How do you know I didn't hack in and get all the secret evidence myself?
It turns out that their password was p@assword, they left their phone in a DC cab for anyone to find, and they will happily send me their credentials whenever I send them a crude phishing email.
Something tells me you're not going to believe any of this because you don't want to.
> Clearly, since the GP hasn't seen the classified report, making the conclusions they did is not warranted.
That's not how rationality works. You believe things because you have evidence, not because you have good excuses. You believe these guys and you're a tool, plain and simple.
The report admits that it didn't even look at the damn servers. The report didn't figure out that the malware they found was an old version of P.A.S. that any idiot could download off the web, despite the earlier report including a sample that allowed others to do that and this being well known in the security community. If they had any excuse for missing that in the earlier report(s), the excuse was completely dead by the time this report came out. They didn't figure out that about a third of those IPs they found were Tor exit nodes. That's terrible analysis work. Telling us that would have revealed nothing about sources and methods, all it would tell us is that the people who wrote the report knew how to use Google or looked at the other public analysis. You know, the way people who aren't lying partisan hacks do.
If they can't figure out even the blindingly obvious holes in their report, why should we blindly trust that they have secret evidence of master Russian hackers, given their history of lying?
The only thing you've proven is that you want to believe this. That isn't rational, as evidenced by the fact that you suddenly think you know what evidence I have and have not seen, something you cannot know. This is called a "rationalization" and despite how it might sound, doing it doesn't make you rational. It simply means that you're being manipulated.
> You're only getting the public portion of the report, the part that doesn't compromise methods.
I have secret evidence that your secret evidence is completely bogus. This same secret evidence also indicates that you secretly wet the bed last night. And 20 organizations have signed off on it. Secretly. So it must be true! Unnamed high-level sources will gladly confirm this to any credulous media outlets that ask me about it. So you can't dispute it, just trust the experts. We have top men working on it right now. Top men. ~
See, it doesn't work that way. The burden of proof is on them. You can't be rational and still accept things based on secret, unverifiable evidence. The US public did this already and paid for it with stupid wars. You all were worried about fake news, but it's A-OK to start another lie-based war with secret evidence? Oh, and let's do that with a nuclear power this time. That's *really* good for the environment.... right?
I've seen the public evidence. The Russian state does not need to use ancient versions of P.A.S. Tor exit nodes are not evidence that Russia did anything. This isn't what nation state level hacking looks like to begin with and we do know that thanks to what we saw from the Belgacom hacks, from the leaks of the NSA's Tao catalog, or even the evaluation of Stuxnet.
If they were any good, they'd have been the ones to tell us that malware was an old version of P.A.S. All that took was someone googling, so what "sources and methods" would that have compromised? If they miss something that utterly basic, how can we trust the rest of the secret report of secret evidence from known liars? Why didn't they report that most of those IPs were Tor exit nodes?
It's supposed to be "trust, but verify" anyhow, not just "trust us." And I've done the verification on this one. This is a snow job.
Look, I've read the actual report. It's garbage. Utter garbage. The FBI relied on the CrowdStrike reports without actually getting to look at the servers themselves. CS was paid by the DNC. You guys keep recycling the same crappy "evidence" and trying to find ways to rack up a higher number of organizations to whitewash it.
This report doesn't have new evidence of any kind, they have unsupported conclusions. The few technical details they offer are so bad as to be laughable. Russian "trolls"? How does that influence an election? People were convinced but unrebutted facts. We know that Donna Brazille gave away the debate questions. Russia didn't do that. We know that she went on the news and lied to us about "modifications" to the emails. I have, in my Slashdot history, gone into incredible detail on that point, even showing you where to get the DKIM keys from Hillary's own damned DNS server. And the other key from Google's DNS server. Both of which validate the body and the body hash of the emails. We know what Zulema Rodriguez did. I've discussed that in great detail here on Slashdot as well, I can find multiple independent videos, payroll records where MoveOn pays for her travel, photo credits for her in the "Trump Ducks" campaign that Hillary wanted, etc. At this point, the "PACs aren't allowed to collude with candidates" thing is a complete and utter joke on both sides.
