As I understand from report the main methods used were:
- sendind emails with executable files that victims for some reason executed
So, they used script kiddie level tools anyone could use (and they are cheap; you don't have to buy expensive zero-day exploits on a black market). But of course this could be done intentionally so it looks amateur-ish.
This attacks could be easily mitigated. First, OS and applications should not run unknown files from Internet (because some people got used to double click on everything they get in email), second, we should start using physical cryptographic keys instead of passwords. Common people cannot handle passwords, they either make easily guessed passwords or enter them everywhere without thinking. I hate passwords too because they are hard to remember (and please don't suggest that I should download some software and upload my passwords to a "cloud" in NSA-controlled country).
By the way iOS is the only popular operating system I know that doesn't allow to execute files downloaded from web or emails. Apple did it the right way.
The report also contains a pretty useless firewall rule named "PAS TOOL PHP WEB KIT FOUND" that can be used to search malware in PHP files. It is interesting that they have replaced digits in 'base64_decode' function name with regexp as if there were any other similar functions.
Many of the whitepapers that I read about the DNC hack listed the attack's "sophistication" as proof that it came from a state actor, yet it was the most routine, simple attack conceivable. No rootkits, no 0 days, just simple phishing and social engineering.
"the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques."
A "range of techniques" includes things like rootkits.
The attackers did use stealthy persistence techniques often called 'rootkits".
"the SeaDaddy implant developed in Python and compiled with py2exe and another Powershell backdoor with persistence accomplished via Windows Management Instrumentation (WMI) system,[..] The Powershell backdoor is ingenious in its simplicity and power" 
>no 0 days
The same group used six 0-days in 2015. Either they didn't need to use them in this attack or they used them and deleted the evidence. Senit is APT28 see quote below:
"One of the striking characteristics of the Sednit group is its ability to come up with brand-new 0-day vulnerabilities regularly. In 2015, the group exploited no fewer than six 0-day vulnerabilities" 
>yet it was the most routine, simple attack conceivable.
The attack involved multiple pieces of custom written software and carefully researched spearfishing, the attackers spent time and effort to hide their tracks, maintain persistence and exfil data without detection. This level of effort and time does not qualify as routine, some intelligence agencies can't even write their own RATs.
Also, the WMI think they describe doesn't look like rootkit, more like cron analogue for Windows. I.e. on Unix it would be like installing a command inside crontab. That's not what is usually called a rootkit - a tool that is designed to conceals its presence (and other tools presence) from regular OS tools.
For example the RAT named X-Agent was one of several used in the DNC hack. It has never been put up for sale and it was used in previous Russian intelligence operations (for example tracking Ukraine artillery).
>That's not what is usually called a rootkit
It doesn't appear that anyone has reverse engineered the PC version of X-Agent but the android variant (which may be very different from the one used in the DNC hack) does take some steps to hide itself. Granted nothing suggests anything like kernel syscall hooking but those sorts of rootkit techniques are overrated because they leave obvious and detectable patterns of compromise.
I've written custom software (which was a lot harder to find than some python WMI hooks) for hacking a lot lower profile organisations. I've consulted for organisations that were hacked by Chinese hackers for bitcoin ransom that had custom software written too. I mean, high profile target, more effort can be expected. It does not mean the government is involved (although a lot of hacking groups seem to have government sidelines in China, though it does not appear to be their primary activity. I mean unless the Chinese government is itself into bitcoin ransoming).
But more seriously, if a component of our government that is this central to our democracy can be hacked by sending emails "open this exe", then ... I mean seriously. Sorry to say, but if that works, you deserve what happens. Is this really the level of competency in the people that are currently organising the government ?
Also the main thing this report does is validate that the information leaked to the press is indeed true (I figured as much, I mean why put so much effort into fighting fake news unless the real target information is not fake ?).
So Hillary and the DNC is in fact in the pocket of wall street. She DID use the DNC organisation to sabotage Bernie Sanders. There are in fact foreign donors to Hillary and the DNC that are illegal under rules that Hillary's government department is supposed to enforce ... this report mostly confirms that this is indeed the view that the top of the DNC has.
Certainly malware which costs serious resources to develop, like stuxnet, says something about the capabilities of the attacker. Given that at the high end of the resource spectrum it is mostly governments, resources required are suggestive of a government, but resources are not conclusive in and of themselves.
The attribution of the DNC hack to APT28 and APT29 was not based on its sophistication but on the similarity to the methods used, tradecraft fingerprints, and the sharing of C&C servers to past attacks.
The closest I can find is when McAfee says: "If it looks like the Russians it isn't the Russians." I said "It looks like the Russians." These statements don't contradict each other.
We do disagree on attribution, but I haven't discussed that in this thread. He is radically skeptical about ever attributing any state sponsored hacking, although in the same interview he does attribute Stuxnet to the US/Israel and the OPM hack to China.
... Hillary seems to actually be a very persnickety technology user. She is
not very comfortable with most technology, only liked to use a BlackBerry and,
more specifically, only liked to use a specific type of increasingly older and
more out-of-date BlackBerry.
She doesn't know how to use a desktop computer. She--
Wait, wait, wait. Back up. Back up. She doesn't know how to use a
Hillary Clinton, the Democratic presidential nominee in 2016,
does not know how to use a desktop computer, according to multiple sources
interviewed by the FBI.
How is that possible?
The short answer is, I don't know...
Most breaches begin with spear phishing, commodity exploits, a leaked key, or some other obvious or preventable detail.
However, this is almost never the “sophisticated” aspect of a breach worth talking about. It’s easy to point at an embarrassing vector and dismiss the rest of an attack.
Thus, do not judge an adversary by the vector they’ve chosen.
