if by some miracle the democrats won the house in 2018 (a big senate majority would be almost guaranteed in that situation as well), i see agent orange working with the democrats so he can have some legislative accomplishments. he's a chameleon.
RUSSIA/РОССИЯ THREAD—ASSANGE CHRGD W/ SPYING—DJT IMPEACHED TWICE-US TREASURY SANCTS KILIMNIK AS RUSSIAN AGNT
- Thread starter ☑︎#VoteDemocrat
- Start date
Stone Cold
Superstar
From Russia, with Panic
Cozy bears, unsourced hacks—and a Silicon Valley shakedown
Yasha Levine
© YAREK WASZUL
The Russians hacked America.
After Donald Trump’s surprise victory in November, these four words reverberated across the nation. Democratic Party insiders, liberal pundits, economists, members of Congress, spies, Hollywood celebrities, and neocons of every stripe and classification level—all these worthy souls reeled in horror at the horribly compromised new American electoral order. In unison, the centers of responsible opinion concurred that Vladimir Putin carried off a brazen and successful plan to throw the most important election in the most powerful democracy in the world to a candidate of his choosing.
It seemed like a plotline from a vintage James Bond film. From his Moscow lair, Vladimir Putin struck up an alliance with Julian Assange to mount a massive cyber-offensive to discredit Hillary Clinton and her retinue of loyal Democratic Party operatives in the eyes of the American public.
The plot was full of twists and turns and hair-raising tangents, including tales of Russian-American retiree-agents sunning in Miami while collecting payoffs from Russia’s impoverished pension system. But the central ruse, it appears, was to enter the email server of the Democratic National Committee and then tap into the Gmail account belonging to John Podesta, founder of the Center for American Progress and premier D.C. Democratic insider.
As the long 2016 general election campaign unwound, WikiLeaks released a steady stream of embarrassing revelations from the DNC—though the disclosures were no more compromising than what you’d find in the correspondence of any mid-sized private-sector company: dumb boardroom gossip, petty press intrigues, and sleazy attempts to undermine a well-placed executive rival (namely Bernie Sanders). Truly, it would have been astonishing to learn that the DNC went about its business in any other way. But the sheer fact of the data breach was dispositive in the eyes of Democratic operatives and their many defenders in the liberal press. After all, WikiLeaks also reportedly collected data from the Republican National Committee, and did nothing with it. Clearly this was cyber-espionage of the most sophisticated variety.
On the Trump side of the ledger, things were murkier. Trump’s political advisers indeed had ties to Russia and Ukraine—but this was hardly surprising given the authoritarian-friendly lobbying climate within Washington. During the campaign the GOP nominee was disinclined to say anything critical about Putin. Indeed, breaking with decades of Republican tradition, Trump openly praised the Russian leader as a powerful, charismatic figure who got things done. But since the candidate also refused to disclose his tax returns, a commercial alliance with the Russian autocrat was necessarily a matter of conjecture. That didn’t stop theories from running wild, culminating in January with the titillating report from BuzzFeed that U.S. intelligence agencies believed that Putin had compromising footage of Trump cavorting with prostitutes at a Moscow hotel previously patronized by Barack and Michelle Obama. Not only was the Yank stooge defiling the very room where the first couple had stayed, but he allegedly had his rented amorous companions urinate in the bed. Behold, virtuous American republic, the degradation Vladimir Putin has in store for you!
Taking the Piss
The dossier published by BuzzFeed had been circulating for a while; on closer inspection, it appeared to be repurposed opposition research from the doomed Jeb Bush campaign. Its author was a former British intelligence operative apparently overeager to market salacious speculation. By the end of this latest lurid installment of the Russian hacking saga, no one knew anything more than they had when the heavy-breathing allegations first began to make their way through the political press. Nevertheless, the Obama White House had expelled Russian diplomats and expanded sanctions against Putin’s regime, while the FBI continued to investigate reported contacts between Trump campaign officials and Russian intelligence operatives during the campaign.