I saw the NYT, WaPo, etc. stories. They did not present any facts, but simple bare conclusions of nameless insiders. I saw the ODNI report where the directors of the group that oversees the Coast Guard & co. said this was something Russia would like to kinda maybe do I guess. I saw all the crappy fake news here on Slashdot. Ooh! Someone is making DNS queries that might have something to do with a website Trump had made by a 3rd party and a Russian bank! Alert the press! Sorry, but that kinda proves that there is a media campaign to sling mud that only the truly gullible will ever fall for.
I also saw the completely unreported Todd & Claire scam site trying to frame Julian Assange. But I wonder how many of you know what that even is? How it enrolled in a crazy UN program to present itself as a "UN partner" (anyone can enroll, it gives no meaningful "partnership" and they were ejected from it). How many of you know that it was a complete scam site and all the profiles were using fake, mirrored images (they were trying to stop reverse image searches, but they chose some photos that were a bit too famous, as well as some where the mirroring was obvious).
I read the CrowdStrike reports. This is the best of the lot, but it's a sad lot. I don't need more secret evidence and unsupported conclusions. The techniques are not advanced and do not impress anyone who has even glimpsed at the NSA's TAO catalog. You have crap like an ancient version of P.A.S. that's freely available online, simple phishing attacks and a list of Tor exit node IPs.
For anyone who knows about security that isn't a partisan hack, this is a complete and utter joke. I paid attention when Clapper lied to Congress, I'm sure as hell not going to believe him based on secret evidence now. Willing to start a war over nonsense? We already did that. Oh, but there was more push-back then?
There is now, too, you just won't find it being reported by the same people at CNN who gave Donna those questions in the first place. You won't find it reported by the people at the Washington Post who helped the DNC unofficially add their party to the DNC's price sheet (who cares what the lawyers say?).
Everyone crying about foreign influence doesn't give a damn how much Saudi Arabia paid to the Clinton Foundation (it probably went to Diane Reynolds', err, CVC, err, Chelsea's wedding), nor Qatar (guess who runs Al Jazeera?). Don't care that they're a leading state sponsor of terrorism... but that's okay when they're an "ally" right? Just like our "allies" in Pakistan where Osama was somehow hiding right outside a big
> I was a supporter when they were releasing information in a non-partisan and unbiased way.
You mean back when they were dumping on Bush, right? Yeah, that was quality stuff. I like how you do not, because you cannot, prove that any of their info is bad. You just don't like the results when your side's dirty tricks end up exposed.
I don't have a side in this, Republican or Democrat. I hope they keep Trump (and all the successors) in line, too. I supported Obama back in the day, but arming the "moderate" Islamic terrorists and trying to trash our diplomatic prospects on his way out is a pretty crappy way to go, even worse than Clinton trashing the place before leaving and stealing all the 'W' keys.
The Russia stuff is crap and we've debunked it pretty savagely. Hell, there's even an email (from months ago) talking about playing up Trump's Putin "bromance." I've commented on that stuff pretty extensively. It's disturbing how many Ds believe that fake news or think the election tallies themselves were somehow altered, and not just the usual "we have secret evidence" nonsense from noted liar Clapper.
Please do tell me more about how the Russian government relies on outdated copies of the Ukranian malware, P.A.S. or how many of your detected IPs are Tor exit nodes. It's fascinating to see what you think passes for a state-sponsored hacking campaign. Then again, it probably does look that way to the people who think that getting a phishing email means you should reset your password, who lose their phones in DC cabs, or who use p@assword as a password....
Does this read very serious to you? Do you seriously think that you can build a useful database for your AIs by having random strangers email you unverifiable info?
By way of example, what kind of unverifiable nonsense would we end up with in your case? That you picked the same online handle as someone named Mike Martin in Immokalee, FL who has been posting top quality stuff like "where is my moon?" and "I saw a broken human body in my neighborhoods" on Twitter? Or is the embarrassing part where they admit to using Windows XP on Deviant Art?
It sounds to me more like they're trying to make an ironic point about the people who already have such social media databases (Twitter, Facebook, the US Government...) have. Be sure to "voluntarily" hand them your entire profile next time you cross the border!
Anyhow, feel free to speculate wildly. It's more entertaining when I know that you're actually being serious.
