Putin Now Argues Russia Could've Been Framed For Election Meddling By The CIA

In a news magazine show premiering tonight, Megyn Kelly reports that Russian president Vladimir Putin "has denied Russian involvement in the hacking and interference with our U.S. presidential eletion for some time. That changed earlier this week, and the story appears to be evolving yet again." An anonymous reader shared two articles from NBC: "Hackers can be anywhere. They can be in Russia, in Asia...even in America, Latin America," he said. "They can even be hackers, by the way, in the United States who very skillfully and professionally shifted the blame, as we say, onto Russia. Can you imagine something like that? In the midst of a political battle...?" The journalist asked the Russian president about what American intelligence agencies say is evidence that he became personally involved in a covert campaign to harm Hillary Clinton and benefit Donald Trump. "IP addresses can be invented -- a child can do that! Your underage daughter could do that. That is not proof," Putin replied...

Kelly told viewers that Putin -- the former director of Russia's domestic spy agency -- also suggested that the CIA could have been behind the hacking and noted that many people were convinced Russia was responsible for the assassination of President John F. Kennedy... Earlier, at a Friday forum moderated by Kelly, Putin likened the U.S. blaming his country for hacking the presidential election to "blaming the Jews"...
"Echoing remarks President Donald Trump made on the campaign trail, Putin also questioned the need for NATO."

The Washington Post news story has links.

[Futurepower(R)]

The first comment is copied from a Washington Post news story that gives links to all the stories in the timeline, from all the news agencies.

Re:Timeline of Treason

[bongey]

There comes a time when you need something more than an "Anonymous source from the Washington Post". 2 more months and it will be a YEAR and still NO REAL EVIDENCE of anything but a few illegally unmasked phone calls, that really have "nothing burgers" in the conversation.

Re:Timeline of Treason

[acrimonious+howard]

Trump fires [Attourney General] Yates after she refuses to enforce his immigration ban[, which was later found to be illegal by the Supreme Court] (NYT, Jan. 30, 2017).

FTFY

I'm surprised you got this comment in before the Russian trolls started, nice.

But you did miss these from the same citation:

April or May
The FBI focuses on Kushner as a person of interest in their investigation as that effort intensifies. (WP, May 25, 2017).

May 10
Trump fires Comey, citing the recommendation of Sessions (WP, May 10, 2017). In the letter firing Comey, Trump includes a line saying that he appreciates Comey telling him “on three separate occasions” that he is not under investigation (May 10, 2017). The president later tells NBC’s Lester Holt that the firing was because “this Russia thing with Trump and Russia is a made-up story” (CNN, May 12, 2017). Sources indicate that Kushner was a prominent voice behind the firing (CBS, May 17, 2017).

May 11
In a private meeting with Russian Foreign Minister Sergey Lavrov and Kislyak, Trump reveals classified information shared with the United States by an ally, later reported to be Israel (WP, May 15, 2017). He also reportedly disparages Comey as a “nut job” to Lavrov and Kislyak and says that he “faced great pressure because of Russia,” which was now “taken off” with the firing of Comey (NYT, May 19, 2017).

May 12
Lawyers representing Trump release a statement indicating that the president’s tax returns don’t show income from Russian sources, with a few exceptions (NYT, May 12, 2017).

May 17
Deputy Attorney General Rod Rosenstein appoints former FBI director Robert Mueller as special counsel to oversee the Russia investigation

And to Anon Ivan's complaint that many of these come from the Post, the answer is that you can find the same information elsewhere too.

Re:Inventing IP addresses

[Sarten-X]

You're not looking in (or being shown) the right places. As one example, I'll explain the Podesta "hack". Everything I say here comes from a particular thread on Twitter, which does a far better analysis than I will attempt here, or sources linked therein.

Yes, it was phishing. I wouldn't call the phish email "super-obvious", as it matches Google's style pretty much exactly. The key detail is that the phish link went to a bit.ly site, notably created via the bit.ly API, which requires creating an account. From information leaked from that account by researchers at the time, the same phishing campaign went to about 1800 people, individually targeted but using a common framework.

It's primarily from that mass of targets that we can determine motive, and from that we can attribute who had that motive. Almost two thirds of the targets were either military personnel or authors. Of the authors, about half were experts on Russia or the Ukraine. Of the military and government personnel, two thirds were U.S.-based, 14% were linked to NATO, and a few key Syrian rebel personnel were targeted as well.

Basically, the campaign that hit Podesta also targeted a lot of other folks, and the common thread is that Russia would want intelligence on them. There was no malware involved to be dissected, and no attempt to hide the origin of the campaign. In fact, the only way the analysis was possible was because the attackers had not set their bit.ly account private before they were discovered (though they did later). If the account were private, tracing a single victim's attack would have led only to a probably-hijacked server with a .tk domain.

(end citing the Twitter thread)

Similarly, other attacks can be attributed by the infrastructure they use. Some recent attacks on election committees, for example, used C&C servers that had previously been used in other attacks against Turkish and Ukranian governments, strongly indicating that the perpetrators of all the attacks were adversarial to Turkey and Ukraine.

In other attacks where malware and persistence are involved (like the DNC hack), expert analysis usually relies on identifying precisely which APT group is responsible for the attack. Each APT typically operates independently, using their own in-house-developed tools and preferred techniques. That's perfectly reasonable, because when the goal is stealth, an attacker will use the techniques they're most comfortable with to avoid costly mistakes. Once they are identified, though, that becomes a weakness, as the same pattern can be identified in other victim systems.

It is easy to spoof identifiers. Names, strings, and addresses can all be manipulated. What is more difficult to fake are behavior patterns. When a server starts seeing access requests for files starting every day at 2AM and ending at 10AM, it's a decent indicator that somebody with a seven-hour time zone difference is poking at your systems. Yes, that can be manipulated by having the attack teams work at odd hours, but it's just another bit of data. Then there's the localization of tools, exempted targets, and even the order in which tools are deployed.

Remember: These aren't amateurs. The attackers involved are professionals, clocking in and doing a job. There are the good ones, there are the sloppy ones, and there are the managers who make stupid decisions they have to deal with, just like in any other government office. They have their routines they follow to make it through the day, and it's through analysis of those routines that analysts learn about the attackers.