US releases hacking report

[DEFCON Warning System]

The United States has released its report on the alledged Russian hacking of the election.

http://thehill.com/policy/national-security/312132-fbi-dhs-release-report-on-russia-hacking

 

[DEFCON Warning System]

It didn't take long for Russia to respond to the report. Here is their rebuttal.

https://www.rt.com/usa/372195-report-russia-hacking-elections/

 

[Navarro]

DISCLAIMER: This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within
Page 1: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

The report begins by stating that they don't stand by the information contained in the report. They're not confident in the assessment and/or they're unwilling to guarantee the accuracy of the information presented.

RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure
Page 1: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

This is significant in that such an interpretation allows the US government to strike against Russia as though the Russians had attacked and damaged any other "critical infrastructure" of the United States.

Yara Signature rule PAS_TOOL_PHP_WEB_KIT { meta: description = "PAS TOOL PHP WEB KIT FOUND" strings: $php = "<?php" $base64decode = /\='base'\.\(\d+\*\d+\)\.'_de'\.'code'/ $strreplace = "(str_replace(" $md5 = ".substr(md5(strrev(" $gzinflate = "gzinflate" $cookie = "_COOKIE" $isset = "isset" condition: (filesize > 20KB and filesize < 22KB) and #cookie == 2 and #isset == 3 and all of them }
Page 5: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

The report indicates that this tool was detected on the machines in question following investigation. Further, the suggestion is that this adds weight to the probability of Russian involvement, because that tool is very popular among Russian hackers. However, that tool is also very popular among Ukrainian hackers. Where, Ukraine has spent the past several years attempting to gain western and especially American support in its competition with Russia. One might then conclude that Ukraine infiltrated the machines in question, and utilized this tool specifically for the purpose of incriminating Russia, in order to gain additional support from America and to apply additional pressure to its nemesis, Russia. After all, western and also American support for Kiev was waning. Kiev was concerned western sanctions against Russia may cease in the near future, which Biden directly suggested to them, where now we observe the continuance of western and American sanctions, as well as the addition of new sanctions and new pressures against Russia.

Still, that's dubious. It doesn't matter whether or not that tool is popular in Russia or Ukraine. Anyone can acquire and utilize that tool. This incriminates no party. Yet if you wish to conclude the probability of Russian involvement is high because that tool is popular among Russian hackers, to be reasonable, one must also acknowledge that the probability of Ukrainian involvement is high because it's also popular in Ukraine. What's more: the tool isn't exclusive to government operatives. It's popularized by civilian hackers. The alleged discovery of this tool's usage soonest suggests civilian hackers, not government operatives, because civilian hackers utilize this tool regularly, and certainly more frequently than any government organization. Again, that's dubious as well. Any argument based in the demographics of the popularity of this tool is obviously fallacious, and proves nothing.

No further "evidence" was presented by JAR.

 

[Navarro]

the intelligence community is confident the Russian Government directed the recent compromises
https://www.dhs.gov/news/2016/12/29/joint-dhs-odni-fbi-statement-russian-malicious-cyber-activity

That's obviously not true, because the JAR began with a disclaimer which highlighted their lack of confidence in the report. They don't stand by it, and don't accept responsibility for any inaccuracies contained within. They're not confident in the assessment.

Joint Analysis Report (JAR) which further expands on that statement

JAR was thirteen pages of unsubstantiated nonsense and a single article of fallacious "evidence." Half of the report was just network security tips even, completely irrelevant to the purpose of the report.

campaigns targeting government organizations, critical infrastructure ... damaging and disruptive cyber-attacks, including on critical infrastructure

Again, the suggestion that Russia has "damaged" America's "critical infrastructure" is very significant given the range of responses such an act would enable.

 

[Navarro]

It didn't take long for Russia to respond to the report. Here is their rebuttal.

https://www.rt.com/usa/372195-report-russia-hacking-elections/

"There is no indication anywhere in the document that these two groups are in any way connected with the Russian intelligence services ... the report uses vague and noncommittal language. For example, the actual political party allegedly hacked by the two groups is never identified ... Nor does the JAR note anywhere that it was CrowdStrike, a cybersecurity company hired by the DNC to investigate the June 2016 data breach, that accused APT28 and APT29 – which they named 'Cozy Bear' and 'Fancy Bear' – of being Russian government entities. CrowdStrike has never offered any proof for this assertion, which the JAR merely repeats without attribution ... none of the data actually points to Russian involvement"

I agree with RT's points. US government has proven nothing. Even had they proven that Russia had exfiltrated the information, it still wouldn't have meant anything. Intelligence services gather intelligence, and they utilize that intelligence to their country's advantage. American intelligence does precisely the same things which Russian intelligence does. Never the less, the report failed to prove Russia had done these things, let alone did it provide a logical reason for retaliating against Russia for doing this fairly common thing.