This whole thing is just laughable. We've gone over the technical evidence and it's really bad. But they do nothing to justify their other random conclusions.
So we now have the idiot Left telling us we can trust Clapper & co. based on secret evidence that Russia might have... online trolls? Oh, but never mind Correct the Record's self-described "nerd virgins." Or is it because Julian didn't refuse Russian interviews, never mind that he's been doing lots of interviews with many outlets for many years now? The whole report is simply moronic. It's not even a good effort. It's aimed at people who just read headlines from media who rarely ever link to one lest you find all the ways they're lying.
But in the report, we obviously don't care about all the money funneled by Saudi Arabia & Qatar to the Clinton Foundation. No, that would never influence a candidate. And it's not like those states have anything to do with funding Islamic terrorists, like that guy who murdered a Russian diplomat. Yes, we're very confused as to why one of the "moderate" Islamic terrorists Hillary & co. were supporting in Syria would be a callous murderer.
Please do keep on informing us so well, media. We clearly haven't figured out how to research things ourselves from primary sources. Please do keep telling us about how we get all our info from idiot Macedonian clickbait sites we've never even seen before. It's really convincing when we can read your own damn emails on our own and find out about Glen "because I have become a hack" Thrush and the WaPo party and Donna "I get the questions in advance" Brazille. Good thing I don't watch CNN, or I'd think that it was illegal to read Wikileaks. I'm guessing Cuomo is as good at law as he was at math.
It's funny how they're only up in arms when other people do it. Also the headline doesn't really match the Tweet... If they're verified accounts, people kind of already know who is behind them....
They're totally willing to sell it to businesses (but not the US Government for some odd reason... guess they have to make a new shell company for that).
And nobody seems to care about all those NSA databases Wikileaks exposed.
Or maybe they will be once the NSA answers to Trump? I can only wonder.
What are ads? I haven't seen them in so long that I forgot.
Good to see some real info on hacking on here for once, even if it's a bit dated. I was getting sick of talking about phishing scams and the idiots who fall for them.
It's not normally a high security event, but inasmuch as you're suggesting others could have had a hand in it, Saudi Arabia & Qatar would seem to have the most to gain from this.
While it's true that Obama promised retaliation, both secret and overt, against Russia just days prior, I have no reason to believe he had any hand in this one.
I don't expect everyone to be perfect, I just expect the Russian government not to look like 2-bit amateurs.
Besides, it's not like Russia is the only suspect here. Have a look at this article from 2015 and remember that Kim said on Twitter that Hillary was personally responsible for his mess, so there's a lot of bad blood between them.
Having him or someone like him hire a random hacking group out of spite strikes me as far more probable than a vast Russian conspiracy.
WaPo is effectively an arm of the DNC at this point. It's to the point where the DNC can add donors to their private parties with a wink and a nod, despite the DNC's own lawyers forbidding them to add the party to the donor price sheets.
> Yep, and now that story contains a correction [washingtonpost.com] at the top of the page. That's what legitimate news sites do when they make factual errors. Fake news sites don't issue corrections, because their entire purpose is to make up facts.
That's great, but people don't check back on stories after they've read them. It's telling that they rush the story first and retract only when called on. The canonical "fake news" sites are Macedonian clickbait. It's not clear that anyone ever read or believed them, it's just taken as an article of faith that a lot of people clicked this, therefore they must believe it's true. If we apply the same logic to tabloids, apparently most of the country has long believed in Bat Boy.
> Actually, your timeline is a bit messed up. What actually happened was that New York Magazine reported in September [nymag.com] that "Kelly had even begun to speculate, according to one Fox source, that Trump might have been responsible for her getting violently ill before the debate last summer. Could he have paid someone to slip something into her coffee that morning in Cleveland? she wondered to colleagues." This was NOT ignored in the media, but rather spread in September as a big rumor, which Kelly did NOT address or debunk at that time.
It's not up to Megan Kelly to address or debunk this! This is what fact checkers were for (past tense because it seems like they're not using them any more...). Running a ridiculous rumor like that without contacting the alleged source is simply inexcusable for a supposedly reputable news agency.
