Yeah, not sure what OP's point in publishing a 6 month-old story is. Maybe amend the title to reflect that, I thought it was some new development and was also confused.
These half-year old revelations are being signal boosted all over twitter by... individuals... not sure why this 6 month old information, which nobody cared about, is all of a sudden super relevant.
This fact has been overlooked by way too many people.
One should ask why the victims would refrain from providing law enforcement with access to evidence related to a crime that is later blamed as the reason they lost the election.
Then how are they able to say with certainty of what happened? Is it normal to just take private companies at their word when it comes to investigations?
The servers were investigated directly by a private company that specialized in such things, that the FBI regularly works with, and the results were handed over. It's really not that strange for an organization to balk at handing over it's private proprietary information to the federal government. Especially when there was a chance that within a year that government would be run by someone with a personal vendetta against said organization.
> 'The servers were investigated directly by a private company'
A private company owned by the very people who apparently did the breach. Dmitri Alperovitc is Russian and owns Crowdstrike, the company that did the 'investigation'.
I'm not saying they did it, and honestly I don't care one way or the other but hiring the people who (allegedly) hacked you to find out who hacked you is the epitome of stupidity.
Going by what we see of the FBI they absolutely reek of incompetence, paying $1 million to unlock an iPhone is another example!
Are you saying that Dmitri Alperovitc did the hacking, or that he's an agent of those who did? Or are you just saying that if you think some Russians did hacking, you should not trust any Russians? None of these options make any sense to me.
>A private company owned by the very people who apparently did the breach. Dmitri Alperovitc is Russian and owns Crowdstrike, the company that did the 'investigation'.
All Russians are not members of the Russian government...
>Going by what we see of the FBI they absolutely reek of incompetence, paying $1 million to unlock an iPhone is another example!
I mean, sure if you phrase it like that. Actually understanding the circumstances around that (completely unrelated to what we're talking about) situation would show that it wasn't really that simple.
About as normal as private discussions with Attorney General when your wife is under investigation, and AG requesting FBI to call an active investigation a "matter" to coordinate the narrative with press.
"It’s common for the initial forensic analysis to be conducted by outside firms like CrowdStrike, and once that data has been copied, there’s often little need to copy it again. BuzzFeed described the FBI’s lack of interest in the DNC’s server as unusual, citing a number of response firms that preferred not to be named. But that’s not a unanimous opinion, and two experts contacted by The Verge disagreed that it was unusual.
“This is normal practice,” says Matt Tait, founder and CEO of Capital Alpha Security. “In cases like this, the onus for digital forensics is on the third-party contracted by the company that's calling in the incident response team, in this case CrowdStrike.”
It’s part of a long-standing division of labor between private firms and law enforcement, in which incident response firms handle the initial analysis and network cleanup, leaving broader legal questions to law enforcement. That division of labor saves time, but it also protects companies from what could potentially be seen as an invasion of privacy. Turning over a company’s entire network to a law enforcement agency can be an awkward proposition, particularly before the nature of the compromise is clear.
That’s particularly true for the DNC, since the FBI was actively investigating Hillary Clinton for mishandling classified information at the time — and it’s clear the agency had no reservations about searching for evidence of those crimes in unrelated cases. Similar awkwardness is common at corporate breaches, and the result has given incident response firms like CrowdStrike a persistent business as intermediaries between companies and law enforcement.
...
Once incident response has been conducted, the crucial evidence can be handed over directly to officials without politically tricky questions of broader access. We don’t know exactly what CrowdStrike handed over (the company declined to comment), but that data can range from full disk images to an edited digest of suspicious files and logged connections. If CrowdStrike did image the server, any subsequent analysis would simply be confirming that the firm hadn’t screwed up.
Law enforcement groups sometimes do double-check that data, but it’s unlikely to change the attribution itself. Even if CrowdStrike wanted to skew the results toward a particular party, the FBI would be able to check their work against data pulled directly from the network. “The IC would certainly be able to check the malware and associated technical data recovered from the DNC network themselves,” says Tait. “The FBI may be reliant on CrowdStrike to find malware on the DNC network, but they are not beholden to CrowdStrike's analysis.”
...
There’s also reason to think CrowdStrike is simply better at this kind of ground-level forensics than the FBI. The bureau has long struggled to retain cybersecurity talent, losing a steady stream of agents to more lucrative positions at a long list of private-sector security companies. That list includes CrowdStrike itself: the company’s services branch is run by Shawn Henry, an FBI lifer who many credit with the bureau’s recent focus on cybersecurity. The result is a persistent brain drain, and a valid reason for the FBI to focus its energy on the higher-level problems of attribution. If the FBI had decided to duplicate CrowdStrike’s work, it’s not clear they could have done a better job."
