Ask HN: Why is russian election hacking so easy to identify?

5 points by mkoryak ↗ HN
You would think that a nation state would have the resources to make identification hard.

Some reporters were recently able to trace some evil emails sent from a server belonging to 'fancy bear'.

If you are fancy bear, wouldnt you have multiple servers around the world or maybe a botnet?

4 comments

[ 2.7 ms ] story [ 22.2 ms ] thread
The short answer is that they probably wanted to be identified. After all, it's an intelligence operation, so it serves several disinfo/doublecross-related purposes simultaneously.

The -bear APTs (fancy, fuzzy, etc.) had already been associated with russian military intelligence for years, by the civillian cybersecurity community, posting evidence of that on the public internet, before the election.

(There's always the possibility that some other organization is posing as russian military intelligence & using a well-known APT to spoof their own work. But, supporting multiple sides of a conflict in a way that leaves clear evidence is standard MO for russian intelligence since the 90s -- though typically, russian intelligence will publically take credit for the ops later on.)

It's important to understand that the primary purpose was probably not to get a particular candidate elected, but instead to undermine public trust in the election apparatus. (The easiest way to do that is to take advantage of the fact -- generally known among security people but not among normies -- that the election apparatus actually is pretty insecure.) Actually influencing election results is secondary to making sure american citizens argue over whether or not they were influenced by a foreign power.

I saw a post online talking about a guy who helped a lady got proofs from her cheating partners phone,with out any physical touch which means it was done remotely,i then tried it out and to my surprise he blew me off with the very type of results i needed i was able to see my spouse snapchat messages and vidoe facebooks messages and see is call logs and listen to in coming calls as well you should give him a try also contact him on Hackrita321dot HACK at GMAIL dot COM for any type of hack
Usually you'd want to reuse existing hacking infrastructure that is people, exploits, operational practices etc. These are bound to leave fingerprints.

Doing everything from scratch to ensure secrecy would take significant resources. With no guarantee of success.