Reply With Quote
https://www.dni.gov/files/do ents/ICA_2017_01.pdf
Something else for TSA to read.
I am sure that couldn't possibly include covering up their efforts. Nah.
https://www.dni.gov/files/do ents/ICA_2017_01.pdf
Something else for TSA to read.
I am sure that couldn't possibly include covering up their efforts. Nah.
That's not how this is going to work, I've read the dossier multiple times. In fact you still have questions you told me to hold you to concerning the dossier that have gone unanswered.
The dossier can be discussed in the proper thread, let's try and stick to the topic here and focus on the links provided.
Are all of the US private security experts who tore apart the DNI also Russian operatives? Is Glenn Greenwald a Russian operative? Are the ex-NSA people who dismantled the CrowdStrike report Russian operatives?
I've read through the DNI many times and posted about it even more, this isn't something new.
The DNI was laughed at by experts in the business of cyber security. The FBI's contribution to the DNI was based on the CrowdStrike report since they were not allowed to run their own forensics on the DNC server, I believe the CIA had to resort to the CrowdStrike report as well but can't confirm. Do I need to provide links to the highly flawed CrowdStrike report that has been revised twice now since the DNI came out or will you just assume whatever author wrote the story is a Russian operative? The NSA obviously did not need access to the server, and low and behold they had the least amount of confidence attributing to Russia. No actual evidence was provided to attribute the hacking to Russia in the DNI.
The only thing the DNI was able to prove was that Russia did not like Hillary and ran propaganda against her online and paid trolls to post on social media. I agree with this assessment and basically it just confirmed that Russian posted to influence the election...groundbreaking news.
Good. That is all I ask. Thank you.
Interesting. Did the "experts in the business of cyber security" have access to the full range of classified data and sources supporting this assessment?
A simple yes or no will do.
A simple yes or no will not do.
No they did not have access to the full range of classified data. Yes they had full access to the CrowdStrike report that we know the FBI (and quite possibly the CIA) was forced to use for their assessment.
Have you read the original CrowdStrike report?
Have you read the dismantling of the original CrowdStrike report?
Have you read the revised CrowdStrike reports due to said dismantling?
Having read the above three do you still have the same confidence in the FBI's assessment in the DNI report?
boom
Checkmate, tbh
yahtzee
ballgame
curtains
tic tac TOE mother ers
This Fancy Bear’s House is Made of Cards: Russian Fools or Russian Frame-up?
Much has been made of the links between Guccifer2.0, Apt28, and whether the Russians have been using Wikileaks as a ‘cut-out’ (‘cut out’ of Russia’s grand scheme to with NATO.) In this article I will attempt to trace said scheme, with the assumption that, at the very least, Wikileaks received the Podesta emails from Russia while DCLeaks and Guccifer2.0 leaked everything else.
Let’s entertain the consensus logic and see where it takes us, beginning with a few (many) basic points of fact.
In December of 2015, an IP address, ‘176.31.112.10,’ was used as command and control for Apt28 X-tunnel for the German parliament hack, which turned up hard-coded in the DNC hack malware, that later shared its SSL certificate with IP ‘45.32.129[.]185.’
Apt28 allegedly spear-phish Podesta emails on March the 19th, 2016. This has been inferred by phishing style fingerprints in the phishing email from the Podesta leaks, dated March 19th.
Podesta emails uploaded from Gmail to Apt28 on March the 21st. Inferred by last email date included in Podesta Leaks.
On the 22nd of March, ‘45.32.129[.]185’ (remember that IP?) registered as misdepatrment.com, presumably a phishing base-station, by ‘[email protected].’
DCLeaks.com registered on 19th April via THCServers.com. THCServers.com name server registered to ‘[email protected],’ which is the same webmail server used to register misdepatrment.com. This is the weakest link. However, THCServer’s name server has 14 other domains registered. Two of which have already been associated with Fancy Bear. Quote from link: “This hosting company [thcservers] also operates larger name servers with over 4,000 domains, so it is unclear why they also operate these smaller name servers. Given that both of these name servers have multiple domains previously associated with FANCY BEAR activity, these could be dedicated to specific customers or those purchasing a certain type of hosting service.” Indeed, ThreatConnect, indeed.
