Anonymous wrote:
You're not very bright, there are multiple brands other than Cisco, -and most VPN providers use open source products like OpenVPN. Beyond that, most hackers don't use windows, so it's harder to install keyloggers

I'm bright enough to know that you are pretty clueless. I certainly hope you don't work in infosec because whatever systems you maintain have probably been hacked silly. What sort of infosec education and/or training do you have? I'd love to know where you obtained your "expertise".

jsteele wrote:

Anonymous wrote:

jsteele wrote:

Anonymous wrote:CERT had released the report and has IPs - which mean squat
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

IP addresses are interchangeable and can be spoofed. Even the CERT report and DHS provides no concrete evidence. It's circumstantial at best and certainly nothing concrete.


And everyone is running around saying 'look at this definite proof this was Russian State Actors.'

Its circumstantial, at best. IPs and methods associated with previous hacks that are believed to be Russian sponsored but also not proven to be Russian sponsored.

I'd sincerely hope that the agencies looking into this have better evidence, they just can't release it without harming their efforts. Its either that or they are bluffing for political leverage of some form.

Had you read the thread, you would see that not everyone is "running around saying 'look at this definite proof this was Russian State Actors.'" I have repeatedly pointed to the deficiencies of the report. That said, you are wrong in your conclusions about IP addresses. While they can be spoofed, they cannot be spoofed in many of the applications in which they were used in this attack. More importantly, the key evidence that would tie this attack to specific actors would not be forensic information simply showing the source of the attacks, but actual captured communications that showed the entire communications chain (e.g. attacker -> proxy -> victim). It may well be the dilemma facing the intelligence services is how to release proof without simultaneously how much Internet data is being routinely captured.

You're naive to think that if VPNs or proxies were used the original attackers will be traced. Chances are those endpoints are behind a secure system or a VPN provider that doesn't retain logs. A lot of the malware used is on the black market or phishing attacks. Poor security and stupid staffers (like Podesta) were the way in.

You don't appear to have much understanding of the type of traffic monitoring that is possible. Let's turn to Edward Snowden for some highlights (as revealed in Glenn Greenwald's book):

http://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html

"Greenwald reveals that a program called X-KEYSCORE allows 'real-time' monitoring of a person's online activities, enabling the NSA to observe emails and browsing activities as they happen, down to the keystroke"

But, you say, the hackers used VPNs. Well:

"Routers, switches, and servers made by Cisco are booby-trapped with surveillance equipment that intercepts traffic handled by those devices and copies it to the NSA's network, the book states."

and:

http://arstechnica.com/security/2015/10/backdoor-infecting-cisco-vpns-steals-customers-network-passwords/

"Backdoor infecting Cisco VPNs steals customers’ network passwords"

It is very likely that the NSA has been exploiting this vulnerability and that VPNs are minimal defense against the government.

To be clear, I don't know what evidence the government has and, as a result, I am not ready to believe the assertions unless/until they are substantiated. But, while it is easy for hackers to hide their tracks when attacking you or me, it is a different story when the NSA gets their teeth into it.

You're not very bright, there are multiple brands other than Cisco, -and most VPN providers use open source products like OpenVPN. Beyond that, most hackers don't use windows, so it's harder to install keyloggers

Anonymous wrote:

jsteele wrote:

Anonymous wrote:CERT had released the report and has IPs - which mean squat
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

IP addresses are interchangeable and can be spoofed. Even the CERT report and DHS provides no concrete evidence. It's circumstantial at best and certainly nothing concrete.


And everyone is running around saying 'look at this definite proof this was Russian State Actors.'

Its circumstantial, at best. IPs and methods associated with previous hacks that are believed to be Russian sponsored but also not proven to be Russian sponsored.

I'd sincerely hope that the agencies looking into this have better evidence, they just can't release it without harming their efforts. Its either that or they are bluffing for political leverage of some form.

Had you read the thread, you would see that not everyone is "running around saying 'look at this definite proof this was Russian State Actors.'" I have repeatedly pointed to the deficiencies of the report. That said, you are wrong in your conclusions about IP addresses. While they can be spoofed, they cannot be spoofed in many of the applications in which they were used in this attack. More importantly, the key evidence that would tie this attack to specific actors would not be forensic information simply showing the source of the attacks, but actual captured communications that showed the entire communications chain (e.g. attacker -> proxy -> victim). It may well be the dilemma facing the intelligence services is how to release proof without simultaneously how much Internet data is being routinely captured.

You're naive to think that if VPNs or proxies were used the original attackers will be traced. Chances are those endpoints are behind a secure system or a VPN provider that doesn't retain logs. A lot of the malware used is on the black market or phishing attacks. Poor security and stupid staffers (like Podesta) were the way in.

