incentive of any one
media company to put much resources into investigative journalism that gets it
scoops from conversations with the government. The upside with this approach
is that it removes the obvious conflict of interests which is that media
companies won't trash the government in order to be fed these scoops (and when
I say "the government" I'm including the opposition; one's business model is
to be fed by the Republicans (Fox) the other's will be to be fed by the
Democrats (MSNBC))

------
jessaustin
Is _Esquire_ always like this? "A tall, bald fifty-four-year-old"... "met a
striking dark-haired computer geek"... "her friend was short, swarthy, and
squint-eyed". "Alperovitch was in New York when"... "on a rare vacation, in
Italy"... "while piloting his hand-built Polynesian proa around Cape Horn."
Too many inane trivial details!

~~~
Bartweiss
Yes, they're always like that. Grantland and Vice and Vanity Fair are the
same.

It's a very specific kind of journalism that's contorting straight-news
reporting into human interest column space by focusing on individuals and
appearances. I often don't like it, but the alternative for _Esquire_ was
running an essay on mixology or something, not a cleaner version of this
piece.

------
lifeisstillgood
It looks good but ... how does Falcon allow crowdstrike to monitor a network?

It presumably is an endpoint installed agent with root access, but if the
attacker has got there first how do you trust your install. And even if you
trust it (maybe they have not subourned the kernel) but even so ... how?

Is it as simple as "we know what code they are using, so we look for that
code?"

~~~
lifeisstillgood
So it seems they have a database of known exploits (their homemade page shows
a "sticky-keys" exploit of windows login).

They had come across the Russian malware before - to the extent of decompiling
it enough to extract comments or variable names - so they had a pretty good
idea of what to look for.

Interesting - I suppose the only way to get good at this game is to start and
collect as you go along. Pokemon for IDS

