FBI and Homeland Security Detail Russian Hacking Campaign In New Report

An anonymous reader quotes a report from The Guardian: The U.S. Department of Homeland Security (DHS) and FBI have released an analysis of the allegedly Russian government-sponsored hacking groups blamed for breaching several different parts of the Democratic party during the 2016 elections. The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late. "The activity by [Russian intelligence services] is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens," wrote the authors of the government report. "This [joint analysis report] provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. government." The government report follows several from the private sector, notably a lengthy section in a Microsoft report from 2015 on a hacking team referred to as "advanced persistent threat 28" (APT 28), which the company's internal nomenclature calls Strontium and others have called Fancy Bear. Also mentioned in the government document is another group called APT 29 or Cozy Bear. The Microsoft report contains a history of the groups' operation; a report by security analysts ThreatConnect describes the team's modus operandi; and competing firm CrowdStrike detailed the attack on the Democratic National Committee shortly before subsequent breaches of the Democratic Congressional Campaign Committee and the Hillary Clinton campaign were discovered.

This Calls for Swift Retribution

[Kunedog]

Not so fast, comrades! We'll teach you to inform our electorate!

Its a talking point

Please look at what they provided. There is literally no evidence given in the document, not even an attempt. They make up some names, put them in a diagram and say that is proof. They didn't even try.

This document is one of those DNC talking points that isn't valid. Now the DNC supporters will be screaming that the FBI released proof of the attack, but not one of them will even look at it to see that the document doesn't contain anything even attempting to prove it. Its just a placeholder to give DNC supporters talking points to use. Watch over the next week how many of them cite this document is unquestionable proof and will refuse to hear anyone question it.

"The FBI and DHS have shown proof that the Russians did it."
"Are you questioning the integrity of the FBI by saying the document is lying?"

Mark my words, you will hear the above non-stop now.

Re:Its a talking point

[Mashiki]

Please look at what they provided. There is literally no evidence given in the document, not even an attempt. They make up some names, put them in a diagram and say that is proof. They didn't even try.

Yep. It's 13 pages of absolute garbage containing no proof of anything. If people need an example of propaganda and fake news though? That's the bullshit being pumped right there.

And since we're running dry on the news cycles right now, you're likely going to be spot on. The flappy heads in the media will push--and push hard that this is proof. You're also likely going to hear the various progressive groups trying to use it as an attempt that "Trump is illegitimate" or some other steaming pile of BS. The kicker? Part of the source is a 3rd party investigation...from an outside group, that was paid for by the DNC. Not actual intelligence analysis, not actual attributable information.

Re:Its a talking point

[T.E.D.]

Please look at what they provided. There is literally no evidence given in the document, not even an attempt. They make up some names

That's because you don't have both a security clearance and a need-to-know. Revealing *how* they figured out that different attacks came from the same group, and where that group is based, would allow such groups to figure out how to hide their tracks from the FBI better. That would obviously be injurious to the US and ....

...OH! I see what you are doing now. Nice try, Anonymous Comrade.

palpable irony.

[nimbius]

that we, the united states, have worked to skew elections and overthrow governments for nearly fifty years as though it were nothing more than another element of common foreign policy. However, whenever a foreign nation tries to influence our elections, its somehow a capital offence the world must take seriously.

If sanctions didnt work for Ukrane, they wont work here. Although they do an amazing job of allowing you to avoid the fact of the matter which is that Hillary Clinton was a turd of a candidate who rigged the parties primary, and enjoyed limited popularity outside major metropolitan areas. She never set foot in places like Wisconsin, took a gamble that LA was somehow bigger than all the midwest, and lost.

Re:palpable irony.

[PopeRatzo]

that we, the united states, have worked to skew elections and overthrow governments for nearly fifty years as though it were nothing more than another element of common foreign policy. However, whenever a foreign nation tries to influence our elections, its somehow a capital offence the world must take seriously.

I've been hearing this argument a lot from Republicans lately. It's interesting that suddenly so many patriotic people on the Right are on a "blame America" tour. [Note: I'm not talking about you here, nimbius, I'm talking about the argument.]

This massive reversal of roles has me thinking that their outrage is less than genuine.

If sanctions didnt work for Ukrane, they wont work here.

And yet, people on the Right are absolutely certain that sanctions work when it comes to Cuba, Iran, etc, and that Obama is unpatriotic for removing them. The hypocrisy all around is stunning.

Re:Why should anyone trust the report?

