The Hacking Evidence Against Russia Is Extremely Weak

Last week, German security officials said that Russia hacked secret German communications and provided them to Wikileaks (English translation).

But now, German officials say that the communications were likely leaked from an insider within the German parliament, the Bundestag (English translation).

Similarly, when a treasure trove of secret NSA tools were revealed, Russian hackers were initially blamed.

But it turns out that it was probably a leak by an NSA insider.

So claims that Russia is behind any specific hacking incident need to be taken with a grain of salt …

A group of high-level former American intelligence officials – including the man who designed the NSA’s global surveillance system (Bill Binney), a 27-year CIA officials who personally delivered the daily briefing to both Democratic and Republican presidents (Ray McGovern) , and others – say that the Democratic Party emails were not hacked, but were actually leaked by insiders.

A former British intelligence analyst and British Ambassador to Uzbekistan (Craig Murray) alleges that he personally met the leaker, and that it was an American working for the NSA.

But whether or not these American and British intelligence officials are right that the Democratic emails were leaked by insiders as opposed to hacked by Ruskies, the fact remains that the evidence for Russian hacking is very weak.

Initially, the main allegation for Russia hacking Democratic emails to throw the election for trump is that Wikileaks released Democratic – but not Republican – emails.

However, the RNC says that their cybersecurity stopped attempts to hack into their computers. If true, then it may be that the Dems were simply more careless than the GOP. Indeed, John Podesta fell for a basic phishing scam.

Moreover, it’s famously difficult to attribute the source of hacks.

A leading IT think tank – the Institute for Critical Infrastructure Technology – points out:

Malicious actors can easily position their breach to be attributed to Russia.  It’s common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia. For additional operational security, use publically available whitepapers and reports to determine the tool, techniques, and procedures of a well-known nation-state sponsored advanced persistent threat (APT), access Deep Web forums such as Alphabay to acquire a malware variant or exploit kit utilized in prolific attacks, and then employ the malware in new campaigns that will inevitably be attributed to foreign intelligence operations. Want to add another layer? Compromise a Chinese system, leap-frog onto a hacked Russian machine, and then run the attack from China to Russia to any country on the globe. Want to increase geopolitical tensions, distract the global news cycle, or cause a subtle, but exploitable shift in national positions? Hack a machine in North Korea and use it to hack the aforementioned machine in China, before compromising the Russian system and launching global attacks. This process is so common and simple that’s its virtually “Script Kiddie 101” among malicious cyber upstarts.

***

Incident Response techniques and processes are not comprehensive or holistic enough to definitively attribute an incident to a specific threat actor from the multitude of script kiddies, hacktivists, lone-wolf threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs), who all possess the means, motive, and opportunity, to attack minimally secured, high profile targets.

***

Attribution might be reliable if the target is well-protected, if the target operates in a niche field, or if the malware involved in the incident is unique because one or more of those characteristics can be deterministic of the sophistication and resources of the threat actor. Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs); and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.

***

Both APT28 and APT29 are well-known sophisticated threat actors that have been extensively profiled by cybersecurity firms such as FireEye. As a result, their profiles, operational behavior, tools, and malware could all be easily emulated by even an unsophisticated adversary in a campaign against an insecure target such as the DNC, that did not prioritize cybersecurity, cyber-hygiene, or system cyber resiliency. For instance, the cyber-criminal group Patchwork Elephant, known for adopting malware from other campaigns, could easily have also conducted the DNC/ RNC attacks by emulating APT28 and APT29.

James Carden – a former Advisor to the US-Russia Presidential Commission at the US State Department – writes:

Evidence of a connection between the Russian government and the hackers that are believed to have stolen the DNC/John Podesta e-mails remains illusory. Cyber-security expert Jeffrey Carr has observed that “there is ZERO technical evidence to connect those Russian-speaking hackers to the GRU, FSB, SVR, or any other Russian government department.” The very real possibility that non-state actors carried out the hack of the DNC has been conspicuously absent from the mainstream narrative of “Russian interference.”

Craig Murray notes:

Despite himself being a former extremely competent KGB chief, Vladimir Putin [is alleged to have] put Inspector Clouseau in charge of Russian security and left him to get on with it. The Russian Bear has been the symbol of the country since the 16th century. So we have to believe that the Russian security services set up top secret hacking groups identifying themselves as “Cozy Bear” and “Fancy Bear”. Whereas no doubt the NSA fronts its hacking operations by a group brilliantly disguised as “The Flaming Bald Eagles”, GCHQ doubtless hides behind “Three Lions on a Keyboard” and the French use “Marianne Snoops”.

What is more, the Russian disguised hackers work Moscow hours and are directly traceable to Moscow IP addresses. This is plain and obvious nonsense. If crowdstrike [the consulting firm hired by the Democratic National Committee] were tracing me just now they would think I am in Denmark. Yesterday it was the Netherlands. I use Tunnel Bear, one of scores of easily available VPN’s and believe me, the Russian FSB have much better resources. We are also supposed to believe that Russia’s hidden hacking operation uses the name of the famous founder of the Communist Cheka, Felix Dzerzhinsky, as a marker and an identify of “Guccifer2” (get the references – Russian oligarchs and their Gucci bling and Lucifer) – to post pointless and vainglorious boasts about its hacking operations, and in doing so accidentally leave bits of Russian language script to be found.

