Hacker News new | comments | show | ask | jobs | submit login
Russia Hysteria Infects WashPost: False Story About Hacking U.S. Electric Grid (theintercept.com)
328 points by platinumrad on Dec 31, 2016 | hide | past | web | favorite | 262 comments



We reverse engineered the IOC's included in Thursday's report from the FBI that released malware data that is supposedly associated with the 'Russian' election hack. Turns out it's a hacking group in Ukraine, anyone can get it for free (but if you're nice you'll donate to their BTC account) and the DHS and FBI sample was several versions behind.

https://www.wordfence.com/blog/2016/12/russia-malware-ip-hac...

The trouble is that the report was released at the same time as the expulsion of 35 Russian diplomats and the whole context around it, including some of the language used in the report, implies it's proof of a Russian election hack.

We also analyzed the IP's they shared and they're just a mish-mash of known attack IP's around the world - probably hacked hosts being used as an attack platform by everyone. ISP's include Linode and Digital Ocean.

I'm having serious Colin Powell UN flashbacks here: IC releases questionable data as justification for military policy decisions.

I've done two interviews this morning about this story and I'm told by one very well known journalist that publications both on the left and right think this whole thing stinks. Here's RS's take.

www.rollingstone.com/politics/features/something-about-this-russia-story-stinks-w458439


I was curious about a couple of things that weren't clear in the article.

1) Did you actually verify that the IPs provided were part of the Tor network, or did you just see that their rDNS records currently have the string "tor" in them, as you described in the article?

2) Did you identify the malware you reversed by file hash, or did you find something that hit on the provided Yara sig?

I think adding these details to the article might give technical readers some more insight into and more confidence in the methods used.


Not sure why the post above has been downvoted to 0. Too bad. It's some of the best research we've ever done.

We didn't look at the hashes or using hashing to identify anything. It's quite a story actually:

The report provided a Yara sig for PHP malware. We used that to search our own attack data that we log and we found the full malware sample that matched the sig.

But it was encrypted. It's a small piece of PHP that gets a key from a POST param or COOKIE and decrypts the executable code and runs it. Quite smart actually if you want to obfuscate code. So we needed the key.

We looked at our attack data and thankfully we logged one of the attempts by an attacker to access the malware including their key. It was just 4 lowercase chars so we could have bruteforced it.

We decrypted the malware. That gave us the name and version. We googled that and found the distro site. Claim they're a Ukrainian group and the version DHS has a Yara sig for is several versions behind.

We downloaded it. It's a standard PHP 'shell' malware which means it's just a utility to manage a compromised site. File management, upload, OS info, OS command running etc. Nothing super scary and the most common malware we see. Nothing that would infect a workstation in a watering-hole attack.

Regarding the IPs: No we just did a PTR lookup and assumed they're Tor exit nodes as they say they are.

Mark.


> Not sure why the post above has been downvoted to 0. Too bad. It's some of the best research we've ever done.

Any post on HN that implies that anyone other than Vladimir Putin himself is responsible for Clinton's defeat will get downvotes...I've lost about 15 points on various posts downplaying this narrative. The Silicon Valley crowd simply cannot tolerate any hint of an alternate narrative.


Lots of things get downvotes that don't represent a gestalt of HN opinions: the idea that JS is an acceptable programming language, that .NET is a reasonable platform for development, that sending JSON to the client isn't necessarily an improvement over sending markup. Just because your opinion is opposed doesn't mean dissent isn't allowed.

It is pretty ridiculous to assert that the election's outcome lies primarily on Putin. On the other hand, Trump's victory was pretty thin, and that invites speculation that if certain influences hadn't been present, the election might well have gone the other way. Russian influence is one among many, but it's among the most disturbing, which is one reason people have strong feelings about dismissing it.


HN participants are now from all over the world. I'm an Indian in Singapore, for e.g.


True enough (I'm in Israel. Hi!) but despite a good measure of international interest, it's the Americans who are most likely to have a strong emotional reaction to this topic. It's their election, after all. I really dislike +/- voting on political comments for just this reason; too easy to convince oneself that a downvote is merited.


Isn't it possible, that without matching file hashes, that the malware you found a sample of had a different encrypted payload versus the ones referred to by the report?

I'm just thinking that an entity could've downloaded some commodity malware (instead of writing their own from scratch) and modified it to suit their purposes, but the YARA sig would've hit on a lot of different variants of the same webshell versus a higher-fidelity match based on file hash.


The file that yara signature refers to is probably a Ukranian "web shell" (a backdoor written in PHP that contains a file manager and simple SQL client) that is distributed freely at http://profexer.name/pas/.

Anyone can download it and check.

There is also a forum thread at https://rdot.org/forum/showthread.php?t=1567 started by this software developer in 2011. He answers the questions from the users of his software and asks them to donate to continue development.

So it is a publicly available software, not a private tool made by some hacker group for themselves. That is why other people could find it in their systems.


I also checked the web archive for web shell download page [1]. It turns out that the notice with the text "Made in Ukraine" appears in version on August 31, 2015 [2] but is not present at earlier versions.

The forum thread [3] shows that the software has been developed at least since 2011.

I also looked through the code of a web shell. The code is written to be compatible with PHP4 and has some complicated parts, like building a zip archive by bytes. It has a lot of fallback methods, for example if some PHP functions are not available or not enabled, it would try several other ways to solve the task. I didn't like the style (a lot of two-letter variables, HTML and PHP code mixed together, hard to read and maintain). It looks like it was written by one person, but it would take some time, not a project one can write in a week. I guess the motivation for developer was to prove that he could write a better web shell than others.

Here is a link to a formatted source code [4] if anyone would like to see it and maybe learn some PHP4 programming tricks.

[1] https://web.archive.org/web/20150601000000*/http://profexer....

[2] https://web.archive.org/web/20150831091357/http://profexer.n...

[3] https://rdot.org/forum/showthread.php?t=1567

[4] http://pastebin.com/vUpKb3FL


> I'm having serious Colin Powell UN flashbacks here: IC releases questionable data as justification for military policy decisions.

Which military policy decisions are those? What does expelling a few diplomats have to do with the military?

Nothing, of course.

I think this is an irresponsible comment. I think it's irresponsible to compare this to the run-up to the Iraq War when absolutely no one is talking about war. There is no ulterior motive or unfinished business between the Obama administration and Russia. As recently as 2012 Obama mocked Romney for calling Russia the U.S.'s biggest geopolitical foe. They're not, and Obama does not think that they are.

And I think it's irresponsible because you are relying on incomplete data (the DHS report) to attack a conclusion that rests on a much broader base than that data. And IMO, you're doing it knowingly, in an attempt to raise your professional profile and burnish your infosec credentials.

I have to say, though, linking to a Matt Taibi piece is not going to do that. He is an entertaining writer, but when it comes to cybersecurity, no one who knows what they are talking about thinks that he knows what he is talking about.

I use Wordfence and appreciate it. It's a good product. But I think you're on shaky ground here.

There's a saying that goes "extraordinary claims require extraordinary evidence." But the claim that Russia hacked the DNC is not extraordinary. The Russians hack, or try to hack, everyone in DC.

Within the last few years, they successfully hacked both State and White House unclassified systems. I don't recall everyone jumping onto the airwaves to dispute that assessment. Why? Because the govt did not issue any public data about it.

Now they have, in an attempt to help other institutions. Their thanks for improved transparency is a series of opportunistic misinterpretations, each of which hold up a limited report and declare it to be limited.


> Which military policy decisions are those? What does expelling a few diplomats have to do with the military? Nothing, of course.

"The Department of Homeland Security and the Federal Bureau of Investigation are releasing declassified technical information on Russian civilian and military intelligence service cyber activity, to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities."

This suggests it is evidence of Russian activity.

"These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized."

This suggests we're going to be engaging in a classified cyber war with Russia.

Source: https://www.whitehouse.gov/the-press-office/2016/12/29/state...

In the United States the only organization that can legally 'hack back' is the US military, according to the CFAA. So any cyber operation will be a military operation.


> This suggests it is evidence of Russian activity.

The U.S. government is asserting it is Russian activity, and the information in the report is provided to help private organizations defend against it.

The attribution rests in part on classified information and is not likely to ever be "good enough" for members of the public, even with the ODNI report due in a few weeks. And as I said below, I don't remember everyone jumping up to object when State and White House intrusions were attributed to Russia.

Anyway, the fact that Russia is conducting a global campaign of malicious cyber activities is not news [1], and it's not fair to pretend that this DHS report is supposed to prove that on its own.

> This suggests we're going to be engaging in a classified cyber war with Russia.

War is a loaded term. Our war in Iraq killed many thousands of people and dropped an entire region into violent chaos. Is that what you think the U.S. government intends with the quote you mention?

> In the United States the only organization that can legally 'hack back' is the US military, according to the CFAA. So any cyber operation will be a military operation.

