Ask HN: Why is russian election hacking so easy to identify?
You would think that a nation state would have the resources to make identification hard.
Some reporters were recently able to trace some evil emails sent from a server belonging to 'fancy bear'.
If you are fancy bear, wouldnt you have multiple servers around the world or maybe a botnet?
4 comments
[ 2.7 ms ] story [ 22.2 ms ] threadThe -bear APTs (fancy, fuzzy, etc.) had already been associated with russian military intelligence for years, by the civillian cybersecurity community, posting evidence of that on the public internet, before the election.
(There's always the possibility that some other organization is posing as russian military intelligence & using a well-known APT to spoof their own work. But, supporting multiple sides of a conflict in a way that leaves clear evidence is standard MO for russian intelligence since the 90s -- though typically, russian intelligence will publically take credit for the ops later on.)
It's important to understand that the primary purpose was probably not to get a particular candidate elected, but instead to undermine public trust in the election apparatus. (The easiest way to do that is to take advantage of the fact -- generally known among security people but not among normies -- that the election apparatus actually is pretty insecure.) Actually influencing election results is secondary to making sure american citizens argue over whether or not they were influenced by a foreign power.
Doing everything from scratch to ensure secrecy would take significant resources. With no guarantee of success.