51 comments

[ 2.8 ms ] story [ 106 ms ] thread
Representative Jim Himes of Connecticut:

“It’s hard for me to imagine how just having a bunch of numbers, cellphones and emails would in any way affect the election,” he said. “It wasn’t totally unexpected.”

“Someone could cause a lot of damage if they were able to send emails out from a member’s account, but I’m not hearing that that’s a risk at this point.”

Me: I have yet to see a cryptographically signed e-mail from a politician, and without that, spoofing such a message would be almost trivial. Do they keep their cybersecurity well hidden from the public?

Securing a politician's computer is 30% infosec and 99.9% conditioning: deliver a painful shock when the politician tries to open Facebook from the same computer they do their emails, when they download an attachment from an unsigned email, etc...
Or we could just replace out politicians with urandom
Why does the actual source:

https://guccifer2.wordpress.com/2016/08/12/guccifer-2-0-hack...

https://news.ycombinator.com/item?id=12279977

get flag-killed immediately where as this somewhat colored article gets on the frontpage?

It was killed by users flags.

I didn't flag it, but my guess is that it was flagged because if you don't look to carefully it seams to be a rehash of the old leaks, or a crackpot site with fake documents. The nytimes.com articles have more credibility and are better written.

In this cases you can vouch for the article to unkill it, and also email the mods hn@ycombinator.com. In some cases they remove the flags and reset the time counter of the article.

Anything critical of Clinton tends to get downvoted and flagged to hell.
Any politics usually get flagged and downvoted to hell.
... was wondering too. The screenshots in the NYT article look like "teaser-advertisements", while the actual sources are a big taboo.

Keep in mind that Guccifer2 isn't a lone hacker as initially portrayed. Guccifer2 is a cover for APT-28/APT-29 (GRU). So if anything then this leak has to be considered for what it was: A foreign nation meddling in the elections of another. Current Russian meddling fits seamlessly into Russia's bigger doctrine on Cyber Defense Strategies [0][1][2][3][4]

[0] https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...

[1] https://www.blackhat.com/docs/us-16/materials/us-16-Geers-Cy...

[2] https://blog.valbonne-consulting.com/2016/08/06/smartcitiess...

[3] http://www.naa.mil.lv/~/media/NAA/AZPC/Publikacijas/PP%2002-...

[4] http://www.ifri.org/en/publications/enotes/proliferation-pap...

PS: there is now also guccifer 3.0 :-) and I'm hitting reload like crazy https://guccifer3.wordpress.com/

EDIT: anyone interested in this subject also look for 'Gerasimov Doctrine' for a thrilling read.

> anyone interested in this subject also look for 'Gerasimov Doctrine' for a thrilling read.

Are you referring to Mark Galeotti? I'd like to read an analysis written by a Russian scholar on this, would you have any sources?

Do you really think that the Russians would interfere so blatantly ? They're not stupid, these hacks deserve them.

The only one that has to gain from this hacks is Hillary : she looks like the poor victim of the evil Russians and their agent Trump.

Are you suggesting that Hillary realesed the emails to get an anti-Russian sympathy vote?
If I was a member of her campaign I would have released the documents. The democratic process and corruption matter no matter how much you dislike the other guy.
If you truly think these emails leaks have helped Hillary Clinton you have a poor understanding of politics and current affairs.
> Guccifer2 is a cover for APT-28/APT-29 (GRU).

How do you know? The NYT keeps using the passive voice ("believed to be tied to the Russian intelligence") or saying that some unnamed "American intelligence officials" told them so. Even when they name the officials, they don't say how they determined it.

"""" CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body for the US Democratic Party, to respond to a suspected breach. We deployed our IR team and technology and immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR. We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected. Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.

COZY BEAR (also referred to in some industry reports as CozyDuke or APT 29) is the adversary group that last year successfully infiltrated the unclassified networks of the White House, State Department, and US Joint Chiefs of Staff. In addition to the US government, they have targeted organizations across the Defense, Energy, Extractive, Financial, Insurance, Legal, Manufacturing Media, Think Tanks, Pharmaceutical, Research and Technology industries, along with Universities. Victims have also been observed in Western Europe, Brazil, China, Japan, Mexico, New Zealand, South Korea, Turkey and Central Asian countries. COZY BEAR’s preferred intrusion method is a broadly targeted spearphish campaign that typically includes web links to a malicious dropper. Once executed on the machine, the code will deliver one of a number of sophisticated Remote Access Tools (RATs), including AdobeARM, ATI-Agent, and MiniDionis. On many occasions, both the dropper and the payload will contain a range of techniques to ensure the sample is not being analyzed on a virtual machine, using a debugger, or located within a sandbox. They have extensive checks for the various security software that is installed on the system and their specific configurations. When specific versions are discovered that may cause issues for the RAT, it promptly exits. These actions demonstrate a well-resourced adversary with a thorough implant-testing regime that is highly attuned to slight configuration issues that may result in their detection, and which would cause them to deploy a different tool instead. The implants are highly configurable via encrypted configuration files, which allow the adversary to customize various components, including C2 servers, the list of initial tasks to carry out, persistence mechanisms, encryption keys and others. An HTTP protocol with encrypted payload is used for the Command & Control communication.