An adversary may show you what “sophistication” means after advancing from their beachhead."
Everything I've read indicates the bulk of work was done by Powershell scripts, along with a backdoor process running in the open. If you told me that the backdoor was a kernel level rootkit or something similar then I could get onboard, but as it stands I don't think the attack's complexity is a solid argument for "Russia did it"
I also remember that some gmail accounts of people from DNC staff were hacked. Gmail probably has logged what IP addresses were used when logging in with stolen passwords and they could be used as a hint too (though most probably they point to cheap VPS bought by some anonymous person or Tor node, I doubt anyone would use a stolen password from their real IP address).
They also sucked all the money from the state level campaigns into Hillary's campaign, hurting the entire party when they lost after spending so much money trying to force Hillary through.
> They also sucked all the money from the state level campaigns into Hillary's campaign.
You're misreading the Politico article about the Hillary Victory Fund. In that article, the DNC said it was using the initial money to set up common infrastructure for the state parties to use. The money that was supposed to go to the state parties did eventually go to the state parties as you can see here: https://www.opensecrets.org/jfc/summary.php?id=C00586537. To refresh your memory, the first [FEC maximum contribution amount] donated by an individual to the Hillary Victory Fund would go to her primary campaign, the next [max amount] would go to her general election campaign, the next [max amount] would go to the DNC, and the rest would be distributed among the state parties.
Also, I'm curious: whom would you consider a big name Democrat worthy of challenging Clinton not as a token opponent?
Wasserman-Schultz resigned to get out of the spotlight, which she believed would put more attention on Clinton for the general election.
We have the DNC's full email history here. Surely if they rigged the primary for Clinton, there would be at least one email showing it.
You know instead of the Hillary campaign saying, no no, you shouldn't appoint her, we have evidence that she is corrupt, here's the evidence.
And then after the evidence came to light the DNC was like, oh that's fine.
I hope that Hillary and the DNC are able to get their day in court so the evidence can be heard by a jury of their peers rather than the court of public opinion.
Be specific. Which emails are evidence of guilt? None of the emails I've seen have shown any evidence of the DNC rigging the primaries. Why would the resignations be evidence of guilt if the stated reasons for resignation are just as plausible?
Do you realize how much you sound like a conspiracy theorist?
For example, if I had to compete against someone in a drawing competition, and one of the judges was the parent of my competitor, and that judge has gone out of his way to train and groom his child for years for this competition, I may lament that the contest is rigged, even if the judge doesn't stuff the ballot box.
The DNC had "groomed" Clinton insofar as she had run in the primaries before and was familiar with the rules. She didn't receive any special treatment from the DNC during the primaries as far as their emails showed.
See sense 3
1. to manipulate or control usually by deceptive or dishonest means <rig an election>
2. to fix in advance for a desired result <rig the contest>
Editted to add second part of sense 3.
I'm not sure why you would think otherwise, though if you're implying that the example of extra, specialized training you provided above is an example of "fix in advance", I disagree. To "fix in advance" would mean that the outcome is predetermined, such as by bribes. This sense of fix is here:
7b. to influence the actions, outcome, or effect of by improper or illegal methods <the race had been fixed>
If you have some other meaning implied by your comment, please explain. I find I'm a terrible mind reader.
Never mind the fact that Sanders was treated much more gently by the Clinton campaign than Obama was in '08, the only salient fact is that minority voters should have yielded their preference for a man who has spent 30+ years in Washington and yet has largely failed to build any power base.
> high-ranking DNC officials discussed the possibility of making Sanders' religion a campaign issue in southern states
Did they do so? If so, thats clear meddling. If not, its shows intent of meddling.
> Paustenbach suggested that a past incident could be used to promote a "narrative for a story, which is that Bernie never had his act together, that his campaign was a mess."
Again, suggestion to do acts of meddling but not clear if they went through with it.
> Wasserman Schultz resigned as DNC chair after the leak, and was replaced by Donna Brazile and the Democratic National Committee issued an apology to Sanders. Speaking on CNN, Sanders responded to the email leak: "...it is an outrage and sad that you would have people in important positions in the DNC trying to undermine my campaign.
Regardless if the intended meddling happed or not, it is clear that even the party itself know that they were in the wrong.
They did not bring up Sanders's religion, so there was no meddling there.
This is out of context. Sanders was attacking the DNC in the media for following pre-agreed-upon rules in Nevada. They were discussing how to respond to those frankly ridiculous attacks. http://www.politifact.com/nevada/statements/2016/may/18/jeff...
> Regardless if the intended meddling happed or not, it is clear that even the party itself know that they were in the wrong.
To recap, we have their full email history here, yet we still can't find a single instance of them acting to rig the primaries against Sanders. Wasserman-Schultz resigned to get out of the spotlight, which she believed would put more attention on Clinton for the general election.
That led to a lot of acquaintances of mine that supported Sanders to continue bashing Clinton after the primaries were already over, when it would have been really helpful for the Democratic party to have been unified throughout all of that.
Again, I refer to them as delusional because the '16 primary fight was about 1/3 as dirty as the '08 primaries, and somehow Sanders supporters feel being treated gently isn't good enough, what they expected was a clear majority of democratic voters to simply hand over the reins of the Democratic Party. They truly expected politics to revolutionize itself because of Sanders presidential run, and somehow tricks would not be a part of politics instantly and forevermore.
I think my big takeaway regarding the primaries is that most 'progressive' Sanders voters simply wanted to hurt the American establishment, and if they couldn't do it with Bernie they wanted to cry, pick up their ball, and go home.
One might note that this author stops short of saying rather than merely insinuating that "publishing emails" constitutes "rigging an election", but he sure wrote a lot of words in that effort.
Maybe you are not an American. Do you know what the primaries are?