The military is also the only organization that can take out the trash in the Pentagon. My point with this flippant remark is that military activities are not commensurate just because they're military. Comparing the policy discussions of today to the run-up to the Iraq War is not defensible IMO.

[1] So are we, BTW.

EDIT to add: If the U.S. government wanted war with Russia, it has already passed up 2 perfect opportunities:

- Aid the Ukrainian government in opposing the Russian seizure of Crimea by sending air cover or troops.

- Declare a no-fly zone in Syria and shoot down a Russian jet.

These were both real shooting war situations where force could have been justified. To think that now, a cybersecurity response is going to be the excuse for a shooting war, does not make any sense to me.

I don't think anyone wants a shooting war with Russia. That does not mean we should ignore a material shift in the balance of intelligence activities we do to one another.


I think you're being myopic about the reference Mark is making. The way I read it, he's not suggesting there is a 1:1 relationship between the two, and therefore isn't trying to suggest the military has anything to do with diplomats. It's that the U.S. Government and alphabet soup organizations are providing scary but ultimately benign evidence in order to back policy decisions.

We want into Iraq. How do we justify it? We want to keep Trump away from Putin, how do we justify it?


> It's that the U.S. Government and alphabet soup organizations are providing scary but ultimately benign evidence in order to back policy decisions.

They are not! The DHS report is intended to provide govt information to private industry so that private industry can better defend itself. That's why it comes from the FBI and Department of Homeland Security, not the IC organizations who are actually tasked with attribution of foreign intelligence activities.

In fact the Washington Post story, while overhyped in the headline, is an example of this in action--Burlington Electric applied signatures from the DHS report, and found a match. Yay.

EDIT to add:

No one wants to "keep Trump away from Putin," certainly not Obama. This is the president who said he wanted a reset with Russia--and by the way, was mocked by the GOP for saying that.

What the outgoing administration--and career IC staff--want is for Trump to objectively interpret and apply the intelligence that is supplied to him.

We don't have to think that Russia is our eternal foe, to acknowledge and react to a nasty thing that they did. Being our ally hasn't stopped Brazil from applying consequences to us for what Snowden revealed, for example.


I don't know enough about these topics to give you a worthy response, so I'm going to do some more research in the near future. Thank you for responding.


Could it be just a crap attempt at parallel construction?


Or just plain old bullshit.

I imagine someone was assigned a task to produce some document about how Russians hacked us to justify all the propaganda narrative so far. That person handed it to their subordinate, who handed to their and someone came up with that paper.

It looks technical enough with jargon that someone from the street will see it as proof.

Now an interesting thing to think about is if someone who wrote this understands that this is bullshit and wrote it as such. Those who know what's what will see it too and this was a wink to them. Their superiors though will think this is some solid proof.


Is that the same Rolling Stone that just lost a defamation suit for a blatantly false 2014 story[0]?

I'm all for dismissing this Russia story but I don't find RS an especially credible source right now.

[0]: https://www.washingtonpost.com/local/education/jury-finds-re...


> What’s the problem here? It did not happen.

> There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all their computers and found the code in a single laptop that was not connected to the electric grid.

"and found the code in a single laptop that was not connected to the electric grid."

So, the first step in penetrating a system was accomplished, getting the code onto a device that could potentially (or so they attacker may have hoped) be connected to the target network.

Until I hear that the code was put on the laptop by its owners intentionally and for legitimate reasons, this sounds like an attack. The headlines and responses are arguably alarmist and not fully informed, but it's still an attack. The dismissal of alarmism seems intended to obscure the likelihood that there was, in fact, the start of an attack.

If a spear phishing attack fails, was it not still an attack? That it was an attack in the direction of the power grid is, by definition, alarming. [EDIT: The first sentence in this paragraph confuses my point, and can profitably be ignored.]

The intercept's article could have been less sensationalist itself, and I wonder what the motivation for the overdramatization of the Post's failure would be. Competition? Schadenfreude? Sensationalist link baiting?

Regardless, I had hoped for a more sober and professional style from the intercept from its early days, and I've long ago stopped reading it, modulo the odd HN post.


> Until I hear that the code was put on the laptop by its owners intentionally and for legitimate reasons, this sounds like an attack

Nobody is disputing that. But "electric company employee's laptop gets a computer virus" is a far cry from "the Russian government is attacking our infrastructure".


On the other hand, Stuxnet.


Are you implying that we drew first blood?


I think that the US govt is now throwing it's toys out of the pram because it thinks other countries (Russia) are using the same methods that the US employs to attack it's enemies and to influence the elections of other nations against them (the US). Personally I think it shows a huge degree of paranoia within the US govt, either that or it is a handy way to try and elicit support for future actions (further economic sanctions) against Russia. Especially as this comes a day after Russia brokered a peace deal in Syria, something the US could not achieve.


I saw some speculation that the DNC hack was retaliation for something the US had done previously.


Hillary Clinton is saying it was retaliation for her claiming that the Russian parliamentary elections in 2011 were rigged. http://www.nytimes.com/2016/12/16/us/politics/hillary-clinto...

I'm not saying that is true, but it does makes sense.


I made a tendentious statement, but a 5 year lag on even that seems unlikely.


Why? It seems to be an eye for an eye. 5 years is geopolitics is nothing everyone plays the long game.


That was Iran, not Russia. But, we threw the first stone.


Stuxnet happened. Did anything happen here? Was anything disrupted, do this look like a coordinated state actor attempt?

Russians have shut down an airliner full of people and also occupied a good chunk of Ukraine and there was less hoopla in the media about it. Someone finds a PHP shell on a laptop and Washington Post is going nuts with "OMG Russians are about to disable our power grid".

If this is not Fake News then I don't know what is...

Was WaPo a respectable news outlet at some point? I feel like it was, I wasn't following it much before. It has gone the way of Fox News it seems recently. Oh well..


> If this is not Fake News then I don't know what is...

Obamaism, the McCarthyism of the 21st century. Otherwise known as good old propaganda. It goes like: Russia hacked the election, Russia hacked our grid, Donald Trump is a in fact Russian robot programmed to win the US elections and destroy America, etc.


Except it isn't. I love how some people seem to deliberately confuse an ineffectual technocrat with an evil dictatorial left-wing conspiracy leader pretending to be an ineffectual technocrat.


Just because they failed doesn't mean it wasn't an attack.


If malware on a computer with a completely unknown origin is now considered a "Russian attack", I don't even know what to say. Words have no meaning any more.


They specifically identified the malware as being from Grizzly Steppe. It wasn't just off the shelf.


In your GP comment, "they" referred to the Russians, but isn't "Grizzly Steppe" a collective term invented by the US?


"Grizzly Steppe" is the US intelligence codename for an operation they believe that the Russian intelligence service executed.


So it sounds as though the reasoning is circular.


It is circular, but who's going to notice? We went to war in Iraq with the same quality of argument, sound reasoning is sadly not a per-requisite for war.


That's not circular. They're saying the DNC and Vermont hacks had the same signature and are independently saying that signature is tied to Russia.


> saying that signature is tied to Russia

What do "signature" and "tied to" mean in this context?


It's not completely unknown origin, it's been tied back to a group that the US government has separately identified as Russian intelligence.


We're about 1000 miles from being able to say they even attempted anything. That's the point here.


> this sounds like an attack

>> Nobody is disputing that

>>> Just because they failed doesn't mean it wasn't an attack

Nobody is disputing that. What's being disputed is (a) the target and (b) the attacker.


You are very wrong about this

Stuxnet happened in a very similar way


>and I wonder what the motivation for the overdramatization of the Post's failure would be.

You shouldn't wonder. The Washington Post is, and always has been, the voice of the DC/Media establishment and the number one disseminator of their propaganda. Remember that the absurd "PropOrNot" garbage was published in the Washington Post after being turned down by several major media outlets that at least seek to maintain the semblance of credibility.


Solid point, haven't seen if they've updated anything on their faq for more transparency. But I doubt it.


The malware was generic malware. Anyone could buy it. It was not employed only by Russians. So finding it on a laptop is not strong evidence that Russians put it there.


FWIW, a decompiled version is also available on github..


The Intercept in general (and Greenwald in particular) seems to spend an inordinate amount of time combating the "Russia Hysteria", as they've labeled it.


I suspect Greenwald has been on an anti-Hillary-media kick in retaliation for Bernie's perceived mistreatment. He sees the Russia story as a scapegoat for Hillary's loss, and he'd rather see a mass media mea culpa about backing the wrong candidate.


I suspect, like most sane people, it's more likely that he doesn't want the US to start a f•cking war with Russia over drummed up evidence.


Who exactly has proposed starting a war with Russia or anything remotely resembling that? Certainly not the incoming US president, who has been remarkably consistent in praising Putin, currently denies the attribution of the hacks, and during the election was quoted encouraging Russia to do more hacking. Not that it matters, but even the hawks have not called for military action, at least in any way connected to the hacking; there may be some stuff related to Russia's aggression in Ukraine and intervention in Syria, but that's different. You're attacking a strawman.


