A different take on Russian Hacks- a look at the 13 page report discussed in Congress Thursday Jan 5th 2017
I always thought it strange that a "government source" would bother with a little piss ant (Podessa) at the DNC on minor atrocities by global kakistocractic standards.
Not exactly the leg up kind of info a foreign government would be looking for.
This is a new investigation into the supposed Russian Hack...a review of the 13 page report given and discussed in Congress Thursday.
The League of Power.
"Tech Journal Casts Doubt on Dems' Russian Hacking Claims"
"Democratic Party claims about Russian hacking interfering in the election of 2016 continue to make the news. A recent article in the respected computer journal Ars Technica discussed supposed attempts on the part of the Russian government to interfere with the election. The article claims that the evidence the government provided in a Joint Analysis Report (JAR) filed by the FBI and the Department of Homeland Security (DHS) is inconclusive and technically inaccurate."
"The report's 13 pages offer no smoking guns and mostly rehash statements put out by private-sector companies with no further evidence provided to back them up. In fact, the report doesn't specifically mention the Democratic National Committee (DNC) or the Democratic Party at all."
"While a number of such companies have claimed the Russian government was responsible, people close to the leaks say they were the product of "lone wolf" attacks; individual security professionals say there's no way to verify the true origins of the hacking".
"The report teases readers with contentions that it reveals secret "tradecraft and techniques" used by Russian hackers, but analysts say these techniques are generic and used by all state-sponsored computer hacking groups."
"This ultimately seems like a very rushed report put together by multiple teams working different data sets and motivations," stated Robert Lee, the founder and CEO of security firm Dragos. "It's my opinion and speculation that there were some really good government analysts and operators contributing to this data, and then, report reviews, leadership approval processes and sanitation processes stripped out most of the value and left behind a very confusing report trying to cover too much while saying too little.""
""Lee noted that the report confused the names of known hacker groups APT28 and APT29, which sometimes go by the names Sofacy, Sednit, Sandworm, CozyBear and others, with the names of malware codes such as Havex and BlackEnergy. It even misused the name of a hacker capability called Powershell Backdoor. These incorrect references lead many security professionals to believe the report was not prepared by experts and may have been rushed to publication."
"In fact, the report's poor technical grasp, if anything, proves President-Elect Donald Trump's assertions that the intelligence community's capabilities may be lacking, to the extent that any of their expertise was actually used compiling the report."
"According to Rob Graham, the CEO of Errata Security, one of the "indicators of compromise" (IOCs) listed in the report was "PAS TOOL WEB KIT," which is a utility used by hundreds and perhaps even thousands of hackers in Ukraine and Russia, most of whom have no affiliation whatsoever with the government of either of those countries."
"IOCs are what security experts use to know if a network has been broken into by outside groups or systems. "In other words, these rules can be a reflection of the fact that the [U.S.] government has excellent information for attribution," Graham said. "Or, it could be a reflection that [it's] got only weak bits and pieces. It's impossible for us outsiders to tell.""
"Jeffrey Carr, an industry security consultant, said that he doubts the attacks that affected the DNC originated from Russian hackers because they used the same malware that affected Germany's Bundestag parliament and the French television network TV5Monde."
"While researchers at security firm Crowdstrike believe this is a clue that points to Russia because other actors wouldn't have the combined resources and motivation to attack all these targets, Carr pointed out that the source code for the malware was independently obtainable from an antivirus software provider called ESET."
""If ESET [can have] it, so can others," Carr wrote. "It's both foolish and baseless to claim, as CrowdStrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.""
"The doubts expressed by Carr, Graham and Lee show that when the government takes its proprietary research and subsequently makes it public for the world at large to see, large gaps of knowledge are often displayed. In fact, it's arguable that the so-called "experts" that the government employs for its defensive cyber warfare capabilities — depending on which agency is being discussed — may be anything but expert. The report's vagueness and lack of specificity leave it sounding more like a brief catalog of innuendo than an indictment."
"This isn't the first time the government has shown itself to possibly employ novices when it comes to detecting hacking. The attack on Sony Pictures Entertainment by North Korea in 2014 also revealed an aggregation of incompetency and ineptitude that led to incorrect conclusions, finger-pointing and embarrassment for a number of U.S. government agencies."
"At that time, it was also the FBI that made the original accusation against North Korea. But many security experts said that the evidence pointing to the Hermit Kingdom was circumstantial. Security consultant Lucas Zichkowsky declared, "State-sponsored attackers don't create cool names for themselves like 'Guardians of Peace' and promote their activity to the public." Writer Kim Zetter at Wired magazine termed the American government's evidence "flimsy.""
"To be fair, the government may be shy in many cases to reveal its sources and its methods of detection in such cases. Also, it's possible that more in-depth technical evidence that's classified may be being presented to Congress while not being revealed to the public."
"But based on the data provided in the JAR report, there's nothing that could definitively be used to make the case the Obama administration is attempting to claim; most computer security specialists could shoot holes in the government's allegations ten feet wide. In fact some of the evidence points to origins of lone wolfs or activists from other country's governments (i.e. North Korea or China or one of the Baltic state government agencies)."