This latter development doesn’t exactly inspire confidence. As allegations of Russian responsibility for the DNC hack flew fast and furious, we learned that the FBI never actually carried out an independent investigation of the claims. Instead, agency officials carelessly signed off on the findings of CrowdStrike, a private cybersecurity firm retained by the Democratic National Committee. Far from establishing an airtight case for Russian espionage, CrowdStrike made a point of telling its DNC clients what it already knew they wanted to hear: after a cursory probe, it pronounced the Russians the culprits. Mainstream press outlets, primed for any faint whiff of great-power scandal and poorly versed in online threat detection, likewise treated the CrowdStrike report as all but incontrovertible.
Other intelligence players haven’t fared much better. The Director of National Intelligence produced a risible account of an alleged Russian disinformation campaign to disrupt the 2016 presidential process, which hinged on such revelations as the state-sponsored TV news outlet Russia Today airing uncomplimentary reports on the Clinton campaign and reporting critically on the controversial U.S. oil-industry practice of fracking as a diabolical plot to expand the market for Russian natural gas exports. In a frustratingly vague statement to Congress on the report, then-DNI director James Clapper hinted at deeper and more definitive findings that proved serious and rampant Russian interference in America’s presidential balloting—but insisted that all this underlying proof must remain classified. For observers of the D.C. intelligence scene, Clapper’s performance harkened back to his role in touting definitive proof of the imminent threat of Saddam Hussein’s WMD arsenal in the run-up to the U.S. invasion of Iraq.
Cozy bears, unsourced hacks—and a Silicon Valley shakedown
Yasha Levine
© YAREK WASZUL
The Russians hacked America.
After Donald Trump’s surprise victory in November, these four words reverberated across the nation. Democratic Party insiders, liberal pundits, economists, members of Congress, spies, Hollywood celebrities, and neocons of every stripe and classification level—all these worthy souls reeled in horror at the horribly compromised new American electoral order. In unison, the centers of responsible opinion concurred that Vladimir Putin carried off a brazen and successful plan to throw the most important election in the most powerful democracy in the world to a candidate of his choosing.
It seemed like a plotline from a vintage James Bond film. From his Moscow lair, Vladimir Putin struck up an alliance with Julian Assange to mount a massive cyber-offensive to discredit Hillary Clinton and her retinue of loyal Democratic Party operatives in the eyes of the American public.
The plot was full of twists and turns and hair-raising tangents, including tales of Russian-American retiree-agents sunning in Miami while collecting payoffs from Russia’s impoverished pension system. But the central ruse, it appears, was to enter the email server of the Democratic National Committee and then tap into the Gmail account belonging to John Podesta, founder of the Center for American Progress and premier D.C. Democratic insider.
As the long 2016 general election campaign unwound, WikiLeaks released a steady stream of embarrassing revelations from the DNC—though the disclosures were no more compromising than what you’d find in the correspondence of any mid-sized private-sector company: dumb boardroom gossip, petty press intrigues, and sleazy attempts to undermine a well-placed executive rival (namely Bernie Sanders). Truly, it would have been astonishing to learn that the DNC went about its business in any other way. But the sheer fact of the data breach was dispositive in the eyes of Democratic operatives and their many defenders in the liberal press. After all, WikiLeaks also reportedly collected data from the Republican National Committee, and did nothing with it. Clearly this was cyber-espionage of the most sophisticated variety.
On the Trump side of the ledger, things were murkier. Trump’s political advisers indeed had ties to Russia and Ukraine—but this was hardly surprising given the authoritarian-friendly lobbying climate within Washington. During the campaign the GOP nominee was disinclined to say anything critical about Putin. Indeed, breaking with decades of Republican tradition, Trump openly praised the Russian leader as a powerful, charismatic figure who got things done. But since the candidate also refused to disclose his tax returns, a commercial alliance with the Russian autocrat was necessarily a matter of conjecture. That didn’t stop theories from running wild, culminating in January with the titillating report from BuzzFeed that U.S. intelligence agencies believed that Putin had compromising footage of Trump cavorting with prostitutes at a Moscow hotel previously patronized by Barack and Michelle Obama. Not only was the Yank stooge defiling the very room where the first couple had stayed, but he allegedly had his rented amorous companions urinate in the bed. Behold, virtuous American republic, the degradation Vladimir Putin has in store for you!
