This kind of thing has also happens to smart, tech-savy, people within the tech community. It's sad to me that we are glossing over this issue because it did not happen in the physical world.
Imagine if we caught Russian agents physically breaking into the DNC office, in a Watergate-esque sort of way. I doubt we'd just continue our election business as usual.
I feel like as members of the tech community, it's sort of our job to connect the dots for people. We always lament every time we hear about security breaches on popular websites and want to do something about it. But this is happening at the highest level in our country and I feel like everyone is just kinda silent about it because they don't want to be appear partisan.
I'm a bit nervous about some of the proposed legislation that is (ostensibly) protect us from this..I mean the patriot act was supposed to protect everyone from terrorism, but it served to legitimize the surveillance state.
"...develop and synchronize government initiatives to expose and counter foreign information operations directed against U.S. national security interests and advance fact-based narratives that support U.S. allies and interests"
"...develop and synchronize government initiatives to expose and counter foreign information operations directed against U.S. national security interests and advance fact-based narratives that support U.S. allies and interests"
This sounds suspiciously close to an official propaganda department. Anything that does not conform to the government narrative will be deemed a foreign information operation.
This whole article smacks of the NY Times reporting surrounding WMDs in Iraq. Yet again we have some very alarming assertions made by top officials and being parroted by the paper without any actual concrete evidence being produced and displayed to the public. If anything, it's worse because the NY Times is taking the assertions as gospel and jumping to their own conclusions.
> In the meantime, the hackers moved on to targets outside the D.N.C., including Mrs. Clinton’s campaign chairman, John D. Podesta, whose private email account was hacked months later.
> Even Mr. Podesta, a savvy Washington insider who had written a 2014 report on cyberprivacy for President Obama, did not truly understand the gravity of the hacking.
This is the first I'm hearing of any ties to Podesta's emails and Russians. If anything, I always assumed that particular attack was some teenager in Tennessee[0].
In this case the CIA & co absolutely need to publish all the evidence they have linking Russia to the intrusions. The evidence they are claiming could be anything from something as tenuous as "превед"[1] in a log file to something as concrete as a CIA mole participating in the attacks from within the walls of the Kremlin. Right now we the people are being bombarded from all sides with 100% unhelpful bullshit.
At the very least do you believe that the American election was targeted by hackers in Russia? That part seems to be pretty well agreed upon by multiple agencies inside and outside the government.
Is it just a matter of not trusting who has investigated? It would be weird to just reject whatever you haven't seen yourself as false. People have been wrong before but I think that there is a large line between scepticism and outright denial in these situations.
The white house, CIA, and FBI have a history of intentionally misleading and lying to the public.
The white house has used classified reports to publicly justify a conclusion that isn't in the original reports. WMDs in Iraq is a perfect example of this. They did this with Hillary's emails too.
For all we know the evidence is nothing but a Russian IP address in an access log.
The evidence has been released by both Crowdstrike and FireEye. They both have fairly detailed writeups of them. Attribution is an important part of computer security. FireEye has a similar reputation for attribution and forensics as Kaspersky.
The NYT article mentions that the Russian groups Crowdstrike identified ('Cozy Bear', 'Fancy Bear') were working independently of each other. If two groups gained access independently, how is anyone sure that one or more other groups or individuals didn't also gain access? And the article never makes the link to how Wikipedia came to receive the information, only assumes it was one of the two Russian groups Crowdstrike identified.
These are good questions to ask. The right thing for you to do is study how a computer intrusion campaign works and how attribution is done. Everyone has their own limit of when they trust expert advice. For example, I refuse to trust my doctor's advice fully and pull up studies at home to verify what she tells me. It's good to learn more about computer security if it interests you.
It is extremely difficult, maybe impossible, to completely conceal one's pivots, implants, and exfiltration in a computer network. True, it is possible that an attacker that is more capable than GRU/Cozy Bear and FSB/Fancy Bear did just that and exfiltrated the emails and documents. But this is going beyond what the evidence suggests.
Why do news outlets insist on calling everything Cyber-xyz. This is Information warfare aided by technical tools. It's not the hacking that is the weapon but how and where you release the information gained by those tools.
Security is hard. Look at the email from Charles Delevan. It legitimized the phishing attack on John Podesta, and caused the compromise of Mr. Podesta's emails. All the advice in that email is good, solid, and accurate. But he claims to have typoed one word, where he typed legitimate instead of illegitimate, and the hackers were in. A good reminder that in security, you have to be right every time, and the attackers only need you to slip up once.
