
The Perfect Weapon: How Russian Cyberpower Invaded the U.S - 40acres
http://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
======
coldtea
The perfect BS. That a country that

(a) continuously meddles with internal Russian affairs ever after the Cold
War,

(b) with tons of sponsored "NG"Os, "watchdogs", journalists paid to publish
any old BS about Russian politics IN Russia and outside,

(c) which even openly sponsors the main opposition trying to finally re-
install some friendly patchy in power (a la Yeltsin, who will sell the country
to foreign interests wholesale),

(d) and which, unlike Russia, which is the pale relic of an ex-superpower,
that even that wasn't all that powerful as it was thought to be, actually has
the power, money, and global resources to actually make that have an effect
(sponsoring 'orange revolutions' nearby, enforcing sanctions, etc),

has the gal to speak of Russia "invading" them and affecting their elections
is beyond me. Especially since the one that won the elections had tons of free
coverage from all established US media and broadcasters, and huge support in
the fly-over states.

These fake cries of foreign intervention are a double insult for all those
countries, in Latin America, Africa, Asia, even Europe, that had their
legitimate leaders replaced by dictators with the help of US intervention,
from the Shah to Pinochet and beyond to today's mess in the Middle East.

~~~
kafkaesq
_[hypocrisy, double standards, orange revolutions, misdirection, blah blah
blah]_

None of which has any bearing whatsoever on the simple factual matter of how
the attacks happened, and what parties where responsible.

~~~
coldtea
> _None of which has any bearing whatsoever on the simple factual matter of
> how the attacks happened, and what parties where responsible._

Which I didn't address and I don't care much about. However the attacks
happened, and whoever parties were responsible, they were obviously
inconsequential to the outcome of the elections.

But pointing out the hypocrisy is important, because it brings things to
perspective and shows the absurdity of the complaints.

~~~
mturmon
You are raising two points.

One is wrong: These attacks were not "obviously inconsequential", and the
complaints of Russian hacking of the DNC are not "absurd".

Your second point ("the US does it too") is not wrong, but should not stop
discussion of this particular attack. The U.S. has meddled in elections, but
at the very least, the tactics here were new in their scale and effectiveness.

~~~
coldtea
> _The U.S. has meddled in elections, but at the very least, the tactics here
> were new in their scale and effectiveness._

Compared e.g. to downright sponsoring and conspiring and successfully
establishing a military dictatorship in my country (and tons of others)?

Or (for the "new" part) hacking and reading the mails of all world leaders,
allies or not?

Hardly new and hardly major.

------
vinhboy
This kind of thing has also happens to smart, tech-savy, people within the
tech community. It's sad to me that we are glossing over this issue because it
did not happen in the physical world.

Imagine if we caught Russian agents physically breaking into the DNC office,
in a Watergate-esque sort of way. I doubt we'd just continue our election
business as usual.

I feel like as members of the tech community, it's sort of our job to connect
the dots for people. We always lament every time we hear about security
breaches on popular websites and want to do something about it. But this is
happening at the highest level in our country and I feel like everyone is just
kinda silent about it because they don't want to be appear partisan.

------
jdenning
I'm a bit nervous about some of the proposed legislation that is (ostensibly)
protect us from this..I mean the patriot act was supposed to protect everyone
from terrorism, but it served to legitimize the surveillance state.

[https://www.congress.gov/bill/114th-congress/house-
bill/5181](https://www.congress.gov/bill/114th-congress/house-bill/5181)
[https://www.congress.gov/bill/114th-congress/senate-
bill/269...](https://www.congress.gov/bill/114th-congress/senate-
bill/2692/all-info)

"...develop and synchronize government initiatives to expose and counter
foreign information operations directed against U.S. national security
interests and advance fact-based narratives that support U.S. allies and
interests"

~~~
RcouF1uZ4gsC
"...develop and synchronize government initiatives to expose and counter
foreign information operations directed against U.S. national security
interests and advance fact-based narratives that support U.S. allies and
interests"

This sounds suspiciously close to an official propaganda department. Anything
that does not conform to the government narrative will be deemed a foreign
information operation.

------
SomeStupidPoint
I think the question here, implied but not directly asked is: did Donald J
Trump commit an act of treason by collaborating with a foreign power (and
their military) to undermine our electoral process?

I don't know that we've seen evidence of that yet, but it's possible that
someone such as the NSA has evidence of the collaboration from secret
channels.

I certainly believe that a man whose entire campaign was based on lies and
whose business dealings are littered with fraud and broken contracts would
betray the nation while campaigning to lead it. His economic decisions (and
appointments) have already betrayed the very people who got him elected.

So I hope we get a detailed report before Obama leaves office -- because no
person should be allowed to serve as president if they've committed an act of
treason (and particularly if they committed treason during the election)!

Tl;dr: Spy agencies, please help us know if Treacherous Trump is really
Treasonous Trump.

------
mi100hael
This whole article smacks of the NY Times reporting surrounding WMDs in Iraq.
Yet again we have some very alarming assertions made by top officials and
being parroted by the paper without any actual concrete evidence being
produced and displayed to the public. If anything, it's worse because the NY
Times is taking the assertions as gospel and jumping to their own conclusions.

 _> In the meantime, the hackers moved on to targets outside the D.N.C.,
including Mrs. Clinton’s campaign chairman, John D. Podesta, whose private
email account was hacked months later._

 _> Even Mr. Podesta, a savvy Washington insider who had written a 2014 report
on cyberprivacy for President Obama, did not truly understand the gravity of
the hacking._

This is the first I'm hearing of any ties to Podesta's emails and Russians. If
anything, I always assumed that particular attack was some teenager in
Tennessee[0].

In this case the CIA & co absolutely need to publish all the evidence they
have linking Russia to the intrusions. The evidence they are claiming could be
anything from something as tenuous as "превед"[1] in a log file to something
as concrete as a CIA mole participating in the attacks from within the walls
of the Kremlin. Right now we the people are being bombarded from all sides
with 100% unhelpful bullshit.

[0]
[https://en.wikipedia.org/wiki/Sarah_Palin_email_hack](https://en.wikipedia.org/wiki/Sarah_Palin_email_hack)

[1]
[https://en.wikipedia.org/wiki/Preved](https://en.wikipedia.org/wiki/Preved)

