Russian Hackers Targeted US Conservative Think-Tanks, Says Microsoft

retroworks shares a report: Hackers linked to Russia's government tried to target the websites of two right-wing U.S. think-tanks, suggesting they were broadening their attacks in the build-up to November elections, Microsoft said. The software giant said it thwarted the attempts last week by taking control of sites that hackers had designed to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake addresses where they were asked to enter usernames and passwords. There was no immediate comment from Russian authorities, but the Kremlin was expected to address the report later on Tuesday. It has regularly dismissed accusations that it has used hackers to influence U.S. elections and political opinion. Casting such allegations as part of an anti-Russian campaign designed to justify new sanctions on Russia, it says it wants to improve not worsen ties with Washington. Further reading: Microsoft Reveals First Known Midterm Campaign Hacking Attempts, and Microsoft Launches Pilot Program To Provide Cybersecurity Protection To Political Campaigns and Election Authorities.

Re:Russians

Well Podesta's email password was "password", so anyone could have gotten those emails (Russia might have been involved here, but there will be no proof)
Sydney Blumenthall was hacked by Guiccifer 2.0, a Romanian not a Russian (People claim he is Russian, but have no evidence of that)
DNC emails were hacked by their own admin from Pakistan, and once found out DW Schultz covered up for it and is to this day. Pakistan intelligence has all of the DNC emails since the admin was a family member of a high ranking Pakistani intelligence officer.

The DNC gave their servers to Crowdstrike, paid by Clinton to say Russia hacked them. DNC servers never given to FBI even to this day. Crowdstrike lied for the DNC helping cover the Pakistan hack, but when it looked like they would have to go to court under oath they recanted and have since said Russia did not hack the DNC servers.

So there is literally NO ONE with evidence Russia hacked anything. Muller indicted 17 Russians based on lies and Putin called him out on it by saying he would extradite any Russians guilty once he was shown proof. Muller declined to show ANYONE his evidence because it doesn't exist.

That leaves us with Russia buying $50,000 of Facebook ads AFTER the election. However, Facebook has also not released evidence of this to date. They originally claimed it was $11 million, but when asked for evidence it suddenly became $50k and no evidence released.

So Russia bought Facebook ads after the election is what it looks like happened.

Hope that helps you out.

Putin is not partisan

[mi]

Unlike that of the USSR, who only supported foreign Leftists, Putin's Russia is non-partisan, looking for support and influence wherever they can find it. In Germany, for example, thay happen to be particularly successful among the Left (no doubt with the aid of the old Stasi files). In France they supported the supposed rightists.

Western societies aren't immune to corruption — if the price is right — and for years Putin could afford bribes on the scale of millions.

Likewise, their targeting computers of all political parties is not at all surprising. That the GOP runs a tighter ship is not surprising either...

Re:Ah

[cascadingstylesheet]

Your argument assumes 100% turnout in past elections. In 2016 there was a relative increase in voter turnout in specific low education groups. Specifically there was an increase in high school and bellow educated turnout in rural communities.

So, parallel to the core Democrat low education inner city vote?

What the Russians were able to do is increase voter turnout among very very uneducated rural voters by spending little cash.

Interesting. So Jethro browsed these ads on his moonshine still, I guess? (I'm assuming not over broadband on his Mac)

And you're going to win them over now by ... calling them stupid?

The reason why they were able to do it with little cash is that they were able to run politically toxic ads without any blowback to the R party due to the arms length lack of association with the direct R party.

Then I suggest you hire those Russians. They are the most amazing political operatives evah.

Lots of indicators. Know your favorite band

[raymorris]

I haven't seen yet how Microsoft linked this particular incident, but in general there are many ways. Each group has their own favored tools, techniques, and overall style. When you do it for a living, you get to know them. All combined, it's like a pop radio DJ identifying a new Justin Bieber song, the DJ knows Bieber's sound.

Some groups specialize in certain malware. They have one or two members who are good at actually writing the malware etc. They keep making improvements or variations on the same malware. Other members distribute the malware, repeatedly using the same methods, targeting the same type of targets. They host the malware or other web resources in the same places that worked well last time. Sometimes they talk about things on hacker forums. If you've been a member of such a forum for a few years, most people there assume you're okay - not a cop.

You may recall a few years ago someone called "Stonetewr" was asking on Reddit about how to delete evidence from a server for "a very VIP". Paul Combetta, who worked on Clinton's server, used the email address stonetear@gmail.com and used the name Stonetear on Etsy. Knowing that Stonetear wanted to wipe a server for "a very VIP" a day or two before someone at Combetta's company wiped Hillary's server, and knowing that Combetta goes by Stonetear, it's not hard to figure out that Combetta was working on wiping Hillary's server. No IP tracing required, and it doesn't matter how many proxies and VPNs he used.

On Slashdot, if a new account popped up called JelloLover and they uses ten times as many commas as grammar would indicate, while randomly capitalizing a few words for no reason and saying the things that Jellomizer says, some of us would recognize that's probably Jellomizer's new account. It's similar with the crackers - you get to know them.

Before the US government publicly accuses the Russian government of a specific attack, we can expect the NSA and others would make use of their rather significant data collection capabilities to make some even firmer connections. That's not necessary in order in order for someone who follows the Russian hackers every day to be able to recognize them, though.

Someone might say "it could be a false flag! Someone could impersonate the FSB, just like someone could impersonate Jellomizer or MDSolar!" Yeah, someone COULD post something silly about solar electric, breathlessly pitching whatever MDSolar's company is selling this month. Which would make it look like - MDSolar is spamming his products again? We'd think it was MDSolar because the impersonator was acting like MDSolar, which would fool us into thinking that MDSolar acts like MDSolar. The job of the FSB is to do cyberattacks on Russia's rivals. If someone were being tricky and trying to make a hack look like the work of the FSB, they'd be making it look like FSB is doing their job. I guess maybe the NSA wants Alexander Bortnikov to get a raise?

Re:Oh this is gonna be great

[Rob+Y.]

Because this hacking attempt was aimed at Anti-Trump, Anti-Russia Republicans. I.e., not the ones the were working with in the last election. And even those are most likely wary of direct Russian contacts this time around, with Mueller still poking around in their garbage.