Well, lets see, the Pentagon considers cyber attacks against critical US infrastructure (including the power grid) an act of war that can warrant a military response [0].

And now we have a major US newspaper publishing articles claiming (with the most tenuous of links) that Russia is hacking the US power grid.

Not to mention a whole bunch of other dubious anti-Russia stories making the rounds based on flimsy 'evidence' that boils down to what another commenter posted the other day:

"Russians drive trucks. Hackers used trucks. Therefore the hacks were clearly done by the Russians"

It's not a straw man to say people calling for calm against Russia Hysteria are doing so because they don't want things to escalate to war with Russia.

> Certainly not the incoming US president

And so I find myself looking more and more forward to a Trump presidency. There are still 20 days to go however, so lets hope the media and the left can calm themselves down before then.

0: http://www.bbc.com/news/world-us-canada-13614125


> Who exactly has proposed starting a war with Russia or anything remotely resembling that?

The entire left establishment, from Hillary to Obama.

Hillary wanted a no-fly zone in Syria. Obama just imposed a new round of sanctions on Russia, which is a precursor to war.

The mental gymnastics are hitting Olympic levels with the left.


If sanctions were a precursor to war, don't you think we'd already be in a war with Russia?


Do you think sanctions are not a casus belli? This is economic warfare, Russia is effectively a land locked county without a warm water port, the US encircles it with troops, has strategic nuclear weapons on its door step and the only bordering region that the US does not directly control is another not especially friendly nuclear super power.

People don't see the chess board and make Russia look like the villain; look at NATO in 1991 and look at it today if Canada would have joined the Warsaw Pact and if Russia was keeping enough nukes in Mexico to kill every living human in the continental United States where do you think we would be now?

All what Russia sees is a military alliance pushed onto their border, a continuous presence of US nukes in Europe, the US never stopping it's strategic air command nuclear bomber flights and then criticizing Russia for resuming them, the EU and the US pushing to bypass Russia's pipelines in the Caspian Sea and the US deploying a missile shield in Europe that would nullify Russia's current strategic arsenal after unilaterally withdrawing from the anti-ABM treaty. And you say Russia is reckless and is a threat to world peace?


1) Where do we have nukes in Europe? 2) Russia invaded Georgia and stole Crimea, that's more hostile activity than anything we've done in response. 3) Russia has started making advanced missiles to bypass missile defense systems and will have them soon, so who really cares of the missile defense shield? 4) Russia is an autocratic nightmare state where Putin, a man rumored to have engineered the terrorist attacks that led to his quick rise to power, kills or exiles any opponents or critics. 5) Russia hacked the fucking DNC to make Trump win, which is an act of war. 6) NATO has never threatened Russia. If Russia is terrified of NATO, it is due to paranoia. 7) Russia isn't encircled by US troops. 8) It makes sense for the EU and US to avoid using Russia's pipelines when Russia is a morally reprehensible country the way it is being run right now.


> 1) Where do we have nukes in Europe?

Close enough to "everywhere" to say everywhere.

http://www.scmp.com/news/world/article/1597489/us-now-likely...

"Obama was referring to the roughly 200 B61 nuclear bombs that the US has deployed in five Nato nations stretching from the Netherlands to Turkey - and a Russian arsenal estimated at 2,000 tactical weapons."

http://www.strategicstudiesinstitute.army.mil/pdffiles/PUB11...

" ... The same goes for tactical nuclear weapons: compared to the momentous issues that the East and West have tackled since the end of the Cold War, the scattering of hundreds (or in the Russian case, thousands) of battle-field weapons throughout Europe seems to be almost an afterthought, a detail left behind that should be easy to tidy up."

https://duckduckgo.com/?q=nuclear+weapons+in+europe


1) Where do we have nukes in Europe

Google NATO Nuclear Sharing; WHY THE FUCK are there nukes in freaking Belgium, when Russia had 12 missiles in Cuba the US almost started WW3, today the US is keeping nearly 100 of them in Turkey.

2) Russia invaded Georgia and stole Crimea.

HAHAHAHA

Seriously, Russia did not start the Georgian conflict, sure they "overreacted" but Georgia did invade first, they were prompted by the west and then Bush folded and withdrew his advisers. The Georgian conflict was about oil, the EU was building a new pipeline to circumvent Russia, they made a power play and Russia returned in kind.

"Stole" Crimea is probably the most laughable statement I can think of considering how the entire Ukrainian conflict started, the US and the EU pushed for elections they didn't like the results so a political proxy war was started which ended with the ousting of the pro Russian president which all the US and EU observers stated was democratically elected.

Russia was at risk of losing their only warm water port, and the most ironic thing is that whilst Crimea holds Russia's most important naval base in the region it's pretty analogous to another little piece of "stolen" land that you might know as GITMO, the big difference is that GITMO is not that strategically important to the US in fact it's not important at all, all US naval bases are in effect warm water ports, GITMO isn't even geographically important since mainland florida is just a day of sailing away.

3) Russia has started making advanced missiles to bypass missile defense systems and will have them soon, so who really cares of the missile defense shield?

Russia started improving their missiles as a counter to the work the US had conducted on missile defense, the US pulled out of the Anti-ABM treaty which was criticized by nearly everyone around the world and now it has a more or less effective missile shield. In 2020 the US missile shield will likely to make all current Russian strategic weapons ineffective which would drastically change the balance of power in effect negating any nuclear deterrence this brings us closer to a nuclear war not further away.

Russia can't afford to spend trillions on ABM like the US has since the early days of the SDI, but making more and better missile is affordable to them, however this puts them again as an aggressor even tho the only thing they do is to attempt to restore the deterrence.

4) Russia is an autocratic nightmare state where Putin, a man rumored to have engineered the terrorist attacks that led to his quick rise to power, kills or exiles any opponents or critics.

It's not Finland but it's not an autocratic nightmare, Putin was an intelligence officer, he refused to participate in the general's coup in 1991, you should really read more about how he rose to power. Russia doesn't have the same democracy as the US, the "unique" flavor of what they call "managed democracy" works it's not perfect, it might not be even "good" but it's far from being an autocratic nightmare.

5) Russia hacked the fucking DNC to make Trump win, which is an act of war.

The US prompted up more dictators than the Soviets ever did, they interfere in elections openly all the time including in those of allies, and when they don't like the results they impose sanctions or start civil wars so give me a break. Meddling in the elections of other states was always something nation did and will continue to do, you want to make sure the person in power is some one would would end up working best for you. The US effectively elected Yeltsin, the also have actually helped out Putin in the early years; Putin was somewhat of a surprise to both Russia and the West he was prompted for being effective but not threatening.

So far I haven't seen any evidence that show that Russia hacked the DNC, and if it did that it had any effect on the elections.

Russia did not make the FBI reopen the investigation in the 11th hour.

Russia did not make the media and the white house downplay the email scandal.

Russia did not make Hillary run her own mail server violating the federal records act which is a criminal offense in the US.

Russia did not make Wikileaks publish the emails that were not delivered during the investigation, it did not make Hillary instruct her IT guy to scrub mails from the server, Russia did not make Redditors find the guy and figure what he did and Russia did not organize a congressional hearing about this.

6) NATO has never threatened Russia. If Russia is terrified of NATO, it is due to paranoia.

Russia has never threatened NATO either, doesn't stop the level of paranoia in the west does it? it's not about threats it's about agency Russia would not leave it's fate in the hands of the guys who are running DC or Brussels. Look at NATO in 1991 and look at it today, I would be worried too.

7) Russia isn't encircled by US troops.

Google US troop deployments.

8) It makes sense for the EU and US to avoid using Russia's pipelines when Russia is a morally reprehensible country the way it is being run right now.

No it makes sense for them to do it if they want to be able to strong arm Russia, calling Russia a morally reprehensible country while the amount of (justified or not) human rights violations conducted by the west on a daily basis is probably the most hypocritical thing you can do.

Russia did not make the MQ9 Reaper the national bird of so many nations, Russia did not compromise virtually every communication network on the planet in order to spy on corporations and members of state so the US would have an upper hand on negotiations and Russia for sure did not decide to deploy a dragnet of internet surveillance against the general populous.

Now you can say they would if they could, and I would be inclined to agree, but you can't do that and then take the higher moral ground because considering just how morally bankrupt the west is we have no real ground to stand on.

And this is from a conservative.


@ quick rise to power, I was referring to this: "The Russian apartment bombings were a series of explosions that hit four apartment blocks in the Russian cities of Buynaksk, Moscow and Volgodonsk in September 1999, killing 293 and injuring more than 1000 people and spreading a wave of fear across the country. The bombings, together with the Dagestan War, led the country into the Second Chechen War.