The implication is that DCLeaks.com was part of secret Apt28 infrastructure that was already stinking to high-heaven, on a host known to have produced dodgy hits such as this, this, and this, etc. Funny, I didn’t know Russian secret agents were into using stinky secret agent infrastructure, on top of compromised ransomware and petty scams ‘advanced’ infrastructure. Mustn’t get paid much I guess.
But let’s not conflate these cited scams with Apt28, which would be super outrageous and completely uncharacteristic of cyber-attribution methodology. *Cough*.
Pushing on…
June 8th, ‘latest updates’ posted on DCLeaks.com
Apt28 hackers kicked from DNC network on June the 11, which is super weird because CrowdStrike said Apt28 were ‘in’ during and prior to April, and we know CrowdStrike were working at the DNC by May, so why only kick them out a day before Assange’s impending leaks were announced on June 12? Weird foreshadowing skills. Superhero-like even.
Wikileaks announce impending Clinton campaign leaks on June 12.
June 13th DCLeaks.com page content is archived.
CrowdStrike and DNC announce on June 14–15 that Russia hacked the DNC back in April (but did nothing about it till that previous weekend.)
Guccifer2.0 appears, June the 15th.
The next day the grugq explains it all. Explains that Guccifer2.0 is “A cover hacker iden y” … “created to claim credit and shift blame away from the Russian intelligence services,” even though Guccifer2.0 inserted Russian metadata into pristine do ents, and even though…
On the 27th of June, Guccifer2.0 points journalists to DCLeaks.com, with a password to an exclusive folder hosted on DCLeaks.com. “Guccifer 2.0 persona responded [to TSG journalists] indicating he had a relationship with DCLeaks, claiming that it was a Wikileaks subproject. He also provided a username and password to the exclusive DCLeaks content. Finally the Guccifer 2.0 persona asked TSG not to link or associate the DCLeaks content to the the Guccifer 2.0 blog.” source
So Guccifer2.0 explicitly linked himself to DCLeaks.com, knowing (I assume) DCLeaks.com was set up all the way back in April using a FANCY BEAR infested name sever. Claimed he gave DCLeaks material, yet DCLeaks started leaking as early as the 8th, a Week before Guccifer2.0 appeared. Guccifer also claimed it was a Wikileaks project. My god, Gucc, trying so hard. Thank Christ someone spotted the Russian metadata; I imagine the whole dog and pony show was getting downright tiring.
Hang on, so this was clearly an overt cyber war now? So Guccifer2.0 was not designed to take the heat off CrowdStrike’s Russia claims, but to help connect the dots? Explains the apparent redundancy of DCLeaks, I guess…
August, Apt28 identified carrying out WADA hack.
September, FancyBear.net claims responsibility for WADA hack. Overtly (apparently) Russian type dudes doing Russian type .
So remember the WADA hack? When a bunch of Russians were ejected from the Olympics for doping, and then FSB/GRU allegedly set up a site called fancybear.net, overtly claiming to be The Russians, using Apt28 infrastructure to leak WADA records? Remember, this was after DCLeaks and Guccifer2.0? So, like, making Russian grunty noises even louder, having abandoned subtlety all together? Yep.
Woah there, let’s not jump the gun just yet. Instead of assuming Guccifer2.0 had been intended to connect the dots to DCLeaks, let’s assume his job had been to leak do ents not given to Wikileaks. Why not just use DCLeaks? It was already set up. OK, maybe he was simply a mouthpiece, who for some reason didn’t want to be connected to DCLeaks publicly — yet was happy to publish do ents which had been pasted into a Russian styled template that also had metadata deliberately altered. Mkay. Oh yeah, and who also claimed DCLeaks was a Wikileaks sub-project. If Wikileaks had set up DCLeaks.com wouldn’t it imply they were part of the THCHosting ‘house of cards’ — Apt28 themselves? Why would Guccifer2.0 want to burn Wikileaks with a great big poisoned ivy bear hug? If Apt28 did indeed give Wikileaks the Podesta emails, could it have been a poisoned chalice? So that’s two birds with one stone: U.S. Russia relations damaged and Wikileaks’ credibility tarnished. Job Done?
