« Beat Navy! Beat Russia! Beat everyone! | Main | "Mattis: Get unnecessary training off warfighters' backs" - TTG »

25 July 2017

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

FB Ali

I think the VIPS memorandum is quite conclusive on the subject. The DNC "hack" was in fact a leak. The leaked data was then doctored (on the East coast of the US) to implicate the Russians. In fact, there was no Russian hack.

The real story in all this is the lack of any serious investigation of these shenanigans by the FBI or anyone else. Thus allowing the 'Russiagate' story to spread and dominate the narrative.

I recall that TTG here was quite adamant about an official Russian hack of the DNC computers. I'm afraid I find the VIPS to be a much more reliable source on this subject.

turcopolier

FB Ali

Would you agree that this sounds like a criminal conspiracy? pl

FB Ali

I would!

But I'm surprised that no one 'official' is treating it as such.

turcopolier

FB Ali

That, of course, is DJT's main charge against Sessions. pl

Jack

There is so much fog around all of this that it is hard to conclude anything with certainty. A few points strike me as odd:

- the FBI were never permitted to examine the DNC servers yet they are willing to put their imprimatur on the Russians did it story line.

- Brennan and Clapper are publicly going after Trump and essentially accusing him of being a Russian stooge, and in doing so disclosing the most sensitive intelligence secrets.

- Mueller has not publicly announced what is the scope of his investigation. Is he looking into who and how the DNC servers were hacked or is he just focused on the connections between Trump campaign team and Russian nationals?

- why is Trump tweeting about leaks of intel and lack of investigation into Hillary? Can't he order such investigations?

The Twisted Genius

Brigadier Ali,

You're right in that I find it much more plausible that Russians hacked the DNC as part of a much wider info op than the idea that this is all a far reaching Democratic/Borg hoax or conspiracy. As I said many times before, my years of experience with these things leads me to reach this conclusion, not any evidence published or leaked to date.

The evidence in the VIPS memorandum relies on the study done by the Forensicator that supposedly proves that the DNC data published by Guccifer 2.0 was copied locally and directly on site rather than exfiltrated by a remote hack. The Forensicator and VIPS conclude that the initial speed of transfer for the data was too fast for it have been done through a remote hack. They also point out that the data was initially transferred to a device using Eastern Daylight Time, the same as the DNC server.

Both assume that hacked data would be initially transferred to Russia if it was a hack. Only the most incompetent hacker would do such a thing. Normally one traverses through several intermediate boxes (usually compromised servers, routers or switches) before connecting to the target. I've seen this and have done this many times in the past. The data being exfiltrated is moved the same way. The initial copy of the data would be transferred to a box that is fairly close in network distance to the target box. Ideally, it would be in a data center providing the primary network connection to the target box. That data center would far more likely than not, be in the same time zone as the DNC server. It would also normally be geographically close. In this case, the first hop would probably be from the DNC server in Washington DC to a data center very likely in the Ashburn, Virginia area.

The Forensicator indicates that the initial data transfer was at a rate of 22.6 MB/s, too fast for a hack from Russia. Again, it is very unlikely that the data exfiltration would be directly from DC to Russia. It would be from DC to Ashburn. A gigabit ethernet connection, the most likely connection used by the DNC, is easily capable of this speed even passing through a number of routers and switches along the way.
Thus, the idea that the Forensicator proved this was a local leak and not a foreign hack is not supported by facts. Of course it doesn’t prove the reverse either.

Back in my post “A response to Publius Tacitus concerning those meddlesome Russians” there were a few revealing responses to the listing of the Forensicator’s conclusions posted by Publius Tacitus and others. Both TonyL and even Richardstevenhack pointed to a few technical inconsistencies in the Forensicator’s conclusions. TonyL went so far as to say “On further examination of his/her findings, I'd say the Forensicator did not have a good enough technical expertise to perform a forensic examination.”

ked

the FBI is getting around to dealing with RE mortgage fraud after all...

