My experience is limited to working with Internet security companies (so take this with a grain of salt). But my impression has always been that it's fairly straightforward to track down the rough geographic location from which an attack originated.
This report explains some of the evidence collected about the hack methodology and the hackers involved. If this much is available openly, I tend to believe the USG has more. I spent a decade doing this sort of thing and am very familiar with the Russian and Chinese methodology of cooperating with non-government hackers. It's a modern version of letters of marque.
Here's another article describing the Russian hacking group that we call Fancy Bear. We don't know what they call themselves. That's how good they are.
You can read the posts yourself but here is a quick summary. The attacks are tied to two hackers, FANCY BEAR and COZY BEAR. Their attacks show state sponsored level tradecraft. Their history of previous hacks "closely mirrors the strategic interests of the Russian government, and may indicate affiliation with Главное Разведывательное Управление (Main Intelligence Department) or GRU..."
The word "explain" presupposes that there is a proof out there that only needs to be transported into your brain somehow. This random IT person begs to differ. Nobody has produced any such proof yet.
Basically this should be taken as a lesson on information technology. The Clinton camp doesn't seem to have learned anything since the days of the "Blue Ribbon"-campaign. They are stuck in the last millennium.
I had heard report that a Russian official had remarked that the latest Wiki leak would be happening--prior to the actual release. This "seems" to indicate Russian involvement/knowledge.
I agreed with elev8. There is no proof. It is quite easy for the hackers to make it look like the attacks orginated from Russian servers using the same tools that the Russian hackers use.
From my forty years in the IT industry my conclusion is that US elites are demonizing Russia without any evidence.
It tells me that the next big target of the West is Russia. With the realignment of the neocons and Republican elites into the Hillary camp the stage is set for catastrophe in 2017.
The only case I am aware of where there has been anything definite presented to the public is the Shadow Brokers leak of NSA hacking tools. Originally, the leak was announced as a Russian hack of the NSA: http://www.theverge.com/2016/8/17/12519804/shadow-brokers-russia-nsa-hack-equation-group Then in October, Harold Thomas Martin was arrested for having NSA hacking tools on insecure private equipment: http://www.reuters.com/article/us-usa-cybersecurity-arrest-idUSKCN12520Y?il=0 There is speculation that Martin's computer was hacked, ostensibly by Russia, or, that Martin was a whistleblower, or someone out to make a buck. But again, there's no definitive proof.
I'm a retired IT guy, and I know how difficult it is to definitively attribute any online activity. Given the Obama administration's ongoing war on whistleblowers, its attempts to smear Snowden as a Russian or Chinese agent, and the Clinton campaign's attempts to tag anyone who speaks out against them as Putin stooges, I'm skeptical of all these claims of Russian involvement.
If they needed proof, large proportions of the American population wouldn't persistently believe so many outright fabrications and absurdities which just happen to conveniently promote the interventionist policy of the day, whether it's attacking Iraq, murdering Gaddafi or regime changing Syria.
Not being a gifted hacker, but fairly astute at securing my network from NSA attacks (determined by setting a trap using keywords), I personally use a two step VPN and TOR on top of that for anything I want to remain secure. My own network is protected using OPNSense with heavy intrusion detection. I can see the IPs of attackers as well as the routing, but it is pretty easy to spoof IP addresses but not the packets. A little labor is necessary to show it was an outsider but the best is to set a trap. Reference a web page in a keyword laced document known only to me and set up by me that logs the IP address of the person logging on. I give them a little "gotcha" message when they log on. I played with that a few years ago but got bored with it after they stopped playing. Now I like to email back and forth emails to separate accounts using PGP encryption knowing they must waste a great deal of CPU time breaking the encryption. If everyone did that it would shut them down. After all, only suspicious people encrypt emails so we must be guilty until proven innocent. They can't refuse the bait as it is all robotic. Lots of fun. I have nothing to hide but enjoy driving them nuts.
One thing's for sure: the MSM certainly went to great lengths to focus public attention on the sins of hacking rather than those of the egregious collusion revealed.
If I were a hacker of any note, I would use all of these wonderful internet appliances running linux and create a network of cutouts by creating a vast botnet and have them do the hacking (you can attempt to penetrate millions of IP addresses then recirculate it all back through a second bot net and then to a repository to be accessed by a third set of bot nets. This is being done by nefarious characters to mine for bitcoins but it would be just as easy to set up a bot net for penetrations as well. The Linux devices are woefully insecure and are on a plethora of devices now. Also, it should be mentioned that nearly all hardware is made in China or using Chinese produced chips. Many have already been identified to have embedded code in them for back doors. Intel did the same thing here in the US for the NSA. So it could be China or the NSA as well. Perhaps there are people in the NSA who do not wish to see her elected? Anything is possible.
