I was as surprised as most when FBI Director Comey recommended no charges for Clinton over her email server shenanigans. I thought there would be more comments about the way she had the email server sterilized before it was handed over to the FBI. Smells like obstruction of justice to me. To make matters worse, the sterilization sabotaged efforts to investigate the massive 2014 breach of the State Department email system. This 19 Feb 2015 article from the Wall Street Journal touches on the extent of that breach.
******************************
Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn’t been able to evict them from the department’s network, according to three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses.
Investigators believe that hackers first snuck into State Department computers last fall after an employee clicked on a bogus link in an email referring to administrative matters, a type of attack known as a “phish.” That loaded malicious software onto the computer—a common hacker trick that has worked in countless corporate and government breaches.
From there, the hackers spread through the State Department’s sprawling network that includes machines in thousands of offices across the U.S., embassies and other outposts. It isn’t clear why the hackers were able to gain such wide access and whether the State Department routinely cordons off portions of its network to limit such maneuvers. (WSJ)
******************************
Could Clinton’s basement email server have been the key that allowed the wider DOS system hack? Unfortunately, the answer to that depends on your political position. We’ll never know for sure since that server was sterilized before it could be analyzed. The open source articles of a year ago attribute the hack to a DOS employee who opened a phishing email enclosure. Could be, but I doubt that’s the end of the story. Why were the DOS and NSA still having trouble eradicating the hostile code in the system months after discovering the breach? Well it’s my not so humble (in this case) opinion that the NSA and DOS are fools if they believe this phishing attack is the only source of malicious code in this system. Prior to Clinton even becoming Secretary of State, I knew hackers were infesting the DOS system and many other government systems. Most of these were kids, although some had government connections. They were in the routers and switches. I bet they’re still there. That’s far more insidious than hacking email servers.
At the time, this DOS breach was billed as the worst attack ever against a government agency. Unfortunately the DOS didn’t hold that dubious record for long. The OPM breach was announced in April 2015. This 8 Jun 2015 article from Ars Technica, “Why the “biggest government hack ever” got past the feds,” is quite informative.
******************************
In April [2015], federal authorities detected an ongoing remote attack targeting the United States' Office of Personnel Management (OPM) computer systems. This situation may have gone on for months, possibly even longer, but the White House only made the discovery public last Friday. While the attack was eventually uncovered using the Department of Homeland Security's (DHS) Einstein—the multibillion-dollar intrusion detection and prevention system that stands guard over much of the federal government's Internet traffic—it managed to evade this detection entirely until another OPM breach spurred deeper examination.
While anonymous administration officials have blamed China for the attack (and many in the security community believe that the attack bears the hallmark of Chinese state-sponsored espionage), no direct evidence has been offered. The FBI blamed a previous breach at an OPM contractor on the Chinese, and security firm iSight Partners told The Washington Post that this latest attack was linked to the same group that breached health insurer Anthem.
The OPM hack is just the latest in a series of federal network intrusions and data breaches, including recent incidents at the Internal Revenue Service, the State Department, and even the White House. These attacks have occurred despite the $4.5 billion National Cybersecurity and Protection System (NCPS) program and its centerpiece capability, Einstein. Falling under the Department of Homeland Security's watch, that system sits astride the government's trusted Internet gateways. Einstein was originally based on deep packet inspection technology first deployed over a decade ago, and the system's latest $218 million upgrade was supposed to make it capable of more active attack prevention. But the traffic flow analysis and signature detection capabilities of Einstein, drawn from both DHS traffic analysis and data shared by the National Security Agency, appears to be incapable of catching the sort of tactics that have become the modern baseline for state-sponsored network espionage and criminal attacks. Once such attacks are executed, they tend to look like normal network traffic. (Ars Technica)
******************************
The cyber defense community put all its eggs into the Einstein basket. Isn’t that the American way? They put all their hopes and dreams into a massive technical solution. I was a voice in the wilderness arguing for a stronger HUMINT effort. Oh well. Rage against the machine.
This 29 Sep 2015 Washington Post article shows a real life impact of this attack. I wrote of some of the potential impact of this data breach some time ago.
