jsteele wrote:

Anonymous wrote:Sure the raid can be imaged. Was it? Was the BIOS examined? We're talking Russia here, right (according to you)? They're not a third rate actor. A proper examination should take place and it's not. Furthermore, you're hanging your explanation on the words of a spokesman.

People are not satisfied with the data provided. I do dispute the determination. Show me the technical details.


"If the data is stored in the cloud, how would providing the server help?" - that's a very telling answer for a "SME" to give.


http://www.slate.com/blogs/future_tense/2017/05/09/the_fbi_is_harder_to_trust_on_the_dnc_hack_because_it_relied_on_crowdstrike.html

You are acting like Crowdstrike doesn't know basic forensics. Any professional firm would image both active memory and and storage media. That is simply basic forensics. You keep on harping about the fact that Crowdstrike's statement was issued by a spokesperson. I hate to break it to you, but that's who normally issues statements. The same information has been confirmed by the FBI.

I asked, "If the data is stored in the cloud, how would providing the server help?" You found that "very telling". Could you please answer the question?

Given that by your own admission you -- unlike the FBI -- has not seen the technical details, on what basis do you question their findings? Do you rely on telekinetics to conduct your computer forensics?

I'm sure Crowdtrike found exactly what they were told to find.

Anonymous wrote:The worst part of this amateur deflection is that everyone has accepted that the Russians did the hacking. What remains to be proven is whether the campaign colluded, or whether the administration obstructed.

This is brilliant in its simplicity.

Anonymous wrote:"The current configuration of firewalls and IDSs is of no concern. " They sure are, because you find out how they get extracted information out of the network.

You are simply embarrassing yourself with your nonsensical gibberish. Do you think anything you are saying makes sense? What would today's configuration of a firewall tell you about something that happened a year ago? Don't you think things have changed since then?

Anonymous wrote:
"At any rate, normal procedure is to keep backups of configurations." We're not talking about normal configurations obviously. That's done by competent people, not incompetent morons at the DNC.

Do you have evidence to support your allegation that the DNC did not follow such procedures and was not able to provide relevant configuration files to the FBI? Can you point to a single documented statement by the FBI that such data was not provided? You are just throwing mud based on your imagination because you have no facts to support your argument.

Anonymous wrote:
"What matters is the configuration at the time of the intrusion. Even those configurations are not actually that important since they can be deduced from the traffic logs" No, definitely not. The time of the intrusion? The intrusion can go on for years once it begins and one of the first things that happens are logs get overwritten. Tell me how great your logs are when your whole network isn't time synced. Tell me how great your logs are when you get hit by a zero day. Again, we're talking nation-state according to you.

If the logs are incomplete, there is nothing in the current configuration that will fill the holes. You repeatedly display your lack of understanding of how things actually work. You combine imaginative scenarios that are completely unsupported by evidence with unrelated allegations that you think make sense, but really don't. Investigators know when the exploit started and when it ended. No mystery there. The DNC wasn't hit by a "zero day" and merely being hit by a "zero day" doesn't mean anything by itself about log files. What makes you think a "zero day" will always -- or even frequently -- affect your logs? It's nice that you learned a new term that you think makes you sound smart, now learn what that term actually means.

Anonymous wrote:
"That can be easily determined from the traffic log. Have you actually ever administered a firewall? " No actually it can't. Tell me from your log files what ports were open and closed on the firewalls at the time of the incident(s), who logged in via an encrypted tunnel if they previously disabled logging on the FW, what the running configuration is, and if the firmware is genuine or the MD5 hashes of the firmware are actually valid?

Again, your repeated combination of imagination and unrelated allegations. If there are logs, then obviously logging has not been turned off. If traffic appears as being allowed in the logs, obviously that port was opened. Similarly, if traffic was blocked, obviously that port was closed. You don't need a year-old configuration to understand that. VPN logins, if there were any, would be similarly logged. What is amazing is your inability to understand that none of that information could be provided by today's running configuration on the device. How are you going to tell who logged in on a VPN a year ago by looking at the device today?

Clearly you have no direct experience administering firewalls. At some point you really need to recognize that you are out of your depth. Better luck next time.

Anonymous wrote:
"Wrong. I worked as a network security engineer in a government facility for several years during which time I conducted multiple investigations of network intrusions (even one originating from Russia)." - Glad I didn't hire you.

I'm glad too. There is nothing worse than working for a know-it-all boss who actually knows nothing.

Anonymous wrote:
Advanced Persistent Threats can be in networks for years, especially when it involves nation-states, and it's obvious you don't have a clue WTF you're talking about. But yes, you have it all solved. So who done it, govvy CISSP hack-boy?