No, they caught it when it was posted which was 30 minutes before Wikileaks announced it. They probably set up an alert set to report new posts so they could get a jump on reporting it. That is good news skills which apparently are now a lost art in the US where all news is given to reporters who seem to have forgotten how to be reporters at all.
Because if they haven't, they wouldn't be doing their job?
https://www.google.com/amp/s/www.wired.com/2016/09/anti-doping-agency-attack-shows-russian-hackers-getting-bolder/amp/?client=ms-android-verizon
Posted by: Herb | 18 October 2016 at 01:02 PM
I believe the process involved a recently disemboweled chicken, which was then studied intently by properly trained and titled employees of the NSA.
Posted by: BabelFish | 18 October 2016 at 01:04 PM
and what does it change ?
Posted by: Parj | 18 October 2016 at 01:05 PM
My experience is limited to working with Internet security companies (so take this with a grain of salt). But my impression has always been that it's fairly straightforward to track down the rough geographic location from which an attack originated.
Posted by: shepherd | 18 October 2016 at 01:15 PM
This report explains some of the evidence collected about the hack methodology and the hackers involved. If this much is available openly, I tend to believe the USG has more. I spent a decade doing this sort of thing and am very familiar with the Russian and Chinese methodology of cooperating with non-government hackers. It's a modern version of letters of marque.
https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign
Posted by: The Twisted Genius | 18 October 2016 at 01:29 PM
Here's another article describing the Russian hacking group that we call Fancy Bear. We don't know what they call themselves. That's how good they are.
https://www.buzzfeed.com/sheerafrenkel/meet-fancy-bear-the-russian-group-hacking-the-us-election?utm_term=.emZkP1vEw#.iuYqga89V
Posted by: The Twisted Genius | 18 October 2016 at 01:35 PM
Three separate cyber security firms agree that the DNC e-mail hacks (both of them) was Russian in origin. Fidelis cybersecurity, Crowdstrike, and Mandiant. DNC, A cybersecurity watershed moment. Nothing I've read is truly a smoking gun but there are very strong associations.
You can read the posts yourself but here is a quick summary. The attacks are tied to two hackers, FANCY BEAR and COZY BEAR. Their attacks show state sponsored level tradecraft. Their history of previous hacks "closely mirrors the strategic interests of the Russian government, and may indicate affiliation with Главное Разведывательное Управление (Main Intelligence Department) or GRU..."
Posted by: HawkOfMay | 18 October 2016 at 01:37 PM
The word "explain" presupposes that there is a proof out there that only needs to be transported into your brain somehow. This random IT person begs to differ. Nobody has produced any such proof yet.
Basically this should be taken as a lesson on information technology. The Clinton camp doesn't seem to have learned anything since the days of the "Blue Ribbon"-campaign. They are stuck in the last millennium.
Posted by: elev8 | 18 October 2016 at 01:51 PM
I had heard report that a Russian official had remarked that the latest Wiki leak would be happening--prior to the actual release. This "seems" to indicate Russian involvement/knowledge.
Posted by: gowithit | 18 October 2016 at 02:15 PM
I agreed with elev8. There is no proof. It is quite easy for the hackers to make it look like the attacks orginated from Russian servers using the same tools that the Russian hackers use.
Posted by: TonyL | 18 October 2016 at 02:48 PM
There is no proof. Only flimsy allegations from untrustworthy parties with nothing tangible to back them up.
Posted by: Frank | 18 October 2016 at 03:04 PM
From my forty years in the IT industry my conclusion is that US elites are demonizing Russia without any evidence.
It tells me that the next big target of the West is Russia. With the realignment of the neocons and Republican elites into the Hillary camp the stage is set for catastrophe in 2017.
Posted by: AriusArmenian | 18 October 2016 at 03:10 PM
Bill and Donald are both suspected of sexual abuse.
http://www.thedailybeast.com/articles/2016/06/30/the-billionaire-pedophile-who-could-bring-down-donald-trump-and-hillary-clinton.html
It looks an awful lot like Hillary's State was shilling for her Foundation.
http://nypost.com/2016/10/17/the-state-departments-shadow-government/
Putin is worse than sexual abuse or treason, so it had to be Putin.
Posted by: jsn | 18 October 2016 at 03:29 PM
If they're good enough to steal all of this information, are they not good enough to make others think they're Russian? What if they are homegrown?
