Slashdot Mirror
FBI and Homeland Security Detail Russian Hacking Campaign In New Report (theguardian.com)
An anonymous reader quotes a report from The Guardian: The U.S. Department of Homeland Security (DHS) and FBI have released an analysis of the allegedly Russian government-sponsored hacking groups blamed for breaching several different parts of the Democratic party during the 2016 elections. The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late. "The activity by [Russian intelligence services] is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens," wrote the authors of the government report. "This [joint analysis report] provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. government." The government report follows several from the private sector, notably a lengthy section in a Microsoft report from 2015 on a hacking team referred to as "advanced persistent threat 28" (APT 28), which the company's internal nomenclature calls Strontium and others have called Fancy Bear. Also mentioned in the government document is another group called APT 29 or Cozy Bear. The Microsoft report contains a history of the groups' operation; a report by security analysts ThreatConnect describes the team's modus operandi; and competing firm CrowdStrike detailed the attack on the Democratic National Committee shortly before subsequent breaches of the Democratic Congressional Campaign Committee and the Hillary Clinton campaign were discovered.
Not so fast, comrades! We'll teach you to inform our electorate!
"What... Trump says the election is rigged? Calm down folks, it's not like anyone could HACK us or anything, sheesh"
-after election-
"the russians!"
is that, when you really need folks to believe you, it just doesn't happen.
Maybe if the US Government understood this fact, we might actually care what they have to say.
Please look at what they provided. There is literally no evidence given in the document, not even an attempt. They make up some names, put them in a diagram and say that is proof. They didn't even try.
This document is one of those DNC talking points that isn't valid. Now the DNC supporters will be screaming that the FBI released proof of the attack, but not one of them will even look at it to see that the document doesn't contain anything even attempting to prove it. Its just a placeholder to give DNC supporters talking points to use. Watch over the next week how many of them cite this document is unquestionable proof and will refuse to hear anyone question it.
"The FBI and DHS have shown proof that the Russians did it."
"Are you questioning the integrity of the FBI by saying the document is lying?"
Mark my words, you will hear the above non-stop now.
that we, the united states, have worked to skew elections and overthrow governments for nearly fifty years as though it were nothing more than another element of common foreign policy. However, whenever a foreign nation tries to influence our elections, its somehow a capital offence the world must take seriously.
If sanctions didnt work for Ukrane, they wont work here. Although they do an amazing job of allowing you to avoid the fact of the matter which is that Hillary Clinton was a turd of a candidate who rigged the parties primary, and enjoyed limited popularity outside major metropolitan areas. She never set foot in places like Wisconsin, took a gamble that LA was somehow bigger than all the midwest, and lost.
Good people go to bed earlier.
I bet the rest of the World can pause and find this amusing, since we Americans probably sought to influence more elections the last century than any nation... looking at you Central & South America.
I'm as bewildered as the next fellow as to how we ended up our newest Commander-in-Chief, but I also believe it's time he and the former administration started working together like big boys.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
An article talking about Russia trying to influence American politics, but not mentioning George Soros or foreign donations to the Clinton Foundation...
That is propaganda.
If the degree of "russian hacking" can be so easily foiled, it doesn't sound much like they were using master criminals or IT experts - just script-kiddie stuff that follows people around the internet every day. One would hope that if they have solid evidence that this originated ONLY from the russian intelligence services that they are a lot more certain of it than they appear to make out here. If that was the case, it seems like the fix is easy and well known.
One also assumes that the US intelligence services are doing exactly the same to the "bad guys" and are getting similar sorts of results.
Of course the more interesting question would be: If this is what they discovered what about all the advanced hacking that they haven't uncovered - both in techniques and targets? If an election can be hacked so easily, what are the REAL experts influencing and stealing?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
That was page after page that basically translates to "APT sent spam to a large list of recipients and target fell for it."
Exactly. Oh, I think there's a list of TOR exit nodes in there, too.
Why do our mighty Russian hackers rely on pathetic phishing scams instead of putting in hardware backdoors by intercepting new hardware in the mail? Why can't they park a TEMPEST van a few miles away and read the passwords from the keyboard? They have Snowden, who revealed the NSA's TAO programs and things like how we're tapping Merkel's phone in Germany.
Are we seriously to believe that these Russian boogeymen are on the same level as your average 419 scammer and the poor, hapless DNC couldn't defend themselves?
I also note that a lot of places talk about "election hacking." That's not at all the same thing as someone in the DNC losing their email to a common scam, there's no evidence of vote tampering and even 538 pointed out how silly that was.
It shows just how massive the partisan divide is. It seems to have completely slipped peoples' minds that "breaking into the DNC to look for dirt to use against the Democratic Presidential Candidate" is EXACTLY what started a little controversy called "Watergate." But, because it's politically advantageous, a number of people seem to be dead set on ignoring or dismissing any evidence about what happened this time.
Let's be _absolutely_ clear: This isn't about sour grapes because the Democrats lost. This isn't about attacking Trump (though he and his supporters treat it as such, which is disturbing in its own way). This _is_ about what happens next time, because if you establish a precedent that it's basically okay for foreign governments to hack and dox political campaigns in the USA, they're going to keep doing it. Worse, others like China or Iran might just decide to join in. Worse still, candidates might preemptively cozy up to Russia or whomever in hopes of getting assistance against their opponent(s).
The burden of proof is on the one making allegations of Russian hacking. We know what nation state level hacking looks like thanks, ironically, to Snowden. We know the NSA can intercept your new router in the mail and install a durable backdoor on it that will survive everything you do to it. We know the NSA has TEMPEST vans that can snoop on your screen and keyboard.
The idea that a nation state is left to rely upon low level phishing scams seems laughable at best. Just look to past examples to see that they had better stuff than this.
Here are a few past examples of real hacking. Note how much more sophisticated these attacks were:
* Theremin's bug
* MI6 spies on Russia with fake rock
Please tell me again why Russia has fallen back to kiddie level phishing scams? Remember, the burden of proof is on the people saying "it's Russia" and I'm not going to let anyone shift that.
When some people tell me that Russel's teapot is in orbit and others say it's not, I'm going to wait for evidence. I can't just average them out and conclude that a teacup or possibly a saucer is up there flying around, if not a whole teapot.
Does that make it OK that the DNC was hacked and its private communications were released in an attempt to influence the election?
Like I asked, does someone doing something illegal to point out your shady dealings make them the ones at fault? If the leaks happened and they didn't show the DNC colluding to keep out Sanders or CNN spoon feeding questions would she have won? (Likely not). The only thing the e-mails did was validate the opinions most people had, the people that protest voted against Clinton would have "known" she colluded or cheated in the primaries evidence or not.
Most people I knew had their minds made up as soon as the pieces were set. In Wisconsin Johnson didn't jump from 20k to 106k from some 'leaked e-mails', nor Stein 7k to 31k. Most people in the Midwest had their minds made up about Clinton before the primary began. (See also Democratic Primary Results, 2016.)
The DNC lost it's shot at the presidency when they tied their fate to Clinton. The Russians didn't setup Clinton's e-mail server. The Russians didn't vote for NAFTA. Perceived or real, a lot of blue collar workers in those states blame NAFTA for our economic problems.
So the MSM and the DNC collude to elect a specific candidate of their choice and you want to go off on Russia for something a DNC insider leaked? You are OK with the sitting President and his party make every effort to delegitimize the incoming President? Meanwhile if there truly was a concern with Russia interfering in our elections the focus would need to be on preventing future interference. Also the DNC leadership should have been notified that their security was weak when it actually mattered. Doing it now only gives every appearance of a temper tantrum by a party in denial.