Moving on to the point, here's the thing: you're trying to restrict what people can say on Facebook. If they can't say things on Facebook, they'll change platforms. You can't stop people from saying what they want and trying to is ignorant censorship by the German government.
The TLDR is that the PHP malware shown in the Joint Analysis Report (JAR) is an old version of P.A.S., whose author claims to be Ukranian. The software itself is freely available from this site: http://profexer.name/pas/download.php
If it's bog-standard government IT, then yes, there's no security sophistication there to speak of. I should know, I've helped them with IAVAs and STIGs.
But nation state level hacking is something else entirely. Try comparing this to the Belgacom hack (another company I've worked with, though not in any direct relation to this). Or look at the attacks vs. North Korea.
Yes, some of those did involve sending email with bogus attachments. But they weren't amateurs that set off alarm bells with a "YOU HAVE BEEN HACKED" email. If a nation state wanted Podesta, they'd have gotten it, e.g., when he lost his phone in that DC cab or otherwise compromised one of his personal machines and taken all the passwords (including Gmail) from there. If they did the dump from his own computer, he wouldn't have even been the wiser.
If that's their goal, why on earth would they want to back Trump and piss off the DNC? Podesta was a registered lobbyist for Putin's banker, so they have more to lose than to gain by obviously taking sides on a dark horse candidate.
If it's just a matter of getting influence, they could've simply donated to the Clinton Foundation or Clinton Global Initiative like everyone else did. Ask Saudi Arabia & Qatar about that.
Those aren't a "YOU HAVE BEEN HACKED" email, though.
Poisoned attachments are, indeed, more common and still used by nation states. But they don't set off alarm bells the way an email telling you you've been hacked does.
It was effective, yes, but it was amateur because it put them on guard right after.
There's a ton of Russian malware/botnets out there. Same for Chinese, etc. The burden is on the person making the assertion this is the work of the Russian government, because the media is hard at work with flimsy, inaccurate stories like this which they end up retracting in part after the big headlines hit (see also: changes to the ODNI report...).
Obama is up there sabotaging diplomacy efforts with Israel & Russia that will compromise our ability to take out Isis. Islamic radicals, incidentally, were the ones behind the assassination of that Russian diplomat.
So ask yourself, why would you want to be on the same side as the Daesh & co.?
No, I'm saying they use durable means of gaining access. Ones that last more than the 2 days or whatever it was exactly the access to Podesta's email lasted. Sending emails that say "you're hacked!" did get them access, but it got that access cut off immediately after and assuming he followed their directions, he has 2FA on his Gmail now.
This is exactly why pros don't give you big noisy indicators telling you that you have been owned.
Yes, I've followed Wikileaks for many years now as well as security in general. I'm actually pretty late to the party, it was only once the Podesta dump blew up that I started figuring out what was going on and if I hadn't written so many Slashdot comments, each of which I've tried to be very careful about sourcing, I would have gotten completely lost by now. You can see by how extensively I have to reference my own Slashdot history to keep up with things. Sad thing is, with the state of modern journalism, I have an easier time finding sources from my own comments than Google:(
I feel the latest thing is a snow job. But don't get me wrong: I don't seriously trust Putin or Erdogan either, I just think our interests align right now at least at the international scale in terms of combating Isis, though I'm certainly concerned about what's going on in all of our countries.
Regarding that we should be careful to make our beliefs fact-based and non-partisan, I wholeheartedly agree. I try not to be any more partisan than the facts support, but I'm only human, so I won't be surprised if I'm proven wrong sometime. I half expect in some years that Wikileaks will have a Trump dump and depending on what it is, I won't be surprised if I'm disappointed in him as I have been with Obama, even after I supported Obama back in 2008 over McCain/Palin. Only time will tell and I'll do my best to keep pace with the facts.
Slashdot Mirror
How do you know I didn't hack in and get all the secret evidence myself?
It turns out that their password was p@assword, they left their phone in a DC cab for anyone to find, and they will happily send me their credentials whenever I send them a crude phishing email.
Something tells me you're not going to believe any of this because you don't want to.
> Clearly, since the GP hasn't seen the classified report, making the conclusions they did is not warranted.
That's not how rationality works. You believe things because you have evidence, not because you have good excuses. You believe these guys and you're a tool, plain and simple.