Meanwhile it looked as if Hillary was obviously going to be front runner, while NATO continued to build-up along Russian borders, and U.S. disunity on Syria reached fever pitch. Why would Russia want to provoke NATO and mess up their handy-work in the middle east even more, if such a thing were possible? No, let’s kick the hornet’s nest and see what happens with more build-up and tension! Fair enough. Turned out good in the end I suppose, but at the time? No one could have thought Trump would win.
Remember, the ‘sprung with hands in the cookie jar’ theory is completely debunked. These guys were not ‘sprung.’ They were dressed up in giant babushka doll suits, jumping up and down, attempting every conceivable manoeuvre to expose their house of cards to the xth estate and beyond. In addition to the THCServers connection, the command and control IP connection, and inserted Russian metadata connections, just about every high profile target hit had been assumed to be FSB/GRU since as early as 2014 — all based on political motivations and overtly sloppy metadata alone — so cover was already blown.
Since as early as 2014 security professionals had been cautious to point out that the hacks seemed overt — smash and grab — as in ‘to sacrifice a pawn’ — hence dubbed the operation ‘pawn storm.’ But clearly these same security professionals felt the dissonance of a thin veneer (“CyberCaliphate” in the case of the TV5Monde hack) pasted haphazardly over Russian paw prints with a year-old glue-stick that had been left exposed to the sun for too long. So this is inverse reflexive control?
It’s as if Guccifer2.0 deliberately took the hands of journalists and dragged them kicking and screaming to demonstrate his/her links to DCLeaks.com, to see the do ents containing Russian metadata, to notice the re-used infrastructure in frikken shared name servers for some reason. FOR CRYING OUT LOUD!
And I’m sorry, but why would Guccifer2.0 be ‘impatient to publish’ when Assange only announced imminent leak days before, and when DCLeaks.com had been registered months before? This ‘impatient to publish’ theory is also debunked. Publishing to Guccifer2.0 and DCLeaks was pretty clearly premeditated, Wikileaks be damned.
Oh yeah, and before I forget, why would you hack outdated Ukrainian artillery software, a version that was probably never used, with an implant that does nothing useful, with recycled Apt28 malware, a variant of which was later found on the DNC? Hmmf. I think I might be beginning to see it now.
Could it be that DCLeaks.com, Guccifer2.0 and Apt28 themselves are at the centre of some kind of deliberately built novelty-sized house of cards? It’s possible.
Possibilities
a) The Russians did it, being y ing Russians, whilst surrounded by NATO, whilst genuine threat of U.S wrathful sanctions threaten fragile economy, whilst Hillary Clinton prepares for no fly zones and operation walking-on-eggs s-around-Turkey and operation inflame-refugee-crisis by constantly re-animating FSA and other ‘rebel’ forces... While deliberately leaving paw prints all over everything. Seems very ing stupid.
Remember, this is not some covert operation the Russian’s are famous for. It was an operation so scatter-shot and overt it was called pawn storm. Wouldn’t this kind of operation warrant tippy-toes, as opposed to smash and grab while speaking loudly in Russian while leading pet bears around all over the place?
Seems legit.
b) Would even the das ly ‘deep state’ attack American democracy to hurt Clinton, and to inflame Russian relationships? Definitely do that to other countries sure, but on your own front door step? And why target Clinton? She would have been CIA ally number one, and more than complicit in middle east plans to fracture Russia U.S. relations. Very ing stupid too.
c) Or could it perhaps be… someone else… pretending to be Russian to inflame tensions between the U.S. and Russia? Makes a little more sense, but no evidence. Funnily enough this option is almost never suggested. Everything is always Russia. Even the recent Vault 7 dump has been blamed on Russia.
d) Reality ???
Cards Tumble Across the Grizzly Steppe
At the time of writing, Wikileaks’ Vault 7 was released. Within the trove can be found references to ‘UMBRAGE,’ a CIA program to collect Malware stolen from external sources, presumably to obfuscate attribution. I assume this will be expanded upon in further releases.