Oh, look, you learned another new term. Do you even know what "Advanced Persistent Threat" means? Yes, lots of things could happen. Many of those things would be interesting for you to include in a fictional cyber warfare thriller. Your skillset appears quite suitable for such an undertaking. But, you would never make it as a network security engineer. The folks who -- unlike you -- have actually had their hands on the data say that the Russians did it. Your uninformed, if imaginative, objections do nothing to disprove their theories.

OP you lost this one.. Move on. Try a Reddit thread with Trumpsters like you. You might be able to get them turned on.

jsteele wrote:

Anonymous wrote:
"Moreover, firewalls and IDS and most security devices would be useless to investigate in themselves." No. How are you going to get the running configurations of the firewall and IDS from an audit log stored on another device? No. It doesn't dump it's configuration to an audit log. That would be an OPSEC problem right there.

I'm going to take the time to expose your cluelessness line by line. The current configuration of firewalls and IDSs is of no concern. What matters is the configuration at the time of the intrusion. Even those configurations are not actually that important since they can be deduced from the traffic logs. At any rate, normal procedure is to keep backups of configurations. Among other things, that helps when you need to roll back to an earlier configuration. Again, having the physical device is of no help and seizing such devices and removing them from the DNC's network would be very problematic, probably causing the network to cease functioning.

Anonymous wrote:
"Seizing a firewall would provide no benefit. " No. How do you know if the firewall was properly configured? ALLOW ALL ANY <---> ANY will invalidate just about any valid configuration of the best firewall. So will screwing around with the firmware of a firewall.
.

That can be easily determined from the traffic log. Have you actually ever administered a firewall?

Anonymous wrote:
"What is actually important are the log files which are not stored on the devices themselves." I want to see the routers themselves to see running configurations. Furthermore, how the hell do I know that logging is properly implemented on appliances around the DNC IT shop?

The running config can be provided without having to provide the physical device. If logging was not properly implemented, that will be revealed by the logs themselves. Similar to my question above, have you ever administered a firewall?

Anonymous wrote:
Jeff, you have pretty much given away the fact that you don't have a clue about what you are talking anout and have never conducted an actual investigation into a network intrusion (or least not a credible one).

Wrong. I worked as a network security engineer in a government facility for several years during which time I conducted multiple investigations of network intrusions (even one originating from Russia). I have years of experience administering routers, firewalls, IDSs, and other network security devices. I had a CISSP certification, though I haven't bothered to renew it since becoming self-employed.

"The current configuration of firewalls and IDSs is of no concern. " They sure are, because you find out how they get extracted information out of the network.

"At any rate, normal procedure is to keep backups of configurations." We're not talking about normal configurations obviously. That's done by competent people, not incompetent morons at the DNC.

"What matters is the configuration at the time of the intrusion. Even those configurations are not actually that important since they can be deduced from the traffic logs" No, definitely not. The time of the intrusion? The intrusion can go on for years once it begins and one of the first things that happens are logs get overwritten. Tell me how great your logs are when your whole network isn't time synced. Tell me how great your logs are when you get hit by a zero day. Again, we're talking nation-state according to you.

"That can be easily determined from the traffic log. Have you actually ever administered a firewall? " No actually it can't. Tell me from your log files what ports were open and closed on the firewalls at the time of the incident(s), who logged in via an encrypted tunnel if they previously disabled logging on the FW, what the running configuration is, and if the firmware is genuine or the MD5 hashes of the firmware are actually valid?

"Wrong. I worked as a network security engineer in a government facility for several years during which time I conducted multiple investigations of network intrusions (even one originating from Russia)." - Glad I didn't hire you.

Advanced Persistent Threats can be in networks for years, especially when it involves nation-states, and it's obvious you don't have a clue WTF you're talking about. But yes, you have it all solved. So who done it, govvy CISSP hack-boy?

Anonymous wrote:

Anonymous wrote:

Yes, Obama screwed up .. he was confident that Hillary would win and did not push for an investigation hard enough.

Well, he did try to get McConnell to go along with a bi-partisan statement about the hack and interference (which the President has now acknowledged DID happen) and McConnell rejected in the name of party over country, so while Obama didn't do enough, it was more than the GOP was willing to do.

When all this was happening, Obama occupied the WH and Holder, Lynch and Comey were in charge of the investigation. You morons couldn't find your butts with three flashlights and five mirrors.

Who GAS about statements? Everyone is f'n tired of your strongly worded letters of condemnation to cover up your incompetence.

Further, you all thought Hillary would win, so you didn't want to pursue it. Only when she lost did you become fake outraged.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Yes, Obama screwed up .. he was confident that Hillary would win and did not push for an investigation hard enough.