Taking the Piss
The dossier published by BuzzFeed had been circulating for a while; on closer inspection, it appeared to be repurposed opposition research from the doomed Jeb Bush campaign. Its author was a former British intelligence operative apparently overeager to market salacious speculation. By the end of this latest lurid installment of the Russian hacking saga, no one knew anything more than they had when the heavy-breathing allegations first began to make their way through the political press. Nevertheless, the Obama White House had expelled Russian diplomats and expanded sanctions against Putin’s regime, while the FBI continued to investigate reported contacts between Trump campaign officials and Russian intelligence operatives during the campaign.
This latter development doesn’t exactly inspire confidence. As allegations of Russian responsibility for the DNC hack flew fast and furious, we learned that the FBI never actually carried out an independent investigation of the claims. Instead, agency officials carelessly signed off on the findings of CrowdStrike, a private cybersecurity firm retained by the Democratic National Committee. Far from establishing an airtight case for Russian espionage, CrowdStrike made a point of telling its DNC clients what it already knew they wanted to hear: after a cursory probe, it pronounced the Russians the culprits. Mainstream press outlets, primed for any faint whiff of great-power scandal and poorly versed in online threat detection, likewise treated the CrowdStrike report as all but incontrovertible.
Other intelligence players haven’t fared much better. The Director of National Intelligence produced a risible account of an alleged Russian disinformation campaign to disrupt the 2016 presidential process, which hinged on such revelations as the state-sponsored TV news outlet Russia Today airing uncomplimentary reports on the Clinton campaign and reporting critically on the controversial U.S. oil-industry practice of fracking as a diabolical plot to expand the market for Russian natural gas exports. In a frustratingly vague statement to Congress on the report, then-DNI director James Clapper hinted at deeper and more definitive findings that proved serious and rampant Russian interference in America’s presidential balloting—but insisted that all this underlying proof must remain classified. For observers of the D.C. intelligence scene, Clapper’s performance harkened back to his role in touting definitive proof of the imminent threat of Saddam Hussein’s WMD arsenal in the run-up to the U.S. invasion of Iraq.
Last edited:
Stone Cold
Superstar
It’s been easy, amid the accusations and counteraccusations, to lose sight of the underlying seriousness of the charges. If the hacking claims are true, we are looking at a truly dangerous crisis that puts America’s democratic system at risk.
The gravity of the allegation calls for a calm, measured, meticulously documented inquiry—pretty much the opposite of what we’ve seen so far. The level of wild assertion has gotten to the point that some of the most respected pro-Western voices in Russia’s opposition have expressed alarm. As much as they despise Putin, they don’t buy the bungled investigations. “In the real world outside of soap operas and spy novels . . . any conclusions concerning the hackers’ identity, motives and goals need to be based on solid, demonstrable evidence,” wrote Leonid Bershidsky. “At this point, it’s inadequate. This is particularly unfortunate given that the DNC hacks were among the defining events of the raging propaganda wars of 2016.”
The lack of credible evidence, the opaque nature of cyber attacks, the partisan squabbles and smears, and the national-security fearmongering have all made this particular scandal very difficult to navigate. It may be years before we find out what really happened.
Fancy Bears, Cozy Bears—Oh My!
Take CrowdStrike, the hottest cybersecurity firm operating today. Based in Irvine, California, CrowdStrike was launched in 2012 by two veterans of the cyber-attribution business: George Kurtz and Dmitri Alperovitch. Both previously worked for McAfee, an antivirus-turned-massive-cybersecurity firm now partially owned by Intel. But Kurtz and Alperovitch saw a market opportunity for a new boutique type of cyber-defense outfit and decided to strike out on their own. They also brought on board Shawn Henry, a top FBI official who had been in charge of running the agency’s worldwide cyber investigations.