FANCY BEAR (also known as Sofacy or APT 28) is a separate Russian-based threat actor, which has been active since mid 2000s, and has been responsible for targeted intrusion campaigns against the Aerospace, Defense, Energy, Government and Media sectors. Their victims have been identified in the United States, Western Europe, Brazil, Canada, China, Georgia, Iran, Japan, Malaysia and South Korea. Extensive targeting of defense ministries and other military victims has been observed, the profile of which closely mirrors the strategic interests of the Russian government, and may indicate affiliation with Главное Разведывательное У...

Not an infosec pro but parts of this sounds like hogwash to me:

* broadly targeted spearphising attack

* both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.

I'm guessing "broadly targeted spearphishing" means that you're targeting a lot of people, but you know who they are and you're sending them something that's crafted to their interests and social network.
Nothing in here provides any evidence it was the Russian gov't, except "because we say so" in the middle of a wall of techno-babble.
Very true - also, this being their technical report, I'd personally be surprised if there wasn't some amount of technical jargon present, sufficient to establish the facts of these events. All they do is identify a set of sophisticated actors who have tradecraft and technical expertise to rival a nation state, and then further established a series of similar attacks have been conducted on targets of Russian foreign interests by these same groups. Short of an indictment a la Chinese hackers, or declassification of the information pertaining to the attacks (something that's apparently being prepared), there are not facts present to make a formal attribution.
So if anything then this leak has to be considered for what it was: A foreign nation meddling in the elections of another.

Let's put that into context tho': it happens all the time and no-one bats an eyelid. When Obama came over and said we should vote Bremain, lots of people were annoyed at his presumption, but no-one considered it that big a deal.

I don't consider diplomatic visits meddling.

US meddling in foreign politics goes back decades (and the same message enforced using different umbrellas, e.g.: in Latin America it was the War on Drugs. In the Arab world the message is the same only the strategy was slightly redefined to another more plausible (if only perceived) threat (radical Islamism).

This is the interesting part:

>American intelligence officials said they are virtually certain that Russian intelligence officials were behind the attack.

... but there there isn't anything in the article to back it up. Why do these unnamed officials think this?

I'm guessing they have intelligence, likely captured via their global surveillance infrastructure, that points to them as the culprits... but they can't publicly admit to that, of course, due to "national security concerns".

We're just supposed to trust them.

Muh Russia...

I to my girlfriend- how dare you cheat on me. You are texting Sam since a year.

My gf to me: How dare you breach my trust by looking at my phone? This doesn't count.

Yeah, let's talk about foreign intervention, Assange and his vendetta, how some private information was not censored, possible geopolitical implications, or how Trump may be implicated. Did I forget any other diversion tactic? The efficacy of such methods is worrisome; even smart people are unable to look behind these curtains.
If you violate multiple laws in looking at this hypothetical person's phone, then yes, you're more in the wrong.
I already commented but Ill say it again- Trump is a wild card who will likely do little for the country but little to the country and the world. Hillay will do a bit more for the country but much worse _to_ it. See my past comments for proof about literal oligarchy. She is already attacking the very backbone of internet- free speech by spending 6m per quarter hiring trolls
Not saying I agree or disagree, but this really isn't the place for that type of discussion.
I was surprised to see how WikiLeaks is not mentioned until late, as a passing mention in the context for the leaks. I’m not sure what having leakers not going through WikiLeaks means: do we have to trust them on leaking everything? Is Assange personality getting in the way of the leaks? Are people who think they are savvy enough to hide their trace trying to go direct? Why would they take that risk?
Maybe now Diane Feinstein will see the value of end to end encryption?

Doubt it. She'll probably advocate that only for herself and her Senate colleagues.

Nobody disputes the value of end to end encryption. That's not the issue.

The problem of encryption is that it changes the relationship between government and individual in a way that has never been seen before. If a person is suspected of committing a crime the police have always had the ability to intercept mail, record calls, search property etc and obtain evidence. They can't do that now.

You can argue the pros/cons of this new world order. What you can't argue against is the natural inclination of many people to simply maintain the status quo.

They can intercept my encrypted emails just like they've always been able to intercept encrypted hand written letters.
Well, technology has changed the status quo in two ways.

The first is, as you say, previously you could intercept a suspect's mail and search their papers; with proper encryption that isn't possible.

The second is in the past the search process wouldn't scale to searching every citizen all the time. With e-mail, web traffic and smartphones, it becomes possible.

We can restore the status quo from 30 years ago for either one of those changes, but not for both.

