Slashdot Mirror
FBI and Homeland Security Detail Russian Hacking Campaign In New Report (theguardian.com)
An anonymous reader quotes a report from The Guardian: The U.S. Department of Homeland Security (DHS) and FBI have released an analysis of the allegedly Russian government-sponsored hacking groups blamed for breaching several different parts of the Democratic party during the 2016 elections. The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late. "The activity by [Russian intelligence services] is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens," wrote the authors of the government report. "This [joint analysis report] provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. government." The government report follows several from the private sector, notably a lengthy section in a Microsoft report from 2015 on a hacking team referred to as "advanced persistent threat 28" (APT 28), which the company's internal nomenclature calls Strontium and others have called Fancy Bear. Also mentioned in the government document is another group called APT 29 or Cozy Bear. The Microsoft report contains a history of the groups' operation; a report by security analysts ThreatConnect describes the team's modus operandi; and competing firm CrowdStrike detailed the attack on the Democratic National Committee shortly before subsequent breaches of the Democratic Congressional Campaign Committee and the Hillary Clinton campaign were discovered.
Not so fast, comrades! We'll teach you to inform our electorate!
"What... Trump says the election is rigged? Calm down folks, it's not like anyone could HACK us or anything, sheesh"
-after election-
"the russians!"
is that, when you really need folks to believe you, it just doesn't happen.
Maybe if the US Government understood this fact, we might actually care what they have to say.
Please look at what they provided. There is literally no evidence given in the document, not even an attempt. They make up some names, put them in a diagram and say that is proof. They didn't even try.
This document is one of those DNC talking points that isn't valid. Now the DNC supporters will be screaming that the FBI released proof of the attack, but not one of them will even look at it to see that the document doesn't contain anything even attempting to prove it. Its just a placeholder to give DNC supporters talking points to use. Watch over the next week how many of them cite this document is unquestionable proof and will refuse to hear anyone question it.
"The FBI and DHS have shown proof that the Russians did it."
"Are you questioning the integrity of the FBI by saying the document is lying?"
Mark my words, you will hear the above non-stop now.
that we, the united states, have worked to skew elections and overthrow governments for nearly fifty years as though it were nothing more than another element of common foreign policy. However, whenever a foreign nation tries to influence our elections, its somehow a capital offence the world must take seriously.
If sanctions didnt work for Ukrane, they wont work here. Although they do an amazing job of allowing you to avoid the fact of the matter which is that Hillary Clinton was a turd of a candidate who rigged the parties primary, and enjoyed limited popularity outside major metropolitan areas. She never set foot in places like Wisconsin, took a gamble that LA was somehow bigger than all the midwest, and lost.
Good people go to bed earlier.
Did you borrow your foreign policy from the 80's?
DNC hacks - perks for the rich, perks for the poor, make the working class pay for it all.
This is why you lost the election.
Never mind, I'm a fucking idiot and was looking at the wrong article link.
The report in no was alleges "foreign influence." It simply describe a cyber intrusion of Democratic Party assets and individuals in technical detail, ascribes the techniques and tools used in the intrusion to entities believed to be (or affiliated with) the Russians, and recommends sensible, albeit completely standard, countermeasures to similar future such attacks. The report in no way addresses, suggests, or concludes how any information gained in the attack was used to “interfere” with the recent election. Critically, there report does not ascribe any of the damaging Wikileak documents, which were the documents that most appear to have had a damaging effect on Clinton, to the attacks that were subject of the report. The report is what it is. It isn't what it isn't, a report addressing election "interference."
I bet the rest of the World can pause and find this amusing, since we Americans probably sought to influence more elections the last century than any nation... looking at you Central & South America.
I'm as bewildered as the next fellow as to how we ended up our newest Commander-in-Chief, but I also believe it's time he and the former administration started working together like big boys.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
An article talking about Russia trying to influence American politics, but not mentioning George Soros or foreign donations to the Clinton Foundation...
That is propaganda.
This report was ripped to shreds yesterday.
It's mostly OWASP copypasta with recommended mitigations and a few interesting tidbits.
I'm also not clear on why this submission linked to a copy of the report. Best compare it with the original report in case there are any differences..
