Slashdot Mirror
FBI and Homeland Security Detail Russian Hacking Campaign In New Report (theguardian.com)
An anonymous reader quotes a report from The Guardian: The U.S. Department of Homeland Security (DHS) and FBI have released an analysis of the allegedly Russian government-sponsored hacking groups blamed for breaching several different parts of the Democratic party during the 2016 elections. The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late. "The activity by [Russian intelligence services] is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens," wrote the authors of the government report. "This [joint analysis report] provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. government." The government report follows several from the private sector, notably a lengthy section in a Microsoft report from 2015 on a hacking team referred to as "advanced persistent threat 28" (APT 28), which the company's internal nomenclature calls Strontium and others have called Fancy Bear. Also mentioned in the government document is another group called APT 29 or Cozy Bear. The Microsoft report contains a history of the groups' operation; a report by security analysts ThreatConnect describes the team's modus operandi; and competing firm CrowdStrike detailed the attack on the Democratic National Committee shortly before subsequent breaches of the Democratic Congressional Campaign Committee and the Hillary Clinton campaign were discovered.
Never mind, I'm a fucking idiot and was looking at the wrong article link.
The report in no was alleges "foreign influence." It simply describe a cyber intrusion of Democratic Party assets and individuals in technical detail, ascribes the techniques and tools used in the intrusion to entities believed to be (or affiliated with) the Russians, and recommends sensible, albeit completely standard, countermeasures to similar future such attacks. The report in no way addresses, suggests, or concludes how any information gained in the attack was used to “interfere” with the recent election. Critically, there report does not ascribe any of the damaging Wikileak documents, which were the documents that most appear to have had a damaging effect on Clinton, to the attacks that were subject of the report. The report is what it is. It isn't what it isn't, a report addressing election "interference."
This report was ripped to shreds yesterday.
It's mostly OWASP copypasta with recommended mitigations and a few interesting tidbits.
I'm also not clear on why this submission linked to a copy of the report. Best compare it with the original report in case there are any differences..
The DNC is not the US Government. Voting machines weren't hacked. While hacking the DNC might be against the law, influencing elections is not. I just want some one to tell me how the Russians releasing emails is not unlike the Koch brothers buying advertising? At least the emails were truthful. As long as business can set up their super-PACs to influence elections can we really object to a foreign government doing the same?
Pages 1-3: overview of recent activities of some hacking groups
Page 4: list of these groups
Pages 5-12: suggested security measures (copied from "Cybersecurity for dummies"?)
Page 13: contacts
Again, no evidence of Russian involvement. Or anything that can be called a detailed analysis.
Full Stop. This was not "Trump Winning" or "Russia Hacking" it was the DNC being so completely out of touch with parts of the country they knew they would win than they still don't accept that they lost there. Michael Moore nailed it in 5 Reasons Trump Will Win.
The whole election loss can come down to a few swing states. A few extra thousand voters one way or another in a state that is solid Red or Blue isn't what got Trump elected. (Just like Clinton getting massive numbers in California didn't win her the election, that's not how the rules were set before the game)
I'll just point out the 2 states I'm most familiar with, Wisconsin and Michigan. Not coincidentally both of those states they had completely wrong in the Primary as well. Both states were "Sure" Clinton states and Sanders proved them wrong. Clinton didn't visit Wisconsin once for the general election. She sent a bunch of proxies. She did hit Michigan late but more or less completely ignored it prior to their number crunchers going "eh maybe we're wrong". The Russians didn't tell her not to go to Wisconsin. The Russians didn't push Sanders over the top in the Primaries. The Russians didn't collude to keep Sanders out of the nomination. [And even IF they did, I don't think 'Those guys did something illegal to illustrate something I was doing illegal" is a justifiable defense in court]
Stein and Johnson ran in both 2012 and 2016 so you can use them as a 'control' between the candidates. Personally Michigan's Green bump in 2012 and the corresponding Democrat drop should have been an indication 4 years ago that something was up.
Wisconsin's numbers:
Republican Presidential votes:
Democratic Presidential votes:
Libertarian Presidential votes:
Green Presidential votes:
Michigan's numbers look similar.
Republican Presidential votes:
Democratic Presidential votes:
Libertarian Presidential votes:
Green Presidential votes:
Please look at what they provided. There is literally no evidence given in the document, not even an attempt. They make up some names
That's because you don't have both a security clearance and a need-to-know. Revealing *how* they figured out that different attacks came from the same group, and where that group is based, would allow such groups to figure out how to hide their tracks from the FBI better. That would obviously be injurious to the US and ....
...OH! I see what you are doing now. Nice try, Anonymous Comrade.
The problem is that we're conflating the two. The answer to the first one is pretty much certainly yes. The answer to the second is a lot less clear and, given that the attack didn't require anything like the capabilities of a state-level adversary, the response is a problem. The evidence that we have for the hack shows that a script kiddie, probably in Russia, hacked the DNC. Russia might have done it as a state-sanctioned operation, but so might one of hundreds of individuals (including a load of bored teenagers).
The real story with regard to the emails is that the DNC (and, most likely, the GOP) has really crappy infosec and is basically wide open and many parts of the US government are probably in a similar situation. The NSA has been tasked with a dual mission of attack and defence and has prioritised attack the point that it has completely failed at defence.
Blaming Russia and kicking our Russian diplomats led to retaliation and made the US look stupid. Everyone knows that attribution for cyber attacks is incredibly hard and all that this has done is shown that the relevant agencies in the USA doesn't know how incompetent they are because they don't even understand the problem properly.
I am TheRaven on Soylent News
Do you even read the articles you post?
Last week, Baxter told The News 87 optical scanners broke on Election Day. He said many jammed when voters tried repeatedly to stuff single ballots into scanners, which can result in erroneous vote counts if poll workers don’t adjust counters. ...
Detroit’s ballot was two pages because it included dozens of candidates for the local Board of Education. The number of pages can cause machines to jam and lead them to count too many ballots, said Genesee County Clerk John Gleason.
This is what happens when you don't have an effective, reliable, and efficient voting system.
Also, the recount was ended by the Michigan Supreme Court because Stein's recount request wasn't valid.
Put the conspiracy Kool-Aid down, homie.