« An intruder in paradise ... | Main | The New York Times Pushes Propaganda War Against Russia by Publius Tacitus »

31 July 2017


Feed You can follow this conversation by subscribing to the comment feed for this post.


"So the wisest words on the subject belong to Jeffery Carr. "I encourage my colleagues to leave attribution to the FBI and the agencies of the Intelligence Community, and I implore everyone else to ask for proof, even from the U.S. government, whenever you read a headline that places blame on a foreign government for an attack in cyberspace.""

With this and the Wasserman stuff, I wonder if there's enough uncertainty that Sessions, in good conscience, could call off Mueller.

Balint Somkuti, PhD


while I dont question that all of these are important, this intentional breach of all written, and unwritten rules regulating the "guardians of the guardians" is really horrifying news.

This is THE modern equivalent of the ancient roman praetorian guard'd meddling into the election of the emperor.

This time it is only influencing it. Who can guarantee next time they wont play an active role? After you have crossed these important barriers there is really no turning back.

Fellow Traveler

Hayden, Chertoff, Haines all join our current NCTC Director as he channels Pompeos "Hezbollah poses a threat to The Homeland"


Not only are they behind Yemen, maybe they're behind Venezuela!


I also think that Trump will remember that Kelly forced him to fire the Mooch, and will pretty soon pay him back in the same coin.

Mooch debased the presidency. Trump loves fighters but Mooch’s kind of tacky in the Lizza interview is not his style. I’ll bet both his wife and daughter read his the riot act on that.


I think the opposite will happen first.


Could not agree more. Been their MO since 1991 that I knew about. That was 26 years ago for my part.


it has been reported in the last two days that Trump has been after Kelly to take the CoS job since May.


I know luxetveritas can defend himself, , the words weren’t luxetveritas’.

They were David Stockman’s. From But why did Washington launch McCain’s War in the first place?
to Bravo, Donald!. All Stockman’s. And there’s more at the link.

A blockquote would have helped to distinguish that, or the correct quoting punctuation, which grown adults refuse to learn for some reason.


Fellow Traveler,

"Venezuela is in some real need for some Nation Building."

Then the Venezuelan's here should go back and start building.



The speed of a portable drive is greater than what could be achieved by a remote hack? That's such a basic misunderstanding about data transfer that this whole discussion is baffling to me.


Thank you for the completely Off Topic post of words not your own (SNARK) and no words on why anyone should care.

For that matter, why quote in full? David Stockman, who I respect, has his own agenda (as he should), what is yours? This quote has no new information, and change in US policy does not come in a tweet. Change comes from official documents, laws, etc.


Missing tag...


No surprise there, anybody who don't like US Borg' foreign (your read Israel') policy is a terrorist organization. As of the result the number of state and non state actors we call terrorist organization is expanding by day which soon to include China, and Russia including their heads of state. On the other side
of water many believe CIA which is part of US government system is the largest terrorist organization in the world with many coup, assassinations etc. credited to its name. I like many in this country and around the world are confused and can't make my mind who is more correct.


bound more by the possession

Twas ever thus. Besides trying to arbitrate what those manners, customs, and culture are--after all, it's a mixed bag--the 'bound more' hides the actual mechanism of normative bottom lines, and this mechanism is: voluntary or coerced compliance to whatever those bottom lines are to forever be.

Those bottom lines are the foundation of a "certain way-of-being." Presumably; once you have the might to impose them on the unbeliever./