******************************
The CIA pulled a number of officers from the U.S. Embassy in Beijing as a precautionary measure in the wake of the massive cybertheft of the personal data of federal employees, current and former U.S. officials said. The move is a concrete impact of the breach, one of two major hacks into Office of Personnel Management computers that were disclosed earlier this year. Officials have privately attributed the hacks to the Chinese government. Because the OPM records contained the background checks of State Department employees, officials privately said the Chinese could have compared those records with the list of embassy personnel. Anybody not on that list could be a CIA officer. (Washington Post)
******************************
This 31 Aug 2015 Ars Technica article, “China and Russia cross-referencing OPM data, other hacks to out spies,” alludes to something that I discovered through my time exploring the world of hackers. They are different. They decide who they will trust, share with, hide from and lie to based on their own thought processes and mores. Russian and Chinese intelligence and cyber security agencies have tolerated and sometimes embraced this difference much more effectively than our own IC.
******************************
The identities of a group of American technical experts who have provided assistance to covert operations by the US government overseas have been compromised as the result of cross-referencing of data from the Office of Personnel Management (OPM) and other recent data breaches, according a Los Angeles Times report. The Times' Brian Bennet and W. J. Hennigan cited allegations from two US officials speaking under the condition of anonymity that Chinese and Russian intelligence agencies have worked with both private software companies and criminal hacking rings to obtain and analyze data. (Ars Technica)
******************************
I wrote this post and assembled these articles partially in response to Colonel Lang’s question, “Who would the Russian “hackers” have been?” Russia, China, Israel, Wikileaks and many other entities have a wealth of information that they can use whenever they want to the best of their advantage. Or one of these entities can get a wild hair up their ass and release something juicy just for shits and grins. Those who we refer to as “non-state hackers” are far more technically sophisticated, ingenious and patient than what we think. They may not be as socially and politically adept as the critters that infest Washington D.C., but that’s what draws me to them. Don’t ever sell them short.
I also wanted to put the consequences of Clinton’s unauthorized basement email server in perspective without excusing her egregious actions in this matter.
As a parting thought, I recommend the USA Network series “Mr.Robot.” It’s the most realistic depiction of the hacker world I’ve seen without actually participating in that world. The second season recently started. Here’s the plot summary from USA Network. That’s a scene from the show in the above picture.
“Young, anti-social computer programmer Elliot works as a cybersecurity engineer during the day, but at night he is a vigilante hacker. He is recruited by the mysterious leader of an underground group of hackers to join their organization. Elliot's task? Help bring down corporate America, including the company he is paid to protect, which presents him with a moral dilemma. Although he works for a corporation, his personal beliefs make it hard to resist the urge to take down the heads of multinational companies that he believes are running -- and ruining -- the world.”
TTG
There isn't any evidence that Hillary's server was a vector in the attacks on DoS networks. There isn't any evidence that Hillary's server was ever successfully hacked.
The two possible ways to use Hillary's server as a launch pad for an attack that I can think of would be to create a more convincing phishing email, or to find someone's login information if they were dumb enough to send it in an email. The second I hope never happened. The first may have, but should be easy for an investigatory to find out.
The fact that the hackers are still in the network just means that security hasn't found every back door yet. It could be as simple as an agent in the IT department.
Posted by: Erik von Reis | 26 July 2016 at 12:36 AM
Not really, the bulk of the Y2K scare was about fixing a huge number of COBOL programs, old timers made a killing at this.
I suspect that a large number of "critical" banking software (may be even the majority) is still relying on SOME key applications in COBOL which have never been updated, if only just because they run fine for what they are doing.
Posted by: jld | 26 July 2016 at 01:43 AM
Those who we refer to as “non-state hackers” are far more technically sophisticated, ingenious and patient than what we think. They may not be as socially and politically adept as the critters that infest Washington D.C., but that’s what draws me to them. Don’t ever sell them short.
Can't be emphasised enough.
A few years ago somebody summed up information security to me as follows:
"The only information you should have on a computer about yourself or people or things you care about is information you don't mind your worst enemy knowing about you."
