'm not contradicting myself. It's an incomplete investigation and everyone knows it. The DNC is stalling and stonewalling.

Anonymous wrote:I'm not contradicting myself. It's an incomplete investigation and everyone knows it. The DNC is stalling and stonewalling.

"But, those things are separate from the server." No! Really. Do tell.

You confiscate all the infrastructure at the same time for examination. The server and any data in a cloud setup or a server farm should be investigated. Comparisons will have to be made for time stamps, when maliciousness supposedly took place and to do that, you need all components.

"The FBI has confirmed that they have been provided sufficient data." - The person stating that is giving a political answer.



Furthermore: " Do you dispute the determination that Russia was behind the hack? "

So who was it, since you seem to know so much? The FSB? The GRU? The SVR? Some other organization? You sure it wasn't China using Russian infrastructure. Just spitballing Jeff, but since you know so much, who exactly was it? Are you sure it wasn't an eastern european crime syndicate?

What are you basing your attribution on?

Anonymous wrote:

'm not contradicting myself. It's an incomplete investigation and everyone knows it. The DNC is stalling and stonewalling.

DNC is stonewalling with what ?? what do you know that all the American Intelligence agencies dont know? You probably watch too much fox news and you think this is a grand conspiracy of the "Deep State" and you are on this forum hoping that people will dignify your paranoia.


All American Intelligence agencies have reported that Russia hacked and tried to meddle with our elections, that is concerning enough to me as an American.
Wearing an American flag underwear for July 4th does not make your patriotic America putting country above party makes you a true American. You should be following the investigation and extending your full support to that no matter where it leads and no, the investigative committee has not said that DNC is stonewalling them. You got this information from some right wing conspiracy website and you are peddling your nonsense here.

Anonymous wrote:

I worked in a secure and. In secure environment and when classified or even unclassified data meant for certain people to see was inadvertently disclosed it was common for us to shit off service to sanitize. You're correct, investigating the infrastructure to include any back-end storage and cloud based storage and backups is crucial.

I specifically remember one place I worked that was compromised by China, they got in through phishing schemes. We worked with a reputable forensic team from a good firm and we narrowed it down to the exact building and GPS coordinates from where the attack came from. You can do that.

As noted by the PP, there can be more investigation

Anonymous wrote:

jsteele wrote:From the article:

The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."

Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.

Not quite. If their email server was a VM of they orivided snapshot images of the disks - which a lot of storage providers have as a feature,you can run an investigation on the snapshots of the disks.

It's a common feature to snapshot disk LUNs, virtual machines or datastores. If those snapshots exist they can be provided. ZFS is a filesystem with one such feature.

Anonymous wrote:The private security group Crowdstrike said it was all Russia breaching the DNC server. FBI took them at their word. Obama hired a Crowdstrike officer as a part of his staff last summer (Commission on Enhancing National Cybersecurity). Why would the FBI need to see it after Crowdstrike vouched for the Russkies breach? Google Capital invested $100 million into Crowdstrike. Co-Founder and CTO of CrowdStrike Dmitri Alperovitch is a member of the Atlantic Council, which is funded by George Soros' Open Societies Foundation.

Don't see the problem.

jsteele wrote:

Anonymous wrote:

jsteele wrote:From the article:

The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."

Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.

Not quite. If their email server was a VM of they orivided snapshot images of the disks - which a lot of storage providers have as a feature,you can run an investigation on the snapshots of the disks.

It's a common feature to snapshot disk LUNs, virtual machines or datastores. If those snapshots exist they can be provided. ZFS is a filesystem with one such feature.

What is your point? What are you actually saying that is different from the point I made? Yes, there are various ways to provide disk images. Disk images were provided. End of story.

Anonymous wrote:

jsteele wrote:

Anonymous wrote:

jsteele wrote:From the article:

The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."

Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.

Not quite. If their email server was a VM of they orivided snapshot images of the disks - which a lot of storage providers have as a feature,you can run an investigation on the snapshots of the disks.

It's a common feature to snapshot disk LUNs, virtual machines or datastores. If those snapshots exist they can be provided. ZFS is a filesystem with one such feature.

What is your point? What are you actually saying that is different from the point I made? Yes, there are various ways to provide disk images. Disk images were provided. End of story.