Posted by: eakens | 18 October 2016 at 03:33 PM
The only case I am aware of where there has been anything definite presented to the public is the Shadow Brokers leak of NSA hacking tools. Originally, the leak was announced as a Russian hack of the NSA: http://www.theverge.com/2016/8/17/12519804/shadow-brokers-russia-nsa-hack-equation-group Then in October, Harold Thomas Martin was arrested for having NSA hacking tools on insecure private equipment: http://www.reuters.com/article/us-usa-cybersecurity-arrest-idUSKCN12520Y?il=0 There is speculation that Martin's computer was hacked, ostensibly by Russia, or, that Martin was a whistleblower, or someone out to make a buck. But again, there's no definitive proof.
I'm a retired IT guy, and I know how difficult it is to definitively attribute any online activity. Given the Obama administration's ongoing war on whistleblowers, its attempts to smear Snowden as a Russian or Chinese agent, and the Clinton campaign's attempts to tag anyone who speaks out against them as Putin stooges, I'm skeptical of all these claims of Russian involvement.
Posted by: Karl Boyken | 18 October 2016 at 03:34 PM
eakens
I see no reason why these WikiLeaks could not be collected by someone other than the Russians. pl
Posted by: turcopolier | 18 October 2016 at 03:35 PM
Proof? The Borg don't need no stinking proof!
If they needed proof, large proportions of the American population wouldn't persistently believe so many outright fabrications and absurdities which just happen to conveniently promote the interventionist policy of the day, whether it's attacking Iraq, murdering Gaddafi or regime changing Syria.
Posted by: JohnsonR | 18 October 2016 at 03:48 PM
Well, the idiots emailed the passwords so it wouldn't take a genius to have hacked the DNC.
Posted by: Old Microbiologist | 18 October 2016 at 04:01 PM
Not being a gifted hacker, but fairly astute at securing my network from NSA attacks (determined by setting a trap using keywords), I personally use a two step VPN and TOR on top of that for anything I want to remain secure. My own network is protected using OPNSense with heavy intrusion detection. I can see the IPs of attackers as well as the routing, but it is pretty easy to spoof IP addresses but not the packets. A little labor is necessary to show it was an outsider but the best is to set a trap. Reference a web page in a keyword laced document known only to me and set up by me that logs the IP address of the person logging on. I give them a little "gotcha" message when they log on. I played with that a few years ago but got bored with it after they stopped playing. Now I like to email back and forth emails to separate accounts using PGP encryption knowing they must waste a great deal of CPU time breaking the encryption. If everyone did that it would shut them down. After all, only suspicious people encrypt emails so we must be guilty until proven innocent. They can't refuse the bait as it is all robotic. Lots of fun. I have nothing to hide but enjoy driving them nuts.
Posted by: Old Microbiologist | 18 October 2016 at 04:13 PM
One thing's for sure: the MSM certainly went to great lengths to focus public attention on the sins of hacking rather than those of the egregious collusion revealed.
Posted by: FourthAndLong | 18 October 2016 at 04:20 PM
If I were a hacker of any note, I would use all of these wonderful internet appliances running linux and create a network of cutouts by creating a vast botnet and have them do the hacking (you can attempt to penetrate millions of IP addresses then recirculate it all back through a second bot net and then to a repository to be accessed by a third set of bot nets. This is being done by nefarious characters to mine for bitcoins but it would be just as easy to set up a bot net for penetrations as well. The Linux devices are woefully insecure and are on a plethora of devices now. Also, it should be mentioned that nearly all hardware is made in China or using Chinese produced chips. Many have already been identified to have embedded code in them for back doors. Intel did the same thing here in the US for the NSA. So it could be China or the NSA as well. Perhaps there are people in the NSA who do not wish to see her elected? Anything is possible.
Posted by: Old Microbiologist | 18 October 2016 at 04:22 PM
Bingo!
Posted by: FourthAndLong | 18 October 2016 at 04:23 PM
But Assange has been publicly talking about an 'October surprise' for months. This was no secret.
Posted by: Seamus Padraig | 18 October 2016 at 04:29 PM
+1
Surprisingly, the cyber security companies seem to follow the politics of DC.
When the US govt has an axe to grind against North Korea and "Holy Macaroni", Sony hack and Lazarus Group banks hack are the works of DPRK
Couple of yrs ago, it was the Chinese and their famous PLA Unit 61398.
These days it is the Russians.
However, no mention of the Ukranians thugs nor the goody two shoes from Herzlia who use servers in Bulgaria or Romania.
Posted by: The Beaver | 18 October 2016 at 04:37 PM
No, they caught it when it was posted which was 30 minutes before Wikileaks announced it. They probably set up an alert set to report new posts so they could get a jump on reporting it. That is good news skills which apparently are now a lost art in the US where all news is given to reporters who seem to have forgotten how to be reporters at all.
Posted by: Old Microbiologist | 18 October 2016 at 04:40 PM