They are important - perhaps more than ever.
Here is a heart-wrenching comment from the CIA veteran who points out to one of the most dangerous problems facing the US today: http://www.unz.com/pgiraldi/groupthink-at-the-cia/#new_comments
Chris Bridges says: "I am a retired CIA operations officer (something none of the men mentioned by Giraldi are – Brennan was a failed wanna be, couldn’t cut it as an ops officer). He is spot on in his comments. The majority of people in the CIA, the ones who do the heavy lifting, are patriotic Americans who are proud of serving their country. I am sure that most voted for Trump as they all know too well the truth about the Clintons and Obama.
Giraldi is not the only one to notice the upward progress of the most incompetent yes-men in the Agency. A close look at most of them reveals a track record of little or no operational success balanced by excellent sucking up skills. These characters quickly figured out how to get ahead and doing your job in the field is not it. Of course, most are ego maniacs so they are totally oblivious to their own uselessness.
Well before he was elected I had a letter delivered to President Trump in which I outlined in detail what would happen to him if he did not immediately purge the CIA of these assholes. I know that at least some people on his staff read it but, of course, my advice was ignored. Trump has paid dearly for not listening to an ordinary CIA guy who wanted to give him a reality brief on those vicious snakes."


There is also a financial angle for Mr. Cheney re Syria: http://www.businessinsider.com/israel-grants-golan-heights-oil-license-2013-2
"Israel has granted a U.S. company the first license to explore for oil and gas in the occupied Golan Heights, John Reed of the Financial Times reports.
A local subsidiary of the New York-listed company Genie Energy — which is advised by former vice president Dick Cheney and whose shareholders include Jacob Rothschild and Rupert Murdoch — will now have exclusive rights to a 153-square mile radius in the southern part of the Golan Heights.
That geographic location will likely prove controversial. Israel seized the Golan Heights in the Six-Day War in 1967 and annexed the territory in 1981. Its administration of the area — which is not recognized by international law — has been mostly peaceful until the Syrian civil war broke out 23 months ago.
"This action is mostly political – it’s an attempt to deepen Israeli commitment to the occupied Golan Heights," Israeli political analyst Yaron Ezrahi told FT. "The timing is directly related to the fact that the Syrian government is dealing with violence and chaos and is not free to deal with this problem."


Good scoop TTG.

Unfortunately belief systems are more tribal or team-based than truth-based. So as Lars said above regarding the 'who-killed-Kennedy' conspiracy theories still being alive 54 years later is probably also going to apply to 'The-Hack' conspiracy theories. Regardless of hard evidence even once declassified.


A simple explanation to this paradoxical situation:
"...since the long-forgotten days when the State Department’s Middle East policy was run by a group of so-called Arabists, U.S. policy on Israel and the Arab world “has increasingly become the purview of officials well known for tilting toward Israel”. These people, “who can fairly be called Israeli loyalists, are now at all levels of government, from desk officers at the Defense Department to the deputy secretary level at both State and Defense, as well as on the National Security Council staff and in the vice president’s office”. http://thesaker.is/the-neoconservatives-and-the-coming-world-a-response-to-the-questions-of-a-virtual-friend/
"As it is explained by Alison Weir in her book, "Few Americans today are aware that US support enabled the creation of modern Israel. Even fewer know that US politicians pushed this policy over the forceful objections of top diplomatic and military experts ». Prodigiously documented, this book brings together "meticulously sourced evidence to illuminate a reality that differs starkly from the prevailing narrative. It provides a clear view of the history that is key to understanding one of the most critically important political issues of our day."
Alison Weir, « Against Our Better Judgment: The hidden history of how the United States was used to create Israel », CreateSpace Independent Publishing Platform, February 2014.

The Twisted Genius


It doesn't matter if a hacker has a dialup connection with a 1200 baud modem through an acoustic coupler or a bootlegged wireless connection (very common). A hacker does most of his work in the routers and switches and the servers connected to those routers and servers. That's where the high speed copy functions occur. It doesn't matter how fast/slow the initial connection to the internet is.

But all that doesn't matter. What we both missed, and what Ritter picked up on was that those files indicated the last copy made of those files not the initial copy. That's why he rightly discounted the copy speed as meaningless. It is evidence of nothing.