They simply just made up facts to suit some story. Complete with James Bond like names - "Fancy Bear" and such. They seem pretty biased against Russia for whatever reason. It would be nice there was some other evidence for the "Russia hacked out elections" story. Otherwise what started as a great propaganda campaign will be running out of steam soon. Or maybe it already has.
21 comments
[ 2.6 ms ] story [ 60.0 ms ] threadComey: DNC denied FBI's requests for access to hacked servers
http://thehill.com/policy/national-security/313555-comey-fbi...
Who forgot to adjust their clock for leap half year?
I already had to vouch for it, but I doubt this will survive another 10 minutes of the flagging / downvote brigade.
January 4 was about two months after the election, not “during the most frantic moments of the election.”
One should ask why the victims would refrain from providing law enforcement with access to evidence related to a crime that is later blamed as the reason they lost the election.
A private company owned by the very people who apparently did the breach. Dmitri Alperovitc is Russian and owns Crowdstrike, the company that did the 'investigation'.
I'm not saying they did it, and honestly I don't care one way or the other but hiring the people who (allegedly) hacked you to find out who hacked you is the epitome of stupidity.
Going by what we see of the FBI they absolutely reek of incompetence, paying $1 million to unlock an iPhone is another example!
(edited: typo)
All Russians are not members of the Russian government...
>Going by what we see of the FBI they absolutely reek of incompetence, paying $1 million to unlock an iPhone is another example!
I mean, sure if you phrase it like that. Actually understanding the circumstances around that (completely unrelated to what we're talking about) situation would show that it wasn't really that simple.
“This is normal practice,” says Matt Tait, founder and CEO of Capital Alpha Security. “In cases like this, the onus for digital forensics is on the third-party contracted by the company that's calling in the incident response team, in this case CrowdStrike.”
It’s part of a long-standing division of labor between private firms and law enforcement, in which incident response firms handle the initial analysis and network cleanup, leaving broader legal questions to law enforcement. That division of labor saves time, but it also protects companies from what could potentially be seen as an invasion of privacy. Turning over a company’s entire network to a law enforcement agency can be an awkward proposition, particularly before the nature of the compromise is clear.
That’s particularly true for the DNC, since the FBI was actively investigating Hillary Clinton for mishandling classified information at the time — and it’s clear the agency had no reservations about searching for evidence of those crimes in unrelated cases. Similar awkwardness is common at corporate breaches, and the result has given incident response firms like CrowdStrike a persistent business as intermediaries between companies and law enforcement.
...
Once incident response has been conducted, the crucial evidence can be handed over directly to officials without politically tricky questions of broader access. We don’t know exactly what CrowdStrike handed over (the company declined to comment), but that data can range from full disk images to an edited digest of suspicious files and logged connections. If CrowdStrike did image the server, any subsequent analysis would simply be confirming that the firm hadn’t screwed up.
Law enforcement groups sometimes do double-check that data, but it’s unlikely to change the attribution itself. Even if CrowdStrike wanted to skew the results toward a particular party, the FBI would be able to check their work against data pulled directly from the network. “The IC would certainly be able to check the malware and associated technical data recovered from the DNC network themselves,” says Tait. “The FBI may be reliant on CrowdStrike to find malware on the DNC network, but they are not beholden to CrowdStrike's analysis.”
...
There’s also reason to think CrowdStrike is simply better at this kind of ground-level forensics than the FBI. The bureau has long struggled to retain cybersecurity talent, losing a steady stream of agents to more lucrative positions at a long list of private-sector security companies. That list includes CrowdStrike itself: the company’s services branch is run by Shawn Henry, an FBI lifer who many credit with the bureau’s recent focus on cybersecurity. The result is a persistent brain drain, and a valid reason for the FBI to focus its energy on the higher-level problems of attribution. If the FBI had decided to duplicate CrowdStrike’s work, it’s not clear they could have done a better job."
https://www.theverge.com/2017/1/5/14178806/fbi-dnc-hack-serv...
https://www.linkedin.com/pulse/crowdstrike-needs-address-har...
They simply just made up facts to suit some story. Complete with James Bond like names - "Fancy Bear" and such. They seem pretty biased against Russia for whatever reason. It would be nice there was some other evidence for the "Russia hacked out elections" story. Otherwise what started as a great propaganda campaign will be running out of steam soon. Or maybe it already has.
Time to move on.