"Therefore, the argument that the Obama administration and the Democrats are clinging to is unsound; it doesn't pass the smell test."
"So rather than a fact, what they've presented thus far is a theory. Of course, if the government does take retaliatory action, it wouldn't be the first time that it acted based on theories rather than facts, but with a Republican majority in both houses of Congress and a Republican president about to take office, it's doubtful this report and its accusations will go much further, barring additional evidence being proffered."
Regards,
Mark Patricks
Not exactly the leg up kind of info a foreign government would be looking for.
This is a new investigation into the supposed Russian Hack...a review of the 13 page report given and discussed in Congress Thursday.
The League of Power.
"Tech Journal Casts Doubt on Dems' Russian Hacking Claims"
"Democratic Party claims about Russian hacking interfering in the election of 2016 continue to make the news. A recent article in the respected computer journal Ars Technica discussed supposed attempts on the part of the Russian government to interfere with the election. The article claims that the evidence the government provided in a Joint Analysis Report (JAR) filed by the FBI and the Department of Homeland Security (DHS) is inconclusive and technically inaccurate."
"The report's 13 pages offer no smoking guns and mostly rehash statements put out by private-sector companies with no further evidence provided to back them up. In fact, the report doesn't specifically mention the Democratic National Committee (DNC) or the Democratic Party at all."
"While a number of such companies have claimed the Russian government was responsible, people close to the leaks say they were the product of "lone wolf" attacks; individual security professionals say there's no way to verify the true origins of the hacking".
"The report teases readers with contentions that it reveals secret "tradecraft and techniques" used by Russian hackers, but analysts say these techniques are generic and used by all state-sponsored computer hacking groups."
"This ultimately seems like a very rushed report put together by multiple teams working different data sets and motivations," stated Robert Lee, the founder and CEO of security firm Dragos. "It's my opinion and speculation that there were some really good government analysts and operators contributing to this data, and then, report reviews, leadership approval processes and sanitation processes stripped out most of the value and left behind a very confusing report trying to cover too much while saying too little.""
""Lee noted that the report confused the names of known hacker groups APT28 and APT29, which sometimes go by the names Sofacy, Sednit, Sandworm, CozyBear and others, with the names of malware codes such as Havex and BlackEnergy. It even misused the name of a hacker capability called Powershell Backdoor. These incorrect references lead many security professionals to believe the report was not prepared by experts and may have been rushed to publication."
"In fact, the report's poor technical grasp, if anything, proves President-Elect Donald Trump's assertions that the intelligence community's capabilities may be lacking, to the extent that any of their expertise was actually used compiling the report."
"According to Rob Graham, the CEO of Errata Security, one of the "indicators of compromise" (IOCs) listed in the report was "PAS TOOL WEB KIT," which is a utility used by hundreds and perhaps even thousands of hackers in Ukraine and Russia, most of whom have no affiliation whatsoever with the government of either of those countries."
"IOCs are what security experts use to know if a network has been broken into by outside groups or systems. "In other words, these rules can be a reflection of the fact that the [U.S.] government has excellent information for attribution," Graham said. "Or, it could be a reflection that [it's] got only weak bits and pieces. It's impossible for us outsiders to tell.""
"Jeffrey Carr, an industry security consultant, said that he doubts the attacks that affected the DNC originated from Russian hackers because they used the same malware that affected Germany's Bundestag parliament and the French television network TV5Monde."
"While researchers at security firm Crowdstrike believe this is a clue that points to Russia because other actors wouldn't have the combined resources and motivation to attack all these targets, Carr pointed out that the source code for the malware was independently obtainable from an antivirus software provider called ESET."
""If ESET [can have] it, so can others," Carr wrote. "It's both foolish and baseless to claim, as CrowdStrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.""
"The doubts expressed by Carr, Graham and Lee show that when the government takes its proprietary research and subsequently makes it public for the world at large to see, large gaps of knowledge are often displayed. In fact, it's arguable that the so-called "experts" that the government employs for its defensive cyber warfare capabilities — depending on which agency is being discussed — may be anything but expert. The report's vagueness and lack of specificity leave it sounding more like a brief catalog of innuendo than an indictment."
"This isn't the first time the government has shown itself to possibly employ novices when it comes to detecting hacking. The attack on Sony Pictures Entertainment by North Korea in 2014 also revealed an aggregation of incompetency and ineptitude that led to incorrect conclusions, finger-pointing and embarrassment for a number of U.S. government agencies."
"At that time, it was also the FBI that made the original accusation against North Korea. But many security experts said that the evidence pointing to the Hermit Kingdom was circumstantial. Security consultant Lucas Zichkowsky declared, "State-sponsored attackers don't create cool names for themselves like 'Guardians of Peace' and promote their activity to the public." Writer Kim Zetter at Wired magazine termed the American government's evidence "flimsy.""
"To be fair, the government may be shy in many cases to reveal its sources and its methods of detection in such cases. Also, it's possible that more in-depth technical evidence that's classified may be being presented to Congress while not being revealed to the public."