The report admits that it didn't even look at the damn servers. The report didn't figure out that the malware they found was an old version of P.A.S. that any idiot could download off the web, despite the earlier report including a sample that allowed others to do that and this being well known in the security community. If they had any excuse for missing that in the earlier report(s), the excuse was completely dead by the time this report came out. They didn't figure out that about a third of those IPs they found were Tor exit nodes. That's terrible analysis work. Telling us that would have revealed nothing about sources and methods, all it would tell us is that the people who wrote the report knew how to use Google or looked at the other public analysis. You know, the way people who aren't lying partisan hacks do.
If they can't figure out even the blindingly obvious holes in their report, why should we blindly trust that they have secret evidence of master Russian hackers, given their history of lying?
The only thing you've proven is that you want to believe this. That isn't rational, as evidenced by the fact that you suddenly think you know what evidence I have and have not seen, something you cannot know. This is called a "rationalization" and despite how it might sound, doing it doesn't make you rational. It simply means that you're being manipulated.
> You're only getting the public portion of the report, the part that doesn't compromise methods.
I have secret evidence that your secret evidence is completely bogus. This same secret evidence also indicates that you secretly wet the bed last night. And 20 organizations have signed off on it. Secretly. So it must be true! Unnamed high-level sources will gladly confirm this to any credulous media outlets that ask me about it. So you can't dispute it, just trust the experts. We have top men working on it right now. Top men. ~
See, it doesn't work that way. The burden of proof is on them. You can't be rational and still accept things based on secret, unverifiable evidence. The US public did this already and paid for it with stupid wars. You all were worried about fake news, but it's A-OK to start another lie-based war with secret evidence? Oh, and let's do that with a nuclear power this time. That's *really* good for the environment.... right?
I've seen the public evidence. The Russian state does not need to use ancient versions of P.A.S. Tor exit nodes are not evidence that Russia did anything. This isn't what nation state level hacking looks like to begin with and we do know that thanks to what we saw from the Belgacom hacks, from the leaks of the NSA's Tao catalog, or even the evaluation of Stuxnet.
If they were any good, they'd have been the ones to tell us that malware was an old version of P.A.S. All that took was someone googling, so what "sources and methods" would that have compromised? If they miss something that utterly basic, how can we trust the rest of the secret report of secret evidence from known liars? Why didn't they report that most of those IPs were Tor exit nodes?
It's supposed to be "trust, but verify" anyhow, not just "trust us." And I've done the verification on this one. This is a snow job.
I'm not dumb enough to fall for it. Are you?
Look, I've read the actual report. It's garbage. Utter garbage. The FBI relied on the CrowdStrike reports without actually getting to look at the servers themselves. CS was paid by the DNC. You guys keep recycling the same crappy "evidence" and trying to find ways to rack up a higher number of organizations to whitewash it.
This report doesn't have new evidence of any kind, they have unsupported conclusions. The few technical details they offer are so bad as to be laughable. Russian "trolls"? How does that influence an election? People were convinced but unrebutted facts. We know that Donna Brazille gave away the debate questions. Russia didn't do that. We know that she went on the news and lied to us about "modifications" to the emails. I have, in my Slashdot history, gone into incredible detail on that point, even showing you where to get the DKIM keys from Hillary's own damned DNS server. And the other key from Google's DNS server. Both of which validate the body and the body hash of the emails. We know what Zulema Rodriguez did. I've discussed that in great detail here on Slashdot as well, I can find multiple independent videos, payroll records where MoveOn pays for her travel, photo credits for her in the "Trump Ducks" campaign that Hillary wanted, etc. At this point, the "PACs aren't allowed to collude with candidates" thing is a complete and utter joke on both sides.
I saw the NYT, WaPo, etc. stories. They did not present any facts, but simple bare conclusions of nameless insiders. I saw the ODNI report where the directors of the group that oversees the Coast Guard & co. said this was something Russia would like to kinda maybe do I guess. I saw all the crappy fake news here on Slashdot. Ooh! Someone is making DNS queries that might have something to do with a website Trump had made by a 3rd party and a Russian bank! Alert the press! Sorry, but that kinda proves that there is a media campaign to sling mud that only the truly gullible will ever fall for.