You don't appear to have much understanding of the type of traffic monitoring that is possible. Let's turn to Edward Snowden for some highlights (as revealed in Glenn Greenwald's book):

http://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html

"Greenwald reveals that a program called X-KEYSCORE allows 'real-time' monitoring of a person's online activities, enabling the NSA to observe emails and browsing activities as they happen, down to the keystroke"

But, you say, the hackers used VPNs. Well:

"Routers, switches, and servers made by Cisco are booby-trapped with surveillance equipment that intercepts traffic handled by those devices and copies it to the NSA's network, the book states."

and:

http://arstechnica.com/security/2015/10/backdoor-infecting-cisco-vpns-steals-customers-network-passwords/

"Backdoor infecting Cisco VPNs steals customers’ network passwords"

It is very likely that the NSA has been exploiting this vulnerability and that VPNs are minimal defense against the government.

To be clear, I don't know what evidence the government has and, as a result, I am not ready to believe the assertions unless/until they are substantiated. But, while it is easy for hackers to hide their tracks when attacking you or me, it is a different story when the NSA gets their teeth into it.

Hacks, reports, whatever, aside, the posts and posters who believe "the Russians" are posting on dcum are really insane.

Get over yourselves. Bored housewives asking questions about how to cut their MILs off and if their husband is cheating and if their kids need to go to a minute clinic or ER really? The Russians are all about that?

I have to say, I don't always agree with Jeff but his expertise on this issue is eye-opening and appreciated. It's great to hear from someone who had had their boots on the ground, and can illuminate a very complicated issue.

Anonymous wrote:Proof? Faith should not require proof. If you don't believe or don't understand, you're not nuanced enough. Therefore, you should have blind faith, sheeple.

The Obama Administration got caught in a huge propaganda lie and has no way out. There is no "consensus" in the intelligence community that the motive of the Russian hacking--if indeed there was any Russian hacking--was to benefit Trump. There is no evidence of such a consensus. This was purely propaganda fed to the media by Obama administration operatives. This was all started because of Trump's sarcastic remark in the debate that the Russians should hack Hillary's email server (which they and the Chinese had probably already done anyway). Hillary jumped all over that as have the Democrats and haven't let go of it.

But now, when asked to present proof, there is none to present. So Obama acts like a clown and expels 35 Russian diplomats/spies who had nothing whatsoever to do with the alleged hacking.

Masterful performance, I hate to see him go.

"You are embossing yourself as a pro-Russian troll, and not even a very good one. There is a consensus of the intelligence community that the Russians were behind the hack of the DNC and that the purpose of doing this was to influence the election in Trump's favor. Indeed, the recently-released report clearly asserts that the Russians were behind this hack."

Where in the report is there any connection between Russian hacking and "that the purpose of doing this was to influence the election in Trump's favor"? Nowhere. You just fabricated that by deliberately fabricating a juxtaposition that doesn't exist with the deliberate intent of falsely implying the report says any such thing. It doesn't. You also are dishonest in that you're now going to deny you intended to create such a false inference.

You're the Russian Troll. You're trying to undermine the next President.

jsteele wrote:

Anonymous wrote:CERT had released the report and has IPs - which mean squat
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

IP addresses are interchangeable and can be spoofed. Even the CERT report and DHS provides no concrete evidence. It's circumstantial at best and certainly nothing concrete.


And everyone is running around saying 'look at this definite proof this was Russian State Actors.'

Its circumstantial, at best. IPs and methods associated with previous hacks that are believed to be Russian sponsored but also not proven to be Russian sponsored.

I'd sincerely hope that the agencies looking into this have better evidence, they just can't release it without harming their efforts. Its either that or they are bluffing for political leverage of some form.

Had you read the thread, you would see that not everyone is "running around saying 'look at this definite proof this was Russian State Actors.'" I have repeatedly pointed to the deficiencies of the report. That said, you are wrong in your conclusions about IP addresses. While they can be spoofed, they cannot be spoofed in many of the applications in which they were used in this attack. More importantly, the key evidence that would tie this attack to specific actors would not be forensic information simply showing the source of the attacks, but actual captured communications that showed the entire communications chain (e.g. attacker -> proxy -> victim). It may well be the dilemma facing the intelligence services is how to release proof without simultaneously how much Internet data is being routinely captured.

You're naive to think that if VPNs or proxies were used the original attackers will be traced. Chances are those endpoints are behind a secure system or a VPN provider that doesn't retain logs. A lot of the malware used is on the black market or phishing attacks. Poor security and stupid staffers (like Podesta) were the way in.