CrowdStrike positioned itself as a next-generation full-service cybersecurity firm. Company officials argued that cybersecurity was no longer just about defense—there was too much data and too many ways of getting at it to protect everything all the time. You had to know your attacker. “Knowing their capabilities, objectives, and the way they go about executing on them is the missing piece of the puzzle in today’s defensive security technologies,” wrote CrowdStrike cofounder George Kurtz. “By identifying the adversary . . . we can hit them where it counts.”
CrowdStrike hit the big time in 2015 with a $100 million infusion from Google Capital (now Capital G), Google’s first-ever investment in a cybersecurity company. It was good timing, because CrowdStrike was about to be catapulted into the front ranks of cyber-threat assessors. Sometime in April or May, CrowdStrike got a call from the Democratic National Committee to investigate a possible intrusion into their servers. The company’s investigators worked with surprising efficiency. As one DNC insider explained to the New York Times, the company was able to make a definite attribution within a day. There was no doubt, CrowdStrike told its DNC clients—the Russian government did it.
Behold, virtuous American republic, the degradation Vladimir Putin has in store for you!
The results of CrowdStrike’s investigation were first broken by the Washington Post and then followed up in greater detail by CrowdStrike itself. In a post entitled “Bears in the Midst,” Dmitri Alperovitch attributed the hack to two distinct and very nefarious “Russian espionage” groups: Cozy Bear and Fancy Bear, among the most sophisticated cyber-operators CrowdStrike had ever come across. “In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis,” he wrote. “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”
These cyberspooks were allegedly behind a string of recent attacks on American corporations and think tanks, as well as recent penetrations of the unclassified networks of the State Department, the White House, and the U.S. Joint Chiefs of Staff. According to CrowdStrike, Cozy Bear was most likely the FSB, while Fancy Bear was linked to the “GRU, Russia’s premier military intelligence service.”
Here, the cyber experts were telling us, was conclusive evidence that both the FSB and the GRU targeted the central apparatus of the Democratic Party. CrowdStrike’s findings didn’t just cause a sensation; they carpet-bombed the news cycle. Reports that Vladimir Putin had tried to hack America’s democratic process raced around the world, making newspaper front pages and setting off nonstop cable news chatter.
The story got even hotter after a hacker who called himself Guccifer 2.0 suddenly appeared. He took credit for the DNC hack, called CrowdStrike’s investigation a fraud, and began leaking select documents pilfered from the DNC—including a spreadsheet containing names and addresses of the DNC’s biggest donors. The story finally started going nuclear when WikiLeaks somehow got hold of the entire DNC email archive and began dribbling the data out to the public.
A Terrible System
CrowdStrike stuck to its guns, and other cybersecurity firms and experts likewise clamored to confirm its findings: Russia was behind the attack. Most journalists took these security savants at their word, not bothering to investigate or vet their forensic methods or look at the way CrowdStrike arrived at its conclusions. And how could they? They were the experts. If you couldn’t trust CrowdStrike and company, who could you trust?
Unfortunately, there were big problems with CrowdStrike’s account. For one thing, the names of the two Russian espionage groups that CrowdStrike supposedly caught, Cozy Bear and Fancy Bear, were a fiction. Cozy Bear and Fancy Bear are what cyber monitors call “Advanced Persistent Threats,” or APTs. When investigators analyze an intrusion, they look at the tools and methods that the hackers used to get inside: source code, language settings, compiler times, time zones, IP settings, and so on. They then compare all these things against a database of previously recorded hacks that is shared among cyber professionals. If the attack fits an old profile, they assign it to an existing APT. If they find something new, they create a group and give it an official name (say, APT911) and then a cooler moniker they can throw around in their reports (say, TrumpDump).
The gravity of the allegation calls for a calm, measured, meticulously documented inquiry—pretty much the opposite of what we’ve seen so far. The level of wild assertion has gotten to the point that some of the most respected pro-Western voices in Russia’s opposition have expressed alarm. As much as they despise Putin, they don’t buy the bungled investigations. “In the real world outside of soap operas and spy novels . . . any conclusions concerning the hackers’ identity, motives and goals need to be based on solid, demonstrable evidence,” wrote Leonid Bershidsky. “At this point, it’s inadequate. This is particularly unfortunate given that the DNC hacks were among the defining events of the raging propaganda wars of 2016.”