I also saw the completely unreported Todd & Claire scam site trying to frame Julian Assange. But I wonder how many of you know what that even is? How it enrolled in a crazy UN program to present itself as a "UN partner" (anyone can enroll, it gives no meaningful "partnership" and they were ejected from it). How many of you know that it was a complete scam site and all the profiles were using fake, mirrored images (they were trying to stop reverse image searches, but they chose some photos that were a bit too famous, as well as some where the mirroring was obvious).
I read the CrowdStrike reports. This is the best of the lot, but it's a sad lot. I don't need more secret evidence and unsupported conclusions. The techniques are not advanced and do not impress anyone who has even glimpsed at the NSA's TAO catalog. You have crap like an ancient version of P.A.S. that's freely available online, simple phishing attacks and a list of Tor exit node IPs.
For anyone who knows about security that isn't a partisan hack, this is a complete and utter joke. I paid attention when Clapper lied to Congress, I'm sure as hell not going to believe him based on secret evidence now. Willing to start a war over nonsense? We already did that. Oh, but there was more push-back then?
There is now, too, you just won't find it being reported by the same people at CNN who gave Donna those questions in the first place. You won't find it reported by the people at the Washington Post who helped the DNC unofficially add their party to the DNC's price sheet (who cares what the lawyers say?).
Everyone crying about foreign influence doesn't give a damn how much Saudi Arabia paid to the Clinton Foundation (it probably went to Diane Reynolds', err, CVC, err, Chelsea's wedding), nor Qatar (guess who runs Al Jazeera?). Don't care that they're a leading state sponsor of terrorism... but that's okay when they're an "ally" right? Just like our "allies" in Pakistan where Osama was somehow hiding right outside a big
> I was a supporter when they were releasing information in a non-partisan and unbiased way.
You mean back when they were dumping on Bush, right? Yeah, that was quality stuff. I like how you do not, because you cannot, prove that any of their info is bad. You just don't like the results when your side's dirty tricks end up exposed.
I don't have a side in this, Republican or Democrat. I hope they keep Trump (and all the successors) in line, too. I supported Obama back in the day, but arming the "moderate" Islamic terrorists and trying to trash our diplomatic prospects on his way out is a pretty crappy way to go, even worse than Clinton trashing the place before leaving and stealing all the 'W' keys.
The Russia stuff is crap and we've debunked it pretty savagely. Hell, there's even an email (from months ago) talking about playing up Trump's Putin "bromance." I've commented on that stuff pretty extensively. It's disturbing how many Ds believe that fake news or think the election tallies themselves were somehow altered, and not just the usual "we have secret evidence" nonsense from noted liar Clapper.
Please do tell me more about how the Russian government relies on outdated copies of the Ukranian malware, P.A.S. or how many of your detected IPs are Tor exit nodes. It's fascinating to see what you think passes for a state-sponsored hacking campaign. Then again, it probably does look that way to the people who think that getting a phishing email means you should reset your password, who lose their phones in DC cabs, or who use p@assword as a password....
Does this read very serious to you? Do you seriously think that you can build a useful database for your AIs by having random strangers email you unverifiable info?
By way of example, what kind of unverifiable nonsense would we end up with in your case? That you picked the same online handle as someone named Mike Martin in Immokalee, FL who has been posting top quality stuff like "where is my moon?" and "I saw a broken human body in my neighborhoods" on Twitter? Or is the embarrassing part where they admit to using Windows XP on Deviant Art?
It sounds to me more like they're trying to make an ironic point about the people who already have such social media databases (Twitter, Facebook, the US Government...) have. Be sure to "voluntarily" hand them your entire profile next time you cross the border!
Anyhow, feel free to speculate wildly. It's more entertaining when I know that you're actually being serious.
So... you're worried they might build a crappier version of the kinds of social media databases that Twitter, Facebook & the government already have?
This whole thing is just laughable. We've gone over the technical evidence and it's really bad. But they do nothing to justify their other random conclusions.