Well, he did try to get McConnell to go along with a bi-partisan statement about the hack and interference (which the President has now acknowledged DID happen) and McConnell rejected in the name of party over country, so while Obama didn't do enough, it was more than the GOP was willing to do.

Because the GOP is complicit.

Let that wash over you: the ding dongs who wrapped themselves in the flag and pretended to be patriotic either themselves worked with Russia or knew of it and felt it didn't matter.

This. A thousand times this.

Anonymous wrote:

Anonymous wrote:

ell, he did try to get McConnell to go along with a bi-partisan statement about the hack and interference (which the President has now acknowledged DID happen) and McConnell rejected in the name of party over country, so while Obama didn't do enough, it was more than the GOP was willing to do.

Very interesting! thank you, I did not know that.

In fact, McConnell threatened Obama that he would call it partisan if Obama did bring up the Russian meddling on his own.

I wonder if McConnell didn't come to the same conclusion that the former did and if they couldn't come to an agreement on the wording to use? Since someone posting here thinks McConnell "threatened" the former president, I'd like to leave this Maggie Haberman of the NYT correction here to a widely circulated article:

Correction: June 29, 2017
A White House Memo article on Monday about President Trump’s deflections and denials about Russia referred incorrectly to the source of an intelligence assessment that said Russia orchestrated hacking attacks during last year’s presidential election. The assessment was made by four intelligence agencies — the Office of the Director of National Intelligence, the Central Intelligence Agency, the Federal Bureau of Investigation and the National Security Agency. The assessment was not approved by all 17 organizations in the American intelligence community.

Anonymous wrote:

Anonymous wrote:

Yes, Obama screwed up .. he was confident that Hillary would win and did not push for an investigation hard enough.

Well, he did try to get McConnell to go along with a bi-partisan statement about the hack and interference (which the President has now acknowledged DID happen) and McConnell rejected in the name of party over country, so while Obama didn't do enough, it was more than the GOP was willing to do.

Because the GOP is complicit.

Let that wash over you: the ding dongs who wrapped themselves in the flag and pretended to be patriotic either themselves worked with Russia or knew of it and felt it didn't matter.

Anonymous wrote:

ell, he did try to get McConnell to go along with a bi-partisan statement about the hack and interference (which the President has now acknowledged DID happen) and McConnell rejected in the name of party over country, so while Obama didn't do enough, it was more than the GOP was willing to do.

Very interesting! thank you, I did not know that.

In fact, McConnell threatened Obama that he would call it partisan if Obama did bring up the Russian meddling on his own.

ell, he did try to get McConnell to go along with a bi-partisan statement about the hack and interference (which the President has now acknowledged DID happen) and McConnell rejected in the name of party over country, so while Obama didn't do enough, it was more than the GOP was willing to do.

Very interesting! thank you, I did not know that.

Anonymous wrote:

Yes, Obama screwed up .. he was confident that Hillary would win and did not push for an investigation hard enough.

Well, he did try to get McConnell to go along with a bi-partisan statement about the hack and interference (which the President has now acknowledged DID happen) and McConnell rejected in the name of party over country, so while Obama didn't do enough, it was more than the GOP was willing to do.

The worst part of this amateur deflection is that everyone has accepted that the Russians did the hacking. What remains to be proven is whether the campaign colluded, or whether the administration obstructed.

Dude, if they have an image of the server, they have everything. Don't be a dullard.

Anonymous wrote:

jsteele wrote:

Anonymous wrote:

jsteele wrote:

Anonymous wrote:

jsteele wrote:From the article:

The cooperation included the "providing of the forensic images of the DNC systems to the FBI, along with our investigation report and findings. Those agencies reviewed and subsequently independently validated our analysis."

Since the FBI has the images, they effectively have the server. This entire discussion is a red herring and an attempt at distraction.

Not quite. If their email server was a VM of they orivided snapshot images of the disks - which a lot of storage providers have as a feature,you can run an investigation on the snapshots of the disks.

It's a common feature to snapshot disk LUNs, virtual machines or datastores. If those snapshots exist they can be provided. ZFS is a filesystem with one such feature.

What is your point? What are you actually saying that is different from the point I made? Yes, there are various ways to provide disk images. Disk images were provided. End of story.

All of them? All the backups? All snapshots of the MS Exchange datastore? All OS snapshots? All network equipment and firewall logs?

Ask the FBI. The point is, giving the FBI the server would not provide that data. The OP -- and apparently you -- want the server to be given to the FBI. But, giving them the server would have practically no impact. How would having access to the server impact the provision of backups, snapshots, or firewall logs? It wouldn't. Focusing on the server is just a distraction.

Wait? Ask the FBI? I kinda like your capitulation. Subtle, but I got it and I think you got it.

What capitulation? How would giving the FBI the DNC server doing anything about the backups or snapshots?