Police can still intercept communications, including mail, phone calls, etc., with classic investigative techniques like bugging a person's home. Then you can see all their passwords, all their emails, their off-line conversations, and so on. Bugging somebody probably reveals more information than security backdoors.

The one big difference between bugging someone's home vs. encryption backdoor is one of scale, and I don't think citizens should so substantially yield their security so that the state can save money.

I think the natural inclination of voters isn't relevant just yet because privacy and encryption are so far down the list of topics of national salience, or topics to organize voters, that it doesn't register on anyone's political radar. If encryption or security backdoors are mentioned on the national stage, it will be entirely as a subtopic of only terrorism.

So it looks like Trump might have solid ties with Russia, and through some connections might be triggering all the Russian hacking of only the democratic party. Doesn't bode well for American democracy when Russian dictator can sneak in a candidate for president.

- Trump's manager, Paul Manafort, has done multimillion-dollar business deals with pro-Russian oligarchs and was a longtime adviser to the Russia-aligned Ukrainian president whose 2014 ouster triggered Russia’s intervention in Ukraine, a major source of tension between Russia and the United States as well as its NATO allies.

- On the campaign trail, Trump has called for a new partnership with Moscow, overhauling NATO, the allied military force seen as the chief protector of pro-Western nations near Russia

- Since the 1980s, Trump and his family members have made numerous trips to Moscow in search of business opportunities

https://www.washingtonpost.com/politics/inside-trumps-financ...

I doubt that Trump or his campaign would be actively lobbying the Russian government.

There is plenty of motivation elsewhere to do so. Russia would be a major loser given that Hillary would far more decisive and bold with her foreign policy decisions. Assange benefits because a Trump government would be more amenable to immunity negotiations. And Wikileaks benefits from all the publicity.

Trump publically called on Russia to hack on Hillary

http://www.nytimes.com/2016/07/28/us/politics/donald-trump-r...

I'm going to be honest here, I'm non-partisan and I agree with some of his comments here and so does this lawyer who specializes[0] in cases like this. If I had that data in my possession it would already be on wikileaks, the American people deserve to know what their leaders say when they don't think they are listening.

Edit: People will down vote but not reply because they don't have a leg to stand on. It's not like Hillary is a privacy hawk[1], turnabout is fair play where I'm from.

[0]https://www.washingtonpost.com/opinions/im-a-lawyer-speciali...

[1]http://arstechnica.com/tech-policy/2015/12/hillary-clinton-w...

It wouldn't be the worst thing a US presidential candidate has done.

"Like many of Nixon’s actions, this particular transgression was born of paranoia. As the 1968 election approached, Nixon and his aides feared that Johnson would try to help the Democratic nominee—Vice President Hubert Humphrey—by staging an October surprise. When LBJ announced to the nation, just days before the balloting, that he was calling a halt in the bombing of North Vietnam to help fuel progress in ongoing peace talks, the Republicans thought their fears were realized. Anna Chennault, a Republican activist with ties to the South Vietnamese government, sent word to Saigon that it would get better terms if Humphrey lost and Nixon took office, the FBI would discover."

http://www.politico.com/magazine/story/2014/06/yes-nixon-scu...

Not sure what Trump has to do with this thread other than as a distraction.

Hillary has plenty of ties to Russia, as shown by the nuclear deal in which the Clinton Global Initiative received $145M and Bill Clinton Received $500K for a speech. As part of the deal Hillary, as Secretary of State, reversed direction and approved the sale of uranium mining companies to Russia.

http://www.nytimes.com/2015/04/24/us/cash-flowed-to-clinton-...

I would assume the "Blame Trump & the Russians" is meant to discredit and distract. Wikileaks is only good when it goes after people you don't like.

I too am a little confused since, as you point out, Sec. Clinton has friendly dealings with Russia.

This should read: "A hacker votes for Donald Trump"
Is Wikileaks announcement that the recently murdered DNC staff member was the source of the leaks, not Russian hackers, credible? I don't know, and in anycase I consider the source of the leaks to be much less important than the contents of the leaks.

When we watch a good magician, they entertain us by using misdirection. Unfortunately, when the deep state and the media they control use misdirection it is not fun or entertaining, it is about getting the population to go along with policies against the public's interests, against the interests of peace and prosperity, etc.

If you listen to Assange's interview, he says nothing of substance, just insinuates the connection.
Another incremental release to keep it in the news cycle.

Do they have anything career ending or prosecutable, or do "the Russians" just enjoy watching Hillary dodge, duck, dip, dive, and dodge?

I posted the leak on here yesterday and yeah, it was flagged immediately. Hate to have to say it but when it comes to information critical of a certain candidate this place is an echo chamber, looks like 13 people have now submitted the site and it is no longer flagged. Still concerning about the overall censorship in regards to a topic this site should find interesting no matter your political views https://news.ycombinator.com/item?id=12279977
It's okay to discuss absolutely anything but not politics. But if you are discussing politics, you better discuss pro queen.