Our top comment suggested, "The media (and CrowdStrike) blame Russians for it [0]. Heh... yet this blog and the hacker himself, says he did it alone. // Yes, APTs definitely do happen but I'd bet they happen a lot less frequently than the media and security companies would want us to believe."
Those computers also negotiated bitcoin transactions for VPN services, made numerous encouraging facebook posts, transferred data to WikiLeaks, and registered relevant domain names.
And finally those computers communicated with:
1) a candidate for US Congress,
2) a registered state lobbyist,
3) a reporter,
4) a senior member of the Trump campaign.
Additionally, on July 27, Trump suggested in his speech, "Russia, if you're listening. I hope you’re able to find the 30,000 emails that are missing." And those same computers, that same day, "attempted after hours to spearphish for the first time email accounts... used by Clinton's personal office."
The indictment doesn't assert an APT, just plain-old spearphish, steal password, install backdoor. If this was the GRU they didn't need their top men. 100% consistent with the "it could have been anybody, and probably multiple attackers got in" theory.
Note that the communications with the politicians and reporters are all a month or more after the leaks and their contents were public knowledge.
The backdoors (plural) were continuously relaying to a command+control server for a period of months. APT is justifiable as it refers to the entire process--coordinated penetration, continuous monitoring, and repeated exfiltration.
Furthermore, the public leaks _began_ before much of the direct communication, but the direct communication included material that had not yet been publicly leaked. The public leaks didn't occur all at once. They were staged to maximize impact.
> Additionally, on July 27, Trump suggested in his speech, "Russia, if you're listening. I hope you’re able to find the 30,000 emails that are missing." And those same computers, "attempted after hours to spearphish for the first time email accounts... used by Clinton's personal office."
Anyone who has seen the actual video for that blurb that doesn’t take it as a joke should re-evaluate their sense of humor.
Perhaps that is why other heads of state choose their words carefully... there are places where snark, innuendo and sarcasm are in poor taste.
What is the purpose of said “joke”? Did it enhance your life in some way? Did it advance the interests of the USA in some way? What are the limits? Would you consider Strozk’s texts as “jokes” as well? Why or why not?
To bring this back to hacker news, would you prefer a language syntax where you could insert meaningless statements that the interpreter or compiler could selectively decide to execute or not based on some non deterministic property? Lord knows we have enough problems with UB in C already ;)
> Perhaps that is why other heads of state choose their words carefully... there are places where snark, innuendo and sarcasm are in poor taste.
Sure but what constitutes crossing the line is debatable. Plus he wasn't a head of state at the time, he held no office whatsoever and was only a candidate in arguably the dirtiest election of most people's lives.
> What is the purpose of said “joke”? Did it enhance your life in some way?
I thought it was funny and enjoyed the line. As a human I generally enjoy laughing so yes it enhanced my life.
> Did it advance the interests of the USA in some way?
I'd wager others thought it was amusing as well and that may have lead to a more positive opinion of Trump which in turn may have lead to greater voter turn out. A sense of humor can connect with a lot of people. Those that agree with his policies and agenda for the country would see things that lead to his election, such as demonstrating a sense of humor, as positive things.
> What are the limits?
There's no specific rule, it's up to the public to decide. Harping on Clinton's missing emails and private server setup was a go-to topic for Trump including commenting about how it was likely a hacking target by foreign governments. Joking about one of those governments providing the emails as evidence is (IMHO) well within bounds.
> Would you consider Strozk’s texts as “jokes” as well? Why or why not?
There's definitely a lot of hyperbole in Strozk's texts but even stripping that away I wouldn't want him anywhere near an investigation of a political ally or adversary. It's the same reason you wouldn't want him on a jury. It's not that people aren't allowed to have opinions or even strong opinions. It's that once there's been a demonstration of animus or bias the end product will be tainted.
> To bring this back to hacker news, would you prefer a language syntax where you could insert meaningless statements that the interpreter or compiler could selectively decide to execute or not based on some non deterministic property? Lord knows we have enough problems with UB in C already ;)
Politics, and more generally human interaction, is non-deterministic. As much as I love strong typing and well formed expressions, I wouldn't want the entire world outside of software to be like that. There's beauty in the non-determinism.
> Trump and his campaign tried to claim he was kidding. He was not. At that same press conference, minutes later, I asked if it gave him "pause" to ask a foreign government to hack into the emails of any American citizen. He said no and then accused me of trying to "save" Clinton.
Incredibly short sighted given the timing of Trump's comment, the suspicious nature of his campaign's behavior, and Russia's involvement in releasing propaganda designed to help elect Trump.
A reasonable person could look at his behavior and think that he was hiding his corruption in plain sight.
The indictment is a reminder of just how much data can be pieced together about a person's online activity, at least with considerable resources and seemingly proper court authorized warrants. From web searches, to emails, twitter posts, block chain transactions, all of it could be correlated together. The searching for specific phrases that then appeared in a text is particularly damning.
What I could not glean from the indictment is how they could possibly have identified these 12 people individually. The government must have some other sigint or humint for that? Will this ever make it to trial so that evidence can be revealed?
> What I could not glean from the indictment is how they could possibly have identified these 12 people individually. The government must have some other sigint or humint for that? Will this ever make it to trial so that evidence can be revealed?
These indictments are the result of a massive counterintelligence operation spanning many agencies from several nations. In this case specifically, the AIVD (Dutch intel) hacked the GRU offices where a large part of the hacking was carried out and managed to exfiltrate significant amounts of evidence including CCTV security footage of GRU officers coming and going [1]. The evidence proving the crimes for the purposes of a conviction will be made public but unless lawyers for the defendants come to challenge the warrants and get them unsealed, the evidence that led to the public stuff will likely stay secret for decades.
Knowing the details is very different from having access to the physical evidence that led to that knowledge. The latter can very often be used to trace intelligence operatives and expose the methods they use - either of which could have life or death consequences for the operatives themselves, the informants and dissidents they work with, and Americans working in the area in general.
For example, when it was exposed that the CIA was using a vaccination program in Pakistan to test for the DNA of known terrorists, their associates, and families, the backlash led to the death of many aid works and a massive drop in vaccinations in the country.
If the evidence used here was obtained via intelligence services partly through hacking, and there is no real "defense" to speak of, why should we take this to be valid? How can we be sure that elements of this evidence haven't been fabricated or tampered with?
The defendants will have the opportunity to dispute the evidence and challenge the legality of its acquisition before a judge and then several layers of appeals courts. What we know is that the prosecutors have already done their due diligence, that warrants were granted after judicial review, and that the evidence obtained from those warrants was enough to convince a grand jury to indict, regardless of whether the highly classified intel used to get that evidence was genuine or not.
More importantly we know that the career Republicans running the office of special counsel, who incidentally all left multi-million dollar a year jobs to be at the center of the most politically charged, controversial, and scrutinized investigations in American history, have staked their reputations and careers on the truth of all of the documents they have filed in court, under oath.
