Young Russian denies she aided election hackers: ‘I never work with douchebags’ (theguardian.com)
The company “provided the GRU with technical research and development”, according to the fact sheet released by the White House. No further details were given.

Imagine that!

A Russian company providing "technical research and development" to an agency of the Russian govt.


Imagine that, the US Government making vague, unverifiable statements to support actions against a foreign government.


Not that I'm pro Russian, but that's exactly what I'd expect from the US government. Trying to police the world while making baseless accusations and meanwhile fucking up someone's life.

Can we see the proof, please? Of course we can't, because there probably isn't any.

Putting a oligarch with proper resources to defend himself through the courts (if he wants to) on that list is one thing, putting a random person on there is another.


Can we see the proof, please?

No, we won't show you proof. Here's what we can tell you:

We assess that the proof is classified. We also assess that the hack was directly orchestrated by Putin.

And we do ask that you just take our word for it, because evidence is classified.

You do believe that we're not lying, right?


Sure don't! :)


All fear the big bad Russian bear, and definitely don't look behind the curtain that stands behind the American eagle.


What do you try to imply or ask readers to imagine?

Are you suggesting Runssian govt is naturally bad and an agency contracted with them are inherently bad? Or something else?


They are pointing out that it is almost contentless since there is no more natural state of affairs than a domestic consulting company providing services to its own government agencies.


I upvoted you because your comment suggests that English is not your native language. Even native English speakers have a problem understanding stuff, but that's not a reason to downvote a comment.


Not native English speaker here; I read your comment along the lines "move along, nothing to see here, a foreign company collaborates with its own government, what's the big deal", plus a bit of sarcasm towards someone who tries to imply maliciousness from this. But language aside, sarcasm is always a bit tricky in comments.


I will also deny that I helped the Russians.


I think the big misdirection in all this news is different. They do not claim the election was hacked, despite everyone calling it that. This is about the DNC hack. So the computers of Hillary's campaign team were hacked and data leaked, mostly emails. That's important here. Americans really did vote the way they did, nobody's disputing that. Only the headlines claim different, the articles themselves do not.

There is ZERO claim by anyone that any election related system was hacked in any way ! Obama's initial reaction, that he guaranteed the Russians did not touch any computers used for the election is still the official government position. The election was fair and square, at least as far as the IT systems are concerned.

Further misdirection is the claim that the Russians are responsible for this hack. That is the 10.000 foot summary of the government position sure. But it's not really the government position.

Technically, the history of this claim is that the DNC filed a complaint with the FBI. This was treated seriously and the FBI showed up at their doorstep. There was a friendly discussion with coffee and cookies and the message was that the DNC refused them access to their premises. They hired their own computer security firm, a company called CrowdStrike ( https://www.crowdstrike.com/executive-team/ ).

Crowdstrike stands out in a number of ways from most cyber security firms. Firstly, they're the opposite of most security firms. Most security firms, before they get big, have very little money and very big security credentials. This is to say, the cyber security industry is mostly a creation of cyber security people doing security work, and creating a company along the way. Crowdstrike is the opposite : it is very much a company first, created by management, money and influence, which then proceeded to hire a security team that is wholly unremarkable (not to disparage them, but compared to the individuals and early teams that created McAfee or Symantec ... they don't measure up. Nor are they even trying to. The company touts it's management and business (/sales) credentials more than it's security credentials. None of it's executives are well known security researchers or even famous hackers).

Second thing that's very weird about Crowdstrike is that it specializes, not so much in providing security or repairing security holes, but in "threat attribution", with a focus on large state actors. The Sony pictures hack, the Office of Personnel and Resources hack, several terrorism related hacks, and so on. They have "provided evidence" blaming everyone from North Korea, the "Syrian electronic army", the Chinese government, ... in all the cases I've read using similar evidence: they have hired high-level FBI agents and use FBI resources to link command and control networks to particular state actors. In most cases, the evidence is equally flimsy: a bunch of hired servers at colocation providers, AWS, and so on, mostly owned by all sorts of firms (ie. those C&C servers are themselves hacked company servers, with the company/individual owning/hiring them unaware of them being used for other purposes) (I guess the guys policing IRC for command and control networks have mostly succeeded in driving them off).

The big touted hire at CrowdStrike is an FBI enforcement official. They are about finding perpetrators and punishing them, not about securing companies.

Anyway CrowdStrike somehow (they're a private company and not obliged to provide details) assembled a report of the DNC hacks, it's linked it's C&C network to two Russian suspected state actors (for which we don't even have a name), and it's conclusions have been copied verbatim by the FBI and published.

TLDR:

the DNC was hacked, internal communications of high level democrats leaked

these reports implicitly confirm that the leaks are authentic (if you're a Bernie Sanders supporter, you might care about that confirmation)

the conclusion about Russian state hackers comes from a private company that specializes in blaming state agencies for hacks (as absurd as that sounds, it's true), and not from US intelligence agencies