I agree with Binney. NSA should have some evidence of a remote hacks network activity. Given that the FBI alerted the DNC to the presence of the Cozy Bear hackers in their network before the DNC was aware of it and long before CrowdStrike was called, the FBI/NSA do have evidence of hackers activity in the DNC network. These are same hackers that the FBI/NSA were fighting in the State Department networks in 2014. This is why the FBI, CIA and NSA agreed that Russia hacked the DNC with high confidence, including the use of the Guccifer 2.0 persona. The only finding the NSA assessed with moderate confidence was a political assessment.

“We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him. All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment; NSA has moderate confidence.”

Maybe we'll see some of this evidence within a year due to high stakes of this hack. However, this kind of classified evidence has not been released for any major hack that I know of. I'd be very surprised if it will be released in this case either. I have seen this kind of evidence for other Russian and Chinese hacks. It fits the pattern. That's why I accept the findings of the 6 Jan 2017 DNI assessment, not because of what CrowdStrike, VIPs, Ritter or anybody else says in the open press.


The analysis on which the letter is based is here:

A comment on that analysis appears there:

"evin Poulsen
July 31, 2017 at 2:42 pm

You may not have intended it, but your report is being widely misread as addressing the original migration of the files off the DNC’s network, when, as you seem acknowledge, it actually addresses the packaging of the files for public release, which might have occurred weeks later on the attacker’s own machine. It’s sad to see your painstaking analysis so wildly misunderstood because of ambiguous language in the “key findings” section at the top."


And another comment points out:

4) All of the above is somewhat of a non-issue in my experience. It would actually be relatively uncommon for individual files to be exfiltrated in this manner. *Far* more common would be for them to be collected on a local machine under remote control, packaged nicely, then exfiltrated as a single package. Depending on the level of security, this can be accomplished in a single big transfer, or the package can be fragmented to speed up the transfer.

5) If the files were collected locally before being extracted, this would easily explain the EDT times, the FAT timestamps, and the NTFS timestamps. None of this indicates one way or the other whether the attacker was local or remote. It is impossible to tell from any of this evidence, and suggesting otherwise is disingenuous.

6) The conclusion that this also involved a USB drive and a Linux OS is also likely flawed. As you point out, ‘cp -r’ is an easy explanation, but booting to Linux is not the only way to accomplish this type of transfer. Many remote access tools use ‘cp’ and ‘scp’ as the base for their file copy tasks. This would leave the timestamps in exactly the format you describe. In my experience, it is *very* common to see this sort of timestamp in a breach investigation.

7) The scenario you envision, frankly, is overly complex and unlikely. It is, in my opinion, far more likely that a remote attacker utilized a single breached DNC machine to locate and collect the desired data, did so using their attack tool (rather than RDP and drag+drop), and packaged it all for exfiltration on that machine. This would be supported by all of the evidence you describe and matches the most common breach scenarios we’ve seen over and over again.

Overall, I think your investigation of the data is good. You pull out some interesting information and were thorough in your research. However, your analysis seems tainted by the intent to draw specific conclusions from this data.



Seymour Hersh confirms Seth Rich - Wikileaks connection. Hersh claims to have access to an FBI report re: Seth Rich’s computer. In the computer is definitive proof of Seth Rich contacting Wikileaks with an offer to sell the DNC emails.

Pulitzer-Prize Winning Reporter: FBI Report Shows It Was Seth Rich – Not Russians – Who Gave DNC Emails to Wikileaks

Outrage Beyond

Seymour Hersh has the goods on Seth Rich leaking the DNC emails to Wikileaks.


Fellow Traveler

Thanks, Macgupta123. I read thru the original claims and thought any hacker would tar up the stuff before removing it. Whether it be on a server or laptop.

Over the last decade or so, it seems like a lot of "security" experts don't use or even know the command line. I guess I should have seen that coming after working with so many software PMs who've never coded a day in their life.


luxetveritas was quoting David Stockman.


The comments to this entry are closed.

My Photo

February 2021

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
Blog powered by Typepad