“The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.” — Wikileaks press release
Already one AV researcher, alluded to here …
“has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak.”
Funnily enough the same article dismisses the possibility of false-flag operations altogether. Now I don’t personally think it makes any sense to assume the CIA were Apt28 for stated reasons, but when security insiders scramble to dismiss such claims I tend to think: “The lady doth protest too much, methinks.”
Are the curious events discussed in this article a demonstration of something similar to UMBRAGE? Could such program have been fired against Russia? Stay tuned and unload the jumbo popcorn bags; the story is still unfolding.
https://medium.com/@nyetnyetnyet/thi...p-59a714243b91
In answer to critics, the Department of Homeland Security and the FBI issued a joint analysis report, which presented “technical details regarding the tools and infrastructure used” by Russian intelligence services “to compromise and exploit networks” associated with the U.S. election, U.S. government, political, and private sector en ies. The report code-named these activities “Grizzly Steppe.” [19]
For a do ent that purports to offer strong evidence on behalf of U.S. government allegations of Russian culpability, it is striking how weak and sloppy the content is. Included in the report is a list of every threat group ever said to be associated with the Russian government, most of which are unrelated to the DNC hack. It appears that various governmental organizations were asked to send a list of Russian threats, and then an official lacking IT background compiled that information for the report, and the result is a mishmash of threat groups, software, and techniques. “PowerS backdoor,” for instance, is a method used by many hackers, and in no way describes a Russian operation.
Indeed, one must take the list on faith, because nowhere in the do ent is any evidence provided to back up the claim of a Russian connection. Indeed, as the majority of items on the list are unrelated to the DNC hack, one wonders what the point is. But it bears repeating: even where software can be traced to Russian origination, it does not necessarily indicate exclusive usage. Jeffrey Carr explains: “Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.” Carr quotes security firm ESET in regard to the Sednit group, one of the items on the report’s list, and which is another name for APT28: “As security researchers, what we call ‘the Sednit group’ is merely a set of software and the related infrastructure, which we can hardly correlate with any specific organization.” Carr points out that X-Agent software, which is said to have been utilized in the DNC hack, was easily obtained by ESET for analysis. “If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.” [20]
The salient impression given by the government’s report is how devoid of evidence it is. For that matter, the majority of the content is taken up by what security specialist John Hinderaker describes as “pedestrian advice to IT professionals about computer security.” As for the report’s indicators of compromise (IoC), Hinderaker characterizes these as “tools that are freely available and IP addresses that are used by hackers around the world.” [21]
In conjunction with the report, the FBI and Department of Homeland Security provided a list of IP addresses it identified with Russian intelligence services. [22] Wordfence analyzed the IP addresses as well as a PHP malware script provided by the Department of Homeland Security. In analyzing the source code, Wordfence discovered that the software used was P.A.S., version 3.1.0. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. The current version of the P.A.S. software is 4.1.1, which is much newer than that used in the DNC hack, and the latest version has changed “quite substantially.” Wordfence notes that not only is the software “commonly available,” but also that it would be reasonable to expect “Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.” To put it plainly, Wordfence concludes that the malware sample “has no apparent relationship with Russian intelligence.” [23]
Wordfence also analyzed the government’s list of 876 IP addresses included as indicators of compromise. The sites are widely dispersed geographically, and of those with a known location, the United States has the largest number. A large number of the IP addresses belong to low-cost server hosting companies. “A common pattern that we see in the industry,” Wordfence states, “is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.” Fifteen percent of the IP addresses are currently Tor exit nodes. “These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.” [24]
If one also takes into account the IP addresses that not only point to current Tor exits, but also those that once belonged to Tor exit nodes, then these comprise 42 percent of the government’s list. [25] “The fact that so many of the IPs are Tor addresses reveals the true sloppiness of the report,” concludes network security specialist Jerry Gamblin. [26]