I'm reminded of the 1960 U2 incident in which USSR shot down a CIA U2 spy plane flying over Russia. The Soviets knew America was conducting covert aerial reconnaissance over Russia. The U2's ceiling and stealthy nature however prevented Russia from doing anything about it. When USSR finally downed one of these aircraft, the Soviets made a big deal out of it. There was a show trial, a prison sentence, and the Russians used the incident for propaganda and leverage. Of course, there was nothing actually very shocking or interesting about the incident. USSR knew USA was spying, just as USA knew USSR was spying. USSR's reaction was petty and absurd, just as USA's reaction is today. Assuming of course that US is actually reacting at all, given that it hasn't demonstrated Russian involvement in the alleged hacks.

 

[Drumboy44]

Great move on delay (by V. Putin) - I always knew he was very smart!

Donald Trump via Tweet

https://mobile.twitter.com/realDonaldTrump/status/814919370711461890

 

[DEFCON Warning System]

The report begins by stating that they don't stand by the information contained in the report. They're not confident in the assessment and/or they're unwilling to guarantee the accuracy of the information presented.

Is this a standard statement or was this the first time they prefaced a report with this?

 

[Navarro]

The report begins by stating that they don't stand by the information contained in the report. They're not confident in the assessment and/or they're unwilling to guarantee the accuracy of the information presented.

Is this a standard statement or was this the first time they prefaced a report with this?

It's surely not a standard statement. If a group of intelligence/investigative services tended to begin joint reports with such a disclaimer, those services would be useless. If you're not confident enough with your own assessment to stand by your report, then why should anyone else believe you if you don't even believe yourself? That disclaimer was a "good call" though, considering the JAR was indeed thirteen pages of nonsense. If evidence supporting Obama's claim exists, it certainly wasn't presented here.

We already know that the individuals involved in preparing that JAR were operating under a presidential directive to present evidence of Russian cyber attacks and/or inference with the election. They dared not respond that no such evidence exists. FBI had previously reported that, and that response was unsatisfactory, resulting in negative reinforcement. I speculate that the entities involved could only identify the very dubious evidence which was presented, and recognizing that evidence wasn't actually sufficient to affirm Russian involvement, they applied the disclaimer in order to prevent destroying their reputations and careers.

 

[Obreid]

The report was written as two separate parts. The original release contained part A disclaimer, and B what the administration wanted for talking points.
It serves their purpose to accuse Russia and throw doubt on Trump. It's guaranteed that "most" russia phobes and Obama supporters will block the disclaimer from their mind because it supports their world view.
We all can be guilty of this non critical thinking.

 

[krzepice1976]

DISCLAIMER: This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within
Page 1: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

The report begins by stating that they don't stand by the information contained in the report. They're not confident in the assessment and/or they're unwilling to guarantee the accuracy of the information presented.

RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure
Page 1: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

This is significant in that such an interpretation allows the US government to strike against Russia as though the Russians had attacked and damaged any other "critical infrastructure" of the United States.

Yara Signature rule PAS_TOOL_PHP_WEB_KIT { meta: description = "PAS TOOL PHP WEB KIT FOUND" strings: $php = "<?php" $base64decode = /\='base'\.\(\d+\*\d+\)\.'_de'\.'code'/ $strreplace = "(str_replace(" $md5 = ".substr(md5(strrev(" $gzinflate = "gzinflate" $cookie = "_COOKIE" $isset = "isset" condition: (filesize > 20KB and filesize < 22KB) and #cookie == 2 and #isset == 3 and all of them }
Page 5: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

The report indicates that this tool was detected on the machines in question following investigation. Further, the suggestion is that this adds weight to the probability of Russian involvement, because that tool is very popular among Russian hackers. However, that tool is also very popular among Ukrainian hackers. Where, Ukraine has spent the past several years attempting to gain western and especially American support in its competition with Russia. One might then conclude that Ukraine infiltrated the machines in question, and utilized this tool specifically for the purpose of incriminating Russia, in order to gain additional support from America and to apply additional pressure to its nemesis, Russia. After all, western and also American support for Kiev was waning. Kiev was concerned western sanctions against Russia may cease in the near future, which Biden directly suggested to them, where now we observe the continuance of western and American sanctions, as well as the addition of new sanctions and new pressures against Russia.