(a) continuously meddles with internal Russian affairs ever after the Cold War,
(b) with tons of sponsored "NG"Os, "watchdogs", journalists paid to publish any old BS about Russian politics IN Russia and outside,
(c) which even openly sponsors the main opposition trying to finally re-install some friendly patchy in power (a la Yeltsin, who will sell the country to foreign interests wholesale),
(d) and which, unlike Russia, which is the pale relic of an ex-superpower, that even that wasn't all that powerful as it was thought to be, actually has the power, money, and global resources to actually make that have an effect (sponsoring 'orange revolutions' nearby, enforcing sanctions, etc),
has the gal to speak of Russia "invading" them and affecting their elections is beyond me. Especially since the one that won the elections had tons of free coverage from all established US media and broadcasters, and huge support in the fly-over states.
These fake cries of foreign intervention are a double insult for all those countries, in Latin America, Africa, Asia, even Europe, that had their legitimate leaders replaced by dictators with the help of US intervention, from the Shah to Pinochet and beyond to today's mess in the Middle East.
>None of which has any bearing whatsoever on the simple factual matter of how the attacks happened, and what parties where responsible.
Which I didn't address and I don't care much about. However the attacks happened, and whoever parties were responsible, they were obviously inconsequential to the outcome of the elections.
But pointing out the hypocrisy is important, because it brings things to perspective and shows the absurdity of the complaints.
One is wrong: These attacks were not "obviously inconsequential", and the complaints of Russian hacking of the DNC are not "absurd".
Your second point ("the US does it too") is not wrong, but should not stop discussion of this particular attack. The U.S. has meddled in elections, but at the very least, the tactics here were new in their scale and effectiveness.
I didn't address the specific isolated facts, because in perspective they are insignificant.
If someone has e.g. punched 100 people, that someone doesn't get to look astonished and outraged when someone 1/10th their weight merely slaps them.
If your way to look at the world is to isolate every fact you see and look at it on its own, without reference frames, and even worse, not to even ask, "why are they showing me only this? Is there a bigger picture I should be aware of", then that's not MY way of looking at the world.
But it works for many, to jump from whatever they are shown to the next thing, and never question why and in what context. So, those people can knock themselves out with outrage over the "Russian influence" on the elections or Saddam's WMDs.
OTOH, continually changing the subject (as is a particularly common tactic these days, in regard to Kremlin shenanigans, actual or alleged) and never addressing the facts at hand is n't exactly very helpful, either. Some of us are perfectly aware of the "big picture", thank you very much, and would just like to sort out the actual facts of what appears to have happened in this particular situation.
If someone has e.g. punched 100 people, that someone doesn't get to look astonished and outraged when someone 1/10th their weight merely slaps them.
In general, the whole "But Ma, he hit me worse!" line of thinking isn't very useful in understanding history and geopolitics. A better analogy to use would be perhaps the case of a hard-core alcoholic who feels livid and indignant when called on his drunken behavior by the local neighborhood crackhead. Which is of course, to some extent, hypocritical (even though the two drugs and their dependence syndromes are rather different) -- but also, in regard to the alcoholic's own situation, entirely irrelevant.
Getting back to the original article: at least there's clear evidence now that Podesta's account subjected to (and fell for) a phishing attack; which makes it more likely that the emails were in fact stolen (and not "leaked from the inside", as some have claimed).
The American public isn't to savvy when it comes to foreign policy and propaganda. Having a weak President like Obama didn't help. The Russians took the opportunity to try and put a more favorable government into power in the USA. Whether their effort worked or would the result have been the same is what is to be determined.
What I find incredibly interesting is how Trumps inner circle is so well connected to Putin and his inner circle. Americans are either not interested or unfortunately not savvy enough to connect the dots. Even Donald himself has a long and warm relationship with many Russian Oligarchs. He has been facilitating real estate deals from Miami to NYC for a very long time. Hence all the friendliness with Putin. Although I don't really know if Americans care.
At the end of the day you need to figure out whether our government has been compromised by a foreign power. you got to wonder what has happened to the Republican Party and how many are warming up to Putin and Russia? Is it money? What is it?
I also would like to know why Wikileaks has gone quite. I have read that much of it's funding is now provided by the Kremlin.
Interesting times, you have to be careful when you pick a Prophet. You end up reaping the fruits of his labor......