The Keystone Cops portrayal of one of the world’s most clinically efficient intelligence services is of a piece with the anti-Russian racism which has permeated the Democratic Party rhetoric for quite some time. Frankly nobody in what is vaguely their right mind would believe this narrative.

It is not that “Cozy Bear”, “Fancy Bear” and “Guccifer2” do not exist. It is that they are not agents of the Russian government and not the source of the DNC documents. Guccifer2 is understood in London to be the fairly well known amusing bearded Serbian who turns up at parties around Camden under the (assumed) name of Gavrilo Princip.

Of course there were hacking and phishing attacks on the DNC. Such attacks happen every day to pretty well all of us. There were over 1,050 attacks on my own server two days ago, and many of them often appear to originate in Russia – though more appear to originate in the USA. I attach a cloudfare threat map. It happens to be from a while ago as I don’t have a more up to date one to hand from my technical people. Of course in many cases the computers attacking have been activated as proxies by computers in another country entirely. Crowdstrike apparently expect us to believe that Putin’s security services have not heard of this or of the idea of disguising which time zone you operate from.


One Day’s Attempts to Hack My Own Server – Happens Every Single Day

Pretty well all of us get phishing emails pretty routinely. Last year my bank phoned me up to check if I was really trying to buy a car with my credit card in St Petersburg. I don’t know what the DNC paid “Crowdstrike” for their narrative but they got a very poor return for their effort indeed. That the New York Times promotes it as any kind of evidence is a truly damning indictment of the mainstream media.

Andrew Cockburn asks some hard-hitting questions:

1/ The DNC hackers inserted the name of the founder of Russian intelligence, in Russian, in the metadata of the hacked documents.  Why would the G.R.U., Russian military intelligence do that?

2/ If the hackers were indeed part of Russian intelligence, why did they use a free Russian email account, or, in the hack of the state election systems, a Russian-owned server?  Does Russian intelligence normally display such poor tradecraft?

3/ Why would Russian intelligence, for the purposes of hacking the election systems of Arizona and Illinois, book space on a Russian-owned server and then use only English, as documents furnished by Vladimir Fomenko, proprietor of Kings Servers, the company that owned the server in question, clearly indicate?

4/ Numerous reports ascribe the hacks to hacking groups known as APT 28 or “Fancy Bear” and APT 29 or “Cozy Bear.” But these groups had already been accused of  nefarious actions on behalf of Russian intelligence prior to the hacks under discussion.  Why would the Kremlin and its intelligence agencies select well-known groups to conduct a regime-change operation on the most powerful country on earth?

5/ It has been reported in the New York Times, without attribution, that U.S. intelligence has identified specific G.R.U. officials who directed the hacking. Is this true, and if so, please provide details (Witness should be sworn)

6/ The joint statement issued by the DNI and DHS on October 7 2016 confirmed that US intelligence had no evidence of official Russian involvement in the leak of hacked documents to Wikileaks, etc, saying only that the leaks were “consistent with the methods and motivations of Russian-directed efforts.”  Has the US acquired any evidence whatsoever since that time regarding Russian involvement in the leaks?

So while Russia may have hacked the Democratic emails and then delivered them to Wikileaks, the evidence is extremely weak.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
This entry was posted in Uncategorized. Bookmark the permalink.
  • Dec 18, 2016 – Top 10 Times The U.S. Interfered with Foreign Governments

    In this video, Rachel Blevins looks at the top 10 foreign governments the United States intervened in and interfered with, and how they were changed as a result.

    https://youtu.be/l4qiyi3-ISE

  • It would never be these folks. Sarc/off! Aug 4, 2016 DARPA’s Cyber Grand Challenge: Competition Framework Team

    Astrophysicist and Cyber Grand Challenge Host Hakeem Oluseyi talks to the CGC’s Competition Framework Team about their role in designing the space in which the CGC is executed and scored. They also discuss the impact the CGC is expected to have, speeding the development of automated cybersecurity.

    https://youtu.be/2KVDsiKzOIk

  • diogenes

    American democracy was hacked bad in 2016 by the Democratic Party whose Wall Street oligarch controlled overseers prevented the nomination of a winning candidate (Sanders) supported by the majority of “Democrats” and the majority of Americans, in order to nominate a corrupt mass murderer who was favored by the oligarchs. THIS is the CRUCIAL conversation that America needs to have — and not this stale BS about the Russians. Whether it is actually contrived as a red herring for this purpose, it is serving this purpose to continue fueling this stupid discussion and ignoring the VITAL one, the KEY lesson that Americans need to take away from 2016.

  • iseeitfx

    Within an empire of lies..
    Telling the truth becomes a revolutionary act.

  • I don’t believe there was hacking. I believe the DNC material was a leak.