Cybersecurity analyst Robert Graham was particularly blistering in his assessment of the government’s report, characterizing it as “full of garbage.” The report fails to tie the indicators of compromise to the Russian government. “It contains signatures of viruses that are publicly available, used by hackers around the world, not just Russia. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It doesn’t mean every access of Yahoo is an ‘indicator of compromise’.” Graham compared the list of IP addresses against those accessed by his web browser, and found two matches. “No,” he continues. “This doesn’t mean I’ve been hacked. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe IoCs are garbage.” Graham goes on to point out that “what really happened” with the supposed Russian hack into the Vermont power grid “is that somebody just checked their Yahoo email, thereby accessing one of the same IP addresses I did. How they get from the facts (one person accessed Yahoo email) to the story (Russians hacked power grid)” is U.S. government “misinformation.” [27]
The indicators of compromise, in Graham’s assessment, were “published as a political tool, to prove they have evidence pointing to Russia.” As for the P.A.S. web s , it is “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” Relying on the government’s sample for attribution is problematic: “Just because you found P.A.S. in two different places doesn’t mean it’s the same hacker.” A web s “is one of the most common things hackers use once they’ve broken into a server,” Graham observes. [28]
The intent of the joint analysis report was to provide evidence of Russian state responsibility for the DNC hack. But nowhere does it do so. Mere assertions are meant to persuade. How much evidence does the government have? The Democratic Party claims that the FBI never requested access to DNC servers. [32] The FBI, for its part, says it made “multiple requests” for access to the DNC servers and was repeatedly turned down. [33] Either way, it is a remarkable admission. In a case like this, the FBI would typically conduct its own investigation. Was the DNC afraid the FBI might come to a different conclusion than the DNC-hired security firm Crowdstrike? The FBI was left to rely on whatever evidence Crowdstrike chose to supply. During its analysis of DNC servers, Crowdstrike reports that it found evidence of APT28 and APT29 intrusions within two hours. Did it stop there, satisfied with what it had found? Or did it continue to explore whether additional intrusions by other actors had taken place?
In an attempt to further inflame the hysteria generated from accusations of Russian hacking, the Office of the Director of National Intelligence published a declassified version of a do ent briefed to U.S. officials. The information was supplied by the CIA, FBI, and National Security Agency, and was meant to cement the government’s case. Not surprisingly, the report received a warm welcome in the mainstream media, but what is notable is that it offers not a single piece of evidence to support its claim of “high confidence” in assessing that Russia hacked the DNC and released do ents to WikiLeaks. Instead, the bulk of the report is an unhinged diatribe against Russian-owned RT media. The content is rife with inaccuracies and absurdities. Among the heinous actions RT is accused of are having run “anti-fracking programming, highlighting environmental issues and the impacts on health issues,” airing a do entary on Occupy Wall Street, and hosting third-party candidates during the 2012 election.[34]
The report would be laughable, were it not for the fact that it is being played up for propaganda effect, bypassing logic and appealing directly to unexamined emotion. The 2016 election should have been a wake-up call for the Democratic Party. Instead, predictably enough, no self-examination has taken place, as the party doubles down on the neoliberal policies that have impoverished tens of millions, and backing military interventions that have sown so much death and chaos. Instead of thoughtful analysis, the party is lashing out and blaming Russia for its loss to an opponent that even a merely weak candidate would have beaten handily.
Mainstream media start with the premise that the Russian government was responsible, despite a lack of convincing evidence. They then leap to the fallacious conclusion that because Russia hacked the DNC, only it could have leaked the do ents.
So, did the Russian government hack the DNC and feed do ents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC do ents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of do ents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the do ents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC do ents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: “I know who the source is… It’s from a Washington insider. It’s not from Russia.” [36]
http://www.counterpunch.org/2017/01/...he-dnc/#_edn16
True if huge
game over
DOMINO, MOTHER ERS
DOMINO, MOTHER ERS
Reading all of your material requires more time than I have available, and exceeds my interest bandwidth for the minutae.
Does seem like there is a decided effort afoot in the rightwing blogosphere to pick apart the Crowdstrike report, based on the sheer number of links that came up when I did a search for "Crowdstrike report".
Saw a few things that looked like the report, but if you have a quick link or two that might help.
I have some financial analyses I have to knock out today, but if you could provide a specific link I will get reading.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