The blasts hit Buynaksk on 4 September, Moscow on 9 September and 13 September and Volgodonsk on 16 September. A similar explosive device was found and defused in an apartment block in the Russian city of Ryazan on 22 September.[1] The next day Prime Minister of Russia Vladimir Putin praised the vigilance of the inhabitants of Ryazan and ordered the air bombing of Grozny, which marked the beginning of the Second Chechen War.[2] According to sentences of judicial authorities of Russia, acts of terrorism were organized and financed by heads of the illegal armed group Islamic institute "Caucasus".[3] Thirty-six hours later, three FSB agents who had planted this device were arrested by the local police. The incident was declared to be a training exercise. There are allegations that the bombings were a "false flag" attack perpetrated by the FSB in order to legitimise the resumption of military activities in Chechnya and bring Vladimir Putin to the presidency.[4][5]"

I for one, think Putin orchestrated said bombings.

@ troop deployments, having a smattering of troops in countries around Russia doesn't really make them "surrounded by troops" imo

@ autocratic nightmare, lol, yes, it is an autocratic nightmare state. Putin kills or exiles opposition and press that is in any way negative towards him. There is no freedom of the press in Russia. There is no right to protest in Russia. Gay people are regularly killed or imprisoned in Russia. Corruption reigns supreme in a way that we could never even touch.

As for the rest, I never said the US was morally pure. I disagree with many things that we do, but that doesn't change the fact that I consider the manipulation of our elections to be tantamount to an attack on our country.

Russia may be backed into a corner in many ways, but that doesn't excuse them fucking with European and US politics.


@ Crimea, it doesn't really matter that there was a coup, Russia still outright stole a chunk of another country.

@ US nukes, this is nothing new right? I don't see how that should matter to them too much.

@ missile defense shield, I kind of agree with that bit, although I find the idea that either side would ever use nukes ridiculous

@ NATO paranoia, I'd say Crimea and Russian ambitions to re-establish a more USSR-looking country make those fears well founded.

@ pipeline... that's just economics. Having your own pipeline and not having to rely on a somewhat hostile power is always going to be preferable.


Russia is not a landlocked country as it has warm a water port which is in Sebastopol, Crimea


And to pass into the med they need to cross the bosforos which is controlled by NATO.


Does that really seem likely given the incoming administration?


Or the current administration, who declined to challenge Russia militarily over the Crimea seizure or Syrian bombing campaign?

Is anyone talking about a war with Russia besides folks like Greenwald and Taibi, for whom it is making a nice straw man?


Thankfully no. Who knows what can happen in 20 days though.


It's publicly available malware code. For all we know, someone at Burlington Electric got it from an online ad. It sounds like you're jumping on the bandwagon of seeing an evil Russian spy around every corner.


From where I sit it seems the left and mainstream media are determined to start a war with Russia, including attacking people who are simply trying to be a voice of reason. This behavior is a hell of a lot more worrying than Russian cyber warfare as the last time this happened we actually did end up going to war, in Iraq.


Inordinate?

The United States went to war in Iraq in 2003 under false pretenses. The cost of that mistake was gigantic, and continues to pile up.

This saber-rattling against Russia could have serious consequences, and seems to be inspired mainly by a need to find some kind of scapegoat on which to blame the DNC's absurd loss against Trump.

I'm glad they're doing this.


It's odd that they think that the hack lost them the election. The hack (as with any email hack) is only useful if it uncovers wrongdoing.in this case it uncovered wrongdoing by the DNC, so whether the hack was state sponsored or not is really irrelevant, had the DNC not tried to fix the result of the nomination process it would not have mattered one iota that they were hacked.


Thank you... that's been my thoughts all along. I mean, does it really matter if this was the Russians, or some guy in North Carolina? The facts remain, and I'd be willing to bet there's been effort to hack Trump's mail by similar foreign actors.

In the end, there was some shady stuff in the emails, and if there wasn't it likely never would have seen the light of day.


Does it matter that a foreign, non-friendly country hacked an email system and deliberately staged releases of info in attempt to cause maximum damage to a political party and sway the outcome of an election?

I'm going to have to say "yes".

DNC, RNC, Green, Independent, etc. it shouldn't matter who got hacked. I'd hope that all Americans would be concerned about this.


Perhaps if those Americans were also concerned with the numerous times the US had acted in a similar fashion in other countries elections they may have a point to make. But generally they were complicit in those situations because they never complained or protested then, but now the shoe is on the other foot.


I am concerned... but I'm more concerned about the media collaborating with the DNC.


It doesn't matter, because DNC was hacked by insider.


> The United States went to war in Afghanistan in 2003 under false pretenses.

I hardly call 2,000 dead Americans, and an attack on American soil "false pretenses".

If you want to claim that it was misguided to perform a full scale invasion vs. targeted special ops missions, that is a more interesting argument.

Now, the war in Iraq on the other hand, that was false pretenses...


Well it was false pretenses in that not one of the attackers was from Afghanistan not were there any proven links between the attackers and Afghanistan other than Osama being assumed to be the mastermind and residing in Afghanistan at the time.


You are absolutely right, that was a particularly unfortunate mix-up. I was thinking about how animosity towards Afghanistan was skillfully employed to justify invading Iraq, and in the process mixed myself up.


At this point I am not sure if the justness of the argument makes much difference. When you make world changing decisions you have to accept that you will be judged by history, and not on the terms that you decide.


Perhaps they're trying to learn from the mistakes of 'WMD hysteria' that gripped the world media in the lead up to the Iraq War?

I mean if the intelligence community is going to drum up shoddy evidence that could potentially lead to war, I'd sure hope the media would spend an inordinate amount of time trying to combat it.


That's because ever since Snowden he's started to turn into a Russophile. I think him being attacked for releasing Snowden triggered him to start just ranting against any US political or "establishment" forces and start supporting Russia because they helped out his source in the biggest story he's ever written.


Yea, it's been interesting to watch that evolve. The Snowden comments on the latest Russian sanctions were ... I guess unsurprising as well


Absolutely, correct. In college, I worked for a security team contracted to GE. There's an absurd number of APT trying to get details about GE's engines and production. Executives, engineers, even pilots would have to send their laptops to that team for inspection. Finding newly created APT viruses is a weekly event. You end up seeing trends -- like a specific file, or registry keys, or running 'strings' on a binary, etc. -- that it becomes obvious that you can tie multiple incidents to the same author/group.

A word of advice: Don't go to porn sites, install Limewire (dated; today's equivalent), torrent, TOR, etc. on your work computer. Conversely, keep your work off of your personal computer.


Last time I was present for a pen test, the testers compromised a laptop, then moved laterally to compromise a other devices, which got them to a host that mattered.


And even what I assumed to be the beginnings of an attack or probe turned out to be a false positive.


From the referenced article:

> Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.

This is journalistic ethics in action. WaPo has publicly admitted a mistake and revised their article as a result. Greenwald can (and deserves to) give himself a pat on the back.

That being said, I am disappointed in his bad faith equivocation of the (occasionally sloppy and partisan) news media with "news" that is patently false and engineered to maximize advertising revenue. Calling this "fake news" just gives the GOP more (dishonest) ammunition in its 40 year war with the Post.


The problem with this is that, much like fake news, no refutation or retraction ever spreads as wildly and virally as the original sensational claim. So people will carry on believing that Russia hacked the power grid, just like they have with all the other bogus, sensationalised, narrative-pushing claims so far. It's basically a way for papers to have their cake and eat it: they get to profit from the original bogus claim while insisting that it shouldn't affect their reputation for good journalism because they corrected it.


That's exactly right. This wasn't fake news, but rather a poorly researched story. And a correction was published.

With fake news, the story is never retracted or corrected, but continues to be elaborated. Compare this to the "Clinton runs a network of child sexual abuse through a pizzeria in DC."


> And a correction was published.

Too late. I already saw a news segment about Russia hacking US power plants on mainstream Italian TV. There will be no retraction here and the disinformation is already in the public consciousness.


The point is, there's been a sustained campagin to discredit Russia at every opportunity by the Dems who are buthurt about their election loss. I am not saying that Russia did nothing and I don't think Glenn is saying that either, rather he wants us to think more critically before accepting "secret evidence" from the same people who pushed us into the Iraq War, not that controverial a position, or is it?


Discredit Russia from what? It is widely and commonly known that the Russian government routinely hacks or attempts to hack U.S. government IT assets and the assets of organizations involved with the government, including nonprofits and contractors. This is old--like over a decade old--news.

I don't know where people get the idea that it is some unbelievable stretch of the imagination that Russia would hack the DNC. The only surprising thing to me is that the frickin' DNC was not ready and expecting them to.


>It is widely and commonly known that the Russian government routinely hacks

Usually people say something like this when they have no evidence. So citation needed.


It's pretty clear he sees himself as an ally to Julian Assange, and is jumping to his defense.