Anonymous wrote:I'm so lost in this mess. But did I read somewhere that there were leaks in our own government that helped with the hacking?

This is one allegation but -- like every other allegation involving the hacks -- there is no evidence.

I'm so lost in this mess. But did I read somewhere that there were leaks in our own government that helped with the hacking?

Proof? Faith should not require proof. If you don't believe or don't understand, you're not nuanced enough. Therefore, you should have blind faith, sheeple.

Anonymous wrote:CERT had released the report and has IPs - which mean squat
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

IP addresses are interchangeable and can be spoofed. Even the CERT report and DHS provides no concrete evidence. It's circumstantial at best and certainly nothing concrete.


And everyone is running around saying 'look at this definite proof this was Russian State Actors.'

Its circumstantial, at best. IPs and methods associated with previous hacks that are believed to be Russian sponsored but also not proven to be Russian sponsored.

I'd sincerely hope that the agencies looking into this have better evidence, they just can't release it without harming their efforts. Its either that or they are bluffing for political leverage of some form.

Had you read the thread, you would see that not everyone is "running around saying 'look at this definite proof this was Russian State Actors.'" I have repeatedly pointed to the deficiencies of the report. That said, you are wrong in your conclusions about IP addresses. While they can be spoofed, they cannot be spoofed in many of the applications in which they were used in this attack. More importantly, the key evidence that would tie this attack to specific actors would not be forensic information simply showing the source of the attacks, but actual captured communications that showed the entire communications chain (e.g. attacker -> proxy -> victim). It may well be the dilemma facing the intelligence services is how to release proof without simultaneously how much Internet data is being routinely captured.

Anonymous wrote:There's no "disconnect." The Obama Administration put out propaganda which it said was based on a "consensus" of the intelligence community that the Russians hacked the election with the specific purpose of aiding Trump. This report was supposed to contain the basis of that supposed "consensus." That's not a disconnect. Pretending that this report wasn't supposed to cover the issue of whether the Russians were trying to support Trump is balderdash, because some of the liberals posting in this thread are trying to claim that the report does exactly that.

You are embossing yourself as a pro-Russian troll, and not even a very good one. There is a consensus of the intelligence community that the Russians were behind the hack of the DNC and that the purpose of doing this was to influence the election in Trump's favor. Indeed, the recently-released report clearly asserts that the Russians were behind this hack. But, you are wrong that this report was supposed to contain the basis of the consensus regarding the motive of the hackers. As you have been repeatedly told, such a conclusion would not come from the National Cybersecurity and Communications Integration Center. Go here and learn about the role of this organization:

https://www.us-cert.gov/nccic

To operate at the intersection of government, private sector, and international network defense communities, applying unique analytic perspectives, ensuring shared situational awareness, and orchestrating synchronized response, mitigation, and recovery efforts while protecting the Constitutional and privacy rights of Americans in both the cybersecurity and communications domains.

The NCCIC is capable of identifying, responding to, mitigating, and recovering from hacks, but it doesn't dele into motives. US-CERT would provide information to other agencies that might contribute to analysis that might arrive at such a conclusions, but actually making such conclusions is well above this group's pay grade.

It is perfectly fair to ask for information that supports the Administration's allegations. I have repeatedly suggested that additional information is necessary. But, to act -- as you have repeatedly done -- as if this report means that such evidence does not exist suggests willful ignorance on your part.

Could it be just possible ... perhaps maybe just conceivable to you ... that the United States government's intelligence agencies might have additional information they're not releasing for public review? I know it's a crazy thought that our nation's spy agencies might have other info that they don't want to share with you, but just consider it as a possibility.

CERT had released the report and has IPs - which mean squat
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

IP addresses are interchangeable and can be spoofed. Even the CERT report and DHS provides no concrete evidence. It's circumstantial at best and certainly nothing concrete.


And everyone is running around saying 'look at this definite proof this was Russian State Actors.'

Its circumstantial, at best. IPs and methods associated with previous hacks that are believed to be Russian sponsored but also not proven to be Russian sponsored.

I'd sincerely hope that the agencies looking into this have better evidence, they just can't release it without harming their efforts. Its either that or they are bluffing for political leverage of some form.

There's no "disconnect." The Obama Administration put out propaganda which it said was based on a "consensus" of the intelligence community that the Russians hacked the election with the specific purpose of aiding Trump. This report was supposed to contain the basis of that supposed "consensus." That's not a disconnect. Pretending that this report wasn't supposed to cover the issue of whether the Russians were trying to support Trump is balderdash, because some of the liberals posting in this thread are trying to claim that the report does exactly that.