I don't really understand why there is so much energy being spent trying to spin this into Russia subverting our Democracy. Corporate and government espionage happens. In this case, the results of these 'hacks' has been release of confidential emails and documents. If the contents of these dumps were completely mundane, I do not think it would have been a big deal at all. It's sort of like saying 'information subverted our Democracy'.
I think the question here, implied but not directly asked is: did Donald J Trump commit an act of treason by collaborating with a foreign power (and their military) to undermine our electoral process?
I don't know that we've seen evidence of that yet, but it's possible that someone such as the NSA has evidence of the collaboration from secret channels.
I certainly believe that a man whose entire campaign was based on lies and whose business dealings are littered with fraud and broken contracts would betray the nation while campaigning to lead it. His economic decisions (and appointments) have already betrayed the very people who got him elected.
So I hope we get a detailed report before Obama leaves office -- because no person should be allowed to serve as president if they've committed an act of treason (and particularly if they committed treason during the election)!
Tl;dr: Spy agencies, please help us know if Treacherous Trump is really Treasonous Trump.
"It is a hack in both senses of the term, and clearly merits discussion here."
Agree @mturmon, not happy HN is flagging away stories like this. A lot of security, technical and business questions can be asked and learned from this incident.
Exactly, it is hacking in the biggest sense of the term. It is not just run-of-the-mill politics, which I admit, HN does not do well at, and is no fun to discuss here.
36 comments
[ 3.1 ms ] story [ 83.8 ms ] threadImagine if we caught Russian agents physically breaking into the DNC office, in a Watergate-esque sort of way. I doubt we'd just continue our election business as usual.
I feel like as members of the tech community, it's sort of our job to connect the dots for people. We always lament every time we hear about security breaches on popular websites and want to do something about it. But this is happening at the highest level in our country and I feel like everyone is just kinda silent about it because they don't want to be appear partisan.
https://www.congress.gov/bill/114th-congress/house-bill/5181 https://www.congress.gov/bill/114th-congress/senate-bill/269...
"...develop and synchronize government initiatives to expose and counter foreign information operations directed against U.S. national security interests and advance fact-based narratives that support U.S. allies and interests"
This sounds suspiciously close to an official propaganda department. Anything that does not conform to the government narrative will be deemed a foreign information operation.
> In the meantime, the hackers moved on to targets outside the D.N.C., including Mrs. Clinton’s campaign chairman, John D. Podesta, whose private email account was hacked months later.
> Even Mr. Podesta, a savvy Washington insider who had written a 2014 report on cyberprivacy for President Obama, did not truly understand the gravity of the hacking.
This is the first I'm hearing of any ties to Podesta's emails and Russians. If anything, I always assumed that particular attack was some teenager in Tennessee[0].
In this case the CIA & co absolutely need to publish all the evidence they have linking Russia to the intrusions. The evidence they are claiming could be anything from something as tenuous as "превед"[1] in a log file to something as concrete as a CIA mole participating in the attacks from within the walls of the Kremlin. Right now we the people are being bombarded from all sides with 100% unhelpful bullshit.
[0] https://en.wikipedia.org/wiki/Sarah_Palin_email_hack
[1] https://en.wikipedia.org/wiki/Preved
The white house has used classified reports to publicly justify a conclusion that isn't in the original reports. WMDs in Iraq is a perfect example of this. They did this with Hillary's emails too.
For all we know the evidence is nothing but a Russian IP address in an access log.
The evidence has been released by both Crowdstrike and FireEye. They both have fairly detailed writeups of them. Attribution is an important part of computer security. FireEye has a similar reputation for attribution and forensics as Kaspersky.
It is extremely difficult, maybe impossible, to completely conceal one's pivots, implants, and exfiltration in a computer network. True, it is possible that an attacker that is more capable than GRU/Cozy Bear and FSB/Fancy Bear did just that and exfiltrated the emails and documents. But this is going beyond what the evidence suggests.
https://www.theguardian.com/world/2004/nov/26/ukraine.usa
http://www.washingtonsblog.com/2014/12/head-stratfor-private...
https://en.wikipedia.org/wiki/CIA_activities_in_Syria#War.2C...