"But based on the data provided in the JAR report, there's nothing that could definitively be used to make the case the Obama administration is attempting to claim; most computer security specialists could shoot holes in the government's allegations ten feet wide. In fact some of the evidence points to origins of lone wolfs or activists from other country's governments (i.e. North Korea or China or one of the Baltic state government agencies)."
"Therefore, the argument that the Obama administration and the Democrats are clinging to is unsound; it doesn't pass the smell test."
"So rather than a fact, what they've presented thus far is a theory. Of course, if the government does take retaliatory action, it wouldn't be the first time that it acted based on theories rather than facts, but with a Republican majority in both houses of Congress and a Republican president about to take office, it's doubtful this report and its accusations will go much further, barring additional evidence being proffered."
Regards,
Mark Patricks
Previous comments... You are currently on page 2.
http://www.rt.com/usa/373263-dni-rt-i...
I only get my news from RT. It is the only legitimate news source, in the world, probably. It is government subsidized, like NPR, but there is a reason for that, just not the one you think.
I posted many RT articles on One Political Plaza during the last 15 months. You can see them there. Some under my user name CarolSeer, then under KiraSeer, beginning in August. Do you suppose there is a direct correlation with my posts and the DNI's reference to paid RT trolls?
I also like to see the comments on RT posted by people from all over the world so as to get insight to what they are thinking and feeling. There are many Americans who post on RT also, including myself.
Look up the bio of Alexander Duggan, Putin's advisor...it's a horror story.
You have to watch out for him. He can be very subtle. Waaaay over the Witch's head.
I really am suspicious that Obama rushed to judgement in expelling the Russians, before the report was complete, or maybe in anticipation of what he planned for it to say. We shoudl have been kicked out of mulitple Europena and Israel embassys, based on his boots on the gorund attempt to influence their elections, as well as that of Canada.Obama is such a childish hypocrite. Putin likely was right, Hillary is crazy, or at least brain damagged, so he was wise to instruct his citizens to take precautions for an attack.Why did Obama take no actions over supposed hacking by China? The e-mails where Hillary's camp affirned shared goals with the CFR to produce socially unaware citizens would not have been of interest to Russia, but should have mattered to parents, as it is code for dumbing down the kids.
Orwell saw it coming.
Our intelligence system told us there are WMDs in Iraq, and despite unbelievable searches, NONE were found.
I take in whatever facts I can get and make my own mind up. In this case---
All countries, including ours, spy on each other to the extent then CAN and use the information to benefit themselves any way they can. Even Obama tried to stop BREXIT and get the israeli prime minister outsted. The USA lives in a glass house.
When it comes to Wikileaks, they are whistleblowers primarily and take the info given to them and expose it without naming the sources. Assange hates Hillary and Obama for essentially conspiring to imprison him for 5 years and no doubt relished the idea of causing her trouble.
As to whistleblowers in general, I like them. We need them to tell us what the bad guys are doing behind our backs. Snowden, Manning, and Assange should be pardoned and allowed to be free.
When it comes to Putin wanting to influence the election, I can believe he hated Hillary and had no respect for Obama, but I think he didnt particularly want Trump (would be a stronger advocate for uSA) , but he just wanted to weaken the expected Hillary presidency to let Russia be stronger in the world. I think he didnt consider Trump would wind up being the winner of the election.
On the other hand, that the Democrats would accuse the Russians, means only that "it takes one to know one"--or to think one knows one. Obama pulled that stunt on Bibi Netanyahu of Israel three and a half years ago. It failed, but it explains why Hillary would try to make us think that.
Ironic, though. The American government embraced communism, long after the Russian government abandoned it.
But, I thought this brief was condensed enough for a quick read giving us something to chew on.
Thanks for the added links for those that have the time to get into it further.
No doubt Russia, china and the rest of the world is hacking everyone else and hackers hacking other hackers too...but I still doubt that Russia would be interested in piss ant idiots...the wikki story on that front seems more plausible.
Many of these creatures are just as bad as the rest of the worlds Kakistocracy's.
https://www.us-cert.gov/sites/default...
Here is the original October 21, 2016, finding by DHS and the Office of the Director of National Intelligence on Election Security
https://www.dhs.gov/news/2016/10/07/j...
The report cited above by OldUglyCarl is just some guy's blog. http://www.leagueofpower.com/
It might be OK all in all, but this "tech journal" is not the same as Ars Technica or SlashDot or Krebs on Security. The Register (UK) http://www.theregister.co.uk/ is very much an overview of tech topics with a tabloid presentation.
Put League of Power in your browser and you will find them listed on scam reports.
Just one point in context is this second-source paragraph frrom the "report" cited above.
"According to Rob Graham, the CEO of Errata Security, one of the "indicators of compromise" (IOCs) listed in the report was "PAS TOOL WEB KIT," which is a utility used by hundreds and perhaps even thousands of hackers in Ukraine and Russia, most of whom have no affiliation whatsoever with the government of either of those countries."
Errata Security is the work of Robert David Graham of Portland, Oregon, who has almost nothing on LinkedIn.
https://www.linkedin.com/in/robert-da...
(BTW, this is me - https://www.linkedin.com/in/mike7maro... )