The lack of credible evidence, the opaque nature of cyber attacks, the partisan squabbles and smears, and the national-security fearmongering have all made this particular scandal very difficult to navigate. It may be years before we find out what really happened.
Fancy Bears, Cozy Bears—Oh My!
Take CrowdStrike, the hottest cybersecurity firm operating today. Based in Irvine, California, CrowdStrike was launched in 2012 by two veterans of the cyber-attribution business: George Kurtz and Dmitri Alperovitch. Both previously worked for McAfee, an antivirus-turned-massive-cybersecurity firm now partially owned by Intel. But Kurtz and Alperovitch saw a market opportunity for a new boutique type of cyber-defense outfit and decided to strike out on their own. They also brought on board Shawn Henry, a top FBI official who had been in charge of running the agency’s worldwide cyber investigations.
CrowdStrike positioned itself as a next-generation full-service cybersecurity firm. Company officials argued that cybersecurity was no longer just about defense—there was too much data and too many ways of getting at it to protect everything all the time. You had to know your attacker. “Knowing their capabilities, objectives, and the way they go about executing on them is the missing piece of the puzzle in today’s defensive security technologies,” wrote CrowdStrike cofounder George Kurtz. “By identifying the adversary . . . we can hit them where it counts.”
CrowdStrike hit the big time in 2015 with a $100 million infusion from Google Capital (now Capital G), Google’s first-ever investment in a cybersecurity company. It was good timing, because CrowdStrike was about to be catapulted into the front ranks of cyber-threat assessors. Sometime in April or May, CrowdStrike got a call from the Democratic National Committee to investigate a possible intrusion into their servers. The company’s investigators worked with surprising efficiency. As one DNC insider explained to the New York Times, the company was able to make a definite attribution within a day. There was no doubt, CrowdStrike told its DNC clients—the Russian government did it.
Behold, virtuous American republic, the degradation Vladimir Putin has in store for you!
The results of CrowdStrike’s investigation were first broken by the Washington Post and then followed up in greater detail by CrowdStrike itself. In a post entitled “Bears in the Midst,” Dmitri Alperovitch attributed the hack to two distinct and very nefarious “Russian espionage” groups: Cozy Bear and Fancy Bear, among the most sophisticated cyber-operators CrowdStrike had ever come across. “In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis,” he wrote. “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”
These cyberspooks were allegedly behind a string of recent attacks on American corporations and think tanks, as well as recent penetrations of the unclassified networks of the State Department, the White House, and the U.S. Joint Chiefs of Staff. According to CrowdStrike, Cozy Bear was most likely the FSB, while Fancy Bear was linked to the “GRU, Russia’s premier military intelligence service.”
Here, the cyber experts were telling us, was conclusive evidence that both the FSB and the GRU targeted the central apparatus of the Democratic Party. CrowdStrike’s findings didn’t just cause a sensation; they carpet-bombed the news cycle. Reports that Vladimir Putin had tried to hack America’s democratic process raced around the world, making newspaper front pages and setting off nonstop cable news chatter.
The story got even hotter after a hacker who called himself Guccifer 2.0 suddenly appeared. He took credit for the DNC hack, called CrowdStrike’s investigation a fraud, and began leaking select documents pilfered from the DNC—including a spreadsheet containing names and addresses of the DNC’s biggest donors. The story finally started going nuclear when WikiLeaks somehow got hold of the entire DNC email archive and began dribbling the data out to the public.
A Terrible System
CrowdStrike stuck to its guns, and other cybersecurity firms and experts likewise clamored to confirm its findings: Russia was behind the attack. Most journalists took these security savants at their word, not bothering to investigate or vet their forensic methods or look at the way CrowdStrike arrived at its conclusions. And how could they? They were the experts. If you couldn’t trust CrowdStrike and company, who could you trust?