"Awan is accused of trying to defraud Congressional Federal Credit Union, a popular bank for Capitol Hill staffers, by misrepresenting a $165,000 home equity loan he attempted to obtain for a piece of rental property. FBI Special Agent Brandon Merriman, who penned the charging document, stated in an affidavit that Awan and his wife, Hina Alvi, misrepresented the property for which the loan was to be granted, identifying it as a "principal residence." CBS News

LondonBob

I don't agree with any of the comment. Mueller's investigation serves the purpose of politically handicapping Trump and it looks like a classic perjury trap, they are trying to get him or his circle for obstruction of justice. Something remarkably easy to do as Martha Stewart or Frank Quattrone could attest. Trump's background will have already been gone through thoroughly, he is clean.

Sessions offered his resignation a while back after he recused himself, Trump refused. Spicer went quickly and quietly, so would Sessions if he wanted him gone.

Richard Steven Hack

Unfortunately, the notion of "gigabit ethernet speeds" doesn't apply unless you assume that the hacker is sitting in a building or organization with an OC-12 (Optical Carrier-12) or higher data line.

For a hacker, this is highly unlikely - unless you assume the hacker was sitting in either the Russian Embassy (which might have such a speedy line) or some other organization with a need for such a line. Direct access to such a line is unlikely for a hacker unless they have compromised an ISP or other company with such lines.

This of course is not impossible and has been done in the past but it makes it much less likely.

See here where the Forensicator addresses this specific issue:

MB: Mega Bytes or Mega Bits
https://theforensicator.wordpress.com/2017/07/10/mb-mega-bytes-or-mega-bits/

A minimum line needed is an OC-12 which Wikipedia defines thus:

Quote:

OC-12 / STM-4
OC-12 is a network line with transmission speeds of up to 622.08 Mbit/s (payload: 601.344 Mbit/s; overhead: 20.736 Mbit/s).

OC-12 lines are commonly used by ISPs as Wide area network (WAN) connections. While a large ISP would not use an OC-12 as a backbone (main link), it would for smaller, regional or local connections. This connection speed is also often used by mid-sized (below Tier 2) internet customers, such as web hosting companies or smaller ISPs buying service from larger ones.

End Quote

In other words, you need a building or company with enough speed requirements that it needs a dedicated line. And in most such organizations, that line is shared among its customers, meaning each customer does NOT get access to the full bandwidth of the line unless he is directly connected to the router or one else is using the line.

It is MUCH more likely that those speeds reflect a local area network (LAN) connection.

Also note that most commentators and people accusing Russia of this alleged hack assume the hack was done over the Internet. The Forensicator's analysis makes this doubtful at the very least. If the alleged hack was NOT done over the Internet, then why does CrowdStrike make a big deal of IP addresses in Russia?

It does support my suggestion that IF - I say IF - a hack was conducted by Russian Intelligence, it would have been done by a wireless peer-to-peer connection (or a physical penetration.) Which is the way an intelligence agency would do it to avoid detection by the NSA.

Assuming that they didn't simply use standard tradecraft and bribe or blackmail someone into giving them the data.

If by wireless, it would require 802.11n (which offers up to 300 Mbps maximum - but this speed is rarely in the real world) or 802.11ac which offers up to 1 Gbps (1000 Mbps) maximum, also rarely in the real world. Nonetheless, these cards are readily available as is and the routers to connect to in many companies.

So the Forensicator's analysis doesn't TOTALLY prove that the alleged hack was done via a local LAN connection, but clearly that is the easiest likely explanation. A wireless attack is also a very likely explanation for how someone doing a local copy would do the copy without being directly connected to the LAN. This still allows for a local LEAKER rather than a hacker.