It's sad that this is what it's come to, and that we can't separate WikiLeak's role in this from the Russians. Good journalism would be explaining to the people how WikiLeaks works, and how the source of the information isn't relevant to WikiLeaks.


Right, so it's not WaPo/The Guardian who are spreading fake news to push a narrative, but rather the person who asks for actual evidence before jumping to conclussions who is the sad one?


This is journalistic ethics in action.

They do this bullshit all the time. Post poor and/or misleading reportage for clicks, then fix it in post[1]. It appears as an advertising scam masquerading as editorial policy. The WaPo has some great people working there, but there's a lot of hands in between theirs and the words we ultimately see on the screen or page.

1. http://tvtropes.org/pmwiki/pmwiki.php/Main/FixItInPost


Excellent point, and the main point is... it doesn't really cost them anything if it doesn't get called out by another high-visibility actor. And the whole "call them out" thing obviously takes lower and lower priority if all you're trying to do is to out-"produce" your competitors. It's all a pretty depressing case of perverse incentives... again :(.


Fake news isn't a new phenomenon, in the 1870s a satrical/comedic article in a New Zealand newspaper about an impending Russian invasion led to such wide spread hysteria that the colonial government almost bankrupted itself. To sate the public it had to invest heavily in naval vessels and build 17 forts to fight off the (non existent) Russian menace.

It's a wee bit hypocritical for the US to get so upset about these things though, considering all the elections that the CIA have been involved in, not to mention the stuff that Snowden revealed (like tapping the German Chancellors phone). Everyone knows that whatever espionage Russia is doing to the US the US is doing back in kind. All the powers will be hacking each other.


It makes us look hypocritical. We are hypocritical. Who is the current administration trying to fool? The world or its citizens?

The petty finger pointing needs to stop. The low sophistication of the DNC hack just reinforces this. Besides, if you don't want to be embarrassed then don't do embarrassing things and then sulk when you're exposed.


> Besides, if you don't want to be embarrassed then don't do embarrassing things and then sulk when you're exposed.

I don't think that is a very good argument. If you were to look through the email of most middle-sized organisations you would be able to find embarrassing things.


It was far beyond embarrassing, it was at minimum unethical.

And if we believe that such exists elsewhere, then we should be calling for more exposure of such vs ignoring it as operating as normal.


If you deal honestly with people then you don't need to be embarrassed when you're exposed.


The "Eric Schmidt Position."


> don't do embarrassing things and then sulk when you're exposed.

Thissss. I'm so sick and tired of the hypocrisy. If there was a "Chinese snowden" who leaked that China was doing the same stuff we where it would start a war. If Russia or China started building military bases through out the world for "democracy" we would loose our shit.

Why are we surprised when other world powers follow our example and try to hack the shit out anything they can get their hands on. Can't we be grown ups about this? It's a total double stAndard. We mess with so many elections around the world, and cry foul when someone does it to us.

Don't get me wrong, I understand why we do it, and sometimes agree with it. I feel like it stems from almost a prehistoric primitive tribal instinct - I live if my tribe lives, and to do that we have to control the other tribes.

By all means continue to dominate other countries, but PLEASE STOP USING THE MORAL SUPERIORITY CARD.


"Hypocrisy" is a tough concept to apply to whole nations, I'd say. I suspect most of the people upset about the Russian angle aren't exactly supporters of CIA election meddling either.


You didn't have to go all the way back to the 1870s for a good example.

Russian subs have been seen in some Swedish bedrooms the early-mid part of this year. Those Ruskies are capable of anything, you know.


Yep, the point I was trying to make is that there's been fake news probably since the invent of news. It's interesting that it's always the Russians though :)


These events have a reaction time, a response time, and a validation time. It is critical that legitimate news outlets keep their validation time small so that they can accurately report events.

The danger is pretty clear, if response time is shorter than validation time, people or systems will respond, perhaps irreversibly, before validation can be achieved.

That is how you do real damage in a system. Hopefully a very public critical response to the Washington Post here will help extend their response time again past the validation time.


The Washington Post corrected their story. This is a key differentiator for higher quality publications. They try to get it right but if they don't, they must prompty correct their article.

The article from The Intercept comes across as more alarmist than the original one from the Post. The second paragraph reads:

> While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid.

There's a nuance that seems to be lost in Greenwald's interpretation of the article.


Nobody[0] reads corrections. The damage is done when the original, incorrect, inflammatory article is published. You can't unring that bell, and the Washington Post editors know that.

[0] To within experimental error.


I would argue that a reasonable person would actually read a correction. it's not exactly un ringing a bell but many of us come away with the truth even if we believed the original at first


I don't think that's reasonable at all. How often do you return to story URLs you've already read to check whether they've changed or not?


Greenwald is like Assange in that regard. He's more interested in scoring points against the bad guys than doing a public service. Any public service he has provided in the past is purely coincidental.


This too charitable to the Washington Post, who recently published that ridiculous PropOrNot piece.

It's much more likely that they know they can publish something fake, get the desired public impact, and then retract it and retain credibility.

The Washington Post is not a "higher quality publication".


An interesting showhn project would be to continually scrape a story and make an externally visible commit log for it so that you could see how it changed over time.


Like this one? http://newsdiffs.org/


[flagged]


The mainstream media has earned the mistrust, Greenwald isn't powerful enough to impose it.


> The mainstream media has earned the mistrust,

I completely agree

> Greenwald isn't powerful enough to impose it.

Correct, but it's the collective push of "independent" news sites, including The Intercept

And as much as they push for the "Mainstream media is untrustworthy" agenda, guess what, they are less trustworthy than the mainstream media. But it's more insidious


WaPo, Nytimes, CNN, all part of the US propaganda machine.

The anti-Russia hysteria is getting ridiculous, and the more the media drum it up, the less people believe it.

https://pbs.twimg.com/media/C0ArMMGXcAIo8oL.jpg


Ironically the Russians have broken into the homes of US diplomats in Moscow and have pooped in them (among other things like killing one of their dogs).

>At a recent meeting of U.S. ambassadors from Russia and Europe in Washington, U.S. ambassadors to several European countries complained that Russian intelligence officials were constantly perpetrating acts of harassment against their diplomatic staff that ranged from the weird to the downright scary. Some of the intimidation has been routine: following diplomats or their family members, showing up at their social events uninvited or paying reporters to write negative stories about them.

But many of the recent acts of intimidation by Russian security services have crossed the line into apparent criminality. In a series of secret memos sent back to Washington, described to me by several current and former U.S. officials who have written or read them, diplomats reported that Russian intruders had broken into their homes late at night, only to rearrange the furniture or turn on all the lights and televisions, and then leave. One diplomat reported that an intruder had defecated on his living room carpet.

https://www.washingtonpost.com/opinions/global-opinions/russ...


Forgive me for being sceptical, considering this entire thread is about WaPo publishing false stories, and you linking to one of their publications...


And closing down a school for diplomats kids...except it appears that didn't happen either. I am finding it very hard to believe any of the Russia vs US news


Here's an article [1] in English from Finland (not sure if the paywall is active for foreigners) by the largest newspaper in the country about an activist who has been harrassed for 11 years by the FSB for operating a pro-Chechen website in the past. They've left dead birds inside his home etc. Pictures included. Russia officially petitioned the UN Security Council to add the guy to the official UN "al-Qaeda" terrorist list.

[1] http://www.hs.fi/sunnuntai/art-2000002847124.html


This kind of behaviour by the Russian security services has been well documented for decades. It’s hardly out of keeping with their past.


Journalists get stories wrong all the time, even journalists from respected publications.


Ongoing harassment is a regular practice among spy agencies. The underlying message is "we know who you are" and sometimes a threat, sometimes to undermine.

The agents and officers they actually care about, they (and we) rarely touch. It's better if they think their cover is intact.


It's harassment of American diplomats, even outside of Russia. I find that low and disgusting.


Spies travel under the guise of diplomats.

https://m.youtube.com/watch?v=DC10fyQgNqo


"diplomat" is another way of saying spy, very often. The USA and other countries have long traditions of sending spies under diplomatic cover


mm so why not "lend" your apartment to some "computer programmers who nudge nudge work at fort bragg for a boys weekend on the piss or a run a shore.

Yes Mr inspector the poor lads though they where being burglarised and as "drink had been taken" they got a bit boisterous


That's the biggest threat here. The public is going to become desensitized to the histrionic Russian conspiracy news, and a significant portion of them will start dismissing MSM messaging about Russia outright.

I can imagine Russia actually doing something heinous and it making zero waves, all because of the media who cried wolf.


You can prove this concept with mathematics.

1. Select an arbitrary NFL game being played in the first week of season.

2. Email a sufficiently large ( > 131,072) group of people, telling half of them that Team A will win. Tell the other half people that team B will win.

