It gives people something else to talk about, rather than discussing how the DNC made sure that Hillary won, no matter what the primary voters thought...
Many people in infosec (epitomized by the Swift On Security account) normally circumspect and cautious about attribution, are claiming with 100% certainty that Putin is behind the leaks.
Politics have a tendency to really mess with a person's nominal judgement.
I don't understand why the Russians would be capable of obtaining this data yet not able to release it without revealing that they were the source.
Unless it was their motivation to be linked to it -- but what does that gain them?
It seems like the more likely story is that all of this talk about the Russians is just a method of misdirecting people to discuss the theoretical Russian link but not the documents themselves.
You may have misunderstood me. I am saying that while attribution is a very tricky, difficult business fraught with guesswork and spectra of probabilities, in this one instance a ton of infosec people are throwing their typical caution about attribution out the window to claim full confidence in attribution to Putin on the basis of a shared IP address in France and a Romanian who says Guccifer2 doesn't write like a Romanian.
It is a great demonstration of what politics does to the minds of nominally cautious, reasonable people.
There's zero proof of this assertion in the article
Yeah, the only thing missing in that totally unsubstantiated article was Hillary saying directly that Putin and Russia are now part of a "vast right wing conspiracy" trying to keep her from returning to the White House.
Irrelevant if true. A Trump, Clinton or Johnson administration cannot reverse trends in the middle east that threaten Russia's southwest border. Russian energy fortunes will not improve as pressure from alternative energy and shale/sands sources is irreversible. Global deflation across most commodities will continue to sap income from Russia's natural resources, at least until China can somehow rebalance its economy. I believe all of this is apparent to Russia, and that like other governments they well understand that global stability is essential to their economic prosperity and domestic order. If Russia must involve itself in US Politics in some manner, they would do well to get behind whichever candidate can contribute to global stability. Even if it means a return to 1990's US hegemony - a time that was very good for many Russia.
We changed the submitted title ("Counterintelligence Links Russian GRU to DNC Leak and Putin") to the current article title and threw in an "allegations" for good measure.
From NYT I'd expect something better than "Evidence so far suggests" with zero evidence presented.
Anyone who's done anything related to security knows that it's impossible to discern much from any trace of an attack left behind - at best you might have IPs of proxy servers they used and you might be able to figure out the vulnerability exploited, but if the attackers were any good (and they're saying "evidence" suggests it's government agency level type stuff) - there is no chance they'd leave anything behind other than false traces to confuse the investigation.
Real evidence would be a corroborated confession, but even an excerpt of logs and/or a little description of what happened other than the "Cozy Bear" story would be great.
So basically someone hacks the DNC servers (and my guess would be that it should be trivial given that this is primarily a volunteer-operated organization), and NYT blames it on GRU. Because being hacked by Russia is cool, compared to being hacked by a nobody because your security is sloppy.
BTW - crowdstrike.com was registered in 2010 with GoDaddy, not exactly trust inspiring.
"Assange works for Russia"? This is just something we assume everyone accepts now? When did that happen? Last I heard, Assange worked for no-one but his own ego...
Last I heard, Assange worked for no-one but his own ego...
Really I am disappointed. I'm not even American but I would think that you would respect a man who has taken a bold stand against tyranny. This is how you regard him? In your estimation Snowden is an egotistical too?
I imagine it's more politically motivated than "we don't want them to look like amateurs" but rather, look who is helping Trump, that bad Putin fellow. The unsaid part is, "we don't want someone Putin favors in the white house, make sure you vote for Clinton."
As others have pointed out, it's at least curious that when the Sony hack happened, and the administration came out a few weeks later and declared it was North Korea, lots of InfoSec stood up and said, wait, it's not that clear... We're not so sure... But here there is no such doubt, at least yet being raised --which is an interesting difference.
> it's at least curious that when the Sony hack happened...
Not only the attribution is dubious. The whole thing stank down to the timing. My theory is that the Sony hack brouhaha was raised for the specific purpose of obscuring and deflecting attention from the Senate report on torture released on 9/12/2014.
Also, there isn't even evidence of an outside hack happening. For all we know, it could be a disgruntled IT guy who wants to be a mini-Snowden. Who the hell knows. All we know is that the DNC tacitly admits that those emails are real.
I suspect they are talking about metadata pieces found in the Office documents. It could serve as a relatively strong proof that documents where processed by someone at least Russian-speaking.
given that this is primarily a volunteer-operated organization
Not even. Since 2008 the major Democratic campaigns have been highly professionalized, on the tech side. Which doesn't mean they're immune to an attack, by any stretch. But if you think the upper tiers of these campaigns are run like scaled-up versions of their field offices... you need to think again.
The one thing that annoys me most about this isn't about who is doing the hacking, but how horribly the DNC had failed at security. Nobody has been talking about this and I find it annoying to see nobody has been focusing on greater security.
What makes you think they failed terribly? We haven't seen full analysis (or much of anything yet), but there are mentions of potentially specially targeted malware. Very few organizations will withhold a direct targeted attack by a government which possesses zero days and resources to hand craft attack software and can find personal information of specific people attacked.
> Cares and knows about DNC and specific candidates. Guessing they are following the election process, so probably live in US or Canada.