My other comments previously on the Forensicator's analysis were mostly related to the WinRAR file compression program, which I suggested wasn't necessarily the only utility that could produce the compressed files discussed. This might or might not have any effect on his conclusions. In no way did I intend to dispute the Forensicator's primary conclusions that the files were copied over a local LAN connection.

TonyL's suggest that the Forensicator doesn't know forensics was unsupported by any actual evidence, merely an assertion, so it can be dismissed.

dilbert dogbert

My late wife was a CPA with many small business clients in Silicon Valley. She had many stories about the minor league miss behavior in "cooking the books".
If the FBI were to pursue these minor league crimes in California, let alone in the nation, it would need a vast increase in agents. I would guess someone high up in the food chain sickked the FBI on him.

Eric Newhill

TTG,
"Both assume that hacked data would be initially transferred to Russia if it was a hack. Only the most incompetent hacker would do such a thing."

And yet they - according to you - left their signature all over the "hack". They're either trying to be covert, or not. Either leaving an extended middle finger to the DNC or hiding their activities by routing through various servers, etc. I don't see how you can have it both ways and be correct.

I think you should prepare to be proven wrong. A bottle of whatever top shelf drink you like (Bourbon man myself) says that by year end, this will have been proven to be a leak (a local download).

The Twisted Genius

Richardstevenhack,

I am now thoroughly convinced that you either clueless about this technology or totally blinded by your desire to exonerate Russia. Perhaps both. Your discussion of gigabit ethernet is embarrassing. Don't you realize gigabit ethernet is now widely available for home use? It does not require an OC-12 or optical fiber. It can be done over cat 6 or even cat 5e copper cable.

I also doubt your fundamental understanding of an internet connection. Here's an example. I am sitting in a Cuban cafe in Miami with the original Mac Powerbook G4 Titanium and a T-mobile flip phone connected to the G4 through a USB 1.1 connection. Using that phone as a modem, I connect to a shell account. From that shell account I connect to another and then to a third. All of these shell accounts are on boxes with 10/100 ethernet. From that third shell account, I log into a server within a data center with gigabit capability. I then proceed to transfer a large amount of data from that server to another server in another data center at gigabit speed, faster than the 22.5 MB/s quoted by the Forensicator. This is accomplished with an internet connection from my Powerbook that clearly does not have a gigabit connection to the two data center servers. And each hop along the way has its own IP address. That's how the internet works. That's also how hackers work.

If the Forensicator shares the same understanding of the internet as you apparently do, he too doesn't know his ass from a hole in the ground.

Ingolf Eide


Is definitive forensic proof even possible? Maybe the potential for misdirection of various kinds means we can never know for sure, not even in the best of circumstances.

In this case, they're anything but. Like the crude "fingerprints" supposedly left behind that Eric just mentioned, the apparent refusal of the DNC to allow the FBI to investigate their server(s) directly is another of the oddities that characterise this business.

One thing does seem clear to me. Only one side was powerfully motivated and it wasn't the Russians. I don't doubt they take every opportunity to acquire useful information and at times also sow disinformation. However, under Putin they've been cautious and farsighted in everything they do. Their reputation, their brand value if you like, has long been their primary consideration. So, even assuming they got their hands on the DNC emails, would the uncertain reward of using that information justify the immense risk? After all, they're only too aware of the deep-seated animus against Russia within US politics. In my view, for them to engage in covert ops against one side in the US election would have been a wild, speculative flyer with catastrophic downside risks. And, IMO, entirely out of character.

The Clinton Democrats, on the other hand . . .

novicitus

Day 280 seems like a pretty good summary.

FB Ali

TTG,

You say your "years of experience" and NOT "any evidence" leads you to believe that Russia carried out the hack (rather than someone else, or the stuff being leaked). I'm afraid that is as clear a statement of bias as any I've come across in this discussion.

The above discussion also leads me to believe that no conclusive technical proof is possible. That forces one to consider the balance of probabilities. As in any crime, motive is critical. Here I would go along with Ingolf (above). It is extremely unlikely that such an act would be worth the risk for Russia. Putin runs a tight ship, and he has much bigger fish to fry than getting involved in US domestic political dirty tricks.

