
Group including former NSA technical director disputes Russian hacking claims - hedora
https://consortiumnews.com/2016/12/12/us-intel-vets-dispute-russia-hacking-claims/
======
md_
There's a lotta stupid in this post that anyone who has taken a Networking 101
course could identify.

'Emails being passed across the World Wide Web are broken down into smaller
segments called packets...To accomplish this, all the packets that form a
message are assigned an identifying number that enables the receiving end to
collect them for reassembly. Moreover, each packet carries the originator and
ultimate receiver Internet protocol number (either IPV4 or IPV6) that enables
the network to route data...The bottom line is that the NSA would know where
and how any “hacked” emails from the DNC, HRC or any other servers were routed
through the network. This process can sometimes require a closer look into the
routing to sort out intermediate clients, but in the end sender and recipient
can be traced across the network.'

Er, what? I don't know who wrote that, but this is not how it works.

They seem to be saying that TCP sequence numbers allow tracing of SMTP
messages as they are forwarded around the web. But...no, they don't. They
allow tracing a single SMTP connection from source to destination host, but
that's it.

If the attackers forwarded exfiltrated emails via SMTP (which I doubt), those
messages would have a different TCP sequence (obviously), so would not be
trivially traceable as described.

More likely, the attackers downloaded the target mailbox and then uploaded it
via some other connection at some other time, providing no consecutive action
to trace.

The whole description here of how "packets" work is both wrong and idiotically
wrong. I don't think this is intentional, because it's just too stupid. But it
doesn't have the meaning they say it has.

~~~
md_
Also, reading the names of the signers, they're all long-retired and/or
formerly senior, i.e., people who probably don't know how this whole Internet
thing works.

There's no actual technical claim here, other than, "The NSA should be 100%
sure, and they said they were less than 100% sure, so they aren't sure."

I mean, OK? I guess?

~~~
hedora
Well, they are writing to members of congress. The first author helped
establish prism, etc.

~~~
md_
But the point isn't that they dumbed it down. It's that the crux of their
argument is basically, "You should be able to track the stolen emails." Which
is fundamentally not true.

Easy example:

1\. Download emails via IMAP 2\. Disconnect from Tor 3\. Copy emails via FTP
to wherever

#1 and #3 have different IP addresses and TCP connections. The whole "packet
number" thing is just ludicrous--that's not how the Force works!

There are of course lots of details here about potentially piercing Tor with
traffic analysis and compromised onion routers, etc, etc. But their
description of how the system works and why the NSA should definitely be able
to give 100% attribution is literally wrong. It's not a simplification--it's
just literally not how the code works.

~~~
hedora
I read it differently. They present three hypothetical sources for the emails:

Leak at DNC

Hacking

Leak at NSA

The reconstruction of emails explains why an NSA employee could be the leaker.
The technical argument about detecting hacking is unrelated (except that a
packet reconstruction of all DNC traffic would contain evidence of the attack
and data transfer, which the NSA can supposedly reliably data mine).

I agree a better article would be nice.

------
hedora
Cached copy:
[http://webcache.googleusercontent.com/search?q=cache:https:/...](http://webcache.googleusercontent.com/search?q=cache:https://consortiumnews.com/2016/12/12/us-
intel-vets-dispute-russia-hacking-claims/)

------
joeblow9999
Most important comment from the article: "... would we really care so much if
it was Woodward & Bernstein that did this? Was there a crime they committed
other than breaking into some computers to copy data that voters should have
been made aware of anyway? "

THIS

------
kafkaesq
[2016]