Sure, that's obviously true in general, but given the current absence of evidence of "sophistication," there is no reason to assume its presence.
With computer crime it's especially obvious because most journalists don't know enough to understand what's hard and what's not, so they take the word of law enforcement, and law enforcement has big motivation to make it sound as bad as possible, since it enhances their significance and their success for catching one. "I've caught a sophisticated hacker" sounds better than "I've found a 13-year old kid that sent someone an email saying 'give me your password' and the poor shmoe was silly enough to do just that".
So there won't be a lot of reports about catching unsophisticated hackers. Usually it's always "highly sophisticated" ones.
OTOH, I think the actual (claimed) proof was using of certain bit.ly account etc. not sophistication per se.
Also, it looks like there were at least 3 attacks on the DNC, and phishing was only involved in one. Maybe the whitepapers talked about the other ones.
This is the stats page for the bit.ly phishing link from that email showing two clicks in the right time frame:
It's not rocket science to dump the emails out of a Gmail account:
But the Podesta leaks aren't the same as the DNC leaks, which Wikileaks has long claimed came from an insider who was upset by their treatment of Bernie. It's also interesting to note that even if the DNC was hacked, that doesn't actually prove where the information given to Wikileaks came from.
Given how careless they are in other regards, I have to think that any insider that wants it can get their data. Just read the PDF on this email to see how Colin Powell & Hillary Clinton treat OPSEC: https://wikileaks.org/clinton-emails/emailid/30324
"When I asked why not they gave me all kinds of nonsense about how they gave out signals that could be read by spies, etc. Same reason they tried to keep mobile phones out of the suite. I had numerous meetings with them. We even opened one up for them to try to explain to me why it was more dangerous than say, a remote control for one of the many tvs in the suite. Or something embedded in my shoe heel. They never satisfied me and NSA/CIA wouldn't back off. So, we just went about our business and stopped asking. I had an ancient version of a PDA and used it. In general, the suite was so sealed that it is hard to get signals in or out wirelessly."
Also, the DNC has long been planning to reach for the Putin angle:
"Best approach is to slaughter Donald for his bromance with Putin, but not go too far betting on Putin re Syria. Brent"
Sure, HDD firmware hacks are cool, but in terms of R&D time far less efficient if you're willing to spam attempts to get in the front door. And I'd say they chose the appropriate level of sophistication given the success of the penetration.
The DNC isn't exactly an air-gapped Iranian nuclear centrifuge.
Then how is this evidence of a 'state-sponsored actor'?
And how did the narrative of this story ever get derailed from what it should have been, which was, "The DNC, and John Podesta in particular who had both his gmail and his Twitter accounts hacked, are incompetent", to "this is Russian interference in a US election"?
The news is why that particular person was targeted.
For which no proof is being presented. Lots of stuff about hacking tools, nothing really about identifying hackers. Lots of anonymous high level sources offering vague assurances and excuses for why we can't present info...
Although the media and many in politics are saying this, it's plainly false. There is no serious claim that the Russians interfered in our election.
The claims are that the Russians interfered in a presidential campaign. There's a huge difference between the process of campaigning, versus the election process of casting and counting votes.
Sowing this confusion is useful on at least two levels. Most obviously, it serves to undermine the legitimacy of the incoming President. But it's also useful in setting stage for future debate about campaign finance laws. It's important in that debate to keep separate the ideas of election - which the government must protect to ensure its faithfulness to the voters - versus the idea of campaigning, which the government may never interfere with, which is the primary purpose of the First Amendment.
There are many Republicans.
The world doesn't come with nice "I did it" notes. You make the best decisions you can with the information you have.
edit: seeing some reports they used "sophisticated" SQL injection... okay...I mean for a lay person it seems sophisticated, sure. But for anyone in the industry it's one of the oldest and easiest tricks in the book.
I really suspect news sources are knowingly exaggerating about the sophistication of this "hack" in order to make up-play Russia's role and downplay the DNC's culpability.
The summary: One used Powershell modules and Windows Scheduler to run scripts. Another used a combination of Twitter and public sites like Github/Dropbox for command and control.
In my opinion, neither is impressively sophisticated, and a skilled application developer could whip up something similar in a week or two. Using popular sites like Twitter/Dropbox for C&C has been common for years, and you can purchase similar backdoors/RATs for less than $100.
edit: Another interesting point from the link above: the two exploits stole exactly the same info once inside the DNC network. This would obviously be a big no-no for a sophisticated state actor as it doubles your chance of being compromised, but the author explains it away by claiming that Russia's intelligence agencies are disorganized and adversarial.
If it turned out that Russia was not behind these attacks, the scale of the bad publicity for Crowdstrike, Fidelis, Palo Alto Networks, etc. would nearly put them out of business. Unlike you, they have skin in the game and don't make these claims lightly.
This is the next generation of warfare, attribution is simply impossible. Even if there existed actual forensic evidence it could not be relied upon.
Reacting to purported attacks at face value will leave you like a 1-layer chess player, potentially acting on behalf of your adversary.
That one is more likely to be used by the Chinese: https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-...
The Chinese implementation of the XTunnel protocol is in Java (the GitHub project is written in Java, and you can see an embedded JRE in your blog post's link to the Chinese tool in the strings here: https://cynomix.invincea.com/sample/e2101519714f8a4056a9de18...). The FancyBear implementation is not (no embedded JRE here: https://cynomix.invincea.com/sample/f09780ba9eb7f7426f93126b...).
If you want to see how professionals do it, take a look at https://www.eset.com/int/about/newsroom/research/dissection-....
TIL I'm as good as a state level intelligence team.
Hey CIA/NSA we know you are reading this, my contact info is in my profile. Hire me.