The Twisted Genius

Ingolf Eide,

You don't think the Russians were powerfully motivated to do what they could to ensure Clinton lost and Trump won? I think the Russians have good and valid reasons to defeat Clinton. I'm sure a lot of US voters voted for Trump for the same reasons. We all wanted to reduce the possibility of WWIII to a minimum. For the Russians not to attempt to influence the outcome of the election would have been negligent on their part. In my opinion, they have nothing to be ashamed of.

The Twisted Genius

Eric Newhill,

From the time of the MOONLIGHT MAZE intrusions in the mid-90s, the Russians were stealthy and difficult to track. The Chinese, on the other hand, were much more noisy and bold in their intrusions. It was as if they didn’t care if we knew they did it. In the last few years, the Russians began operating more like the Chinese. This was glaringly apparent in the November 2014 intrusion into the State Department unclassified system. NSA and FBI had a running battle with the intruders for days before they were able to finally expel them. Fortunately, NSA capabilities to track the hackers across the internet in real time were well advanced at that time. An allied intel service also hacked the surveillance cameras inside the the hackers’ workspace. The attackers were what became known as the Cozy Bear hackers and were tracked every step of the way. This information wasn’t make public until late 2015.

Flash forward to the DNC hacks. The FBI first notified the DNC in September 2015 that they noticed Cozy Bear hackers had compromised at least one DNC computer system. Neither the FBI nor the DNC took this information as seriously as they should have. In November 2015, the FBI informed the DNC that the hackers were connecting back to Moscow from the DNC network. The actions of both the FBI and DNC remained lackadaisical. It wasn’t until March 2016 that the DNC contract computer tech met the FBI Special Agent and was convinced this wasn’t some hoax or put on. The DNC finally installed some halfway decent monitoring tools in April 2016. By the end of the month, the DNC knew they had a serious problem and hired CrowdStrike. The rest of the story is more widely known.

I long ago promised someone I would not be a betting man, but if I was, I’d take you up on that bet. I’m 99% sure this whole thing is part of a Russian IO and not a vast left wing conspiracy. The last time I drank bourbon was the night before my first jump at Benning. Drank way too much and never touched the stuff after that. I have developed a taste for barrel-aged craft beers though. I guess we’ll see who’s right… eventually.

The Twisted Genius

Richardstevenhack,

OK. I was a bit harsh there. But the idea that the Forensicator has proven that the DNC hack had to be due to a local leaker and couldn’t possibly be due to a Russian IO is insultingly bogus to me. I’ve seen article after article claiming just that.

The scenario I described is doable to any decent hacker. Three shell accounts in bogus identities in locations around the world can be had for less than the cost of a home DSL connection and can be set up by anybody. It doesn’t take the support of an intelligence organization.

I do agree with you and Binney that the NSA would probably have confirming information of the DNC hacks. Maybe even as much as they have from the 2014 State Department hack by Cozy Bear. Perhaps that’s why the IC continues to say it was the result of a Russian government cyber operation. I don’t expect them to release all they have for many years. There’s a lot of stuff they have on many hacks that I know of that is not being released… and it won’t be released.

I do hope the local leaker theory is examined seriously. As you said, there is no reason that both the hack and the leak could have both occurred. However, Assange ought to explain why the Wikileaks servers were all moved to Russian providers before the election. Perhaps the NSA already knows what went into these servers, when it went in and from where. I don’t think the public will get the full answer to any of these questions for quite some time.

The Twisted Genius

Brigadier Ali,

Yes, I have to admit I am biased by my knowledge. Unfortunately I cannot provide you the information I gleaned from my years of experience beyond what is publicly available. We'll just have to wait for whatever the USG eventually releases to us all.