Unfortunately, there were big problems with CrowdStrike’s account. For one thing, the names of the two Russian espionage groups that CrowdStrike supposedly caught, Cozy Bear and Fancy Bear, were a fiction. Cozy Bear and Fancy Bear are what cyber monitors call “Advanced Persistent Threats,” or APTs. When investigators analyze an intrusion, they look at the tools and methods that the hackers used to get inside: source code, language settings, compiler times, time zones, IP settings, and so on. They then compare all these things against a database of previously recorded hacks that is shared among cyber professionals. If the attack fits an old profile, they assign it to an existing APT. If they find something new, they create a group and give it an official name (say, APT911) and then a cooler moniker they can throw around in their reports (say, TrumpDump).
Last edited:
Stone Cold
Superstar
CrowdStrike followed the protocols for existing APTs. Its investigation of DNC servers turned up two known threat actor groups: APT28 and APT29. Depending on the cybersecurity firm doing the analysis, these two APTs have been called by all sorts of names: Pawn Storm, Sofacy, Sednit, CozyCar, The Dukes, CozyDuke, Office Monkeys. Neither of them has ever been linked by any cybersecurity firm to the Russian government with certainty. Some firms have tried—most notably FireEye, CrowdStrike’s bigger and wealthier competitor. But FireEye’s evidence was ridiculously thin and inferential—in nearly any other industry, it would have been an embarrassment. Consider, for example, FireEye’s report on APT29:
We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. Additionally, APT29 appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg.
Or consider FireEye’s report on APT28—which, among other things, attributes this attack group to a Russian intelligence unit active in Russia’s “invasion of Georgia,” an invasion that we know never took place.
They compile malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.While we don’t have pictures of a building, personas to reveal, or a government agency to name, what we do have is evidence of long-standing, focused operations that indicate a government sponsor—specifically, a government based in Moscow.
So, FireEye knows that these two APTs are run by the Russian government because a few language settings are in Russian and because of the telltale timestamps on the hackers’ activity? First off, what kind of hacker—especially a sophisticated Russian spy hacker—keeps to standard 9-to-5 working hours and observes official state holidays? Second, just what other locations are in Moscow’s time zone and full of Russians? Let’s see: Israel, Belarus, Estonia, Latvia, Moldova, Romania, Lithuania, Ukraine. If non-Russian-speaking countries are included (after all, language settings could easily be switched as a decoy tactic), that list grows longer still: Greece, Finland, Turkey, Jordan, Lebanon, Syria, Iraq, Saudi Arabia, Somalia, Yemen, Ethiopia, Kenya—the countries go on and on.
The flimsiness of this evidence didn’t stop CrowdStrike. Its analysts matched some of the tools and methods used in the DNC hack to APT28 and APT29, slapped a couple of Russian-sounding names with “bear” in them on their report, and claimed that the FSB and GRU did it. And most journalists covering this beat ate it all up without gagging.
“You don’t know there is anybody there. It’s not like it’s a club and everyone has a membership card that says Fancy Bear on it. It’s just a made-up name for a group of attacks and techniques and technical indicators associated with these attacks,” author and cybersecurity expert Jeffrey Carr told me. “There is rarely if ever any confirmation that these groups even exist or that the claim was proven as correct.”
Carr has been in the industry a long time. During the Russia-Georgia war, he led an open-source intelligence effort—backed by Palantir—in an attempt to attribute and understand the actors behind the cyberwar. I read his reports on the conflict back then and, even though I disagreed with some of his conclusions, I found his analysis nuanced and informative. His findings at the time tracked with those of the general cybersecurity industry and bent toward implicating the Russian government in the cyber attacks on Georgia. But these days Carr has broken with the cyberworld consensus:
Any time a cyber attack occurs nowadays you have cybersecurity companies looking back and seeing a historical record and seeing assignments on responsibility and attribution and they just keep plowing ahead. Whether they are right or wrong, nobody knows, and probably will never know. That’s how it works. It’s a terrible system.
This is forensic science in reverse: first you decide on the guilty party, then you find the evidence that confirms your belief.
From Russia, with Panic
You still want to believe this shyt?
I forgot politics is a religion
We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. Additionally, APT29 appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg.