> Yesterday, an Internet cyber hacker using the alias "cmdrfred" claimed on "HackerNews", an elite underground hacker site, that he or she personally built the hacking tools used by Russia to breach the DNC email servers and change the outcome of the recent election.
> "I have personally written that exact tool [it] uses ... encryption ... so you can access [the DNC] without fear."
> "I'm as good as a state level intelligence team."
> cmdrfred went on to taunt American intelligence agencies while admitting that he was aware that elite anti-cyberhacking teams from the NSA and CIA were monitoring his operations.
> The owner of HackerNews Paul Graham -- venture capitalist, flamboyant playboy, and known Russian sympathizer -- could not be reached for comment.
Not to totally ignore the pithiness, but I feel like your comment touches on something I see a ton here (and elsewhere): an offhand dismissal of the 'state level' intelligence capacity.
At the end of the day, the systems were exploited. That more sophisticated methods went unused should be a measure of efficiency and not necessarily execution. Why break out the trick play if your opponent can't keep from you running it up the middle?
I question how efficient it is to get caught red handed in the cookie jar of the worlds only super power.
Sure Vladimir Putin could invite President Obama to a state dinner and then proceed to blow his head off with an AK-47 but that would lack the subterfuge I expect from "state level actors". If this is indeed the Russians, they are as laughably incompetent as our elected officials in regards to infosec and thus a threat to no one.
"One senior government official, who had been briefed on an F.B.I. investigation into the matter, said that while there were attempts to penetrate the Republican committee’s systems, they were not successful."
The Hackers drove a truck.
Russians drive trucks.
The Russians did the hacking.
While its insulting that our government would try to pass off this drivel as "evidence", I'm much more dismayed that so many of my fellow Americans will uncritically accept it as such.
So, right now, let's assume it was a Russian spy agency that hacked the DNC. They're sitting there, thinking, "wow, these FBI folks somehow figured out it was us.". Then after reading this paper, "hmm, that's not a whole lot of evidence, they must have some proof that they're hiding. They must have a mole in our office. Find him, now."
But who knows, maybe they are too busy spying on hundreds of millions of Regular Joes to watch out for all of the Russian attacks.
This is an analysis report with information (including most significantly the IOCs in the accompanying files), some of which is previously released and some of which is newly declassified, for use in defending against and forensically identifying attacks by the threat groups identified.
No one is passing this off as evidence of anything.
1. Hackers drove a custom built tank that has Moscow factory markings.
2. Similar versions of the tank were used in other campaigns attributed to Russian intelligence.
3. Crew in the tank has been associated with Russian intelligence operations going back ten years.
4. The tank left from a building known to be associated with Russian intelligence hacking campaign.
Thus, the hackers probably take orders from Russian intelligence.
What about X-Agent? Seems like it would be harder to modify but I haven't looked into it.
>On top of that, it's entirely possible other completely unrelated attack is responsible for the leaks, but the malware used cleaned up after itself, leaving only the less sophisticated trail behind.
I like this point but it could be brought up in nearly all attributions.
Previous JARs have not attributed malicious cyber activity to specific
countries or threat actors. However, public attribution of these activities
to RIS is supported by technical indicators from the U.S. Intelligence
Community, DHS, FBI, the private sector, and other entities.
That's the point, its just another completely baseless, unsubstantiated accusation. This report contains nothing that suggests that the Russians were any more likely to be the source of the hack then countless other entities. The problem is that these baseless claims are being presented as evidence and being consumed uncritically as such. Take for example the headline in PcMag:
>Hacking Evidence in Hand, Obama Sanctions Russia
Are you trying to live up to the username or using it ironically?
The accusation that people who find this credible are uncritical is unfounded and insulting. The question is not "would someone in a government agency lie for political reasons," it is "would this many people, in a bunch of different agencies that have a history of lying to and competing with and distrusting each other, all sign on to the same lie, publicly, even though it's almost certain to be disproven in a few months."
Meanwhile, here's the alternative theory:
1. Some Russian intelligence agency hacked the DNC's email servers
2. They left behind evidence
3. The FBI/NSA//DHS/etc found that evidence
4. They classified it and aren't going to put it in a press release
None of those are the least bit hard to believe, and they are collectively WAY easier to swallow than this hypothetical vast, high-level conspiracy to discredit Trump or whatever it's supposed to be for.
1. The DNC and their members are generally ignorant of good security policy and had an easily hacked system.
2. Some Russian intelligence agency hacked the DNC's email servers.
3. A bunch of other people/hackers/groups hacked the DNC's email servers, as it was "left out in the open", so to speak, and was a trivial target..
4. One group at least used trivial methods to do so and left behind evidence.
5. The FBI/NSA//DHS/etc found that evidence.
6. One of these hackers passed information to WikiLeaks. WikiLeaks has denied that it was Russians who did this.
7. The FBI/CIA claim that the Russians hacked the DNC servers.
8. The press and political opportunists jump to the conclusion that it was the Russians who released this information to Wikileaks.
9. The FBI/CIA classified what they found and aren't going to put it in a press release.
Whether someone else also hacked the DNC would be interesting to know, but it doesn't really impinge on the question of whether there is or is not a vast-but-also-ham-handed-and-kind-of-contradictory conspiracy pushing theory a.
Except that point 7 isn't at all controversial. EVERYONE hacks EVERYONE ELSE in cyber-espionage; even Canada was probably hacking the lame-ass security DNC email server, if only to fill a dossier. Remember that Clinton was set to be the next president of the United States; it is very much in Russia's (and anyone else's) best interest to know as much about her and her team as they can learn. It's the job of American spooks to prevent this, and they completely fucked it up.
