« Who would the Russian "hackers" have been? | Main | Health Care »

25 July 2016

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Erik von Reis

There isn't any evidence that Hillary's server was a vector in the attacks on DoS networks. There isn't any evidence that Hillary's server was ever successfully hacked.

The two possible ways to use Hillary's server as a launch pad for an attack that I can think of would be to create a more convincing phishing email, or to find someone's login information if they were dumb enough to send it in an email. The second I hope never happened. The first may have, but should be easy for an investigatory to find out.

The fact that the hackers are still in the network just means that security hasn't found every back door yet. It could be as simple as an agent in the IT department.

jld

Not really, the bulk of the Y2K scare was about fixing a huge number of COBOL programs, old timers made a killing at this.
I suspect that a large number of "critical" banking software (may be even the majority) is still relying on SOME key applications in COBOL which have never been updated, if only just because they run fine for what they are doing.

Dubhaltach

Those who we refer to as “non-state hackers” are far more technically sophisticated, ingenious and patient than what we think. They may not be as socially and politically adept as the critters that infest Washington D.C., but that’s what draws me to them. Don’t ever sell them short.

Can't be emphasised enough.

A few years ago somebody summed up information security to me as follows:

"The only information you should have on a computer about yourself or people or things you care about is information you don't mind your worst enemy knowing about you."


David Habakkuk

TTG and All,

Looking at what ‘Guccifer 2.0’ has to say about his activities, his account clearly depends upon a strong claim about quite how ‘technically sophisticated, ingenious and patient’ the best ‘non-state hackers’ are.

It is certainly the case with mathematicians that the gulf between what the very best brains and lesser mortals can achieve is awesome. Also, while some top-class mathematicians are highly sane, they can be frankly loopy. Something similar seems to apply with people with a natural gift for computing.

Perhaps people with relevant expertise could further clarify the question. Can one simply rule out the possibility that it is within the capability of a brilliant and painstaking hacker to do this kind of thing on his own?

Tyler

Imagine,

No. We still use COBOL for a very important database in my agency.

Tyler

Erik,

Are you an intern or getting paid for writing this nonsense?

Herb

The myth of the "brilliant hacker" is a myth when compared to the power of a state-run hacking team. 99% of hacking is "social engineering", which is the easiest way to access a system. You are hacking the people and that takes time, resources and is augmented by other sources not available to the lone hacker, as well as institutional history and memory. A "technically sophisticated, ingenious and patient" non-state hacker may dig up the occasional acorn, but is not in the same league.

FYI, every computer network is under constant attack from Chinese, Iranian, Russian, Romanian probes of every port. There is no security through obscurity for any fixed ip address. Any competent sysadmin should have a system which is immune to these attacks. That bit is really not hard. The difficult part is securing the users themselves. Their devices. Their access. And as we see from the DNC emails, generally these are releaseed in the form of strings, which indicate certain individuals, or certain devices were hacked.

Regarding DoS, the most likely source of continued intrusion is a mole, and/or infected backups, but belt and suspenders applies to hacking as well.

Babak Makkinejad

I agree.

Heard about a US government retrofit of an existing base of FORTRAN software; they just grafted the new system onto the old one without discarding it - they could not afford the cost of the re-write.

David Habakkuk

herb,

1. You write: ‘The myth of the "brilliant hacker" is a myth when compared to the power of a state-run hacking team.’

Even if true, that would not necessarily be relevant to my question.

According to ‘Guccifer 2.0’, he was in the DNC networks for ‘almost a year’. My question was: could an individual hacker get such access, and if he had it – undetected – for this time, could he have obtained all the documents WikiLeaks has made public?

You have asserted that he could not, but provided no evidence whatsoever in support of your assertion.

(See https://guccifer2.wordpress.com/2016/06/15/dnc/ .)

2. As a matter of fact, the ability of state-run intelligence organisations to employ and make effective use of very brilliant – and often eccentric and difficult – people varies greatly.

The success of British intelligence in both world wars in ‘hacking’ German communications was in substantial measure due to input from some very rum chums indeed – like ‘Dilly’ Knox and Alan Turing.

I suspect, although I do not know, that the successes of U.S. naval intelligence which made the decisive victory at Midway possible had similar origins.