So we now have the idiot Left telling us we can trust Clapper & co. based on secret evidence that Russia might have... online trolls? Oh, but never mind Correct the Record's self-described "nerd virgins." Or is it because Julian didn't refuse Russian interviews, never mind that he's been doing lots of interviews with many outlets for many years now? The whole report is simply moronic. It's not even a good effort. It's aimed at people who just read headlines from media who rarely ever link to one lest you find all the ways they're lying.
But in the report, we obviously don't care about all the money funneled by Saudi Arabia & Qatar to the Clinton Foundation. No, that would never influence a candidate. And it's not like those states have anything to do with funding Islamic terrorists, like that guy who murdered a Russian diplomat. Yes, we're very confused as to why one of the "moderate" Islamic terrorists Hillary & co. were supporting in Syria would be a callous murderer.
Please do keep on informing us so well, media. We clearly haven't figured out how to research things ourselves from primary sources. Please do keep telling us about how we get all our info from idiot Macedonian clickbait sites we've never even seen before. It's really convincing when we can read your own damn emails on our own and find out about Glen "because I have become a hack" Thrush and the WaPo party and Donna "I get the questions in advance" Brazille. Good thing I don't watch CNN, or I'd think that it was illegal to read Wikileaks. I'm guessing Cuomo is as good at law as he was at math.
It's funny how they're only up in arms when other people do it. Also the headline doesn't really match the Tweet... If they're verified accounts, people kind of already know who is behind them....
They're totally willing to sell it to businesses (but not the US Government for some odd reason... guess they have to make a new shell company for that).
And nobody seems to care about all those NSA databases Wikileaks exposed.
Or maybe they will be once the NSA answers to Trump? I can only wonder.
What are ads? I haven't seen them in so long that I forgot.
Good to see some real info on hacking on here for once, even if it's a bit dated. I was getting sick of talking about phishing scams and the idiots who fall for them.
It's not normally a high security event, but inasmuch as you're suggesting others could have had a hand in it, Saudi Arabia & Qatar would seem to have the most to gain from this.
While it's true that Obama promised retaliation, both secret and overt, against Russia just days prior, I have no reason to believe he had any hand in this one.
Glad you liked it. I'd be interested to hear his thoughts as well if there are any you don't mind sharing.
I don't expect everyone to be perfect, I just expect the Russian government not to look like 2-bit amateurs.
Besides, it's not like Russia is the only suspect here. Have a look at this article from 2015 and remember that Kim said on Twitter that Hillary was personally responsible for his mess, so there's a lot of bad blood between them.
Having him or someone like him hire a random hacking group out of spite strikes me as far more probable than a vast Russian conspiracy.
WaPo is effectively an arm of the DNC at this point. It's to the point where the DNC can add donors to their private parties with a wink and a nod, despite the DNC's own lawyers forbidding them to add the party to the donor price sheets.
> Yep, and now that story contains a correction [washingtonpost.com] at the top of the page. That's what legitimate news sites do when they make factual errors. Fake news sites don't issue corrections, because their entire purpose is to make up facts.
That's great, but people don't check back on stories after they've read them. It's telling that they rush the story first and retract only when called on. The canonical "fake news" sites are Macedonian clickbait. It's not clear that anyone ever read or believed them, it's just taken as an article of faith that a lot of people clicked this, therefore they must believe it's true. If we apply the same logic to tabloids, apparently most of the country has long believed in Bat Boy.
> Actually, your timeline is a bit messed up. What actually happened was that New York Magazine reported in September [nymag.com] that "Kelly had even begun to speculate, according to one Fox source, that Trump might have been responsible for her getting violently ill before the debate last summer. Could he have paid someone to slip something into her coffee that morning in Cleveland? she wondered to colleagues." This was NOT ignored in the media, but rather spread in September as a big rumor, which Kelly did NOT address or debunk at that time.
It's not up to Megan Kelly to address or debunk this! This is what fact checkers were for (past tense because it seems like they're not using them any more...). Running a ridiculous rumor like that without contacting the alleged source is simply inexcusable for a supposedly reputable news agency.
The same goes for the CNN clip saying it's "illegal" to possess stolen documents so only the media can read Wikileaks. Some under-appreciated context here is that CNN's Chris Cuomo is a licensed attorney. So he has no excuse for not knowing how wrong that is.
