
“Guccifer2”'s second release from DNC hack - chvid
https://guccifer2.wordpress.com/2016/06/21/hillary-clinton/
======
tanderson92
As tptacek indicates, it isn't remarkable that the DNC was hacked or that this
hack is legit. What is interesting is the content; Parts 1 & 2 suggest, but do
not confirm, that the DNC was operating as an ally of the Clinton campaign.

E.g. lots of HRC defense docs, oppo research on Biden, prominence given to HRC
in candidate position tableaus, etc.

~~~
eli
Why is it remarkable that the DNC is an ally of one of the most prominent
Democrats in the country?

~~~
tanderson92
It's remarkable that the documents show the DNC positioning themselves as an
ally of a prominent Democrat in May of 2015 (and October, re: Biden) who was
not the nominee and who hadn't been voted on by any American.

In other words: favoritism in a party primary by the party infrastructure is
supposed to be verboten.

~~~
csallen
It seems like Guccifer2 could easily craft whatever narrative he wants by
selectively releasing documents. For example, he could release pro-Hillary
material and withhold similar material for other candidates. Or, even without
any malcontent on his part, the documents he nabbed may not be fairly
representative.

~~~
mordocai
If that was the case, the DNC could easily release materials showing that his
releases are not representative. They can even make them up.

~~~
tptacek
Yes. That makes a lot of sense. One of the two largest political parties in
the US should definitely engage publicly in a debate with "Guccifer2". Why
didn't anyone else think of that?

~~~
blackbagboys
If there's credible evidence that the party apparatus had decided that the fix
was in from the start, they owe an explanation to their millions of supporters
and rank and file members, no matter how silly the hacker's nom de guerre.

~~~
tptacek
Sorry. I didn't mean to say directly that "Guccifer2" might not be a credible
source. More, sort of slyly imply it.

------
andrewdb
This should go without saying, but be careful downloading those documents.
Guccifer 2.0 could have added a malware payload.

~~~
davesque
He also could have added his own content to craft his own narrative. I doubt
any of the documents were digitally signed or could really be verified for
their authenticity in any way.

~~~
hackuser
That's just a different kind of malware payload, and probably a more
consequential one.

------
tptacek
The prevailing attitude in the software security community seems to be, Russia
or not, this is probably not just some random hacker doing it for the lulz.

The game theory of publicly hacking the DNC before an election makes zero
sense (what happens when/if Clinton wins), but that doesn't mean some other
organization couldn't be doing it just to mess with them.

~~~
alanh
> _The game theory of publicly hacking the DNC before an election makes zero
> sense (what happens when /if Clinton wins)_

I’m having a hard time following this. The game theory of… Russians?… hacking
the DNC for what purpose? How _would_ a Clinton win affect this?

> _In an earlier statement, Trump said the hack was a political ploy concocted
> by the Democrats._ (Bloomberg)

Or maybe you’re referring to that?

~~~
tptacek
Sorry, I was typing on my phone earlier.

It is awfully high risk and awfully low reward for Russia to hack the DNC
right before the 2016 election. The Democrats are likely to win, and they'll
come into office with a fresh memory of Russia having screwed with them.

On the other hand: if they _did_ hack the DNC, but screwed up by getting
caught, maybe it makes sense to recast the operation as some sort of
Wikileaks-esque information liberation strike?

Or, some faction either inside or outside of Russia is actively trying to mess
with some other faction inside of Russia by implicating them in such a
cartoonish plot.

The thing I don't see being taken very seriously among security people is the
idea that there is a random hacker somewhere in eastern Europe who pulled this
off on their own. Not because it would be hard to do, but because the specific
traces that apparently got left don't make sense for a freelancer.

~~~
fapjacks
Can you please link to an analysis (or something) of the specific traces that
were apparently left behind?

~~~
r721
[https://www.crowdstrike.com/blog/bears-midst-intrusion-
democ...](https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-
national-committee/)

[https://motherboard.vice.com/read/guccifer-20-is-likely-a-
ru...](https://motherboard.vice.com/read/guccifer-20-is-likely-a-russian-
government-attempt-to-cover-up-their-own-hack)

[https://www.washingtonpost.com/world/national-
security/cyber...](https://www.washingtonpost.com/world/national-
security/cyber-researchers-confirm-russian-government-hack-of-democratic-
national-committee/2016/06/20/e7375bc0-3719-11e6-9ccd-d6005beac8b3_story.html)

~~~
fapjacks
Thanks!

------
strictnein
The "Romanian" hacker whose command of the Romanian language is suspect:

[https://motherboard.vice.com/read/dnc-hacker-
guccifer-20-int...](https://motherboard.vice.com/read/dnc-hacker-
guccifer-20-interview)

------
20tibbygt06
Article talking about the files here. [0]

Also, I find it interesting that the Clinton Foundation has come out saying
they have been breached as well. [1]

[0] [http://www.washingtonexaminer.com/hacker-releases-clinton-
fo...](http://www.washingtonexaminer.com/hacker-releases-clinton-foundation-
documents/article/2594452) [1]
[http://www.bloomberg.com/news/articles/2016-06-21/clinton-
fo...](http://www.bloomberg.com/news/articles/2016-06-21/clinton-foundation-
said-to-be-breached-by-russian-hackers)

paragraph of interest:

"Clinton Foundation officials said the organization hadn’t been notified of
the breach and declined to comment further. The compromise of the foundation’s
computers was first identified by government investigators as recently as last
week, the people familiar with the matter said. Agents monitor servers used by
hackers to communicate with their targets, giving them a back channel view of
attacks, often even before the victims detect them."

------
cromwellian
I wish someone would hack major news organizations, especially FoxNews, so
that we can see the extent to which the news organizations collaborate and act
on behalf of the political parties and donors.

~~~
shard972
Can't, they have actual firewalls and some basic security competence.

~~~
mSparks
If you think that just because all their editors are on CIA payroll, I think
you have to much faith in CIA security.

~~~
mSparks
And for the ignorant among you that think I'm joking:

[http://www.carlbernstein.com/magazine_cia_and_media.php](http://www.carlbernstein.com/magazine_cia_and_media.php)

------
atonse
Crazy. How is this going to alter opsec in future campaigns?

Campaigns have members and volunteers with such varied skill sets. Putting
security policies in would be a big ask.

~~~
tptacek
Not at all. All campaigns are owned up all the time.

------
PopsiclePete
Why the hell are these docx and xlsx files? What kind of macro malware b.s.
did he put in them? No way am I reading anything that's not plain 7bit ASCII
from that website.

------
Overtonwindow
This is what I like, equal opportunity hacking.

~~~
sickbeard
Except when the FBI hacks an iphone. Then we all get mad

~~~
sjwright
I don't recall anyone getting mad at _the FBI_ hacking an iPhone.

What I think you're referring to is when "we all" got mad at the FBI for
trying to force Apple to hack an iPhone. "We all" objected to the idea of a
national government compelling a private company to invent new lock-picking
tools.

------
chmielewski
NSI... despicable. Reading this can get you a court date.