3. The game will necessarily yield a loser. (To account for ties, tell your audience team N will not lose, instead of will win)

4. The emailed people who received the correct prediction become the remaining pool, and those that received the incorrect prediction are no longer involved in this exercise.

5. Repeat steps 1-4 for the first 16 of the 17 weeks of the NFL season, always retaining the half of the pool who received the correct prediction.

6. After the 16th game, since you started with a sufficiently large pool, you will have sent the correct predictions for all 16 games to a nonzero number of people.

7. This nonzero number of people, if they have paid attention, will be forced to believe that you can predict the winner of the 17th game, and will be willing to give you ridiculous amounts of money to obtain that 17th prediction.

In their eyes, you can predict the future, but all you did was apply successive approximation, which is how many analog to digital converters work.

The same tactic works in reverse, you simply need to keep the people paying attention to the incorrect predictions long enough. I'll leave the most recent example of this phenomenon as an exercise to the reader.


The GOP has been claiming Obama is a Kenyan Muslim for -8 years (including Trump's harrassment re: his birth certificate), and a recent poll [1] showed that 41% of republicans still believe he wasn't born in the US. So, it would appear that the US population has quite an appetite for these stories.

[1] http://www.mediaite.com/online/new-poll-shows-that-41-of-rep...


Don't forget Fox, WSJ and the NY Post to add to the propaganda machine. Just from the other side.


WSJ actually seems to have a lot of journalistic integrity imo. Ive never seen issues with them.

Their opinion pieces can have a bit more "free thinking", definitely, but they are always marked as opinion.


They just ran an article calling Obama's decision to give a farewell address unusual, even though in reality every single president going back to Washington has given a farewell address.


I see:

> Corrections & Amplifications:

> Departing presidents in recent years have given farewell addresses in the final weeks of their terms.


I disagree on WSJ. They do a good job of keeping the opinion confined to the editorial section... for the most part.


It's funny how much flak Facebook (and almost no one else) got for "fake news" when the vast majority of today's journalism is so saccharine.

Is there a way contemporary journalism can be fixed?


Part of the problem is intrinsic to the velocity of news in a hyperconnected world. If a breaking story comes out and your paper delays in covering it, it will lose out to another paper that is quicker to publish. If no other paper has the information yet, then your paper will be inevitably accused of deliberately sitting on the story. It's a no win situation. Even here we see that errors in just one or two stories has led to commenters accusing WaPo of being a worthless propaganda arm.

Furthermore, decreasing ad revenue and increasing competition means that newsrooms are financially strapped compared with earlier days. Back then, even big newspapers published just a few print editions a day. But now there's a constant 24-hour news cycle. It's impossible to check every story 100%; nothing would ever get published. So the editor has to settle for a sub-certain level of confirmation, with fewer fact checkers on staff to boot.

To a certain extent, it's better to issue the retraction later. You get eyeballs on your page for the initial story, then more attention for the fallout and retraction. I've now clicked on that WaPo article thrice instead of just once -- cha-ching. Obviously too much of that damages the reputation, but there are a number of tremendously successful organizations that unapologetically and routinely dispense fake news and still prosper as a result. People have been successfully conditioned to care less about accuracy and more about "tell me good stuff about my team and bad stuff about the other team."


> Is there a way contemporary journalism can be fixed?

The Post is being called out by The Intercept, a publication launched in 2014 [1]. That looks an awful lot like a system reacting to itself.

[1] https://en.wikipedia.org/wiki/The_Intercept


Journalism has never been as impartial as people like to believe, bias and opinion always infects every piece. This in itself isn't necessarily a problem, except when society and the media becomes an echo chamber, and difference of opinion is marginalized.

Edit - should add, journalism is being fixed. The MSM is becoming increasingly irrelevant, social media and independent journalists who are on Twitter and various blogs are becoming more relevant.


> The MSM is becoming increasingly irrelevant, social media and independent journalists who are on Twitter and various blogs are becoming more relevant.

I would hardly call this a fix. The MSM is certainly unreliable, but "twitter and various blogs" are even less so.


As a medium, Twitter is unreliable. When you take the entirety of social media, the fact pictures and video can be taken in real time, you can then come to a conclusion that is close to the truth.


> the fact pictures and video can be taken in real time, you can then come to a conclusion that is close to the truth.

Sure, but a live video stream of newsworthy events represents a minuscule fraction of social media "reporting" and isn't even really representative of journalism in general since it's usually just an ad-hoc video from a citizen who happened to be in the right place at the right time. Even then, the conclusions drawn from citizen videos are often extremely contentious either because they are incomplete or just poorly shot (perhaps with the videographer leaving their own hysterical or biased commentary as a narration of events)


I have seen an endless stream of fakes and lies spread virally through social media for the last few months, and no refutation or correction ever reaches the same kind of viral spread that the original claim did - not even ones from the original person making the claim. The refutations don't support people's existing worldview, so they don't spread.


On the other hand, Sunil Tripathi and Pizzagate.


Twitter has also been instrumental in coverage of various conflicts around the world.

And even though Pizzagate is firmly in conspiracy theory territory, you've got to admit - some of Podesta's emails were fucking weird.


> some of Podesta's emails were fucking weird

I don't think that necessarily qualifies as newsworthy. A "real journalist" would have read those e-mails, found them to be pretty weird, then did an investigation to determine if anything of merit could be uncovered before printing a story. If there were any journalists involved, the pizzagate story would have been a perfect example of "irresponsible journalism", i.e. projecting unfounded claims based on rabid speculation and "gut instincts", yet being unable to prove anything definitively.


I'm inclined to say, however small, or peripheral, or target cognizant, this is still an infrastructure hack.

It's not a SCADA attack on systems that deliver services, but surely an attack that lands close enough to "The Electric Grid" to pay attention.

Pay attention now, not later.


Sorry, Glenn, that's not fake news.

The intercept has plenty of "all hat" articles where the picture painted by the headlines doesn't necessarily match the content.


This is what happens when the majority of journalists both have a profit motive and cozy up to the establishment: they'll say anything and a low/no-information populace gobbles it up without a grain of salt.

The Intercept, Democracy Now, Thom Hartmann, TYT, et. al. are in a precarious position because they often speak the truth, which is inconvenient to those in power. Whether they can mostly survive and measurably supplant establishment media by demographics isn't certain. Whether Trump will target investigative journalists and net neutrality (likely) Erdogan-style is anyone's guess.

PS: Another interesting CIA operation which taints media and fuels conspiracy theories https://en.wikipedia.org/wiki/Operation_Mockingbird


What is the boundary between what we consider "fake news" and news with a tiny kernel of truth somewhere in it (in this story it sounds like a semi-related laptop was infected with some malware) that is sensationalized to claim something much broader? I think that there are some pieces of news (e.g. meme-news that people post on social media sites, that would be similar to what one might read in a tabloid) that get automatically rejected by my BS filter a lot easier than something like the piece mentioned in the article, which was posted by a respectable journal.


If we can't create a common sense and universally accepted definition of fake news that's also specific enough, then no attempts to ban "fake news" should even be made.

In my book, manufacturing 90% of the story based on a "small kernel of truth" still counts as fake news, but perhaps others disagree.

This stuff can lead to war (McCain actually called this an act of war from Russia, after reading the original WashPost article), and in fact it has. Unsurprisingly WashPost was a big part of pushing the U.S. into the Iraq war as well.

https://www.democracynow.org/2004/8/13/washington_post_admit...

No lessons learned, it seems.


In many ways it is worse in my opinion. Blatantly false stories (like the one claiming Trump won the popular vote) are easily and quickly debunked. WaPo's brand of exaggerated stories based on a small kernel of truth is a lot more insidious and persistent.


> Blatantly false stories (like the one claiming Trump won the popular vote) are easily and quickly debunked.

If only. How long has the claim that Clinton runs a child abuse ring through a Washington DC pizzeria been going on? The Obama birther controversy?

These things are very difficult to debunk even in the presence of clear contrary information.


WaPo published entirely facts and revised their headline to be more accurate. Their initial statement was not really wrong as much it implied a deeper penetration than what actually happened.


There isn't any value in establishing an arbitrary boundary. A small clickbait blog with a story that is 100% manufactured typically has less effect on public opinion than a mainstream outlet that publishes half or quarter truths. They are both doing a huge disservice to the public and are ethically bankrupt, and shouldn't even be called journalists.


https://twitter.com/DanaHoule/status/815227058334892032

"Hope everyone remembers just before Trump took office @ggreenwald was praising Breitbart & @jeremyscahill was joking about working for Putin"

^ This


Also this:

https://twitter.com/RobertMLee/status/815251935666327556

"Did Russia hack the DNC? Yes. Is the DHS/FBI report good? No. Does either have anything to do with the electric utility in Vermont? Nope."