[INT_QRK]

The report in no was alleges "foreign influence." It simply describe a cyber intrusion of Democratic Party assets and individuals in technical detail, ascribes the techniques and tools used in the intrusion to entities believed to be (or affiliated with) the Russians, and recommends sensible, albeit completely standard, countermeasures to similar future such attacks. The report in no way addresses, suggests, or concludes how any information gained in the attack was used to “interfere” with the recent election. Critically, there report does not ascribe any of the damaging Wikileak documents, which were the documents that most appear to have had a damaging effect on Clinton, to the attacks that were subject of the report. The report is what it is. It isn't what it isn't, a report addressing election "interference."

Not that the incoming US President will...

[rmdingler]

If true, this raises the ethical question of America justifying meddling in the next Russian Presidential Election in 2018, or the one after that.

I bet the rest of the World can pause and find this amusing, since we Americans probably sought to influence more elections the last century than any nation... looking at you Central & South America.

I'm as bewildered as the next fellow as to how we ended up our newest Commander-in-Chief, but I also believe it's time he and the former administration started working together like big boys.

talking about Russia but not Soros...

[RobRyland]

An article talking about Russia trying to influence American politics, but not mentioning George Soros or foreign donations to the Clinton Foundation...
That is propaganda.

Bigoted much?

[Xenographic]

This report was ripped to shreds yesterday.

It's mostly OWASP copypasta with recommended mitigations and a few interesting tidbits.

I'm also not clear on why this submission linked to a copy of the report. Best compare it with the original report in case there are any differences..

Re:Bigoted much?

[Xenographic]

A lot of the technical comments got hit by a downvote brigade last night.

Read down to look at the people actually talking about tools & methods.

Re:Bigoted much?

[msauve]

Just read the report. It's a stinking pile of BS. Nowhere does it even attempt to provide evidence which would link Russia to the DNC hacks. It makes a claim of "technical details regarding the tools and infrastructure used [by Russia]...", outlines some script kiddie type stuff, but provides absolutely NO information or specifics which would link the DNC hack to Russia. The vast majority of the small 13 page "report" is boilerplate security stuff, not specific in any way to either the DNC hack or Russia.

Re:Bigoted much?

[Xenographic]

The burden of proof is on the one making allegations of Russian hacking. We know what nation state level hacking looks like thanks, ironically, to Snowden. We know the NSA can intercept your new router in the mail and install a durable backdoor on it that will survive everything you do to it. We know the NSA has TEMPEST vans that can snoop on your screen and keyboard.

The idea that a nation state is left to rely upon low level phishing scams seems laughable at best. Just look to past examples to see that they had better stuff than this.

Here are a few past examples of real hacking. Note how much more sophisticated these attacks were:

* Theremin's bug
* MI6 spies on Russia with fake rock

Please tell me again why Russia has fallen back to kiddie level phishing scams? Remember, the burden of proof is on the people saying "it's Russia" and I'm not going to let anyone shift that.

When some people tell me that Russel's teapot is in orbit and others say it's not, I'm going to wait for evidence. I can't just average them out and conclude that a teacup or possibly a saucer is up there flying around, if not a whole teapot.

Re:Bigoted much?

[Minupla]

At the end of the day, you don't get style points in the spy game. If script kiddie level efforts give you the results you want and you don't really care about not being caught, script kiddie level stuff it is.

Governments have engaged in similar script kiddie level attacks in the past, both before and after the digitial age ("You've won a contest, come collect your prize here!", criminal shows up to collect prize, gets a pair of handcuffs)

This stuff is low-risk, high reward. Attackers only need to get lucky once, defense has to be good every time.

Min

Summary of the "report"

Pages 1-3: overview of recent activities of some hacking groups
Page 4: list of these groups
Pages 5-12: suggested security measures (copied from "Cybersecurity for dummies"?)
Page 13: contacts

Again, no evidence of Russian involvement. Or anything that can be called a detailed analysis.

Re:Why should anyone trust the report?

[allcoolnameswheretak]

I am really appalled at how many people don't take the Russian interference seriously and blame it on some kind of Democrat/Obama conspiracy. This has been happening in eastern European countries for decades and Russia has now been targeting also western Europe since the annexation of Crimea and the war in Ukraine. Russia is funding right-wing populist parties and helping them out with propaganda all across the western hemisphere in an attempt to discredit our democracies and our free press.

Don't believe it? Google "russia populist funding". Here are the top three links:
http://www.telegraph.co.uk/new...
http://www.independent.co.uk/n...
http://www.economist.com/news/...

It's really scary how much success they are having in sowing distrust in our institutions and our free press. Every time I read someone here decrying some mayor western news outlet as "Fake News" I am reminded of the effectiveness of Putins troll army.