(a) continuously meddles with internal Russian affairs ever after the Cold War,
(b) with tons of sponsored "NG"Os, "watchdogs", journalists paid to publish any old BS about Russian politics IN Russia and outside,
(c) which even openly sponsors the main opposition trying to finally re-install some friendly patchy in power (a la Yeltsin, who will sell the country to foreign interests wholesale),
(d) and which, unlike Russia, which is the pale relic of an ex-superpower, that even that wasn't all that powerful as it was thought to be, actually has the power, money, and global resources to actually make that have an effect (sponsoring 'orange revolutions' nearby, enforcing sanctions, etc),
has the gal to speak of Russia "invading" them and affecting their elections is beyond me. Especially since the one that won the elections had tons of free coverage from all established US media and broadcasters, and huge support in the fly-over states.
These fake cries of foreign intervention are a double insult for all those countries, in Latin America, Africa, Asia, even Europe, that had their legitimate leaders replaced by dictators with the help of US intervention, from the Shah to Pinochet and beyond to today's mess in the Middle East.
None of which has any bearing whatsoever on the simple factual matter of how the attacks happened, and what parties where responsible.
Which I didn't address and I don't care much about. However the attacks happened, and whoever parties were responsible, they were obviously inconsequential to the outcome of the elections.
But pointing out the hypocrisy is important, because it brings things to perspective and shows the absurdity of the complaints.
One is wrong: These attacks were not "obviously inconsequential", and the complaints of Russian hacking of the DNC are not "absurd".
Your second point ("the US does it too") is not wrong, but should not stop discussion of this particular attack. The U.S. has meddled in elections, but at the very least, the tactics here were new in their scale and effectiveness.
Compared e.g. to downright sponsoring and conspiring and successfully establishing a military dictatorship in my country (and tons of others)?
Or (for the "new" part) hacking and reading the mails of all world leaders, allies or not?
Hardly new and hardly major.
Not my way of looking at the world. But hey, whatever works for you, pal.
I didn't address the specific isolated facts, because in perspective they are insignificant.
If someone has e.g. punched 100 people, that someone doesn't get to look astonished and outraged when someone 1/10th their weight merely slaps them.
If your way to look at the world is to isolate every fact you see and look at it on its own, without reference frames, and even worse, not to even ask, "why are they showing me only this? Is there a bigger picture I should be aware of", then that's not MY way of looking at the world.
But it works for many, to jump from whatever they are shown to the next thing, and never question why and in what context. So, those people can knock themselves out with outrage over the "Russian influence" on the elections or Saddam's WMDs.
If someone has e.g. punched 100 people, that someone doesn't get to look astonished and outraged when someone 1/10th their weight merely slaps them.
In general, the whole "But Ma, he hit me worse!" line of thinking isn't very useful in understanding history and geopolitics. A better analogy to use would be perhaps the case of a hard-core alcoholic who feels livid and indignant when called on his drunken behavior by the local neighborhood crackhead. Which is of course, to some extent, hypocritical (even though the two drugs and their dependence syndromes are rather different) -- but also, in regard to the alcoholic's own situation, entirely irrelevant.
Getting back to the original article: at least there's clear evidence now that Podesta's account subjected to (and fell for) a phishing attack; which makes it more likely that the emails were in fact stolen (and not "leaked from the inside", as some have claimed).
What I find incredibly interesting is how Trumps inner circle is so well connected to Putin and his inner circle. Americans are either not interested or unfortunately not savvy enough to connect the dots. Even Donald himself has a long and warm relationship with many Russian Oligarchs. He has been facilitating real estate deals from Miami to NYC for a very long time. Hence all the friendliness with Putin. Although I don't really know if Americans care.
At the end of the day you need to figure out whether our government has been compromised by a foreign power. you got to wonder what has happened to the Republican Party and how many are warming up to Putin and Russia? Is it money? What is it?
I also would like to know why Wikileaks has gone quite. I have read that much of it's funding is now provided by the Kremlin.
Interesting times, you have to be careful when you pick a Prophet. You end up reaping the fruits of his labor......
I don't know that we've seen evidence of that yet, but it's possible that someone such as the NSA has evidence of the collaboration from secret channels.
I certainly believe that a man whose entire campaign was based on lies and whose business dealings are littered with fraud and broken contracts would betray the nation while campaigning to lead it. His economic decisions (and appointments) have already betrayed the very people who got him elected.
So I hope we get a detailed report before Obama leaves office -- because no person should be allowed to serve as president if they've committed an act of treason (and particularly if they committed treason during the election)!
Tl;dr: Spy agencies, please help us know if Treacherous Trump is really Treasonous Trump.
Agree @mturmon, not happy HN is flagging away stories like this. A lot of security, technical and business questions can be asked and learned from this incident.