I provided an answer to Ingolf about his doubts. To your point that Putin wouldn't risk this, I point out the 2014 State Department hack in which the Cozy Bear hackers brazenly battled the NSA and FBI defenders for several days. If Putin is bold enough to do this, I believe he is bold enough to run an IO to influence the outcome of our last election. Many of us were convinced that the stakes involved the real chance of stumbling into WWIII.

Ingolf Eide

TTG,

If a genie had offered them a clean choice, I don't doubt Russia would have gone for Trump. In the real world, I don't think the decision for them would have been anything like as clear. As I see it, it's a matter of upside vs downside with the latter weighted far more heavily.

The potential benefits were uncertain and the odds of Russia being able to substantially affect the result would have seemed low, probably vanishingly so. Had a covert operation been exposed, on the other hand, the risk (at many levels) was potentially catastrophic. Far more so than Clinton's threatened no-fly zones. That could, IMO, have been managed in one form or another; Putin and Lavrov are almost preternaturally good at this sort of stuff. They have patience and strategic clarity while the US has neither.

As things turned out, the US has become so unmoored that to date it hasn't much mattered whether Russia did or didn't.

likbez

TTG,

> In November 2015, the FBI informed the DNC that the hackers
> were connecting back to Moscow from the DNC network.

Looks like you are incompetent. Especially your over-confidence. Qualified people have doubts. You don't. I will give you knowledge of some basic facts about networking. But that's it.

Anybody can connect "back to Moscow". Especially Balts, Ukrainians and Israelis. To say nothing about the USA. Actually anybody with a credit card, to say nothing about botnet owners.

No conclusive evidence were presented about IP space they were talking about. Was it ISP IP space or what?

You just parrot neoliberal propaganda.

The fact that DNC hired CrowdStrike and withhold any information from FBI speaks volumes. This really requires investigation: what they were hiding from FBI? Instead MSM fed us nonsense about "Russian hacking".

The fact that this explosive revelation, which clearly suggests cover up, was swiped under the carpet by neoliberal MSM also undermines your argumentation.

likbez

"I point out the 2014 State Department hack in which the Cozy Bear hackers brazenly battled the NSA and FBI defenders for several days."

Looks like you know way too much ;-)

1664RM

Yet again we see more than a hint of malfeasance by officials within the DNC prior to the 2016 US Presidential Election.

And yet again the usual suspect start 'throwing smoke' ... in order lay a smokescreen & divert everybody towards the "Russia dunnit" meme ... its so noticeable here now as it is everywhere in internet land that its becoming more ridiculous by the day.

Seriously ... how are people supposed to take this Russia line 'seriously' when held up to the light & compared against the four years of HRC as SoS at the State Dept, the nefarious goings on within the DNC by Wasserman-Shultz, Brazzlle & the the Clinton Team with Podesta et al?

The whole Russia story IS THE biggest smoke screen ... aided & abetted by the media & literally millions of willing ordinary people who have been all too happy to swallow the bullshit hook line & sinker.

Useful idiots ... all of them.

I am a firm believer than Wasserman-Shultz is part of the Israeli system that has penetrated the entire US political & Judicial scene inside the Beltway .... two of the main 'handlers' in this are none other than Ghislane Maxwell & Geoffrey Epstein.

I believe that there are plenty of useful idiots across the political spectrum on both sides of the Atlantic that have enjoyed the 'corporate hospitality' offered buy Mr Epstein & his 'Lolita Express'.

Thus you will find nobody with the balls to prosecute the likes of the Clintons, Podesta or DWS for that matter ... thus they can get away with murder (literally) Federal organisations like the FBI are seemingly unable to access the IT infrastructure of such organisations as the DNC.

HRC should now be languishing in a cell for several Capital Offences including Treason ... it stands out like a dick on a donkey.

Dons tinfoil hat.

Per Mare Per Terram

The comments to this entry are closed.

My Photo

September 2020

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Blog powered by Typepad