    However, let’s just pretend for a moment that there was a hack, a Russian hack, doing a kind of thought experiment.

    Then so what?

    A bunch of true insights into the inner workings of the Clinton family-dominated Democratic Party were revealed to voters, with no national security matters being involved at all. Voters indeed were informed about something for a change.

    Wow, that is just terrible, isn’t it? Some truth revealed from behind of the phony public façade of a corrupt political party.

    Could almost pass for what used to be called investigative journalism, couldn’t it?

    And it came after a months-long storm of extremely biased, often dishonest, and frequently hateful ‘reporting” by the corporate press and broadcasters in favor of the Clintons.

    There were no exceptions to this this massive, coordinated effort by the corporate press, and indeed American corporate hi-tech companies, not really parts of the traditional press, such as Google or Facebook, joined right in the abuse of privileged positions. We’ve never seen its like before.

    It does seem to me that the only genuinely serious concern for American voters should be that deadly serious threat from within their own society, that unrelenting effort to swing an election on false claims and innuendo.

    Not some facts revealed by someone with an ear to the wall of a corrupt organization.

    And remember all of these abusive political behaviors were by companies whose privileged and profitable position in society results from America’s loose-to-non-existent regulation of monopolies, near-monopolies, and massive corporations. It is not owing just to their own intrinsic merit.

    This simple truth seems lost in the roaring noise of 1950s-style anti-Russian propaganda – all of it without a speck of proof.

    But even were there some proof, the issue involved seems trivial compared to the monstrous one everyone ignores, a domestic press, a gigantic self-praising industry, which in fact closely emulates the behavior of the press in a tyrannical society.

    • Brian McKeever

      Frankly, I hope someone hacks both parties in 2020 and dumps the documents before the election so we can see what antics both sides are up to before we vote. Having the info on the Dems this time around was certainly enlightening, but only told half the story.

  • Josh Stern

    The range of good evidence and argument collected in this article is impressive.

    There is another angle to the story, also meriting discussion, which gets into large questions about the CIA and national policy. The basic idea is that on almost any topic, the CIA has the potential to say something of the form “We know such & such because of a hidden intelligence asset. We can’t reveal the details without compromising our source. So trust us.” That argument has been used on occasions in public, and is used much more behind closed doors with Congress and the POTUS. It is wrong to trust the CIA all of the time because they have long history of falsehood and malfeasance (and, many including me would argue, treason….). At the same time, neither outsiders like us, or even partial insiders like the US Congress, can be sure in any given instance whether they are telling the truth or not.

    What is the solution? IMO, we need legislative acts of Congress which explicitly prohibit lying about such matters and which establish meaningful penalties, without statute of limitations, for making false claims. I do not approve of the Top Secret FISA court which makes unreviewable, Top Secret by definition, decisions whether to target individual or categories citizens based on one-sided FBI presentations. In contrast, questions of whether there is good reason to believe the CIA claims would actually be a good use of a top secret court. Congressional legislators who are not privy to CIA secrets or friends of the CIA should have the ability to ask a Top Secret court, independent of the CIA, to actually review the question of whether there is any solid factual basis to what they say, and this court should at least get input from the other side about reasons for skepticism.

    The current situation where the CIA is commissioned, by govt. design, to endlessly lie, commit criminal acts in secret, and then deny the truth and their involvement, is a hopeless bug in the US system of republican democracy. It should have been fixed long ago…instead we get things like ex-President Harry Truman writing an editorial for WasPo in 1963 – right after JFK is killed – claiming he made a mistake to create CIA covert ops, and the CIA reacting *immediately* by using its influence to get the editorial pulled from all but the early edition from the paper, and then spreading false reports that Truman is demented and didn’t remember writing the piece.

    https://archive.org/stream/LimitCIARoleToIntelligenceByHarrySTruman/Limit%20CIA%20Role%20To%20Intelligence%20by%20Harry%20S%20Truman_djvu.txt

  • Southern

    As per usual….The evidence is so effing weak that it will remain top secret for at least 30 years.

  • James Scaminaci III, PhD

    When the FBI warned the DNC in September 2015 that “the Dukes” were inside the DNC system, did the FBI have the capability to make that detection? Or did some other agency make the detection and pass on a sanitized warning? If they detected it, were they not monitoring it in real-time or near real-time? Just curious.

  • David Merrill

    Hi;

    I have a bunch of Russian bots haunting my Gospel of Pragmatism:

    http://bishopcastle.us/forum/main-forum/pragmatism?filter_sort=title&filter_order=asc

    David Merrill here. I have been aligning my communications pages for maximum teaching on http://www.lawfulmoneytrust.com.

    This YouTube video will explain:

    https://www.youtube.com/watch?v=q_hixqP24lE

    Please recommend Lawful Money Trust on Nextdoor, and enjoy getting to know real people around you too!

    https://nextdoor.com/pages/lawful-money-trust-raleigh-nc/recommend/

  • dougstir

    ……….And how would Putin have placed all those classified files on Anthony Wiener’s laptop?