Moving on to the point, here's the thing: you're trying to restrict what people can say on Facebook. If they can't say things on Facebook, they'll change platforms. You can't stop people from saying what they want and trying to is ignorant censorship by the German government.
Here's one more thing that you as a fellow security person, might appreciate:
US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware
The TLDR is that the PHP malware shown in the Joint Analysis Report (JAR) is an old version of P.A.S., whose author claims to be Ukranian. The software itself is freely available from this site: http://profexer.name/pas/download.php
If it's bog-standard government IT, then yes, there's no security sophistication there to speak of. I should know, I've helped them with IAVAs and STIGs.
But nation state level hacking is something else entirely. Try comparing this to the Belgacom hack (another company I've worked with, though not in any direct relation to this). Or look at the attacks vs. North Korea.
Yes, some of those did involve sending email with bogus attachments. But they weren't amateurs that set off alarm bells with a "YOU HAVE BEEN HACKED" email. If a nation state wanted Podesta, they'd have gotten it, e.g., when he lost his phone in that DC cab or otherwise compromised one of his personal machines and taken all the passwords (including Gmail) from there. If they did the dump from his own computer, he wouldn't have even been the wiser.
If that's their goal, why on earth would they want to back Trump and piss off the DNC? Podesta was a registered lobbyist for Putin's banker, so they have more to lose than to gain by obviously taking sides on a dark horse candidate.
If it's just a matter of getting influence, they could've simply donated to the Clinton Foundation or Clinton Global Initiative like everyone else did. Ask Saudi Arabia & Qatar about that.
Those aren't a "YOU HAVE BEEN HACKED" email, though.
Poisoned attachments are, indeed, more common and still used by nation states. But they don't set off alarm bells the way an email telling you you've been hacked does.
It was effective, yes, but it was amateur because it put them on guard right after.
Putin is working with Turkey to crush Isis.
Exactly what part of that are you against?
There's a ton of Russian malware/botnets out there. Same for Chinese, etc. The burden is on the person making the assertion this is the work of the Russian government, because the media is hard at work with flimsy, inaccurate stories like this which they end up retracting in part after the big headlines hit (see also: changes to the ODNI report...).
Obama is up there sabotaging diplomacy efforts with Israel & Russia that will compromise our ability to take out Isis. Islamic radicals, incidentally, were the ones behind the assassination of that Russian diplomat.
So ask yourself, why would you want to be on the same side as the Daesh & co.?
Amen to that.
No, I'm saying they use durable means of gaining access. Ones that last more than the 2 days or whatever it was exactly the access to Podesta's email lasted. Sending emails that say "you're hacked!" did get them access, but it got that access cut off immediately after and assuming he followed their directions, he has 2FA on his Gmail now.
This is exactly why pros don't give you big noisy indicators telling you that you have been owned.
Yes, I've followed Wikileaks for many years now as well as security in general. I'm actually pretty late to the party, it was only once the Podesta dump blew up that I started figuring out what was going on and if I hadn't written so many Slashdot comments, each of which I've tried to be very careful about sourcing, I would have gotten completely lost by now. You can see by how extensively I have to reference my own Slashdot history to keep up with things. Sad thing is, with the state of modern journalism, I have an easier time finding sources from my own comments than Google :(
I feel the latest thing is a snow job. But don't get me wrong: I don't seriously trust Putin or Erdogan either, I just think our interests align right now at least at the international scale in terms of combating Isis, though I'm certainly concerned about what's going on in all of our countries.
Regarding that we should be careful to make our beliefs fact-based and non-partisan, I wholeheartedly agree. I try not to be any more partisan than the facts support, but I'm only human, so I won't be surprised if I'm proven wrong sometime. I half expect in some years that Wikileaks will have a Trump dump and depending on what it is, I won't be surprised if I'm disappointed in him as I have been with Obama, even after I supported Obama back in 2008 over McCain/Palin. Only time will tell and I'll do my best to keep pace with the facts.
Looks like others are noticing the pattern of retracting things:
http://www.rollingstone.com/po...
Oddly, the media seems to be inventing fake sanctions by Russia of a language school closing now, too. Once again from anonymous sources peddling BS.