Who really hacked the DNC?


#1

[Read the post]


#2

Several parts of this whole larger story do not make sense.

However, as someone with online penetration skills just above script kiddie myself, my guess is you did not need very sophisticated skills to hack the DNC (or Sec. Clinton’s email server). The vast majority of hacks on internet facing services are really pretty basic stuff. Keeping all the parts that go into modern online software stacks up-to-date is pretty difficult so that makes for easy “hacking”. Especially with all the interconnected on the back end setups, crack one part, crack them all essentially.

Or some pretty basic social engineering type attacks, password guessing, spear phishing, Rockford’ing, etc.

Shifting zero days? Probably not needed. Certainly not what you would start with.


#3

From my, admittedly highly limited, understanding it’s generally simpler to run with the idea of social engineering than some code-wizardry, purely because it’s easier to game people into doing things that make your job simple.


#4

the conspiracy theory that the DNC let themselves be hacked, putting this massive file of info they had gathered as bait, is simultaneously crazy and also super fun. a 230+ page attack ad on trump, and all they had to do was sit back and let it get out into the world at no cost to the DNC. genius!


#5

Trump did it himself. The idiocy is just an act - he is actually an evil genius at the Cheney level.


#6

Another fact-impaired post from Doctrow. The only evidence that Guccifer broke into HRC’s email account, is that he has claimed it’s so. Unlike his other break-ins, he has been unable to post an iota of data from the server, and investigators have found zero evidence that it ever happened. All evidence points to him trying to elevate his hacker status by associating himself to something currently in the news, without actually accomplishing the deed.


#7

Is Trump actually a Russian sleeper agent/working with Putin to secure the presidency? I’m just asking.


#8

We ask, you decide.


#9

And just exactly what is it that he’s combing over?


#10

I keep seeing a growing possibility of Trump being an old pal of Clinton throwing the election for her, and accidentally unleashing an unexpectedly rabid nativist movement. He’s really doing virtually everything in his power to damage his chances in the general, but the nativists just don’t care.


#11

Plus, they don’t have to take ownership of the material or defend it like they would if they built an ad campaign around any of it. It’s just research they were thinking about. And, Trump supporters just don’t care about facts, particularly facts from the DNC and/or Hillary. This way the material gets to percolate through the interwebs and show up in many different guises. This could backfire if they did do this and get caught.


#12

There’s something going on with Trump and Putin…


#13

Has the Putin Trump gay fan fiction started yet?


#14

Done and done.


#15

Oh, yeah.




#16

I work as a professional penetration tester, and I have decades of forensics experience related to breaches like this, although that’s not my primary focus and I work in-house for a corporation and only in the past few years have moved into security full-time.

Here’s what I will tell you.

  • Forensics, and more importantly attribution, for an episode or series of episodes like this is incredibly difficult. The degree of difficulty goes up with the sophistication of the attacker. If you are breached by the FSB, they are very unlikely to leave evidence it was them. Even if you are breached by a script-kiddie level attacker, it’s incredibly difficult to find and trace evidence of the tools, techniques and geographic location of your adversary.

  • That said, it is possible to attribute an attack. Crowdstrike has the knowledge and capability to do it. If they were called in and established honeypots and gathered intelligence over a span of months, then they may well have a lot of evidence of the tools & techniques.

  • If they were brought in late, to clean up after DNC’s nincompoop IT staff woke up and tried to clean up, then who knows how much evidence they had to work with.

  • However, it is important to remember that a company such as CrowdStrike – or Mandiant, with Sony – a big gun, serves multiple roles in any such an incident. First is to prevent further damage. Second is to gather evidence and gain attribution. Third is PR and damage control.

  • The third job of CrowdStrike can at times be orthogonal to the public truth. Nowhere in their job description is included the public truth. There is no penalty (that I am aware of) for them to disclose a non-truth or shade the truth. Heck there’s almost no penalty for a politician to do so, and they are ostensibly called upon to serve such a thing as the public truth.

  • Debbie Wasserman Schultz, the head of the DNC, is hanging on to her job by a thread … and most likely her seat. This is about reputation and future jobs via the revolving door.