Frankly, I find the suggestion that telling voters more about their candidate constitutes 'interference' to be repugnant; but assuming that we are going to engineer a scandal about this, we need to ask whether the Russians released that information to Wikileaks? All of the evidence (ie what Wikileaks says) says otherwise.
>Frankly, I find the suggestion that telling voters more about their candidate constitutes 'interference' to be repugnant
Really? By this argument, I take it you believe political candidates' email (or cough tax returns) should automatically be made public?
Much as I agree with transparency, I think we need to recognize that everyone--including political candidates--has some right to private communications.
> but assuming that we are going to engineer a scandal about this, we need to ask whether the Russians released that information to Wikileaks?
The publicly released circumstantial evidence about Russian backing of "Guccifer 2.0" is fairly convincing, I would say. But (contrary to your claim above) the media have not "jumped to the conclusion" that the Russians were the ones who released the leaked emails; the FBI claimed* Russia was not merely behind the attacks but behind the leaks.
You all can debate the merits of trusting intelligence agencies or not, but the situation you described--in which the IC only suggested Russia was behind some intrusions but not the leaks--is not in fact the world we live in.
No, they don't, unless you see the need for them to act against our interests without our knowleddge because markets or something, or see some sort of right for them to rule others.
What about non-email communication? Face-to-face conversations should all be public? Does this extend to classified briefings? Should, for example, discussions of "Olympic Games" have been public before it was executed?
It's like in Germany where they're up in arms against this and seem to have forgotten the revelation that the USA was tapping Merkel's phone...
How about the FBI/CIA/DHS/NSA don't like people who don't play by the accepted rules sticking their nose into their business, so they tell a little white lie to try to avoid that?
The three letter agencies have had plenty of people killed before, so "they'd never do that" isn't going to get you very far.
That's more believable than "Russia hacked the DNC and the FBI was honest about it"?
It's certainly not crazy to not trust these people. Deceit is their job.
It's been very difficult for me to wade through the muck on this one.
The reason this is unusual is because the intelligence agencies are being so matter-of-fact about this. They're not trying to convince anyone, like they did with Iraq's WMDs. They're not giving out pointed leaks and then officially denying them. They - meaning multiple agencies - are jut saying, "Yeah, it was Russia", as if it's a settled issue.
The conclusion I draw from this is that there must be very strong evidence. Could that evidence be forged? Sure! (Another reason why the "show me the evidence or I won't believe it!" people sound nutso - why would they think it wasn't forged?) But to believe it's forged we need at least a plausible theory as to who would forge it and why. Right now, I'm drawing a blank.
It's not their job to do the convincing, they leave that to CNN, MSNBC or FOX. They just give some superficial material to get the ball rolling. There was next to no in depth articulation as to how this was definitely Russia. They're still twiddling their thumbs and saying 'we're confident' it was them.
"The evidence there is not strong"
Also, you think it's a conspiracy theory that the DNC would attack Trump? So... you don't seriously think that the RNC's media allies attacked Clinton? That's, uhh, just not how it works.
The DNC has very good reasons to deflect this one. They funneled all the state-level money to Hillary and made their losses worse. They helped promote Trump and the other "pied piper" candidates in the media early on. Their token opponent, Sanders, got far more enthusiasm than Hillary and both candidates under-performed past ones, with Trump edging her out based on smaller losses and working the electoral college to his advantage--a failure reminiscent of how Obama beat Hillary by focusing on delegates. They have to pin the failure on someone else for their own survival. If the average voter saw the actual emails and realized just how much the DNC orchestrated just to shoot itself in the foot here, they'd demand their replacement.
You're being foolish if you trust a word the FBI says without solid evidence.
1) To delegitimize the President-elect
2) To foment war with Russia
I didn't vote for the guy but I don't think he's near so bad as his political opponents try to paint him. I'd like to at least give him a chance and to whatever degree he turns out to suck, I'll still blame the Clinton campaign for promoting controlled opposition 'pied pipers' rather than promoting a robust debate in the interest of the American people.
Wrt #2, I will certainly demand very strong evidence before yielding any resistance to that notion.
This is so, so insulting. There is no way a fair observer could read the comments here and conclude that the people who find Russia hacking the DNC credible do so because they have blind faith in Clapper or the FBI or anyone else.
Isn't that what you were more or less saying here: https://news.ycombinator.com/item?id=13281736
The FBI has lied and will lie again, getting me to believe they lied about something is not hard, but they don't generally do it in big, obvious ways that are easy to disprove and involve a lot of co-conspirators and don't accomplish anything.
(Please remember what question we're trying to answer. It is not "Who hacked the DNC?". We are not in a position to know; hell, we don't even know there was a hack. It is also not "Is the FBI trustworthy?" Of course they're not. It is "Why are US intelligence agencies saying they have proof that Russia hacked the DNC?" The base hypothesis is "Because they do." The alternate hypothesis is what you're supplying.)
To quote you:
> No. I believe the official version
> What is the alternate hypothesis that's "marginally less likely"?
That Russia didn't hack the DNC. I think it's actually marginally more likely than that Russia didn't hack the DNC than that they did, but I was humoring you.
> "Why are US intelligence agencies saying they have proof that Russia hacked the DNC?" The base hypothesis is "Because they do." The alternate hypothesis is what you're supplying.
If these organizations are involved in questionable undertakings (it's their job, so I think we can agree the answer is yes), it's not much of a stretch of the imagination that they like to operate without supervision.
And yes, claiming that's all the evidence that exists is complete bullshit.
You've got access to all of his tax returns, and all the sealed details of his divorces, and all of his medical records, and all of his business records. You've got a whole squad of spies working for you, you can fabricate evidence, whatever you want. And this is a guy a guy who has outstanding loans from Russian banks in the hundreds of millions of dollars, and who has cheated on at least two of his wives. And this is what you go with? Accuse someone unrelated to him of hacking in to someone unrelated to him? That's your big plot? And you wait to do it until after the election? Via press release?