Still, that's dubious. It doesn't matter whether or not that tool is popular in Russia or Ukraine. Anyone can acquire and utilize that tool. This incriminates no party. Yet if you wish to conclude the probability of Russian involvement is high because that tool is popular among Russian hackers, to be reasonable, one must also acknowledge that the probability of Ukrainian involvement is high because it's also popular in Ukraine. What's more: the tool isn't exclusive to government operatives. It's popularized by civilian hackers. The alleged discovery of this tool's usage soonest suggests civilian hackers, not government operatives, because civilian hackers utilize this tool regularly, and certainly more frequently than any government organization. Again, that's dubious as well. Any argument based in the demographics of the popularity of this tool is obviously fallacious, and proves nothing.

No further "evidence" was presented by JAR.

Few Basic coments. The report is a kind od summary.
Disclaimer. Varius company and organizatorrovide kind of Disclaimer as a standard. Very often bytu can see on many document statement like this "drawing not in scale. If in doubt ask "but drawing is in scale.
Disclaimer is probably standard from a raport template. Please Check it.You nęed
to comparę this Disclaimer with other documents issued by the responsible party.till you will be able to proces that this Disclaimer is not a standard you are wrong

Document provided information about attack strategy . Therefore is no IP adres mac etc.it is a summary . The raport proof nothing.
But there is a problem. All nato member claimss Russian hacking....see Germany, Estonia etc. Taking into a count all information from europe and us you can assumed that Russia are party responsible for hacking. It is fact.

There is no clear information what was stołem/hacked.we see a generalnie description no details so it is i possible to evaluate Russian hacking result.
Summary Russia is guilty hacking but wwhave no information what exectly they did.

.

 

[krzepice1976]

DISCLAIMER: This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within
Page 1: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

The report begins by stating that they don't stand by the information contained in the report. They're not confident in the assessment and/or they're unwilling to guarantee the accuracy of the information presented.

RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure
Page 1: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

This is significant in that such an interpretation allows the US government to strike against Russia as though the Russians had attacked and damaged any other "critical infrastructure" of the United States.

Yara Signature rule PAS_TOOL_PHP_WEB_KIT { meta: description = "PAS TOOL PHP WEB KIT FOUND" strings: $php = "<?php" $base64decode = /\='base'\.\(\d+\*\d+\)\.'_de'\.'code'/ $strreplace = "(str_replace(" $md5 = ".substr(md5(strrev(" $gzinflate = "gzinflate" $cookie = "_COOKIE" $isset = "isset" condition: (filesize > 20KB and filesize < 22KB) and #cookie == 2 and #isset == 3 and all of them }
Page 5: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

The report indicates that this tool was detected on the machines in question following investigation. Further, the suggestion is that this adds weight to the probability of Russian involvement, because that tool is very popular among Russian hackers. However, that tool is also very popular among Ukrainian hackers. Where, Ukraine has spent the past several years attempting to gain western and especially American support in its competition with Russia. One might then conclude that Ukraine infiltrated the machines in question, and utilized this tool specifically for the purpose of incriminating Russia, in order to gain additional support from America and to apply additional pressure to its nemesis, Russia. After all, western and also American support for Kiev was waning. Kiev was concerned western sanctions against Russia may cease in the near future, which Biden directly suggested to them, where now we observe the continuance of western and American sanctions, as well as the addition of new sanctions and new pressures against Russia.

Still, that's dubious. It doesn't matter whether or not that tool is popular in Russia or Ukraine. Anyone can acquire and utilize that tool. This incriminates no party. Yet if you wish to conclude the probability of Russian involvement is high because that tool is popular among Russian hackers, to be reasonable, one must also acknowledge that the probability of Ukrainian involvement is high because it's also popular in Ukraine. What's more: the tool isn't exclusive to government operatives. It's popularized by civilian hackers. The alleged discovery of this tool's usage soonest suggests civilian hackers, not government operatives, because civilian hackers utilize this tool regularly, and certainly more frequently than any government organization. Again, that's dubious as well. Any argument based in the demographics of the popularity of this tool is obviously fallacious, and proves nothing.

No further "evidence" was presented by JAR.