The DNC is not the US Government. Voting machines weren't hacked. While hacking the DNC might be against the law, influencing elections is not. I just want some one to tell me how the Russians releasing emails is not unlike the Koch brothers buying advertising? At least the emails were truthful. As long as business can set up their super-PACs to influence elections can we really object to a foreign government doing the same?
Pages 1-3: overview of recent activities of some hacking groups
Page 4: list of these groups
Pages 5-12: suggested security measures (copied from "Cybersecurity for dummies"?)
Page 13: contacts
Again, no evidence of Russian involvement. Or anything that can be called a detailed analysis.
I am really appalled at how many people don't take the Russian interference seriously and blame it on some kind of Democrat/Obama conspiracy. This has been happening in eastern European countries for decades and Russia has now been targeting also western Europe since the annexation of Crimea and the war in Ukraine. Russia is funding right-wing populist parties and helping them out with propaganda all across the western hemisphere in an attempt to discredit our democracies and our free press.
Don't believe it? Google "russia populist funding". Here are the top three links:
http://www.telegraph.co.uk/new...
http://www.independent.co.uk/n...
http://www.economist.com/news/...
It's really scary how much success they are having in sowing distrust in our institutions and our free press. Every time I read someone here decrying some mayor western news outlet as "Fake News" I am reminded of the effectiveness of Putins troll army.
Do note the same Guardian had to retract earlier statements.
Oh, they had to edit the ODNI statement too.
Best keep watching for more revisionist history.
Full Stop. This was not "Trump Winning" or "Russia Hacking" it was the DNC being so completely out of touch with parts of the country they knew they would win than they still don't accept that they lost there. Michael Moore nailed it in 5 Reasons Trump Will Win.
The whole election loss can come down to a few swing states. A few extra thousand voters one way or another in a state that is solid Red or Blue isn't what got Trump elected. (Just like Clinton getting massive numbers in California didn't win her the election, that's not how the rules were set before the game)
I'll just point out the 2 states I'm most familiar with, Wisconsin and Michigan. Not coincidentally both of those states they had completely wrong in the Primary as well. Both states were "Sure" Clinton states and Sanders proved them wrong. Clinton didn't visit Wisconsin once for the general election. She sent a bunch of proxies. She did hit Michigan late but more or less completely ignored it prior to their number crunchers going "eh maybe we're wrong". The Russians didn't tell her not to go to Wisconsin. The Russians didn't push Sanders over the top in the Primaries. The Russians didn't collude to keep Sanders out of the nomination. [And even IF they did, I don't think 'Those guys did something illegal to illustrate something I was doing illegal" is a justifiable defense in court]
Stein and Johnson ran in both 2012 and 2016 so you can use them as a 'control' between the candidates. Personally Michigan's Green bump in 2012 and the corresponding Democrat drop should have been an indication 4 years ago that something was up.
Wisconsin's numbers:
Republican Presidential votes:
Democratic Presidential votes:
Libertarian Presidential votes:
Green Presidential votes:
Michigan's numbers look similar.
Republican Presidential votes:
Democratic Presidential votes:
Libertarian Presidential votes:
Green Presidential votes:
If the degree of "russian hacking" can be so easily foiled, it doesn't sound much like they were using master criminals or IT experts - just script-kiddie stuff that follows people around the internet every day. One would hope that if they have solid evidence that this originated ONLY from the russian intelligence services that they are a lot more certain of it than they appear to make out here. If that was the case, it seems like the fix is easy and well known.
One also assumes that the US intelligence services are doing exactly the same to the "bad guys" and are getting similar sorts of results.
Of course the more interesting question would be: If this is what they discovered what about all the advanced hacking that they haven't uncovered - both in techniques and targets? If an election can be hacked so easily, what are the REAL experts influencing and stealing?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Trump's doing a decent job of making himself look like a thundering idiot. Also, I'm not sure when it happened, but at least when I was a kid, the idea that "the Rooskies" might have interfered with a U.S. election would not be so casually dismissed by the party of Reagan.