Or consider FireEye’s report on APT28—which, among other things, attributes this attack group to a Russian intelligence unit active in Russia’s “invasion of Georgia,” an invasion that we know never took place.
They compile malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.While we don’t have pictures of a building, personas to reveal, or a government agency to name, what we do have is evidence of long-standing, focused operations that indicate a government sponsor—specifically, a government based in Moscow.
So, FireEye knows that these two APTs are run by the Russian government because a few language settings are in Russian and because of the telltale timestamps on the hackers’ activity? First off, what kind of hacker—especially a sophisticated Russian spy hacker—keeps to standard 9-to-5 working hours and observes official state holidays? Second, just what other locations are in Moscow’s time zone and full of Russians? Let’s see: Israel, Belarus, Estonia, Latvia, Moldova, Romania, Lithuania, Ukraine. If non-Russian-speaking countries are included (after all, language settings could easily be switched as a decoy tactic), that list grows longer still: Greece, Finland, Turkey, Jordan, Lebanon, Syria, Iraq, Saudi Arabia, Somalia, Yemen, Ethiopia, Kenya—the countries go on and on.
The flimsiness of this evidence didn’t stop CrowdStrike. Its analysts matched some of the tools and methods used in the DNC hack to APT28 and APT29, slapped a couple of Russian-sounding names with “bear” in them on their report, and claimed that the FSB and GRU did it. And most journalists covering this beat ate it all up without gagging.
“You don’t know there is anybody there. It’s not like it’s a club and everyone has a membership card that says Fancy Bear on it. It’s just a made-up name for a group of attacks and techniques and technical indicators associated with these attacks,” author and cybersecurity expert Jeffrey Carr told me. “There is rarely if ever any confirmation that these groups even exist or that the claim was proven as correct.”
Carr has been in the industry a long time. During the Russia-Georgia war, he led an open-source intelligence effort—backed by Palantir—in an attempt to attribute and understand the actors behind the cyberwar. I read his reports on the conflict back then and, even though I disagreed with some of his conclusions, I found his analysis nuanced and informative. His findings at the time tracked with those of the general cybersecurity industry and bent toward implicating the Russian government in the cyber attacks on Georgia. But these days Carr has broken with the cyberworld consensus:
Any time a cyber attack occurs nowadays you have cybersecurity companies looking back and seeing a historical record and seeing assignments on responsibility and attribution and they just keep plowing ahead. Whether they are right or wrong, nobody knows, and probably will never know. That’s how it works. It’s a terrible system.
This is forensic science in reverse: first you decide on the guilty party, then you find the evidence that confirms your belief.
From Russia, with Panic
You still want to believe this shyt?I forgot politics is a religion
Dems ain't working with that nikka. The people have spoken, they want the Dems to resist to the bloody end. They gain nothing by working with a prez that has sub 40% approval rating. Plus you can't take back all the disrespectful shyt he's done and said...let that nikka drown.
Hamza B.
Pro
Alex jones is just character. He will move on to support pence
I agree that Alex Jones is a character...probably a paid shill. I don't see him getting behind Pence though. Jones will be the one stoking the fires if/when Trump gets bushed. It will be a dream come true for Alex if Trump gets impeached or convicted of a crime. You know he does so much better as the victim than the victor.
even medicare for all? you know he would go along with something like that.
@Conan The Barbarian is mad he didn't see the classified information. Thats Your problem.
@Conan The Barbarian why do the most conservative members of congress (who have nothing to gain) admit Russian hacking occurred?
Leave democrats out of this.
Leave democrats out of this.
@DonKnock @Hood Critic @LHilla @ReignAsKing @True Blue Moon @poRATCHETteacha @Sammy Steez @SJUGrad13 @88m3 @lotuseater80 @Cali_livin @Cobratron @Menelik II @RJY33 @greenygreen @jerniebert @Wepa Man @PlayerNinety_Nine @AZBeauty @Hogan in the Wolfpac @iceberg_is_on_fire @Airfeezy @wire28 @Atlrocafella @Ss4gogeta0 @smitty22 @Ms. Elaine @Reality @fact @Hood Critic @ExodusNirvana @re'up @Call Me James @Blessed Is the Man @BaggerofTea @GnauzBookOfRhymes @THE MACHINE
Hood Critic
The Power Circle
Why do you all continue to argue with people who intentionally side step logic? It's fruitless. A proven disinformation campaign and proven RIS mouthpieces have confirmed these things. This "where is proof?" argument hasn't been a legit argument since November 4th 2016.