Posted by: Dubhaltach | 26 July 2016 at 01:48 AM
TTG and All,
Looking at what ‘Guccifer 2.0’ has to say about his activities, his account clearly depends upon a strong claim about quite how ‘technically sophisticated, ingenious and patient’ the best ‘non-state hackers’ are.
It is certainly the case with mathematicians that the gulf between what the very best brains and lesser mortals can achieve is awesome. Also, while some top-class mathematicians are highly sane, they can be frankly loopy. Something similar seems to apply with people with a natural gift for computing.
Perhaps people with relevant expertise could further clarify the question. Can one simply rule out the possibility that it is within the capability of a brilliant and painstaking hacker to do this kind of thing on his own?
Posted by: David Habakkuk | 26 July 2016 at 08:03 AM
Imagine,
No. We still use COBOL for a very important database in my agency.
Posted by: Tyler | 26 July 2016 at 09:50 AM
Erik,
Are you an intern or getting paid for writing this nonsense?
Posted by: Tyler | 26 July 2016 at 09:51 AM
The myth of the "brilliant hacker" is a myth when compared to the power of a state-run hacking team. 99% of hacking is "social engineering", which is the easiest way to access a system. You are hacking the people and that takes time, resources and is augmented by other sources not available to the lone hacker, as well as institutional history and memory. A "technically sophisticated, ingenious and patient" non-state hacker may dig up the occasional acorn, but is not in the same league.
FYI, every computer network is under constant attack from Chinese, Iranian, Russian, Romanian probes of every port. There is no security through obscurity for any fixed ip address. Any competent sysadmin should have a system which is immune to these attacks. That bit is really not hard. The difficult part is securing the users themselves. Their devices. Their access. And as we see from the DNC emails, generally these are releaseed in the form of strings, which indicate certain individuals, or certain devices were hacked.
Regarding DoS, the most likely source of continued intrusion is a mole, and/or infected backups, but belt and suspenders applies to hacking as well.
Posted by: Herb | 26 July 2016 at 10:13 AM
I agree.
Heard about a US government retrofit of an existing base of FORTRAN software; they just grafted the new system onto the old one without discarding it - they could not afford the cost of the re-write.
Posted by: Babak Makkinejad | 26 July 2016 at 11:10 AM
herb,
1. You write: ‘The myth of the "brilliant hacker" is a myth when compared to the power of a state-run hacking team.’
Even if true, that would not necessarily be relevant to my question.
According to ‘Guccifer 2.0’, he was in the DNC networks for ‘almost a year’. My question was: could an individual hacker get such access, and if he had it – undetected – for this time, could he have obtained all the documents WikiLeaks has made public?
You have asserted that he could not, but provided no evidence whatsoever in support of your assertion.
(See https://guccifer2.wordpress.com/2016/06/15/dnc/ .)
2. As a matter of fact, the ability of state-run intelligence organisations to employ and make effective use of very brilliant – and often eccentric and difficult – people varies greatly.
The success of British intelligence in both world wars in ‘hacking’ German communications was in substantial measure due to input from some very rum chums indeed – like ‘Dilly’ Knox and Alan Turing.
I suspect, although I do not know, that the successes of U.S. naval intelligence which made the decisive victory at Midway possible had similar origins.
In the British case, the ability successfully to employ brilliant and difficult people was due in large measure to critical areas of intelligence being run by some much more conventional people who are also brilliant, if in a different way.
A critical figure was Admiral Reginald ‘Blinker’ Hall, the Director of Naval Intelligence in the First World War – whose skill in using what his cryptographers told him was crucial in embroiling the United States in the war.
However, when a young mathematician friend of ours went to a recruitment presentation by GCHQ, she was specifically told that they were not looking for the most brilliant people.
It seemed to me, from what she told me, that they wanted people who were competent and industrious, and could be counted upon never to tell the powers that be what they didn’t want to hear.
Would someone like Turing ever have been employed in contemporary British or American intelligence? Or indeed, ‘Blinker’ Hall? I much doubt it.
It would surprise me if the GRU was able to employ people like Turing. It would surprise me less, if they had people like Hall.