Except that they're really not the party of Reagan any more, are they? I mean, I know why McConnell isn't rocking the boat. He got paid with his wife being offered a Cabinet position. And Ryan is too busy thinking of ways to shit on poor people to actually give a fuck (in that way, he is still part of the party of Reagan, because he's continuing with all that "welfare queen" folderol). But the rest of the party? Where's the indignation?
Oh right, they're too busy celebrating that they're going to be back in power to actually give a fuck about how they got there or the consequences. (You can also see that in the "repeal and replace" plan they have for the ACA.)
Mr. Hu is not a ninja.
What happened that we truly know of:
1. In the summer of 2015, someone (evidence points to Russian) spear-phished passwords from unsavvy staffers on the DNC email server
2. Almost a year later, Wikileaks publishes a dump of DNC emails. It is assumed by many to have come from the previous infiltration, though there are other ways Wikileaks could have obtained the data, and no definitive link connecting the two events have so far been presented.
3. Through the email dump, the American public is able to see the DNC's inner workings, including:
- party officials colluding to hinder Bernie Sanders
- party insider helping the Clinton campaign to cheat during debate
- astroturf campaign to create illusion of spontaneous public protest against opponent
- journalists coordinating with party officials to ensure party messaging is on track
4. Some voters may have reconsidered their voting decisions, or even the decision to participate in this cycle, due to the above information.
5. Critical states of Wisconsin, Michigan, and Pennsylvania which were assumed to be safe states for Clinton (and who as a result did not campaign aggressively there), instead fall to Trump during the general election, ensuring a GOP win.
What the press & defeated party instead want you to think:
1. Russia hacked America
2. Trump is now the President
3. "... we're not saying Trump administration is a creation of the Russian state... *wink wink nudge nudge* but the Trump administration is obviously a creation and stupid dumb puppet of the Russian state... for realz tho... also, don't listen to fake news"
There is an immense effort right now to make us take mental shortcuts, to skip certain events in our memories, to forget that certain misdeeds were done not by Russians but by Americans.
your thin skin doesn't make me a troll
Exactly. Oh, I think there's a list of TOR exit nodes in there, too.
Why do our mighty Russian hackers rely on pathetic phishing scams instead of putting in hardware backdoors by intercepting new hardware in the mail? Why can't they park a TEMPEST van a few miles away and read the passwords from the keyboard? They have Snowden, who revealed the NSA's TAO programs and things like how we're tapping Merkel's phone in Germany.
Are we seriously to believe that these Russian boogeymen are on the same level as your average 419 scammer and the poor, hapless DNC couldn't defend themselves?
I also note that a lot of places talk about "election hacking." That's not at all the same thing as someone in the DNC losing their email to a common scam, there's no evidence of vote tampering and even 538 pointed out how silly that was.
is that people cast votes, and our elections are won or lost, on whether or not a candidate comes to their state and tells them what they want to hear.
It boggles my mind that it still works. We live in an age where information - real, massaged, and fabricated - is available 24/7. Yet politics is still just politics, where you don't have to be a good candidate to win. You just have to be a better shyster.
We should have a "neither" option, and if neither wins, we go back and start over.
I know why that won't work, because the entire system has been built by those who gain the most from it. And it is not the American people. It just makes me sad that as "the greatest nation" we still can't get the basics right.
My beliefs do not require that you agree with them.
It shows just how massive the partisan divide is. It seems to have completely slipped peoples' minds that "breaking into the DNC to look for dirt to use against the Democratic Presidential Candidate" is EXACTLY what started a little controversy called "Watergate." But, because it's politically advantageous, a number of people seem to be dead set on ignoring or dismissing any evidence about what happened this time.
Let's be _absolutely_ clear: This isn't about sour grapes because the Democrats lost. This isn't about attacking Trump (though he and his supporters treat it as such, which is disturbing in its own way). This _is_ about what happens next time, because if you establish a precedent that it's basically okay for foreign governments to hack and dox political campaigns in the USA, they're going to keep doing it. Worse, others like China or Iran might just decide to join in. Worse still, candidates might preemptively cozy up to Russia or whomever in hopes of getting assistance against their opponent(s).
An alternate reading of this news produces the following news:
* Government agencies and political parties have continued the discussion without a modicum of doubt on document authenticity.