@DonKnock @Hood Critic @LHilla @ReignAsKing @True Blue Moon @poRATCHETteacha @Sammy Steez @SJUGrad13 @88m3 @lotuseater80 @Cali_livin @Cobratron @Menelik II @RJY33 @greenygreen @jerniebert @Wepa Man @PlayerNinety_Nine @AZBeauty @Hogan in the Wolfpac @iceberg_is_on_fire @Airfeezy @wire28 @Atlrocafella @Ss4gogeta0 @smitty22 @Ms. Elaine @Reality @fact @Hood Critic @ExodusNirvana @re'up @Call Me James @Blessed Is the Man @BaggerofTea @GnauzBookOfRhymes @THE MACHINE
@DonKnock @Hood Critic @LHilla @ReignAsKing @True Blue Moon @poRATCHETteacha @Sammy Steez @SJUGrad13 @88m3 @lotuseater80 @Cali_livin @Cobratron @Menelik II @RJY33 @greenygreen @jerniebert @Wepa Man @PlayerNinety_Nine @AZBeauty @Hogan in the Wolfpac @iceberg_is_on_fire @Airfeezy @wire28 @Atlrocafella @Ss4gogeta0 @smitty22 @Ms. Elaine @Reality @fact @Hood Critic @ExodusNirvana @re'up @Call Me James @Blessed Is the Man @BaggerofTea @GnauzBookOfRhymes @THE MACHINE
Guiliani about to be singing
Judge: Why is Giuliani defending alleged Iranian money launderer?
@DonKnock @Hood Critic @LHilla @ReignAsKing @True Blue Moon @poRATCHETteacha @Sammy Steez @SJUGrad13 @88m3 @lotuseater80 @Cali_livin @Cobratron @Menelik II @RJY33 @greenygreen @jerniebert @Wepa Man @PlayerNinety_Nine @AZBeauty @Hogan in the Wolfpac @iceberg_is_on_fire @Airfeezy @wire28 @Atlrocafella @Ss4gogeta0 @smitty22 @Ms. Elaine @Reality @fact @Hood Critic @ExodusNirvana @re'up @Call Me James @Blessed Is the Man @BaggerofTea @GnauzBookOfRhymes @THE MACHINE
Judge: Why is Giuliani defending alleged Iranian money launderer?
@DonKnock @Hood Critic @LHilla @ReignAsKing @True Blue Moon @poRATCHETteacha @Sammy Steez @SJUGrad13 @88m3 @lotuseater80 @Cali_livin @Cobratron @Menelik II @RJY33 @greenygreen @jerniebert @Wepa Man @PlayerNinety_Nine @AZBeauty @Hogan in the Wolfpac @iceberg_is_on_fire @Airfeezy @wire28 @Atlrocafella @Ss4gogeta0 @smitty22 @Ms. Elaine @Reality @fact @Hood Critic @ExodusNirvana @re'up @Call Me James @Blessed Is the Man @BaggerofTea @GnauzBookOfRhymes @THE MACHINE
@DonKnock @Hood Critic @LHilla @ReignAsKing @True Blue Moon @poRATCHETteacha @Sammy Steez @SJUGrad13 @88m3 @lotuseater80 @Cali_livin @Cobratron @Menelik II @RJY33 @greenygreen @jerniebert @Wepa Man @PlayerNinety_Nine @AZBeauty @Hogan in the Wolfpac @iceberg_is_on_fire @Airfeezy @wire28 @Atlrocafella @Ss4gogeta0 @smitty22 @Ms. Elaine @Reality @fact @Hood Critic @ExodusNirvana @re'up @Call Me James @Blessed Is the Man @BaggerofTea @GnauzBookOfRhymes @THE MACHINE