  • The narrative that has Russian state-sponsored hackers penetrated the DNC serves the purposes of CrowdStrike, DWS and the DNC. CrowdStrike generates earned media for their brand at the level where the big bucks get paid out for their services. DWS needs all the help she can get to spin that she is not an incompetent hack, so having it be Russia only helps her at this point. Same could be said for DNC IT staff. Don’t forget them. They’re lifers in the political game too, just in the back office.

  • It could have been an individual hacktivist. I give you every assurance, without ever having tested the DNC security but just knowing what I know about the levels of diligence and expenditure it takes to run a secure shop, it was probably fucking easy to hack into the DNC and maintain persistence. It did not take a nation state or a 0day.

  • It would be convenient for all, except perhaps Russia (and maybe even them), were it to be Russia.

  • Rumors of Russian possession of Hillary Rodman Clinton’s emails have been widespread for some time. Assange has been hinting at them. One consistent point about Guccifer 2.0 and said rumors is that Russia possesses HRC’s emails from her private server, perhaps including the ones that may or may not have been about yoga.

  • If it is Russia, what we are seeing is also GoT level global politics. HRC is the most Machiavellian candidate perhaps this country has ever seen, and this is the most chaotic election in decades, so would be befitting.

  • Trump is bit of a buffoon, but in calling out that it is the DNC “hacking itself” he is doing us all one favor by making it clear that you can’t possibly know who to believe in all this. All parties are playing for keeps and equally likely to be duplicitous! Who do you trust?

Occam’s Razor suggests it probably is the Russians. If CrowdStrike was able to gather evidence for a few months while the hackers thought they still were under cover and trying to pivot to higher value goods inside the network, and CrowdStrike can correlate it with honeypots that they’ve been collecting for years, then they may be able to pinpoint the exact agency who perpetrated the act. From an operational standpoint, the Guccifer 2.0 thing falls within the gameplan of Russian intelligence. They are also rumored to have leaked to Wikileaks in the past.

All I’m saying is automatically distrust the public narrative of CrowdStrike and the DNC. Private truth is in their interest. Public truth not so much. This is the pinnacle of the evolution of global politics that we are witnessing here. It is not about Trump’s dated oppo research. It is about Hillary’s damn emails. Pay attention folks.

I leave you with this to chew on:

I heard this NPR interview this morning with Dimitri Alperovitch, CTO of CrowdStrike, however in my sleepy state I did not hear him recite a list of facts at all. I heard a lot of conjecture lacking evidence. Doesn’t mean he doesn’t have it, but he was not serving the evidence in that interview.

In a WaPo piece, he is much more honest and less definitive in his assessment (emphasis mine):

The two groups did not appear to be working together, Alperovitch said. Fancy Bear is believed to work for the GRU, or Russia’s military intelligence service, he said. CrowdStrike is less sure of whom Cozy Bear works for but thinks it might be the Federal Security Service, or FSB, the country’s powerful security agency, which was once headed by Putin.


#17

So can you give us your professional opinion on what’s going on between Trump and Putin?

Badump bump. Badabump.


#18

That is bog-standard over-reporting the skill of the hacker. Everyone always claims insane sophisticated attack, when the reality is that no one really secures anything for shit. They don’t want to look bad, but it always comes out. Then they just keep denying it.


#19

Trump is a mutant from Chernoyl,he was captured and had his brain removed for research purposes at a Russian genetic research facility near Chenobyl. After his brain was removed and his body thrown onto a rubbish dump he must have combed his hair and made his way to the USA? Or he was sent by the Russians under the shadowy: T.R.U.M.P. (TheRussianUltimateMutantProject) lol Well some people believe what they read in the bible and that is more batpoop crazy than this!


#20

On June 14 NATO Secretary-General Jens Stoltenberg said that Massive cyber attack could trigger NATO response
On June 14 news surfaced of Russians attacking DNC (you’d think “allegedly” attacking, because the articale says “believes”, not “evidence”; but the headlines tell a different story)