WashPost now has Editors Note acknowledging its key claim was false (source: https://twitter.com/ggreenwald/status/815291333942411264 )


This is why every time there was a post about "banning fake news" on HN, I specifically gave WashPost as an example (knowing they've written pure propaganda/false stories in the past) and questioned "whether a site like WashPost would have its fake news articles blocked on Facebook, too", when they are caught manufacturing stories (which they arguably did here).

Because if such articles from the big media companies wouldn't be blocked, then the system would be biased and unworkable, and Facebook or Google will just find a lot of backlash against them over it.


At this point there is -zero- evidence Russia hacked anything. Anyone saying that is cringeworthy.


WaPo is now a blatant propaganda outlet. They don't seem to care about the truth anymore and they've become what they accuse others of: a fake news source.


God. Once politics is involved, objectivity and truth are the first casualties.


For your reference the fourth paragraph from WashPost story:

>Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities


Yes, they added that eventually, but long after the story had gone viral.

Here's an earlier cached version: http://web.archive.org/web/20161231011622/https://www.washin...


On a related note, what was the outcome of the claim that North Korea hacked Sony? I was never convinced by the evidence presented but it seems to be something people generally believe was true.


I find this article as misleading as the original WP article. Truth is out the window, get used to it. If one side can come up with utter nonsense, then why can't the other?


Isn't malware on some worker's laptop a common way of penetrating disconnected networks? Not that it matters, as it serves the agenda equally well being either a "false" or a "true" story. Seems like calling Russia out on covert operations was too scary for them, so they chose hacking as a more acceptable thing.


I'd like to see better evidence of the US election being hacked, but I understand they wouldn't want to release anything that could cut off their ways into Russian systems. I don't know how anyone expects to get real proof of it without us deciding to give away strategically important gaps in Russian infosec.


There's more than enough real news to be upset about. With all the focus on email hacking, why no furor over the stolen $100mn?

In the meantime we hear sob stories about the consulate chef being deported. Poor guy! Hard to feel bad when he's got 9 digits stashed in a Swiss account.


The really shameful part of this is the xenophobic garbage spewed by Democrats who are upset their candidate lost the election. They can't handle the thought that they simply lost, so now anyone who disagrees with them is an agent planted by Putin.


But don't you see that you're doing the same from the opposite side? Any criticism of Putin is attributed to bitter Democrats, so there can be no valid criticism of Putin any more.


The problem is that there isn't any real criticism. Much like their failed election campaign - they focused so much on character assassination, that any valid criticism of Trump could simply be dismissed.

If I had to argue a point in a university essay, and argued in the fashion the media has for the last year, any of my profs would have failed me.

You'd think educated professionals, in a supposedly intellectual, free society would do better. But nope, just "Putin is a dictator", or "Trump is a racist". It's these journalists' fault no one listens any more.


Putin has had journalists killed.

He's invaded territory of other countries.

He's authorized the bombing of civilian areas in Syria.

You might think the evidence that the journalists were killed by Russia is inflated. You might think the Russians living in Ukraine deserve to live under the rule of mother Russia. You might not think there are civilians among the Syrian rebels. But I'm pretty sure that those things at least meet the bar of real criticism.


Obama has had Americans assassinated without trial.

He's bombed and destabilized other countries (Libya)

He's funded and armed terrorists fighting in civilian areas of Syria.

See how easy that is? One thing I've learned is just how many shades of gray exist in the real world, and as such I refuse to accept the narrative that Putin is a literal cartoon villain.


Obama deserves criticism for those actions!


Yet the media gives him a pass, and makes us believe Putin is the bogeyman...


And if we weren't talking about Putin personally hacking the DNC and other outlandish things, maybe we'd still be talking about those other points.

Btw, do you keep up with Ukrainian news?


You said there isn't any real criticism but now say that those points were talked about?

Why the hyperbole earlier?


The real criticism ended some time ago. No one cares anymore because of the current hysteria.


> If I had to argue a point in a university essay, and argued in the fashion the media has for the last year, any of my profs would have failed me.

I'd argue that elections have never been won this way. They've always been about identity and attacking your opponent. I'm not saying it's a good thing, but that the 2016 Democratic campaign was not unique in that regard. Hell, Trump's own campaign was run as a referendum on Hillary Clinton as much as it was anything to do with his strengths.


Even by that token, they should have taken a different angle on Trump. The guy is shameless, most of his dealings are out there for everyone to see, and they take the one angle that couldn't be proven - that he's racist, based on what, comments about illegal immigration?

Had they not stacked the deck against Sanders, they'd have a principled, likeable candidate in the general, and then they could have used the angle of Trump being unprincipled. Unfortunately Hillary is equally unprincipled, and less likeable.


>he's racist, based on what, comments about illegal immigration?

He claimed judge Curiel couldn't do his job because of his ethnicity.

He claimed the Central Park five were guilty even though they were cleared by DNA evidence.

His company was fined for not renting to blacks and Hispanics.

The whole birtherism stuff.


Seems the democrats did not count on so few people caring that Trump is at least a little racist.


Trump had no legislatively voting history or any really coherent policies so all that was left was his character.


REAL criticism is valid of course.

People are just tired of democrats calling anything who doesn't agree with them a racist/sexist/islamophobe when the VAST majority of conservatives are none of the above.


But again, within one line you've diverted from talking about the actual topic, Putin, to a random attack on a preconceived notion of what "Democrats" are. How is that relevant?

(All else aside, "the problem with Democrats is that they stereotype large groups of people" is a fantastically ironic statement to make)


Putin isn't involved in this story, so he's not the actual topic.


Fair enough - we're talking about Russia, not Putin. But neither have anything to do with Democrats.


> But neither have anything to do with Democrats.

That's just not true. Democrats have been pushing the narrative that "Russian hackers" are undermining America, and pushing it quite aggressively. So it's completely valid to bring those efforts up in regard to a dramatically over-hyped story about "Russian hackers."


That's exactly the point I was making in the first place - that it is now not possible to criticise Russia without the Democrats being mentioned. There's clearly a real, valid conversation to be had about Russian intelligence efforts against the US (as there is about Chinese efforts, and anyone else) but that conversation is repeatedly shut down with "yeah but Democrats". It doesn't contribute anything and makes it sound like Democrats are the only ones complaining about it, which isn't remotely true.


Where has this conversation been shut down?


The original post I replied to was an attempt to derail the conversation towards arguing about Democrats and ignoring Russia.


It didn't say anything about ignoring Russia. That's something you're attempting to attach to it.


To be fair: "The first sentence of the article directly linked this cyberattack to alleged Russian hacking of the email accounts of the DNC and John Podesta." so really WP already put this in the context of the election.


There's plenty to criticize Putin for- Democrats just don't want to look at how badly they bungled this election and others. (Ask yourself why since 2010 they've lost over 1000 governorships, state legislature seats, and Congressional seats. It ain't Russia!)

And at the same time some of them are saying crap like "Who cares about Russia, their only contribution to the world was the gulag". I'm paraphrasing here, but this is what I was referring to in my post above. In their zeal to denounce a man they see as a racist bigot, they turn to bigotry themselves. Shameful is the word for it. I mean, look at this: https://twitter.com/timjacobwise/status/809188697002409988

All in all it's just a startling 180- 4 years ago, Democrats were (correctly) lambasting Romney for BS tough-talk about Russia.


I once thought fake news meant Breitbart and Alex Jones...


almost comedy.

is it the good AIDs or bad AIDs (Mary Whitehouse experience reference)

It was clearly the good computer virus designed to penetrate state infrastructure. because Glenn Greenwald said so.


Please stop posting unsubstantive comments here, and please also stop posting inflammatory comments about divisive topics. We've asked you this several times before.

We detached this comment from https://news.ycombinator.com/item?id=13293235 and marked it off-topic.


[flagged]


Beginning with a national slur then heading straight for the Nazis makes for an unsubstantive comment. Please don't post like this here.


Your house, your rules - I won't be posting here again.

If you choose to characterize my accurate, unbiased observation of the ignorance of the masses as a 'slur' that's a comment about your bias and/or the nature of the masses.


When it comes to Glenn Greenwald, @noahpinion said it best [1]:

Is there a catch-all term for middle-aged white lefty dudes who are pro-Russia because their political outlook was defined by the Iraq War?

[1] https://twitter.com/Noahpinion/status/815104514046902273


We detached this subthread from https://news.ycombinator.com/item?id=13293198 and marked it off-topic.


how do we report moderators?

you seem intent on forcing your particular world view on hn than providing moderation of explosive or unpleasant reading.

i find reading all the posts you like to detach often more interesting reading than any of the hn comments that get left over.


What's the supposed link there? Much of my political outlook comes from the disaster of Iraq, but I'm not pro-Russia and I don't see how they would be related.


It's not a matter of GG being white or black (not racially), it's a matter of taking his opinions/writings with a bit of salt, but taking them nevertheless.

As much as Noahpinion is entitled to his opinion, so is GG.


