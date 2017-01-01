Imagine that!
A Russian company providing "technical research and development" to an agency of the Russian govt.
Can we see the proof, please? Of course we can't, because there probably isn't any.
Putting a oligarch with proper resources to defend himself through the courts (if he wants to) on that list is one thing, putting a random person on there is another.
No, we won't show you proof. Here's what we can tell you:
We assess that the proof is classified. We also assess that the hack was directly orchestrated by Putin.
And we do ask that you just take our word for it, because
evidence is classified.
You do believe that we're not lying, right?
Are you suggesting Runssian govt is naturally bad and an agency contracted with them are inherently bad? Or something else?
There is ZERO claim by anyone that any election related system was hacked in any way ! Obama's initial reaction, that he guaranteed the Russians did not touch any computers used for the election is still the official government position. The election was fair and square, at least as far as the IT systems are concerned.
Further misdirection is the claim that the Russians are responsible for this hack. That is the 10.000 foot summary of the government position sure. But it's not really the government position.
Technically, the history of this claim is that the DNC filed a complaint with the FBI. This was treated seriously and the FBI showed up at their doorstep. There was a friendly discussion with coffee and cookies and the message was that the DNC refused them access to their premises. They hired their own computer security firm, a company called CrowdStrike ( https://www.crowdstrike.com/executive-team/ ).
Crowdstrike stands out in a number of ways from most cyber security firms. Firstly, they're the opposite of most security firms. Most security firms, before they get big, have very little money and very big security credentials. This is to say, the cyber security industry is mostly a creation of cyber security people doing security work, and creating a company along the way. Crowdstrike is the opposite : it is very much a company first, created by management, money and influence, which then proceeded to hire a security team that is wholly unremarkable (not to disparage them, but compared to the individuals and early teams that created McAfee or Symantec ... they don't measure up. Nor are they even trying to. The company touts it's management and business (/sales) credentials more than it's security credentials. None of it's executives are well known security researchers or even famous hackers).
Second thing that's very weird about Crowdstrike is that it specializes, not so much in providing security or repairing security holes, but in "threat attribution", with a focus on large state actors. The Sony pictures hack, the Office of Personnel and Resources hack, several terrorism related hacks, and so on. They have "provided evidence" blaming everyone from North Korea, the "Syrian electronic army", the Chinese government, ... in all the cases I've read using similar evidence: they have hired high-level FBI agents and use FBI resources to link command and control networks to particular state actors. In most cases, the evidence is equally flimsy: a bunch of hired servers at colocation providers, AWS, and so on, mostly owned by all sorts of firms (ie. those C&C servers are themselves hacked company servers, with the company/individual owning/hiring them unaware of them being used for other purposes) (I guess the guys policing IRC for command and control networks have mostly succeeded in driving them off).
The big touted hire at CrowdStrike is an FBI enforcement official. They are about finding perpetrators and punishing them, not about securing companies.
Anyway CrowdStrike somehow (they're a private company and not obliged to provide details) assembled a report of the DNC hacks, it's linked it's C&C network to two Russian suspected state actors (for which we don't even have a name), and it's conclusions have been copied verbatim by the FBI and published.
TLDR:
the DNC was hacked, internal communications of high level democrats leaked
these reports implicitly confirm that the leaks are authentic (if you're a Bernie Sanders supporter, you might care about that confirmation)
the conclusion about Russian state hackers comes from a private company that specializes in blaming state agencies for hacks (as absurd as that sounds, it's true), and not from US intelligence agencies