It's face saving through and through. And it makes a better story than "Trump beat us because we half-assed this election."
1. The Democrats ran a crap campaign based (in part) on racism and sexism. The probably would've lost by a wider margin to a ham sandwich than they did to Trump.
2. Russia probably is behind the DNC hacks and definitely tried to meddle in the election.
3. Russia definitely took hints on what would be useful from Trump and Trump probably actively collaborated with them.
Just because I think Russia meddled in the election doesn't mean that either domestic party ran a good campaign, or that Russia was ultimately able to sway the election.
The only question I want the intel community to weigh in on is the politically charged one they're avoiding: did Trump actively collaborate with a foreign power during the election?
That question is of pressing import (and disqualifies him from being president if he did). The rest of it is just details.
It has been couple weeks of non-stopped Russian blaming from the news. So far there's not much direct evidence beyond a unnamed CIA source. Now this lackbuster report and Obama expelling Russians happen on the same day. It really smacks an orchestrated political propaganda campaign.
Mind you I am not a blue dog Republican. I've voted 16 years straight for Democratic tickets including twice for Obama. Democratic Party has been a real disappointment this year, and Obama making this last partisan political act really tarnishes his legacy.
Clinton was the one saber rattling against Russia during the election, not Trump. So assuming your theory is Russia hacked the DNC, their motivations seem to be to avoid war, not escalate.
However, there is definitely a cultural war going on within Western civilization between cultural Marxists wanting a global, totalitarian state and libertarian civic nationalists wanting a decentralized, limited state.
Where Russia comes in, and what's really funny about all this, is that the "right" now finds itself aligned with former Soviet communists and the "left" finds itself aligned with the Islamic caliphate. Politics can make strange bedfellows indeed.
Man--I like the way you think, I really do, but this is not "easy". Technical simplicity and social ease are vastly different, and it's usually the humans who are getting hacked.
From the WaPo: "U.S. officials said the Republican National Committee’s computer systems were also probed and possibly penetrated by hackers tied to Russian intelligence services, but that it remains unclear how much material — if any — was taken from the RNC."
There were a number of significant caveats in the NYT and WaPo reporting of this that people have ignored because it confirms their existing assumptions. Probably by design; it lets the papers push their preferred narratives whilst giving them something to fall back on if it turns out not to be true.
But the point was, The russian hacker forums are orders of magnitude better than anything offered in English, and virtually every single one has made no secret (other than you need to read Russian) that they were working hard all year to get Trump "elected". From spreading rumours, distributing any dirt they could elicit, to boots on the ground playing with the voting machines. There was even talk of cash incentives from George Soros and Peter Thiel.
WaPo and NYT undoubtably have journalists that both read Russian and Frequent such forums. But it will be a while before they get the courage to go public with just how much US infrastructure is now completely pwned by the Ruskies. RNC and DNC only made headlines because some of the haul got sent to wikileaks aka FVEY.
My personal opinion is "America" deserves it for all the effort they put into making systems insecure.
That's why it's a social problem, not a technical problem, yeah?
The software should have secure default settings, if a user is not a computer engineer he should not be able to execute files from email attachments.
I suspect what needs to happen is each branch of government needs to have infosec people assigned to it that sets standards and policies around this stuff. If they don't comply there have to be consequences.
That is an impressively dismissive statement.
TLS client auth is really pretty much a dead letter: it's not easy at all. The biggest impediment for widespread TLS client auth seems to be that CA's are involved.
U2F might help.. and widespread MFA/2FA. Maybe we shouldn't be just tossing out passwords just yet, but just pushing for full MFA support for mission critical apps.
Windows 8, 8.1, and 10 don't allow it either. SmartScreen will block unsigned executables by default. Enterprise customers should be using AppLocker which does a lot of what SmartScreen does, but with more flexibility and control.
The issue arises when [bad] System Administrators disable SmartScreen because it is a "hassle" and don't deploy AppLocker in its place. This effectively sends their users back to a Windows 7 level of security.
If Microsoft forced either SmartScreen OR AppLocker, then we'd have people on here screaming about freedom, Microsoft is evil, "Embrace, extend and extinguish," year of the Linux desktop, and so on. This is the best they can without treating System Admins like babies (even when they're going to use that power for "evil").
Fortunately because of how signing works it makes malware that is signed incredibly easy to detect, since by the very nature of the signature the malware's contents cannot be altered.
Plus signing is costly, and that within itself can make malware attacks uneconomical. It also makes getting a signature rather complex since you need fake identification and payment to avoid being carted off by the authorities.
Overall signing requirements are a huge net win for the "good guys." And while it isn't a hard security boundary, it is a damn effective one in the real world.
Meh, just add a button or clickable link that allows the sysadmin to swiftly disable such warnings. Just make sure to put a scary-enough disclaimer that doing so can expose you to very bad, malicious stuff, from ill-intentioned people. It might get more application publishers to implement signing, just as Vista and 7 got rid of the "run everything as administrator" mentality through the use of UAC warnings.
> If Microsoft forced either SmartScreen OR AppLocker, then we'd have people on here screaming about freedom, Microsoft is evil,
There could be a separate UI for installing software or even a package manager. Microsoft doens't want to change anything because it is still the leader and earns huge profits.
System admins are going out of their way to disable default protections.
Also Windows 10 has a package manager and app store.