In the British case, the ability successfully to employ brilliant and difficult people was due in large measure to critical areas of intelligence being run by some much more conventional people who are also brilliant, if in a different way.

A critical figure was Admiral Reginald ‘Blinker’ Hall, the Director of Naval Intelligence in the First World War – whose skill in using what his cryptographers told him was crucial in embroiling the United States in the war.

However, when a young mathematician friend of ours went to a recruitment presentation by GCHQ, she was specifically told that they were not looking for the most brilliant people.

It seemed to me, from what she told me, that they wanted people who were competent and industrious, and could be counted upon never to tell the powers that be what they didn’t want to hear.

Would someone like Turing ever have been employed in contemporary British or American intelligence? Or indeed, ‘Blinker’ Hall? I much doubt it.

It would surprise me if the GRU was able to employ people like Turing. It would surprise me less, if they had people like Hall.

Be that as it may, it may still be the case that one brilliant and difficult person can do more than a whole bureaucracy of less brilliant timeservers.

3. If the DNC brings in a cybersecurity firm like CrowdStrike after they discover they have been hacked, it is hardly to be expected that the company in question is going to tell the world that its client’s systems were so lousy that they were easy meat for someone like ‘Guccifer 2.0’.

Accordingly, unless the ‘evidence’ such a company presents has been subjected to a through critical examination, it is valueless.

A ‘NYT’ report like that by David E. Sanger and Nicole Perlroth which simply accepts claims from CrowdStrike and ‘several other firms’ which are not named is of very little value as evidence about what is likely to have happened.

Its principal value is in demonstrating that the ‘NYT’ really has become ‘Pravda on the Hudson’.

4. ‘FYI, every computer network is under constant attack from Chinese, Iranian, Russian, Romanian probes of every port.’

I am now quaking in terror. Not only do I have to reckon with my intimate personal correspondence being laughed at in offices in Moscow – obviously, I may be subject to financial blackmail by Romanians.

Sam Peralta

DH

The DNC servers were not secure in any sense. The DNC has so many consultants and others that use their systems. I'm sure the "security" process was non-existent, with people accessing from many locations and devices. It would not take much for a sophisticated "hacker" to get into and download all the files they needed.

This perpetrator could have been anyone. What is interesting however is the media echo chamber which has focused entirely on allegations from the Clinton campaign that it was the Russians breaking in AND not the fact that the DNC colluded with the Clinton campaign to disenfranchise Sanders supporters. Of course you can't blame the media entirely when Sanders himself apparently doesn't care enough.

The Twisted Genius

Herb and David Habakkuk,

The myth of the brilliant hacker is not a myth at all. This is based on my interaction with this crowd over 18 years primarily over FIDONet and IRC. What marks these hackers is not primarily brilliance, but persistence and patience. They will stick to a challenge for years, learning what they need to learn, testing and trying time after time until the problem is solved. Yes, social engineering is often an important part of an elegant hack. However, as an example, I knew a young hacker who really did live in his mother's basement who thoroughly penetrated a major Army system without social engineering. He did it through the routers. His ability to manipulate these routers was proven when the much vaunted Army Information Dominance Center couldn't figure it out even after I gave them the ip address and name of the router.

David Habakkuk

TTG,

Most interesting.

I think one has to keep in mind some of the bizarre contradictions of the Soviet system.

So, one of its characteristics was a faith in science. But the ‘science’ on which its legitimacy was built, Marxism-Leninism, was pseudoscience. At the same time, however, the system provided very good education in the ‘hard sciences’.

A predictable consequence was a collapse of faith of much of the intelligentsia – within the system as well as outside – in the system. The contrast between the desperate attempts to shoehorn refractory realities into the intellectual frameworks of Marxism-Leninism and the intellectual rigour of the hard sciences was too glaring.

In turn, however, this led to a widespread, and uncritical, pro-Western euphoria, back in the ‘Eighties.

The collapse of this leads to a bizarre situation.

It is in my view a very common, and fundamental, Western conception, that the contemporary Russian system is a monolithic one, controlled from the top – with Putin being, as it were, a kind of puppet-master.

In actual fact, one has a very complex interplay of different forces – with both the strengths, and weaknesses, of Putin’s position lying in his being in the centre.