~~~
tdb7893
At the very least do you believe that the American election was targeted by
hackers in Russia? That part seems to be pretty well agreed upon by multiple
agencies inside and outside the government.

~~~
alexmingoia
I'll believe evidence - not authority.

~~~
linkregister
That's a good sentiment to have.

The evidence has been released by both Crowdstrike and FireEye. They both have
fairly detailed writeups of them. Attribution is an important part of computer
security. FireEye has a similar reputation for attribution and forensics as
Kaspersky.

~~~
pjmorris
The NYT article mentions that the Russian groups Crowdstrike identified ('Cozy
Bear', 'Fancy Bear') were working independently of each other. If two groups
gained access independently, how is anyone sure that one or more other groups
or individuals didn't also gain access? And the article never makes the link
to how Wikipedia came to receive the information, only assumes it was one of
the two Russian groups Crowdstrike identified.

~~~
linkregister
These are good questions to ask. The right thing for you to do is study how a
computer intrusion campaign works and how attribution is done. Everyone has
their own limit of when they trust expert advice. For example, I refuse to
trust my doctor's advice fully and pull up studies at home to verify what she
tells me. It's good to learn more about computer security if it interests you.

It is extremely difficult, maybe impossible, to completely conceal one's
pivots, implants, and exfiltration in a computer network. True, it is possible
that an attacker that is more capable than GRU/Cozy Bear and FSB/Fancy Bear
did just that and exfiltrated the emails and documents. But this is going
beyond what the evidence suggests.

------
Jimmie_Rustle
I don't really understand why there is so much energy being spent trying to
spin this into Russia subverting our Democracy. Corporate and government
espionage happens. In this case, the results of these 'hacks' has been release
of confidential emails and documents. If the contents of these dumps were
completely mundane, I do not think it would have been a big deal at all. It's
sort of like saying 'information subverted our Democracy'.

------
mturmon
This has been flagged, but doing so is a mistake. It is a hack in both senses
of the term, and clearly merits discussion here.

~~~
bootload
_" It is a hack in both senses of the term, and clearly merits discussion
here."_

Agree @mturmon, not happy HN is flagging away stories like this. A lot of
security, technical and business questions can be asked and learned from this
incident.

~~~
mturmon
Exactly, it is hacking in the biggest sense of the term. It is not just run-
of-the-mill politics, which I admit, HN does not do well at, and is no fun to
discuss here.

------
secabeen
Security is hard. Look at the email from Charles Delevan. It legitimized the
phishing attack on John Podesta, and caused the compromise of Mr. Podesta's
emails. All the advice in that email is good, solid, and accurate. But he
claims to have typoed one word, where he typed legitimate instead of
illegitimate, and the hackers were in. A good reminder that in security, you
have to be right every time, and the attackers only need you to slip up once.

~~~
Nomentatus
Not to mention the ancient adage: "In business, nothing is done until it is
checked."

------
RcouF1uZ4gsC
Looks like they learned from the US.

[https://www.theguardian.com/world/2004/nov/26/ukraine.usa](https://www.theguardian.com/world/2004/nov/26/ukraine.usa)

[http://www.washingtonsblog.com/2014/12/head-stratfor-
private...](http://www.washingtonsblog.com/2014/12/head-stratfor-private-cia-
says-overthrow-yanukovych-blatant-coup-history.html)

[https://en.wikipedia.org/wiki/CIA_activities_in_Syria#War.2C...](https://en.wikipedia.org/wiki/CIA_activities_in_Syria#War.2C_2011.E2.80.9316)

~~~
Nomentatus
You did read the article, I hope. Including the mention of the extensive 1996
Russian cyberattack on the US?

------
loukrazy
Why do news outlets insist on calling everything Cyber-xyz. This is
Information warfare aided by technical tools. It's not the hacking that is the
weapon but how and where you release the information gained by those tools.