If you read that regexp carefully, it's more complicated than that. It doesn't match base64_decode, but it would match `='base'.(32*2).'_de'.'code'`. That's obfuscation in the payload, and in another comment I linked to some code that uses exactly this unusual (and pointless) obfuscation 
For what it's worth Yara is not a firewall. It's essentially an intelligent grep for incident response. An IOC is an indicator of compromise, so it's after the fact not a preventative measure.
A well hardened MAC system, which requires no effective user intervention, can limit access of arbitrary programs to a minimal set of files and devices to stop bad actors from actually getting anything without the user having to modify the MAC policy.
To save you a search it's here: https://www.themooltipass.com/
Setup goes like this:
1. User buys device which comes with keycards.
2. User selects pin code for their device
1. User attempts to login to site
2. Browser plugin requests login details from device
3. User is prompted for chip & pin from the device
4. User puts card into device and inputs pin
5. User clicks a button physically to aprove transaction
6. If correct data is sent to the browser for login
7. Subsiquent chip and pin signins aren't needed for X timeout
On the other hand, the average person doesn't need code words to get access to a protected resource. Bar "special organizations" I'd say there are very few people who are trained natrually into the concept of passwords. It's simple but it isn't done nearly enough for everyone to understand it which is in stark contrast when compaired to using a credit card with a pin code. Also, they could use similar or even the same pin code as their bank pin if they aren't concerned about security.
Look again, they handed you more than enough information.
>The report also contains a pretty useless firewall rule named "PAS TOOL PHP WEB KIT FOUND" that can be used to search malware in PHP files. It is interesting that they have replaced digits in 'base64_decode' function name with regexp as if there were any other similar functions.
root@:~/super_secret_govt_malware_samples# grep * -e bas|tail -n2
D285115E97C02063836F1CF8F91669C114052727C39BF4BD3C062AD5B3509E38:<?php $_f___f='base'.(32*2).'_de'.'code';$_f___f=$_f___f(str_replace("\n", '', 'FeBvsTxs6EyYpYb/gJ9ckCbVgYYH9D56SKL+O6KdPjkDV91JgHr1g8WRH7/uYOda3hUgVLO064UXPF5K
DA9F2804B16B369156E1B629AD3D2AAC79326B94284E43C7B8355F3DB71912B8:<?php $l___l_='base'.(32*2).'_de'.'code';$l___l_=$l___l_(str_replace("\n", '', 'QbO8tTv2NBoj4kUpujJlanEQeWDR+lrAJa6TWEnQEGF/uIiq3/G4ox/YCpaqsd6+QRNaT2pbpyBIDnlo
Because half of the US voting population are heavily invested in it being false.
So if you judge it by whether it "makes the case" against Russia, it will be lacking. We don't need 100 comments pointing that out.
1. Released the same day as the announcement of formal Russian Sanctions
2. Released the same day US made 35 "diplomats" (aka. known Human Intelligence Officers) Persona Non Grata. Which is a big deal.
This type of document is not intended to "make the case" because we don't do that.
Making a case for something by definition, would reveal sources and methods which we highly guard. It also opens the administration up for scrutiny because there are many pieces which cannot be revealed because of classification - so it's impossibly to fully "make a case."
This type of report does however hint suggestively and point in the direction of support. They just let you put the pieces together.
In fact they don't have to put anything out and most people wouldn't even know to ask (outside of possibly FOIA, which won't go far in these cases).
This document says the attack would've failed if the DNC had watched out for SQL injection and if DNC staffers had not fallen for a phishing scheme. We're supposed to believe only a nation-state could've conducted these attacks? This is "Baby's First Hack" level stuff.
This only further proves the government's propaganda policy for dealing with prominent cybersecurity breaches: blame it all on a foreign boogieman, as they did in the case of the Sony leak, so that the public doesn't catch on to just how very vulnerable all their electronic data is to practically anyone with the inclination to attempt to steal it.
No they wouldn't, and you are one of the people here who I would say should very well know it. :p
The DNC screwed up, but the overwhelming majority of everybody else screws up to this level or worse on the regular.
My quip was meant to emphasize that the security breaches described are basic, and likely could've been blocked if the DNC had, at the time, been following good security practice. Many corporations withstand such attacks routinely (and as you note, many don't).
The penetration of the DNC was not something that required professional-level skill, let alone the resources of a nation-state.
If all the docs are boring, isn't that all the more reason to think that a nation state had nothing to do with this?
The NSA would've intercepted your new router in the mail with a backdoor and could've used a TEMPEST van to read your screens from miles away. I have to believe those mighty Russian hackers have figured out comparable tricks by now and aren't reliant on people falling for idiotic phishing scams to get their information.
I mean, they have Snowden, who showed us the NSA's TAO programs... right?
They have the motive to do it, as much or more than anyone else and certainly the capacity. They are tied to a disinformation campaigns  that seem to have the goal of sowing suspicion between allies who oppose them and have everything to gain by swaying our political process.
That isn't enough evidence of course, but I'm surprised by the suspicion here and I can only chock it up to the increase in cynicism that is partly a result of these very actions. Because the Bush administration managed to finagle the intelligence enough to justify the war in Iraq we can just ignore our intelligence agencies whenever we want, right?
Internal bullshit like what was going on at the DNC is annoying, frustrating and unfortunate but people are falling for the trap hook line and sinker. This happens everywhere, you can damn be sure it was going on at the RNC as well but republicans wouldn't have abandoned their party (at this point its pretty clear nothing can make a fair number of them abandon their party) but independents and some liberals are doing exactly what the hackers want (whoever they turn out to be, likely the Russians): we are getting cynical and despondent. Rather than getting involved and saying we should clean house, its like "well if you didn't suck so much you wouldn't have lost." while doing nothing to make things suck less.
The first page states-
>This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.