All of them? All the backups? All snapshots of the MS Exchange datastore? All OS snapshots? All network equipment and firewall logs?

Obama certainly knew about the Russia involvement and couldn't care less. Now that you liberals lost the election, it's a big deal.

jsteele wrote:

You are completely contradicting yourself. You started a thread about the FBI being denied access to the DNC's server. When I explained that was not really a big deal, you went off in another direction about the need to investigate other devices, all of which are separate from the server.

I can't believe that you actually wrote this:

"You confiscate all the infrastructure at the same time for examination."

So, you wan the FBI to seize an email server, potentially one or more file servers, potentially an entire cloud service, a firewall, router, any number of switches, an IDS, and who knows what else? That would shut the DNC down. Is that your actual goal? Moreover, firewalls and IDS and most security devices would be useless to investigate in themselves. What is actually important are the log files which are not stored on the devices themselves. Seizing a firewall would provide no benefit.

You have pretty much given away the fact that you don't have a clue about what you are talking and have never conducted an actual investigation into a network intrussion (or least not a credible one).

Anonymous wrote:Yes. When you're working on nation-state stuff, all bets are off. You have to be extremely thorough. Jeff believes that since Comey made a statement, everything is fine. A little naive, but whatever.

jsteele wrote:

Anonymous wrote:The private security group Crowdstrike said it was all Russia breaching the DNC server. FBI took them at their word. Obama hired a Crowdstrike officer as a part of his staff last summer (Commission on Enhancing National Cybersecurity). Why would the FBI need to see it after Crowdstrike vouched for the Russkies breach? Google Capital invested $100 million into Crowdstrike. Co-Founder and CTO of CrowdStrike Dmitri Alperovitch is a member of the Atlantic Council, which is funded by George Soros' Open Societies Foundation.

Don't see the problem.

No, the FBI did not simply take Crowdstrike at its word. The FBI used the images and reports provided by Crowdstrike to conduct its own investigation. The FBI reported its own conclusions, not Crowdstrike's.

jsteele wrote:

Anonymous wrote:

jsteele wrote:

Anonymous wrote:

jsteele wrote:From the article:

The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."

Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.

Not quite. If their email server was a VM of they orivided snapshot images of the disks - which a lot of storage providers have as a feature,you can run an investigation on the snapshots of the disks.

It's a common feature to snapshot disk LUNs, virtual machines or datastores. If those snapshots exist they can be provided. ZFS is a filesystem with one such feature.

What is your point? What are you actually saying that is different from the point I made? Yes, there are various ways to provide disk images. Disk images were provided. End of story.

All of them? All the backups? All snapshots of the MS Exchange datastore? All OS snapshots? All network equipment and firewall logs?

Ask the FBI. The point is, giving the FBI the server would not provide that data. The OP -- and apparently you -- want the server to be given to the FBI. But, giving them the server would have practically no impact. How would having access to the server impact the provision of backups, snapshots, or firewall logs? It wouldn't. Focusing on the server is just a distraction.

I freely admit that I trust Comey more than I trust people who are obsessed with the FBI getting access to the DNC's server. Anyone fixated on the server has no clue how to conduct an investigation of this sort. Hence, nothing of a technical nature that such people have to say is of any value in this discussion.

Anonymous wrote:
"Moreover, firewalls and IDS and most security devices would be useless to investigate in themselves." No. How are you going to get the running configurations of the firewall and IDS from an audit log stored on another device? No. It doesn't dump it's configuration to an audit log. That would be an OPSEC problem right there.

Anonymous wrote:
"Seizing a firewall would provide no benefit. " No. How do you know if the firewall was properly configured? ALLOW ALL ANY <---> ANY will invalidate just about any valid configuration of the best firewall. So will screwing around with the firmware of a firewall.
.

Anonymous wrote:
"What is actually important are the log files which are not stored on the devices themselves." I want to see the routers themselves to see running configurations. Furthermore, how the hell do I know that logging is properly implemented on appliances around the DNC IT shop?

Anonymous wrote:
Jeff, you have pretty much given away the fact that you don't have a clue about what you are talking anout and have never conducted an actual investigation into a network intrusion (or least not a credible one).