Yes but how did hack lead to Trump win?

[poity]

What happened that we truly know of:
  1. In the summer of 2015, someone (evidence points to Russian) spear-phished passwords from unsavvy staffers on the DNC email server
  2. Almost a year later, Wikileaks publishes a dump of DNC emails. It is assumed by many to have come from the previous infiltration, though there are other ways Wikileaks could have obtained the data, and no definitive link connecting the two events have so far been presented.
  3. Through the email dump, the American public is able to see the DNC's inner workings, including:
    - party officials colluding to hinder Bernie Sanders
    - party insider helping the Clinton campaign to cheat during debate
    - astroturf campaign to create illusion of spontaneous public protest against opponent
    - journalists coordinating with party officials to ensure party messaging is on track
4. Some voters may have reconsidered their voting decisions, or even the decision to participate in this cycle, due to the above information.
5. Critical states of Wisconsin, Michigan, and Pennsylvania which were assumed to be safe states for Clinton (and who as a result did not campaign aggressively there), instead fall to Trump during the general election, ensuring a GOP win.

What the press & defeated party instead want you to think:
  1. Russia hacked America
  2. Trump is now the President
  3. "... we're not saying Trump administration is a creation of the Russian state... *wink wink nudge nudge* but the Trump administration is obviously a creation and stupid dumb puppet of the Russian state... for realz tho... also, don't listen to fake news"

There is an immense effort right now to make us take mental shortcuts, to skip certain events in our memories, to forget that certain misdeeds were done not by Russians but by Americans.

Re:Yes but how did hack lead to Trump win?

There is evidence of spear phishing going on (and Podesta falling for it at least once) however you left out one big critical point:

The murder of Seth Rich, his access, and what may have prompted his assassination, along with Assange's specific assertion that an insider had given him information at least once and that it wasn't "the Russians".

If the DNC didn't get hacked because they were just stupid, then they got hacked because someone went sour on their ethics. There is no need for the whole "it's the Russians" loop in any of this... especially when you look for "ok, what did the Russians DO with the information they stole?" "Uhm...well nothing?"

There is no credibility at all in the Russian theory of this.

Re:Why should anyone trust the report?

[Fire_Wraith]

It shows just how massive the partisan divide is. It seems to have completely slipped peoples' minds that "breaking into the DNC to look for dirt to use against the Democratic Presidential Candidate" is EXACTLY what started a little controversy called "Watergate." But, because it's politically advantageous, a number of people seem to be dead set on ignoring or dismissing any evidence about what happened this time.

Let's be _absolutely_ clear: This isn't about sour grapes because the Democrats lost. This isn't about attacking Trump (though he and his supporters treat it as such, which is disturbing in its own way). This _is_ about what happens next time, because if you establish a precedent that it's basically okay for foreign governments to hack and dox political campaigns in the USA, they're going to keep doing it. Worse, others like China or Iran might just decide to join in. Worse still, candidates might preemptively cozy up to Russia or whomever in hopes of getting assistance against their opponent(s).

Re:Clinton Lost.

[Lakitu]

Does that make it OK that the DNC was hacked and its private communications were released in an attempt to influence the election?

The oversensitivity with regards to Trump's election win is sad. Anyone calling his win illegitimate or whatever is an idiot and should be treated as such, but for some reason a whole bunch of people want to continue living out their partisan fantasies after the election is over.

The fact that so many people can then use this as an excuse to not even care about espionage conducted against our election process is nothing short of pathetic.

Re:Why should anyone trust the report?

[TheRaven64]

There are two issues:

• Is Russia attempting to influence elections?
• Did Russia hack the DNC?

The problem is that we're conflating the two. The answer to the first one is pretty much certainly yes. The answer to the second is a lot less clear and, given that the attack didn't require anything like the capabilities of a state-level adversary, the response is a problem. The evidence that we have for the hack shows that a script kiddie, probably in Russia, hacked the DNC. Russia might have done it as a state-sanctioned operation, but so might one of hundreds of individuals (including a load of bored teenagers).

The real story with regard to the emails is that the DNC (and, most likely, the GOP) has really crappy infosec and is basically wide open and many parts of the US government are probably in a similar situation. The NSA has been tasked with a dual mission of attack and defence and has prioritised attack the point that it has completely failed at defence.

Blaming Russia and kicking our Russian diplomats led to retaliation and made the US look stupid. Everyone knows that attribution for cyber attacks is incredibly hard and all that this has done is shown that the relevant agencies in the USA doesn't know how incompetent they are because they don't even understand the problem properly.