Interesting link which proves that we can assumed that Ukraine is not responsible. Translation reqiured

http://www.cyberdefence24.pl/514531,rosyjscy-hakerzy-namierzyli-ukrainska-artylerie
Some interesting information about Russia hacking group
http://www.cyberdefence24.pl/516785,hakerzy-prezydenta-putina

 

[Navarro]

From a cybersecurity firm's report analyzing the JAR:
"The PHP malware sample they have provided appears to be P.A.S. version 3.1.0 which is commonly available and the website that claims to have authored it says they are Ukrainian. It is also several versions behind the most current version of P.A.S which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources ... DHS provided us with 876 IP addresses as part of the package of indicators of compromise. Lets look at where they are located ... As you can see they are globally distributed with most of them in the USA. ... We examined our attack data to see which IP addresses in the DHS data are attacking our customer websites. We found a total of 385 active IP addresses during the last 60 days. These IP addresses have launched a total of 21,095,492 complex attacks during that 60 day period that were blocked by the Wordfence firewall. ... We also logged a total of 14,463,133 brute force attacks from these IP addresses during the same period ... a small number of the IP addresses that DHS provided as IOC’s are responsible for most of the attacks on WordPress websites that we monitor. ... The following shows the list of the top 50 IP addresses in the DHS report sorted by the number of complex attacks we saw from each IP during the past 60 days. ... As you can see, many of the top attacking IP addresses are Tor exit nodes. ... The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors ... The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence"
https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

 

[DEFCON Warning System]

The terrible part of this all is that there is some truth in there, and the propagandists use that truth to clothe their paranoia.

Russia does indeed hack the US. They do it all the time. In this particular case, however, it doesn't seem to be them. Wikileaks came out and said point blank it wasn't them. But because Russia did it so many times before, it isn't hard to believe that they did it this time.

 

[krzepice1976]

Former CIA director James Woolsey, an adviser to Trump on national security issues, told CNN's Jim Sciutto that determining who was behind the hacks is difficult, but that he believes the Russians -- and possibly others -- were involved

http://edition.cnn.com/2017/01/02/politics/digital-fingerprints-russia-hacking/index.html?sr=twCNN010217digital-fingerprints-russia-hacking1045PMVODtopPhoto&linkId=32949858

 

[Navarro]

determining who was behind the hacks is difficult, but that he believes the Russians -- and possibly others -- were involved

In other words, "I have no evidence that the Russians did it, but I'm just going to say the Russians did it anyway."

 

[Navarro]

The terrible part of this all is that there is some truth in there, and the propagandists use that truth to clothe their paranoia.

I don't think it's paranoia but opportunism and obfuscation. Mind you Trump became implicated as "with the Russians" because he advocated a less provocative approach to the Russians. The liberal media and liberal government officials are simply practicing McCarthyism. Not because they think Trump's secretly in league with Russia, or perhaps a "Siberian Candidate" and traitor to the United States, but because both Trump and the Russians are simply their "enemy," and so they seek to slander and weaken those nemeses. To be clear: it's slander, not paranoia. Political "mud slinging."

Russia does indeed hack the US. They do it all the time. In this particular case, however, it doesn't seem to be them. Wikileaks came out and said point blank it wasn't them. But because Russia did it so many times before, it isn't hard to believe that they did it this time.

Indeed, Russia hacks America regularly, just as America hacks Russia regularly. The actual issue however isn't whether or not Russia hacked America. The question is whether or not Russian hackers elected Trump. They've been unable to demonstrate that there was any Russian hacking, much less has it been demonstrated that if it wasn't for Russian hackers, Clinton would be president. This is all just nonsense.

 

[ThunderStealer]

This "report" is a freaking joke. Their 13 pages consist of assumptions, and a maybe on how it could have happened, without detailing anything that actually happened. The remaining pages, 5-13, detail what phishing scams are, and mitigation. That's it. If this is the best they can come up with, no wonder 9/11 happened to everyone's surprise. In an era where the Patriot Act has made the Constitution and the protections afforded go the way of the blunderbus in the era of machine guns, they still have yet to bust a real terrorist, and can't stop a "Russian hack". They are filling me with confidence yet again. Then to top it off, they throw out a BS report and act like it's all legitimate. Unbelievable.

 

[DEFCON Warning System]

I don't think it's paranoia but opportunism and obfuscation.

I think it's deeper than that. Like North Koreans, they actually believe the lies they tell others.

 

[Obreid]

I don't think it's paranoia but opportunism and obfuscation.

I think it's deeper than that. Like North Koreans, they actually believe the lies they tell others.

I know that's the scariest part of this whole thing, they seem to believe it all.
"Lie big, and never acknowledge it's a lie" thus it becomes the truth.

Trumps transition team is stating we need to work on solving economic problems and less about a provoking conflicts and war. But if you ask most people they are convinced Trump and his storm trooper nationalist are hell bent to start WW3. I really can't explain it anymore.