>As part of the administration’s response, the FBI and Homeland Security Department also released a report with technical evidence intended to prove Russia’s military and civilian intelligence services were behind the hacking and to expose some of their most sensitive hacking infrastructure.
There are only two possible explanations for that:
1) A massive conspiracy in which the leaders of practically the entirety of the US military/intelligence community are willing to go on record with a hoax that will easily be unraveled by the incoming administration in a few months
2) There is clear and damning evidence that Russia did it, but it's classified
If they had damning evidence it'd be in their interest to release it.
Not that I don't believe you -- motive and opportunity for Russia are crystal clear here, and given that the results of the election are not going to be overturned, I see little gain for the current administration to lie about this.
Unless the actual perpetrators were the US intelligence community and/or the incoming administration. Then they could both hide their tracks or have no reason to unravel this. But why suspect the group with the most to gain or the community with the most experience doing this? It's not like there's any other examples of a Republican politician breaking into the DNC to tap their communications, using the intelligence agencies to help cover it up...
If the 2 were true, there would be also some conspiration to keep those important infomations classified.
Also, I can't help thinking about Snowden and the blown whistle of the NSA spying scheme.
We know our security agencies (and high level politicians) are not just dishonest, but actively violating the constitution. That people still mock those who distrust these agencies is so strange.
I'm more than willing to believe they're lying but I need something. Some evidence, a credible motive, a plausible story. You can't just say, "Well the FBI says so, and they lie all the time, so we can be sure it isn't so." That's the road that leads to disbelieving the moon landing.
> but I need something
That's how a lot of people feel about this whole "Russians rigged the election" thing, we'd like some evidence a little more substantial than "trust us", or at least we'd like to hear those words from someone we can trust, although no names come to mind. I can't think of very many public figures that I would trust these days.
It is perhaps significant that the "further analysis" leakfest started after Trump had already disappointed the spooks by bagging their special briefings, rather than back when all of the actual underlying facts were publicized well before election day. They always think they've got a thick enough profile of the incoming executive to bend him as far as they want. For example, Obama never closed their favorite EST Caribbean vacation-and-torture resort, even though doing so was a major campaign plank the first time around. Who knows what incriminating documents proved so persuasive? Maybe this time we've somehow elected someone who won't be in their pocket from Day One?
I agree on Obama, I think something must happen in the first few days where the new President is sat down and gets told how things really work. I would think that is what happened to many of Obama's promises. I doubt anyone would look forward to having that talk with Donald Trump.
Perhaps Obama is trying to make Trump's new administration look illegitimate?
Quite predictable, since they also considered the wild accusations of various politicians of a high level Russian conspiracy to be evidence.
In my view, they are all self-serving career politicians and none have shown any particular reason they should be trusted or respected. They were the ones who urged the knee-jerk reaction in Iraq which has cost trillions of dollars and many lives, among many other bad decisions that they all agree on.
So it's not nearly as low of a bar as you think. It's like you're claiming we must trust pharmaceutical representatives from competing companies when they both agree that we all need more pills.
Why is there urgency to rush to judgment about alleged Russian election meddling?
If it happened, then unless anyone thinks the outcome of the election should be reversed, we have four years to get to the bottom of it, take action, and prevent it from happening again.
It's very much reminiscent of the blind urgency to invade Iraq on shaky evidence. Note that one tactic used to get people to act is to create urgency. The simplest example is "this offer expires in 5 minutes..."
It's not so much that I give no credit to any officials as having authority, it's that they all agree on the knee-jerk urgency when there is no apparent need to do so, and none feel obligated to offer a point by point probability assessment of whatever information, inference, or intelligence has them 100% convinced, since the information disclosed so far paints a vague, circumstantial picture.
This sort of elitist disregard for the basic rationality of the public is not something I can stomach, so I simply can't take their assurances at face value.
This likely transcends party lines in the same way that support for wall street or the oil industry transcends party lines.
But my impression is that [Trump vs. Clinton] is way more powerful than any other bias right now.
I think this is correct, and largely why the Russia meddling has become more an article of faith than a highly concerning possibility.
> The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.
This is an official joint statement from the USIC, which is an official body composed of 16 different intelligence organizations:
Also, not sure how the agency count helps anything. Exactly what did agencies like the NRO and Coast Guard contribute here?
Most of this report is pretty simple social engineering tactics/table stakes.
If this is all there is; then the skepticism coming from the incoming administration is warranted.
You mean the point of the persons who wrote it? Probably not.
But the intent of those who decided to release it today? It most likely was. If so many HN commenters--sophisticated computer users and people with cognitive abilities way above average--feel like it doesn't go without saying, how many CNN or Fox News will realise it doesn't make the case against Russian?
They'll just remember that some documents were released by some US intel agencies, proving that the Russians did "it" (without even a clear idea of what "it" might be), while the US govt punished them. That's good enough for people who saw no problem with going to war against Iraq because of 9/11.
What worries me is that all of this Russian hackers + Fake News agitprop is that it looks like a perfect prelude to justify Internet censorship in Western democracies. When Internet allowed Obama to "steal" the Democratic party from Clinton in 2008, it was OK: maybe a bit embarrassing, but his policies weren't really that different from hers. But in 2016, with Sanders almost stealing the party again, and Trump taking the GOP then the general election by storm, politicians and their sponsors realised they didn't effectively influence voters through mainstream media any more. They've finally realised how scared they should be of Internet, and they'll want to "civilise" it, i.e. make it as controllable as billionaire-owned TV channels and newspaper. I hope they'll fail, but some of them will try to.
> Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.
Yet it doesn't actually make a case for Russian Malicious Cyber Activity. People are pointing out the obvious spin on this especially since it's extremely light on technical details or a reason to exist other than propaganda. Reasonable companies don't need to be taught about phishing attacks.