For this you underestimate the global interest in the US elections. It is so influential on the rest of world many take keen interest. This can easily be lunch-break talk in Australia. Not sure about the other points.
Well maybe it was just guessing based on my experience. At least in Easter Europe with friends I talked, aside from generalities about candidates (Trump is building a wall, ha-ha), it nobody worries or cares deeply enough to follow it to the level of DNC, to watch for election fraud, corruption.
Okay...let's take all this at face value, even though there is absolutely no evidence for a hack whatsoever. Russia is showing the American people how rigged (at least) one of their major political parties is. So...we should feel sorry for the party that rigged their own supposed open choice of candidates?
Hell, let's take it one step further. Imagine the Russian political world actually wants Trump to win. Is that the end of the world? Does it necessarily mean it is something bad for the USA, and good for Russia? What if it meant it would something good for Russia, and good for the USA? Didn't like half the world want Obama to win in 2008?
33 comments
[ 3.6 ms ] story [ 91.3 ms ] threadIt gives people something else to talk about, rather than discussing how the DNC made sure that Hillary won, no matter what the primary voters thought...
Politics have a tendency to really mess with a person's nominal judgement.
I don't understand why the Russians would be capable of obtaining this data yet not able to release it without revealing that they were the source.
Unless it was their motivation to be linked to it -- but what does that gain them?
It seems like the more likely story is that all of this talk about the Russians is just a method of misdirecting people to discuss the theoretical Russian link but not the documents themselves.
It is a great demonstration of what politics does to the minds of nominally cautious, reasonable people.
That makes a lot more sense.
Yeah, the only thing missing in that totally unsubstantiated article was Hillary saying directly that Putin and Russia are now part of a "vast right wing conspiracy" trying to keep her from returning to the White House.
Anyone who's done anything related to security knows that it's impossible to discern much from any trace of an attack left behind - at best you might have IPs of proxy servers they used and you might be able to figure out the vulnerability exploited, but if the attackers were any good (and they're saying "evidence" suggests it's government agency level type stuff) - there is no chance they'd leave anything behind other than false traces to confuse the investigation.
Real evidence would be a corroborated confession, but even an excerpt of logs and/or a little description of what happened other than the "Cozy Bear" story would be great.
So basically someone hacks the DNC servers (and my guess would be that it should be trivial given that this is primarily a volunteer-operated organization), and NYT blames it on GRU. Because being hacked by Russia is cool, compared to being hacked by a nobody because your security is sloppy.
BTW - crowdstrike.com was registered in 2010 with GoDaddy, not exactly trust inspiring.
* Wikileaks leaked right before the DNC
* This makes Hillary's campaign look bad
* If it's bad for her, it's good for Trump
* Assange works for Russia
* Russia wants Trump to win
Trump has been accused of painting a 'dark picture' of America, but invoking the Red Scare is a whole other level of fear mongering.
Really I am disappointed. I'm not even American but I would think that you would respect a man who has taken a bold stand against tyranny. This is how you regard him? In your estimation Snowden is an egotistical too?
As others have pointed out, it's at least curious that when the Sony hack happened, and the administration came out a few weeks later and declared it was North Korea, lots of InfoSec stood up and said, wait, it's not that clear... We're not so sure... But here there is no such doubt, at least yet being raised --which is an interesting difference.
Not only the attribution is dubious. The whole thing stank down to the timing. My theory is that the Sony hack brouhaha was raised for the specific purpose of obscuring and deflecting attention from the Senate report on torture released on 9/12/2014.
Crowdstrike has published some information on what they found:
https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...
A second firm claims the same malware was used in other high profile attacks:
http://news.softpedia.com/news/second-security-firm-says-rus...
> BTW - crowdstrike.com was registered in 2010 with GoDaddy, not exactly trust inspiring.
Google Capital and Rackspace seem to think they are legit:
https://techcrunch.com/2015/07/13/security-company-crowdstri...
> From NYT I'd expect something better than "Evidence so far suggests" with zero evidence presented.
Well, they've been wrong before...
http://www.popsci.com/military-aviation-amp-space/article/20...
Not even. Since 2008 the major Democratic campaigns have been highly professionalized, on the tech side. Which doesn't mean they're immune to an attack, by any stretch. But if you think the upper tiers of these campaigns are run like scaled-up versions of their field offices... you need to think again.
When we got what looks like a FAQ blog post from Guccifer 2.0 ( https://guccifer2.wordpress.com/2016/06/30/faq/ ) and I tried to guess some things about him:
https://news.ycombinator.com/item?id=12009544
Here is what I came up with:
"...there is a high chance he is from Moldova, and now works for one of the big IT companies. Probably in his mid 30s. Lives in US or Canada."
For this you underestimate the global interest in the US elections. It is so influential on the rest of world many take keen interest. This can easily be lunch-break talk in Australia. Not sure about the other points.
Hell, let's take it one step further. Imagine the Russian political world actually wants Trump to win. Is that the end of the world? Does it necessarily mean it is something bad for the USA, and good for Russia? What if it meant it would something good for Russia, and good for the USA? Didn't like half the world want Obama to win in 2008?