A corollary of this curious background – and also, the very widespread disillusion with the West – is that you have all kinds of individuals, and groups, who have the technical skills required for rather sophisticated hacking.

Working out what is, or is not, sponsored by whom, accordingly, becomes very difficult.

However, it might be easier, if people were not so committed to imposing a simple model on a complex and refractory reality.

The Twisted Genius

David Habakkuk,

"However, it might be easier, if people were not so committed to imposing a simple model on a complex and refractory reality."

Amen. Words to live by.

I was always impressed by the Soviet Academy of Sciences and the people it produced. I knew several physicists who were top notch scientists and human beings. I don't know if you are aware of this, but it was Academy of Science types who filled the vacuum of leadership in the days immediately after the fall of the Soviet Union. That didn't last long. The "sharks" soon pushed the "eggheads" out of the way. In that tumultuous time, the Academy pleaded with Western institutions to take their scientists in so they could continue their research until the Academy could get back on its feet. Russian became the first language in some of the research institutes in Germany. It was a field day for us spook masters.

As for Soviet computer science (or cybernetics) at the time, I knew an AI researcher who spent his first two years of programming instruction using a blackboard. He wrote in assembler and debugged on that blackboard. That's how well he understood the soul of the machine.

FB Ali

"It is in my view a very common, and fundamental, Western conception..."

"Misconception" would have been a more apt word. One can get a good idea of the nature of the power structure in Russia (and the limits of Putin's ability to "rule" Russia) from this recent NYT piece: http://tinyurl.com/jceglq7.

I think, about the only areas where Putin exercises the control that is usually ascribed to him in the West, is in the formulation of foreign and defence policies.

Unfortunately, this misconception is not only to be found in popular discourse and the media in the West, but also within policy-discussion and policy-making circles.

David Habakkuk

F.B. Ali,

‘Unfortunately, this misconception is not only to be found in popular discourse and the media in the West, but also within policy-discussion and policy-making circles.’

Absolutely. The ‘NYT’ report to which you linked seems to be a relatively rare approach to some kind of realism.

In fact, I think the problem is more general. There is an extraordinary lack of interest among contemporary Western élites in trying to make sense of how societies – including their own – actually work.

FB Ali

"The ‘NYT’ report to which you linked seems to be a relatively rare approach to some kind of realism".

I think it was there more to denigrate the Russians than anything else.

I agree fully with your last paragraph. The delusions that are continually put forward as serious commentary are mind-boggling.

David Habakkuk

I think your reading of the Andrew Higgins article is absolutely right.

But this only illustrates the stupidity.

It is perfectly possible for a correspondent for the ‘NYT’ to observe facts as they are, so long as doing so leads in the ‘politically correct’ direction: almost invariably revealing a kind of maniacal hatred of Russia and Russians.

Where such evidence might lead in another direction: such as, towards an awareness that Putin is not some kind of demonic mastermind, but a leader trying to grapple with a whole range of rather complex and often highly intractable problems, then the facts are immediately forgotten.

What makes all this worse is that it is not even a case of intelligent Machiavellianism. In addition to making their lives of others – notably Ukrainians and Syrians – much worse, we have actually been piling up problems for ourselves.

I do not really understand it.

Herb

I said compared to the power of a state-run a lone hacker is a myth. That doesn't mean they may occasionally hack into an important system that is poorly set up and maintained.

But in the case at hand, the vast consensus of investigators now including the FBI believes based on very specific and compelling evidence, is that at least one, if not two Russian security teams were behind the DNC hack, and that they created the mythical "Guccifer2" sock puppet as a false flag to attempt to deter or confuse investigators and the public.

https://motherboard.vice.com/read/all-signs-point-to-russia-being-behind-the-dnc-hack
https://www.schneier.com/blog/archives/2016/07/russian_hack_of.html

The evidence being known ip addresses hard-coded in the attack software, ssl certificates that are the same as those used in the Bundestag hacks, etc., etc..

FB Ali

"I do not really understand it".

I haven't examined the issue in any detail. However, I have thought about it of and on, especially when faced with these strange actions.