* Agencies have successfully dominated news cycles on this topic and zero discussion has been made regarding DNC primaries tampering.
* No mass media has mentioned, let alone considered why, Chairperson Debbie Wasserman Schultz, Communications Director Luis Miranda, Chief Financial Officer Brad Marshall and Chief Executive Amy Dacey all resigned from DNC.
That is the real news in my opinion.
-- I was raised on the command line, bitch
Comment removed based on user account deletion
The problem is that we're conflating the two. The answer to the first one is pretty much certainly yes. The answer to the second is a lot less clear and, given that the attack didn't require anything like the capabilities of a state-level adversary, the response is a problem. The evidence that we have for the hack shows that a script kiddie, probably in Russia, hacked the DNC. Russia might have done it as a state-sanctioned operation, but so might one of hundreds of individuals (including a load of bored teenagers).
The real story with regard to the emails is that the DNC (and, most likely, the GOP) has really crappy infosec and is basically wide open and many parts of the US government are probably in a similar situation. The NSA has been tasked with a dual mission of attack and defence and has prioritised attack the point that it has completely failed at defence.
Blaming Russia and kicking our Russian diplomats led to retaliation and made the US look stupid. Everyone knows that attribution for cyber attacks is incredibly hard and all that this has done is shown that the relevant agencies in the USA doesn't know how incompetent they are because they don't even understand the problem properly.
I am TheRaven on Soylent News
So the MSM and the DNC collude to elect a specific candidate of their choice and you want to go off on Russia for something a DNC insider leaked? You are OK with the sitting President and his party make every effort to delegitimize the incoming President? Meanwhile if there truly was a concern with Russia interfering in our elections the focus would need to be on preventing future interference. Also the DNC leadership should have been notified that their security was weak when it actually mattered. Doing it now only gives every appearance of a temper tantrum by a party in denial.
Just go back to paper ballots. Problem solved forever.
That's not the issue at hand. The Russian's did the Internet equivalent of the Nixon White House trying to bug the DNC offices in the Watergate building.
Trump has had some connection with several major world leaders, you're just fixated on Putin.
Reminder the USA is the one war mongering and destabilizing countries, and that included the Ukraine
> But of course you believe that these unsophisticated, low level attacks are a sign of a nation state
Pretty sure I just said the exact fucking opposite. I said I've seen no evidence that the Russian government was responsible, and my guess is that most likely it was a non-government group who is friendly with some politicians.
> It tips them off to the fact that you're in their network.
Really? When you receive a phishing email saying "click here to reset your Gmail password", your first thought is "OMG the Russians are in my network!"? Really? What the hell does "tips them off to the fact that you're in their network" even mean in this case - he gave them his GMAIL password.
> corrupt DNC ... campaign money to Hillary, spending twice as much as Trump, ... all Democrats ... The party would scatter if they didn't have a Russian boogeyman
Oh I see, you're an uber fan rooting against the other team. You're not interested in paying any attention whatsoever to what's going on, you're just cheerleading. Carry on, then.
The incoming president has spent weeks making a fool of himself on Twitter. Trump has never needed any help in that department.
The world's burning. Moped Jesus spotted on I50. Details at 11.
They were full of platitudes and bull shit. Hilary took their money and gave them a shit sandwich in return. Meanwhile you're guy is about to hand the Crimera over to Russia without a peep.
Maybe the world is a little more complex than you want it to be? Maybe your anti-Clinton straw men are full of shit instead of straw?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
13 pages... more like 3 pages followed by nonsense and boiler plate security "advice".
The pages offer only assertions unsupported by any provided evidence and describe techniques that are widely used by everyone. They don't even bother to explain linkages between APT xx and the Russian government.
I don't trust TLA's. They have a long history of being weasels and publically selling lies to support themselves and their masters political agendas. My view the government should either provide actual evidence to support its assertions or STFU.
No, I'm saying they use durable means of gaining access. Ones that last more than the 2 days or whatever it was exactly the access to Podesta's email lasted. Sending emails that say "you're hacked!" did get them access, but it got that access cut off immediately after and assuming he followed their directions, he has 2FA on his Gmail now.
This is exactly why pros don't give you big noisy indicators telling you that you have been owned.