Be that as it may, it may still be the case that one brilliant and difficult person can do more than a whole bureaucracy of less brilliant timeservers.
3. If the DNC brings in a cybersecurity firm like CrowdStrike after they discover they have been hacked, it is hardly to be expected that the company in question is going to tell the world that its client’s systems were so lousy that they were easy meat for someone like ‘Guccifer 2.0’.
Accordingly, unless the ‘evidence’ such a company presents has been subjected to a through critical examination, it is valueless.
A ‘NYT’ report like that by David E. Sanger and Nicole Perlroth which simply accepts claims from CrowdStrike and ‘several other firms’ which are not named is of very little value as evidence about what is likely to have happened.
Its principal value is in demonstrating that the ‘NYT’ really has become ‘Pravda on the Hudson’.
4. ‘FYI, every computer network is under constant attack from Chinese, Iranian, Russian, Romanian probes of every port.’
I am now quaking in terror. Not only do I have to reckon with my intimate personal correspondence being laughed at in offices in Moscow – obviously, I may be subject to financial blackmail by Romanians.
Posted by: David Habakkuk | 26 July 2016 at 12:37 PM
DH
The DNC servers were not secure in any sense. The DNC has so many consultants and others that use their systems. I'm sure the "security" process was non-existent, with people accessing from many locations and devices. It would not take much for a sophisticated "hacker" to get into and download all the files they needed.
This perpetrator could have been anyone. What is interesting however is the media echo chamber which has focused entirely on allegations from the Clinton campaign that it was the Russians breaking in AND not the fact that the DNC colluded with the Clinton campaign to disenfranchise Sanders supporters. Of course you can't blame the media entirely when Sanders himself apparently doesn't care enough.
Posted by: Sam Peralta | 26 July 2016 at 01:06 PM
Herb and David Habakkuk,
The myth of the brilliant hacker is not a myth at all. This is based on my interaction with this crowd over 18 years primarily over FIDONet and IRC. What marks these hackers is not primarily brilliance, but persistence and patience. They will stick to a challenge for years, learning what they need to learn, testing and trying time after time until the problem is solved. Yes, social engineering is often an important part of an elegant hack. However, as an example, I knew a young hacker who really did live in his mother's basement who thoroughly penetrated a major Army system without social engineering. He did it through the routers. His ability to manipulate these routers was proven when the much vaunted Army Information Dominance Center couldn't figure it out even after I gave them the ip address and name of the router.
Posted by: The Twisted Genius | 26 July 2016 at 01:07 PM
TTG,
Most interesting.
I think one has to keep in mind some of the bizarre contradictions of the Soviet system.
So, one of its characteristics was a faith in science. But the ‘science’ on which its legitimacy was built, Marxism-Leninism, was pseudoscience. At the same time, however, the system provided very good education in the ‘hard sciences’.
A predictable consequence was a collapse of faith of much of the intelligentsia – within the system as well as outside – in the system. The contrast between the desperate attempts to shoehorn refractory realities into the intellectual frameworks of Marxism-Leninism and the intellectual rigour of the hard sciences was too glaring.
In turn, however, this led to a widespread, and uncritical, pro-Western euphoria, back in the ‘Eighties.
The collapse of this leads to a bizarre situation.
It is in my view a very common, and fundamental, Western conception, that the contemporary Russian system is a monolithic one, controlled from the top – with Putin being, as it were, a kind of puppet-master.
In actual fact, one has a very complex interplay of different forces – with both the strengths, and weaknesses, of Putin’s position lying in his being in the centre.
A corollary of this curious background – and also, the very widespread disillusion with the West – is that you have all kinds of individuals, and groups, who have the technical skills required for rather sophisticated hacking.
Working out what is, or is not, sponsored by whom, accordingly, becomes very difficult.
However, it might be easier, if people were not so committed to imposing a simple model on a complex and refractory reality.
Posted by: David Habakkuk | 26 July 2016 at 02:43 PM
David Habakkuk,
"However, it might be easier, if people were not so committed to imposing a simple model on a complex and refractory reality."
Amen. Words to live by.
I was always impressed by the Soviet Academy of Sciences and the people it produced. I knew several physicists who were top notch scientists and human beings. I don't know if you are aware of this, but it was Academy of Science types who filled the vacuum of leadership in the days immediately after the fall of the Soviet Union. That didn't last long. The "sharks" soon pushed the "eggheads" out of the way. In that tumultuous time, the Academy pleaded with Western institutions to take their scientists in so they could continue their research until the Academy could get back on its feet. Russian became the first language in some of the research institutes in Germany. It was a field day for us spook masters.
As for Soviet computer science (or cybernetics) at the time, I knew an AI researcher who spent his first two years of programming instruction using a blackboard. He wrote in assembler and debugged on that blackboard. That's how well he understood the soul of the machine.
Posted by: The Twisted Genius | 26 July 2016 at 03:32 PM
"It is in my view a very common, and fundamental, Western conception..."
"Misconception" would have been a more apt word. One can get a good idea of the nature of the power structure in Russia (and the limits of Putin's ability to "rule" Russia) from this recent NYT piece: http://tinyurl.com/jceglq7.
I think, about the only areas where Putin exercises the control that is usually ascribed to him in the West, is in the formulation of foreign and defence policies.
Unfortunately, this misconception is not only to be found in popular discourse and the media in the West, but also within policy-discussion and policy-making circles.
Posted by: FB Ali | 26 July 2016 at 07:53 PM
F.B. Ali,
‘Unfortunately, this misconception is not only to be found in popular discourse and the media in the West, but also within policy-discussion and policy-making circles.’
Absolutely. The ‘NYT’ report to which you linked seems to be a relatively rare approach to some kind of realism.
In fact, I think the problem is more general. There is an extraordinary lack of interest among contemporary Western élites in trying to make sense of how societies – including their own – actually work.
Posted by: David Habakkuk | 27 July 2016 at 12:22 PM
"The ‘NYT’ report to which you linked seems to be a relatively rare approach to some kind of realism".
I think it was there more to denigrate the Russians than anything else.
I agree fully with your last paragraph. The delusions that are continually put forward as serious commentary are mind-boggling.
Posted by: FB Ali | 27 July 2016 at 01:01 PM
I think your reading of the Andrew Higgins article is absolutely right.
But this only illustrates the stupidity.
It is perfectly possible for a correspondent for the ‘NYT’ to observe facts as they are, so long as doing so leads in the ‘politically correct’ direction: almost invariably revealing a kind of maniacal hatred of Russia and Russians.
Where such evidence might lead in another direction: such as, towards an awareness that Putin is not some kind of demonic mastermind, but a leader trying to grapple with a whole range of rather complex and often highly intractable problems, then the facts are immediately forgotten.
What makes all this worse is that it is not even a case of intelligent Machiavellianism. In addition to making their lives of others – notably Ukrainians and Syrians – much worse, we have actually been piling up problems for ourselves.
I do not really understand it.
Posted by: David Habakkuk | 27 July 2016 at 01:22 PM
I said compared to the power of a state-run a lone hacker is a myth. That doesn't mean they may occasionally hack into an important system that is poorly set up and maintained.
But in the case at hand, the vast consensus of investigators now including the FBI believes based on very specific and compelling evidence, is that at least one, if not two Russian security teams were behind the DNC hack, and that they created the mythical "Guccifer2" sock puppet as a false flag to attempt to deter or confuse investigators and the public.
https://motherboard.vice.com/read/all-signs-point-to-russia-being-behind-the-dnc-hack
https://www.schneier.com/blog/archives/2016/07/russian_hack_of.html
The evidence being known ip addresses hard-coded in the attack software, ssl certificates that are the same as those used in the Bundestag hacks, etc., etc..
Posted by: Herb | 27 July 2016 at 07:57 PM
"I do not really understand it".
I haven't examined the issue in any detail. However, I have thought about it of and on, especially when faced with these strange actions.
It seems to me that the answer lies in a combination of the following: there are all these separate power centres, each pursuing its own policy; some of these policies seek to dominate the world; others merely to knock down Russia and China; some seek to serve the interests of the “military-industrial complex”; many serve Israeli interests; others the interests of whoever has bought that power centre; then there are power-seeking or/and money-seeking people and organizations, pursuing their own interests, even if it be at the cost of the country; .....
An incomplete list,I readily admit.
Posted by: FB Ali | 27 July 2016 at 10:34 PM
herb,
“But in the case at hand, the vast consensus of investigators now including the FBI believes based on very specific and compelling evidence, is that at least one, if not two Russian security teams were behind the DNC hack, and that they created the mythical "Guccifer2" sock puppet as a false flag to attempt to deter or confuse investigators and the public.”
I have spent my life being told that the ‘vast consensus’ of experts believed so-and-so. Sometimes the belief has withstood rational scrutiny, on other occasions it has turned out to be hokum.
A couple of recent posts by a cybersecurity expert called Jeffrey Carr bring out, in my view, some of the compelling reasons for suspecting that, in this case, hokum may very well be at issue. They are entitled ‘Faith-Based Attribution’ and The DNC Breach and the Hijacking of Common Sense.’
(See http://jeffreycarr.blogspot.co.uk/ .)
In the former, Carr makes the point that what is required in the kinds of ‘intelligence analysis’ relevant to attributing responsibility for an incident like the leak of the DNC materials to WikiLeaks is ‘hypothesis testing’ – a ‘structured methodology.’
Some intelligence analysts practice this, others do not. The argument Carr was making was that commonly people working for cybersecurity companies do not.
Properly practised, such a methodology involves broadening the range of hypotheses to be tested in explaining a given incident to include all that could be reasonably possible.
One then attempts both to narrow the list of possibilities down, and see what testable predictions each one generates.
In relation to the material from Hillary Clinton and the DNC, a critical question which needs to be answered in order to see how far one can narrow the range of hypotheses down becomes what a capable individual or small group of hackers could be expected to achieve.
Actually, this involves different questions – one set about the nature of hacking, another about how poor the security on the relevant networks was.
As a matter of fact, we have a high-flying young software engineer in our social circle, so I e-mailed to him the same question I had put to TTG.
In essence, our contact confirmed, and elaborated, what TTG had said in the original post and also what Sam Peralta said in response to my question.
Summarising his technical observations, I hope accurately: computer systems of their nature are not easily replaced, so that keeping them secure against newly emerging vulnerabilities is a difficult and complex operation, which commonly those running them aren’t well-equipped to do.
Moreover, once vulnerabilities have been found, automated tools can be devised to exploit them, which can be quite widely distributed. From what he had been able to learn, getting into the DNC server really was not very difficult.
Accordingly, what would be required to establish Russian state responsibility for the release of the material obtained from the DNC network would not simply be to prove beyond reasonable doubt that the GRU and FSB had hacked it. It would also be necessary to establish that others had not.
Given that a vast mass of people who for a widely different range of reasons could have been expected to have an interest in breaking into DNC networks, two obvious questions should have been put to CrowdStrike et al.
What steps do you did you take to attempt to ascertain who, besides the GRU and FSB, might have hacked into the DNC network? is one. How far is the case that all successful hacking attempts into that network would have left traces that enable you to identify them? the other.
As Thomas Rid made no effort to ask either question, his and the other article to which you link demonstrate little beyond that the fact that, on this issue, the ‘vast consensus’ of ‘experts’ is something which deserves to be regarded with the most acute suspicion.
As to the notion that metadata using the name ‘Felix Edmundovich’ is ‘specific and compelling evidence’ of a GRU ‘false flag’ operation in relation to ‘Guccifer 2.0’, words fail me.
If the claim about the metadata is accurate – have the documents been publicly produced? – if anything it would suggest a complicated ‘double bluff’, by someone completely ignorant of the history of the relations of the Russian military and the ‘Cheka’.
(Just possibly, it could be a ‘triple bluff’, but that seems to me somewhat unlikely.)
Posted by: David Habakkuk | 28 July 2016 at 05:49 AM
In any case it has been meant to be "Russian":
http://www.reuters.com/article/us-usa-election-russia-theory-idUSKCN10801S
(LMAO...)
Posted by: jld | 28 July 2016 at 07:45 AM