It seems to me that the answer lies in a combination of the following: there are all these separate power centres, each pursuing its own policy; some of these policies seek to dominate the world; others merely to knock down Russia and China; some seek to serve the interests of the “military-industrial complex”; many serve Israeli interests; others the interests of whoever has bought that power centre; then there are power-seeking or/and money-seeking people and organizations, pursuing their own interests, even if it be at the cost of the country; .....

An incomplete list,I readily admit.

David Habakkuk

herb,

“But in the case at hand, the vast consensus of investigators now including the FBI believes based on very specific and compelling evidence, is that at least one, if not two Russian security teams were behind the DNC hack, and that they created the mythical "Guccifer2" sock puppet as a false flag to attempt to deter or confuse investigators and the public.”

I have spent my life being told that the ‘vast consensus’ of experts believed so-and-so. Sometimes the belief has withstood rational scrutiny, on other occasions it has turned out to be hokum.

A couple of recent posts by a cybersecurity expert called Jeffrey Carr bring out, in my view, some of the compelling reasons for suspecting that, in this case, hokum may very well be at issue. They are entitled ‘Faith-Based Attribution’ and The DNC Breach and the Hijacking of Common Sense.’

(See http://jeffreycarr.blogspot.co.uk/ .)

In the former, Carr makes the point that what is required in the kinds of ‘intelligence analysis’ relevant to attributing responsibility for an incident like the leak of the DNC materials to WikiLeaks is ‘hypothesis testing’ – a ‘structured methodology.’

Some intelligence analysts practice this, others do not. The argument Carr was making was that commonly people working for cybersecurity companies do not.

Properly practised, such a methodology involves broadening the range of hypotheses to be tested in explaining a given incident to include all that could be reasonably possible.

One then attempts both to narrow the list of possibilities down, and see what testable predictions each one generates.

In relation to the material from Hillary Clinton and the DNC, a critical question which needs to be answered in order to see how far one can narrow the range of hypotheses down becomes what a capable individual or small group of hackers could be expected to achieve.

Actually, this involves different questions – one set about the nature of hacking, another about how poor the security on the relevant networks was.

As a matter of fact, we have a high-flying young software engineer in our social circle, so I e-mailed to him the same question I had put to TTG.

In essence, our contact confirmed, and elaborated, what TTG had said in the original post and also what Sam Peralta said in response to my question.

Summarising his technical observations, I hope accurately: computer systems of their nature are not easily replaced, so that keeping them secure against newly emerging vulnerabilities is a difficult and complex operation, which commonly those running them aren’t well-equipped to do.

Moreover, once vulnerabilities have been found, automated tools can be devised to exploit them, which can be quite widely distributed. From what he had been able to learn, getting into the DNC server really was not very difficult.

Accordingly, what would be required to establish Russian state responsibility for the release of the material obtained from the DNC network would not simply be to prove beyond reasonable doubt that the GRU and FSB had hacked it. It would also be necessary to establish that others had not.

Given that a vast mass of people who for a widely different range of reasons could have been expected to have an interest in breaking into DNC networks, two obvious questions should have been put to CrowdStrike et al.

What steps do you did you take to attempt to ascertain who, besides the GRU and FSB, might have hacked into the DNC network? is one. How far is the case that all successful hacking attempts into that network would have left traces that enable you to identify them? the other.

As Thomas Rid made no effort to ask either question, his and the other article to which you link demonstrate little beyond that the fact that, on this issue, the ‘vast consensus’ of ‘experts’ is something which deserves to be regarded with the most acute suspicion.

As to the notion that metadata using the name ‘Felix Edmundovich’ is ‘specific and compelling evidence’ of a GRU ‘false flag’ operation in relation to ‘Guccifer 2.0’, words fail me.

If the claim about the metadata is accurate – have the documents been publicly produced? – if anything it would suggest a complicated ‘double bluff’, by someone completely ignorant of the history of the relations of the Russian military and the ‘Cheka’.

(Just possibly, it could be a ‘triple bluff’, but that seems to me somewhat unlikely.)

jld

In any case it has been meant to be "Russian":
http://www.reuters.com/article/us-usa-election-russia-theory-idUSKCN10801S
(LMAO...)

The comments to this entry are closed.

My Photo

February 2021

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28            
Blog powered by Typepad