Yeah that's just simplistic enough for lazy centrists who would rather not put into question their absolute support for the status quo and the official "truth". Iraq aftermath already caused enough turmoil for their precious minds, wouldn't wanna rack up the therapist bills by rocking the boat even further.


Idk, sounds sort of agist, racist, and sexist to me.


[flagged]


Personal attacks are not allowed on Hacker News. Flamewars are not welcome either. You've been doing both in this thread. We ban accounts that do this, so please stop.

We detached this subthread from https://news.ycombinator.com/item?id=13293599 and marked it off-topic.


I am utterly ashamed of myself - because I just ate a bit too much pie after lunch. I'm definitely not ashamed of myself for this amazing bit of research.

I already replied to someone else on this thread and mentioned they 'claim' they're Ukrainian. Sure, it could be a false flag op. Isn't that self evident?


[flagged]


You seem to be misunderstanding each other. The original post is simply phrased a little poorly in the spot you're arguing about, when it's clear to me that the author is only suggesting the malware is Ukrainian, but the users cannot be inferred from where the malware originated, because it is freely available online for anyone to use.


The article is clearer, but the author of the article seems to not understand his own article.

It's a little baffling, really.


I'm completely baffled what you're talking about.

Is this the sentence you take issue with?

"Turns out it's a hacking group in Ukraine, anyone can get it for free (but if you're nice you'll donate to their BTC account) and the DHS and FBI sample was several versions behind."

Is the point of contention here not whether we know with certainty whether it was the Russians behind this, or is it something else?


The point is the article cherry-picks a single point of data and claims it's the only point of data, when in reality the whole sum of the IOC is what identifies Russia, not any specific piece of malware.


I think the article implies that the totality of evidence is not compelling. As the article states, other institutions like the Guardian and Washington Post have issued retractions about Russian involvement.


> The point is the article cherry-picks a single point of data and claims it's the only point of data

It does?

> when in reality the whole sum of the IOC is what identifies Russia

Really? What evidence here identifies Russia definitively? You can certainly make a plausible argument that Russia would be a good candidate for the culprit, but I'm not seeing an open and shut case here.


I believe the JAR is crap work and doesn't contain any real evidence Russia was behind this. I also believe Russia was behind this.

I'm also inclined to believe that mmaunder's blog post is a bit of posturing, but this is kind of what people do in this industry--hop on a hot topic, try to publish first, try to get clicks. Sigh.


No, you fail to understand the author's comment and then instead of asking whether you were understanding something correctly, you've jumped to conclusions and started attacking the author as a fraud and a spammer instead of recognizing that the summary here was written a little vaguely in a way that you interpreted as the author claiming to have identified who the attackers were, rather than the creators of the malware.


[flagged]


I have no idea what you're talking about. You've twisted subtle phrasing in a comment into an absurd conspiracy.


[flagged]


Please stop.


> The web shell is made by a Ukranian group but there is absolutely no reason to believe the people who used the web shell are Ukranian, nor is there any reason to believe whoever hacked the DNC uses the newer version.

I don't believe the comment you are replying to said otherwise.

The point is that the report made the link: "We found Russian malware, so it must be the Russians." And in reality it's not Russian malware, and as you point out, finding out who wrote it doesn't tell you who used it.


That is what the commenting I'm replying to said, and it was incorrect to say so.


That's how you interpreted it. Since other people interpreted it differently, perhaps it was less clear than you imagined.


Isn't part of Ukraine now Russia? Sooo.....


Russians are the most likely users of the Ukrainian-made malware either way as the most likely place for them to promote it is russian-speaking cyberspace they share with each other without a language barrier.


It's distributed in English with an English interface.


The download page earlier [1] had a Webmoney wallet identifier for donations. Webmoney is a russian payment system that was popular in 00's [2] in ex-soviet countries.

[1] https://web.archive.org/web/20150831091357/http://profexer.n...

[2] https://en.wikipedia.org/wiki/WebMoney


To be clear, I'm not suggesting that it isn't Ukranian, or whatever, I was just pointing out the fact that the interface, etc., is in English and so there may be a wider "market" for the malware. It's consistent with the sort of malware I see on clients' infected WordPress installs semi-regularly.


The international market exists, but there is no evidence of the malware having any positions there or any efforts to promote it there, which is how things usually are. So, it is used mostly by Russians and Ukrainians and is known almost only among them.

If you believe the intelligence agencies, it's only logical to believe that Russians did in fact do it. Simple estimates based on the things that we know about the world don't suggest other possibilities.

Not that it matters though. Russia already did a lot worse, but US officials were so afraid to call it out, even downing MH17 was presented as if Russia "helped rebels" and didn't do it itself.


I tried to Google "pas web shell" and "profexer pas download" (with option to search pages in any language) to understand the audience of a project. What I saw were mostly links to forums in russian (with reviews of the software or tutorials on how to use it), one chinese github account with a collection of web shells and english posts from people who found the backdoor and tried to understand what it was.

So I got an impression that posts in english were mostly from victims and posts in russian were mostly from users.

You can try google these words and see the results yourself.


The support forum thread started by the developer is in russian (many people living in Ukraine speak both Russian and Ukranian so there is no contradictions with an Ukranian flag on the download page): https://rdot.org/forum/showthread.php?t=1567


And the author of the thing on the last page claims that many "packers" can be made to satisfy that signature.


Maybe he understood that things got serious and doesn't want to get extradited to USA.


Doesn't mean anything, the thing is still way more likely to be promoted inside the community than reaching international recognition or any international users really.


It's 19 departments now? At first it was 17 including one that makes maps...

Aside, why again do we have so many "intelligence" agencies anyway?

Anyone else getting sick of the Russian meme? It's beyond crying wolf now.


Glenn Greenwald is being really weird about this Russia hacking thing.

Why?


He's practicing journalism. Demanding verification from sources, particularly historically untrustworthy ones, is basic journalism.


Journalism isn't about "demanding verification" it's about getting it for yourself, and waiting until you have it before writing an article.

Also, him saying "false story" is, itself false, because the the facts are objectively true. Officials did say what they were quoted as saying, and the NYT changed the headline shortly after publishing the story, which is (like it or not) common practice in the industry. Glenn was party to it himself while at The Guardian.

It's just "weird" to me that there's a faction of people out there who don't believe that Russia infiltrated the DNC, and I think it's because they're politically motivated to not believe this to be the case.

There's never been such an ignorance driving security news before. It's alarming and completely out of left field.


It's equally unfathomable to me that there are people who take the Russia/DNC story as fact, even when no concrete evidence has been presented. That WaPo tries to throw fuel on the fire with by exaggerating a small morsel of truth (see: "RUSSIA HACKS U.S. POWER GRID") is even more concerning.


What would you need to see to believe it happened? Be as specific as you can.


Source please

edit: Since you edited your original post - I would want to see the same report that Obama saw, the one that led his administration to go so far as saying Putin was "personally involved" in orchestrating the attack. Redact sensitive info/sources as necessary.

Anything less makes it ludicrous to accuse a nuclear superpower of cyber warfare.


I asked what specific piece of evidence is missing.


You did, after you edited the original post ("There is concrete evidence.")

Have you even looked at the "evidence" out there so far? It's entirely circumstantial evidence put out by third party info sec groups.


Can you specifically name the content you would have to see in a given government report that would convince you this event took place?


Can you specifically name the content in a given government report that has convinced you this event took place?


[flagged]


You are asking for evidence of a lack of evidence. The onus is on you here - it can't be the other way around.


The onus is on me to figure out what you would need to believe this was Russia?


Okay, and how would you like the US government to share that information with you?


Define weird. Unless you just want to suggestively italicize some words and wink wink nod nod

I am pretty skeptical about the extent of direct Russian governmental involvement in the hacking of the DNC and Podesta's email account given the paucity of evidence. It would seem far more likely that Putin's regime turns a blind eye to certain activities either originating in or passing through their domain, as long as the target falls within certain parameters.

Don't get me wrong, I think a certain amount of firm resolve is due to be shown to Russia now and in the future, but I think there are many valid reasons for that without needing to invent them.


> I am pretty skeptical about the extent of direct Russian governmental involvement in the hacking of the DNC and Podesta's email account given the paucity of evidence.

I'm sorry, but what? There is a preponderance of evidence, way more than is usually available for such things.

What piece of evidence is missing? What would convince you?


Here's the thing about intelligence, it's not really verifiable by the public and the stories are only here to push some agenda.


"agenda news"

fvey vs fsb played out in public.


I just feel like there's no amount of evidence that'll convince the folks who are currently unconvinced.


Your feelings assume bad faith.


they'll needing plugging into the matrix and teaching to read Russian plus linking to all the russian underground in 30 seconds or less.

otherwise its too much effort and they'll just go along with whatever seems trendy and cool at the time.

And its definately not cool to point out the sun has set on the American empire.


snowden lives in moscow now. And the US government did enough to annoy both of them that they decided to defect.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: