Ghosts in the System – TTG


I was as surprised as most when FBI Director Comey recommended no charges for Clinton over her email server shenanigans. I thought there would be more comments about the way she had the email server sterilized before it was handed over to the FBI. Smells like obstruction of justice to me. To make matters worse, the sterilization sabotaged efforts to investigate the massive 2014 breach of the State Department email system. This 19 Feb 2015  article from the Wall Street Journal touches on the extent of that breach.


Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn’t been able to evict them from the department’s network, according to three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses.

Investigators believe that hackers first snuck into State Department computers last fall after an employee clicked on a bogus link in an email referring to administrative matters, a type of attack known as a “phish.” That loaded malicious software onto the computer—a common hacker trick that has worked in countless corporate and government breaches.

From there, the hackers spread through the State Department’s sprawling network that includes machines in thousands of offices across the U.S., embassies and other outposts. It isn’t clear why the hackers were able to gain such wide access and whether the State Department routinely cordons off portions of its network to limit such maneuvers. (WSJ)


Could Clinton’s basement email server have been the key that allowed the wider DOS system hack? Unfortunately, the answer to that depends on your political position. We’ll never know for sure since that server was sterilized before it could be analyzed. The open source articles of a year ago attribute the hack to a DOS employee who opened a phishing email enclosure. Could be, but I doubt that’s the end of the story. Why were the DOS and NSA still having trouble eradicating the hostile code in the system months after discovering the breach? Well it’s my not so humble (in this case) opinion that the NSA and DOS are fools if they believe this phishing attack is the only source of malicious code in this system. Prior to Clinton even becoming Secretary of State, I knew hackers were infesting the DOS system and many other government systems. Most of these were kids, although some had government connections. They were in the routers and switches. I bet they’re still there. That’s far more insidious than hacking email servers. 

At the time, this DOS breach was billed as the worst attack ever against a government agency. Unfortunately the DOS didn’t hold that dubious record for long. The OPM breach was announced in April 2015. This 8 Jun 2015 article from Ars Technica,  “Why the “biggest government hack ever” got past the feds,” is quite informative.


In April [2015], federal authorities detected an ongoing remote attack targeting the United States' Office of Personnel Management (OPM) computer systems. This situation may have gone on for months, possibly even longer, but the White House only made the discovery public last Friday. While the attack was eventually uncovered using the Department of Homeland Security's (DHS) Einstein—the multibillion-dollar intrusion detection and prevention system that stands guard over much of the federal government's Internet traffic—it managed to evade this detection entirely until another OPM breach spurred deeper examination.

While anonymous administration officials have blamed China for the attack (and many in the security community believe that the attack bears the hallmark of Chinese state-sponsored espionage), no direct evidence has been offered. The FBI blamed a previous breach at an OPM contractor on the Chinese, and security firm iSight Partners told The Washington Post that this latest attack was linked to the same group that breached health insurer Anthem.

The OPM hack is just the latest in a series of federal network intrusions and data breaches, including recent incidents at the Internal Revenue Service, the State Department, and even the White House. These attacks have occurred despite the $4.5 billion National Cybersecurity and Protection System (NCPS) program and its centerpiece capability, Einstein. Falling under the Department of Homeland Security's watch, that system sits astride the government's trusted Internet gateways. Einstein was originally based on deep packet inspection technology first deployed over a decade ago, and the system's latest $218 million upgrade was supposed to make it capable of more active attack prevention. But the traffic flow analysis and signature detection capabilities of Einstein, drawn from both DHS traffic analysis and data shared by the National Security Agency, appears to be incapable of catching the sort of tactics that have become the modern baseline for state-sponsored network espionage and criminal attacks. Once such attacks are executed, they tend to look like normal network traffic. (Ars Technica)


The cyber defense community put all its eggs into the Einstein basket. Isn’t that the American way? They put all their hopes and dreams into a massive technical solution. I was a voice in the wilderness arguing for a stronger HUMINT effort. Oh well. Rage against the machine.

This 29 Sep 2015 Washington Post article shows a real life impact of this attack. I wrote of some of the potential impact of this data breach some time ago. 


The CIA pulled a number of officers from the U.S. Embassy in Beijing as a precautionary measure in the wake of the massive cybertheft of the personal data of federal employees, current and former U.S. officials said. The move is a concrete impact of the breach, one of two major hacks into Office of Personnel Management computers that were disclosed earlier this year. Officials have privately attributed the hacks to the Chinese government. Because the OPM records contained the background checks of State Department employees, officials privately said the Chinese could have compared those records with the list of embassy personnel. Anybody not on that list could be a CIA officer.  (Washington Post)


This 31 Aug 2015 Ars Technica article, “China and Russia cross-referencing OPM data, other hacks to out spies,” alludes to something that I discovered through my time exploring the world of hackers. They are different. They decide who they will trust, share with, hide from and lie to based on their own thought processes and mores. Russian and Chinese intelligence and cyber security agencies have tolerated and sometimes embraced this difference much more effectively than our own IC.


The identities of a group of American technical experts who have provided assistance to covert operations by the US government overseas have been compromised as the result of cross-referencing of data from the Office of Personnel Management (OPM) and other recent data breaches, according a Los Angeles Times report. The Times' Brian Bennet and W. J. Hennigan cited allegations from two US officials speaking under the condition of anonymity that Chinese and Russian intelligence agencies have worked with both private software companies and criminal hacking rings to obtain and analyze data. (Ars Technica)


I wrote this post and assembled these articles partially in response to Colonel Lang’s question, “Who would the Russian “hackers” have been?” Russia, China, Israel, Wikileaks and many other entities have a wealth of information that they can use whenever they want to the best of their advantage. Or one of these entities can get a wild hair up their ass and release something juicy just for shits and grins. Those who we refer to as “non-state hackers” are far more technically sophisticated, ingenious and patient than what we think. They may not be as socially and politically adept as the critters that infest Washington D.C., but that’s what draws me to them. Don’t ever sell them short.

I also wanted to put the consequences of Clinton’s unauthorized basement email server in perspective without excusing her egregious actions in this matter. 

As a parting thought, I recommend the USA Network series “Mr.Robot.” It’s the most realistic depiction of the hacker world I’ve seen without actually participating in that world.  The second season recently started. Here’s the plot summary from USA Network. That’s a scene from the show in the above picture.

“Young, anti-social computer programmer Elliot works as a cybersecurity engineer during the day, but at night he is a vigilante hacker. He is recruited by the mysterious leader of an underground group of hackers to join their organization. Elliot's task? Help bring down corporate America, including the company he is paid to protect, which presents him with a moral dilemma. Although he works for a corporation, his personal beliefs make it hard to resist the urge to take down the heads of multinational companies that he believes are running — and ruining — the world.”


This entry was posted in China, Current Affairs, Russia, TTG. Bookmark the permalink.

46 Responses to Ghosts in the System – TTG

  1. Babak Makkinejad says:

    I was not, just as I was not when Admiral Poindexter and Col. North did not suffer any serious troubles.

  2. Babak,
    Damned good point.

  3. Old Microbiologist says:

    Nicely put together! Thanks.

  4. Old Microbiologist says:
  5. Ishmael Zechariah says:

    Is it probable that, in addition to ghosts, there are also spooks in the system?
    Ishmael Zechariah

  6. IZ,
    Most definitely. Well put.

  7. Sam Peralta says:

    IT security is more than software & systems, it is also about process. What are the processes to insure that information on and transmitted between computer systems are secure? Many believe that getting the latest firewall or IDS or some other whizbang will keep their servers secure. But if the guy with root access has a password called root or Admin, all the big bucks spent ain’t gonna make a difference.
    Similarly, when Hillary decided she was going to use her home-based servers for all sensitive State Dept communications, it would be obvious there would be unauthorized access.
    The tools available to beat access control are getting more sophisticated. And the Chinese and the Russians are persistent and have a lot of people working on hacking into all IT infrastructure not just the federal government’s systems. People want convenience and they’re lazy. Convenience means more vulnerabilities and laziness means more opportunities.

  8. Karl Kolchack says:

    I happen to know first hand that all State Department employees are required to take an online cybersecurity examination every year in order to maintain access to the system, and that there is an entire section on the examination regarding phishing and how to avoid being victimized by it. It is also a fact that on at least one occasion several years ago, the State Department was forced to fire one of its contractor IT professionals who committed visa fraud when he immigrated from China.
    The huge number of Chinese immigrants who work for DC area Beltway Bandit contractors would be a huge surprise to most Americans, and given the slipshod way most employee background investigations are handled (also by contractors), the surprise isn’t that government computer systems are being compromised, it’s that it doesn’t happen even more often.

  9. Cee says:

    Fascinating. Thank you.
    I also wanted to put the consequences of Clinton’s unauthorized basement email server in perspective
    Assange said that in his next dump of emails he proves that she had one declassified to send through an unsecure server. Plus some tied to the Clinton Foundation.
    Seems worse than Nixon.

  10. Erik says:

    The private, now sterilized, email server is a classic.
    You can have a system secured behind a high level firewall with key personnel allowed access via VPN/SSH. If those people are careless about saving the login credentials on a home computer and they leave the computer on 24/7, connected to the net, all the hacker needs to do is compromise the home computer (easy as falling out of bed) and he’s in with all he needs to access the secured network.
    I know this because I employ such systems.
    This was a housewife’s amateur move. And she “would be king”?

  11. Glenn G says:

    What amazes me is that few people understand just how devastating this OPM breach was. Nearly every U.S. military member’s personal information. And, information on their family members and friends (references). How handy do you think it would be for an enemy to have all the addresses and personal cell numbers of USAF colonels and generals or the names and addresses of all their children and immediate family members? Or the addresses and cell numbers of colleagues of Raytheon executives? Or special agents for DSS, IRS, et al.? And this is just information off of the SF-86. Any criminal, psychological, drug, alcohol issues discussed during the interview would available to the OPM hackers.
    What makes this whole thing orders of magnitude more egregious is that the vulnerability was due in part incompetent government bureaucracy and greed-based private contracting companies. The initial breach came through KeyPoint, a private (profit über alles) company owned by a private equity firm (read reviews by their investigators on Glassdoor). USIS, the biggest private company doing OPM investigations, lost the contract after they were falsifying investigations and dumping them for profit. And now KeyPoint employees formerly employed by USIS are saying KeyPoint is now much worse than USIS ever was. But OPM is desperate and relies on the private companies to do most of the [box-checking] investigative work. But it all becomes more outrageous when you learn more about it.
    OPM uses the Department of Interior’s IT. As the tech blog Arstechnica explains:
    “The two systems breached were the Electronic Official Personnel Folder (eOPF) system, an entity hosted for OPM at the Department of the Interior’s shared service data center, and the central database behind “EPIC,” the suite of software used by OPM’s Federal Investigative Service in order to collect data for government employee and contractor background investigations.”
    Around the same time it was discovered that Assistant Director of IT at the Department of Interior, Faisal Ahmed, faked having college degrees. He didn’t have any, but made fake diplomas and transcripts to put in his federal employment file. He faked a bachelor’s degree from the University of Wisconsin and a master’s degree from the University of Central Florida. This went on for a half-decade and no one found out. It was only because of an inquisitive alumni person from the University of Central Florida that this was uncovered.
    National Journal (7/15/2015): How a Federal Employee with Fake Diplomas Worked at the Department of the Interior for Five Years
    The system OPM is using can’t be encrypted because it is a DOS (disk operating system)-based, COBOL-programmed system.
    COBOL and Outdated Technology Cited as Factors in OPM Hack
    In 2015 people in the OPM investigations field were sure heads would roll and security clearance investigations would be stripped from OPM, a big bureaucratic government HR agency, and returned to DoD. But the reforms by Clapper and ODNI resulted in nothing more but more bureaucratic BS. Oh, and a name change (from OPM-FIS [Federal Investigative Service] to OPM-NBIB [National Background Investigation Bureau]. But there is rumor of some changes in the process this fall. I wouldn’t expect much.

  12. Glenn G says:

    Sorry, that National Journal link it bad. Here’s a good one on the subject Faisal Ahmed, former IT Asst. Director at Dept of Interior:

  13. C Webb says:

    The Clintons have connections with the hacking community going way back…

  14. Lesly says:

    In the 90s it was the Clipper chip. Today it’s building back doors into hard/software couched in lazy security reasons.
    Does the USG safeguard information and assets against its own successful breaches when systems are updated?

  15. Tyler says:

    Yeah, but it’s racist to notice that.

  16. Brunswick says:

    The Sony Server’s Admin passwords, were “password”.

  17. Origin says:

    Could it be that Hillary’s computers were less hacked than the DOS computers and thus, more secure in reality?

  18. Brunswick,
    A lot of routers and switches had default passwords and default services active when I was working the scene. These devices are most often sitting out of sight in a data center so they are forgotten until something goes wrong.

  19. Origin,
    It’s possible that her email server wasn’t hacked, but that would only be an attempt at security through obscurity. Any .mil or .gov address is a magnate for hackers. Given that she was Secretary of State, she really could not rely on security through obscurity. My guess her server was hacked no more nor no less than the DOS networks.

  20. Lesly,
    No. The IC is more interested in exploiting back doors and vulnerabilities in target systems than in protecting our nation’s information systems from outside enemies. Half of NSA is supposed to do this, but I don’t see it being done.
    I worked with JTF-CND (Joint Task Force – Computer Network Defense) for a while. They were dedicated to the mission and I enjoyed supporting them. They were eventually subsumed into Cyber Command. I don’t know how the defense mission is handled now within our government.

  21. Freudenschade says:

    It’s possible that HRC’s server was a vector for attacks, but without a whole lot more info than is in these links, it’s hard to come to any conclusions.
    I am surprised that they have had such difficulties eradicating the infection. Given the stakes involved, I would have expected a radical solution, such as a staged physical and digital replacement via an encrypted, internal firewalled network that treats the DOS network as hostile territory. Replacing certain software systems that have infected backups might be a challenge, but going back to from scratch installations and data-only restores is a possible way around that.
    It is hard to know without more information. Some of those guys at the NSA are no dummies (hi, Dr. Bob :-)), but the sophistication of attacks has increased tremendously (don’t forget to turf printers, routers, switches and networked devices).

  22. Imagine says:

    COBOL was obsolete by the late ’70’s. You have GOT to be kidding me.

  23. robt willmann says:

    Shifting so much of operations to computers — the “paperless” office idea — has created many more problems than it has solved. Even courts are held hostage to it. Because most bankruptcy paperwork for filing in court consists of forms, federal bankruptcy courts started experimenting with electronic forms and scanning of forms and paperwork. Then they went to mostly an electronic filing system with electronic files. That more or less worked, because of the heavy use of forms. But then the promoters of electronic filing went after the other, non-bankruptcy, federal courts to get them to use electronic filing. Unfortunately, they did so. Then State courts got romanced into it. It is an absolute mess. The State court clerks I know in Texas hate it. It has become another example of private companies making a lot of money from providing the computer and filing software, the computers receiving the files, and maintenance and storage for the court electronic filing system, which has added extra filing fees to each case filed.
    I wonder what computer operating system the U.S. State Department uses? Microsoft Windoze, the walking security hole? Putting all the Office of Personnel Management files on a computer system was just asking for trouble, and they got it.
    Then there was the odd event earlier this year when the Justice Department and FBI went after Apple Computer using the All Writs Act to try to force a backdoor into Apple’s cellular phone software. The reason was a cell phone from the San Bernardino, California incident that they said they could not unlock. The iconoclastic John McAfee, a computer programmer who tried (unsuccessfully) to be the Libertarian Party candidate for president this year, publicly offered to unlock the cell phone in question for free, and finally explained how–
    McAfee also made the startling statement in at least two other interviews that a young person had hacked into the FBI computer system around early February of this year and made off with a lot of records. No media outlet picked up on the story, and the government has been completely silent about it otherwise.
    McAfee has also commented on the fact that some talented computer programmers and hackers appear quite odd in both demeanor and appearance, and so the government gets the jitters and usually will not hire them.
    Clifford Stoll, an unusual personality himself, was involved in investigating the “Internet Worm” back in the 1980’s. Brian Lamb of C-Span interviewed him in 1989, and worked to keep his own composure while doing so. One of Cliff Stoll’s books is “Silicon Snake Oil”. He gave a talk after that book was published in 1996–
    One of the most foolhardy things to be developed is using computers to run the electrical grid. Much of the grid could likely be brought down and crashed by hacking into the controlling computer systems themselves; you would not even need an electromagnetic pulse device to fry the computer chips in the controlling computers. Anyone desiring to cause great damage and havoc does not need nuclear weapons. They would only have to attack the computers that control the electrical grids.
    And a computer-controlled grid does not even save a lot of money, if any. A couple of years ago I went to a legal seminar about energy law, and one lecture was about the computer system that controlled the electrical grid in Texas, which is pretty much a standalone, independent system. I asked the presenter whether the computers made electricity cheaper. His answer boiled down to, “well, maybe sometimes, but not necessarily”.

  24. b says:

    Another unfounded bashing of COBOL and related technologies.
    Note: COBOL in current standards is as modern as most other programming languages. COBOL code is in no way more vulnerable than other code. COBOL has the incredible advantage of being readable, structured and easily maintained. Grab some 30 year old stuff written in COBOL and, for example C. Try to understand and modify both correctly. COBOL modifications will take you only a tenth of the time than you would spend on some C fragments.
    People who claim COBOL is old and must therefor be replaced do not know what they talk about. They have never been in a highly administrative organization (like a bank) which has to run and maintain hundreds of different detailed procedures. This systems may be “old” but they do what they are supposed to do. There is absolutely no reason to change them unless you are a contractor who sees big dollars coming your way.
    Likewise DOS. It can be encrypted like any other disk operation system with the tools designed for it. There is no inherent limit.

    I have written system level drivers in Assembler and C, industrial process controls in Fortran and Pascal variants and highly administrative systems in COBOL. Each language has its justification in its realm. To kick COBOL out from administrative environments (and replace it by what? eternal sins like Java?) might be profitable for some but makes otherwise no sense at all.

  25. Brunswick says:

    When I sat at a desk, every 4 months I had to change my passwords.
    They could not be the same password over all platforms, had to be a minimum of 12 characters, not form an english word, include at least 2 numbers, one capital, and two punctuation pieces.
    I kept my passwords written down on a slip of paper kept in my watch back, usually only needed to refer to it for the first couple of weeks after the change.
    Most of the other people in the cubicle farm kept theirs on a post-it note attached to the underside of their keyboards.
    And of course, the quarterly IT presentations on Security, e-mail, file shareing had no significant impact on the bi-monthly “Anna Kornakova Naked!” Episode or the monthly “send all” flame out embarrasment.
    Humans are humans, but sometimes they are just lazy.

  26. Erik von Reis says:

    There isn’t any evidence that Hillary’s server was a vector in the attacks on DoS networks. There isn’t any evidence that Hillary’s server was ever successfully hacked.
    The two possible ways to use Hillary’s server as a launch pad for an attack that I can think of would be to create a more convincing phishing email, or to find someone’s login information if they were dumb enough to send it in an email. The second I hope never happened. The first may have, but should be easy for an investigatory to find out.
    The fact that the hackers are still in the network just means that security hasn’t found every back door yet. It could be as simple as an agent in the IT department.

  27. jld says:

    Not really, the bulk of the Y2K scare was about fixing a huge number of COBOL programs, old timers made a killing at this.
    I suspect that a large number of “critical” banking software (may be even the majority) is still relying on SOME key applications in COBOL which have never been updated, if only just because they run fine for what they are doing.

  28. Dubhaltach says:

    Those who we refer to as “non-state hackers” are far more technically sophisticated, ingenious and patient than what we think. They may not be as socially and politically adept as the critters that infest Washington D.C., but that’s what draws me to them. Don’t ever sell them short.
    Can’t be emphasised enough.
    A few years ago somebody summed up information security to me as follows:
    “The only information you should have on a computer about yourself or people or things you care about is information you don’t mind your worst enemy knowing about you.”

  29. TTG and All,
    Looking at what ‘Guccifer 2.0’ has to say about his activities, his account clearly depends upon a strong claim about quite how ‘technically sophisticated, ingenious and patient’ the best ‘non-state hackers’ are.
    It is certainly the case with mathematicians that the gulf between what the very best brains and lesser mortals can achieve is awesome. Also, while some top-class mathematicians are highly sane, they can be frankly loopy. Something similar seems to apply with people with a natural gift for computing.
    Perhaps people with relevant expertise could further clarify the question. Can one simply rule out the possibility that it is within the capability of a brilliant and painstaking hacker to do this kind of thing on his own?

  30. Tyler says:

    No. We still use COBOL for a very important database in my agency.

  31. Tyler says:

    Are you an intern or getting paid for writing this nonsense?

  32. Herb says:

    The myth of the “brilliant hacker” is a myth when compared to the power of a state-run hacking team. 99% of hacking is “social engineering”, which is the easiest way to access a system. You are hacking the people and that takes time, resources and is augmented by other sources not available to the lone hacker, as well as institutional history and memory. A “technically sophisticated, ingenious and patient” non-state hacker may dig up the occasional acorn, but is not in the same league.
    FYI, every computer network is under constant attack from Chinese, Iranian, Russian, Romanian probes of every port. There is no security through obscurity for any fixed ip address. Any competent sysadmin should have a system which is immune to these attacks. That bit is really not hard. The difficult part is securing the users themselves. Their devices. Their access. And as we see from the DNC emails, generally these are releaseed in the form of strings, which indicate certain individuals, or certain devices were hacked.
    Regarding DoS, the most likely source of continued intrusion is a mole, and/or infected backups, but belt and suspenders applies to hacking as well.

  33. Babak Makkinejad says:

    I agree.
    Heard about a US government retrofit of an existing base of FORTRAN software; they just grafted the new system onto the old one without discarding it – they could not afford the cost of the re-write.

  34. herb,
    1. You write: ‘The myth of the “brilliant hacker” is a myth when compared to the power of a state-run hacking team.’
    Even if true, that would not necessarily be relevant to my question.
    According to ‘Guccifer 2.0’, he was in the DNC networks for ‘almost a year’. My question was: could an individual hacker get such access, and if he had it – undetected – for this time, could he have obtained all the documents WikiLeaks has made public?
    You have asserted that he could not, but provided no evidence whatsoever in support of your assertion.
    (See .)
    2. As a matter of fact, the ability of state-run intelligence organisations to employ and make effective use of very brilliant – and often eccentric and difficult – people varies greatly.
    The success of British intelligence in both world wars in ‘hacking’ German communications was in substantial measure due to input from some very rum chums indeed – like ‘Dilly’ Knox and Alan Turing.
    I suspect, although I do not know, that the successes of U.S. naval intelligence which made the decisive victory at Midway possible had similar origins.
    In the British case, the ability successfully to employ brilliant and difficult people was due in large measure to critical areas of intelligence being run by some much more conventional people who are also brilliant, if in a different way.
    A critical figure was Admiral Reginald ‘Blinker’ Hall, the Director of Naval Intelligence in the First World War – whose skill in using what his cryptographers told him was crucial in embroiling the United States in the war.
    However, when a young mathematician friend of ours went to a recruitment presentation by GCHQ, she was specifically told that they were not looking for the most brilliant people.
    It seemed to me, from what she told me, that they wanted people who were competent and industrious, and could be counted upon never to tell the powers that be what they didn’t want to hear.
    Would someone like Turing ever have been employed in contemporary British or American intelligence? Or indeed, ‘Blinker’ Hall? I much doubt it.
    It would surprise me if the GRU was able to employ people like Turing. It would surprise me less, if they had people like Hall.
    Be that as it may, it may still be the case that one brilliant and difficult person can do more than a whole bureaucracy of less brilliant timeservers.
    3. If the DNC brings in a cybersecurity firm like CrowdStrike after they discover they have been hacked, it is hardly to be expected that the company in question is going to tell the world that its client’s systems were so lousy that they were easy meat for someone like ‘Guccifer 2.0’.
    Accordingly, unless the ‘evidence’ such a company presents has been subjected to a through critical examination, it is valueless.
    A ‘NYT’ report like that by David E. Sanger and Nicole Perlroth which simply accepts claims from CrowdStrike and ‘several other firms’ which are not named is of very little value as evidence about what is likely to have happened.
    Its principal value is in demonstrating that the ‘NYT’ really has become ‘Pravda on the Hudson’.
    4. ‘FYI, every computer network is under constant attack from Chinese, Iranian, Russian, Romanian probes of every port.’
    I am now quaking in terror. Not only do I have to reckon with my intimate personal correspondence being laughed at in offices in Moscow – obviously, I may be subject to financial blackmail by Romanians.

  35. Sam Peralta says:

    The DNC servers were not secure in any sense. The DNC has so many consultants and others that use their systems. I’m sure the “security” process was non-existent, with people accessing from many locations and devices. It would not take much for a sophisticated “hacker” to get into and download all the files they needed.
    This perpetrator could have been anyone. What is interesting however is the media echo chamber which has focused entirely on allegations from the Clinton campaign that it was the Russians breaking in AND not the fact that the DNC colluded with the Clinton campaign to disenfranchise Sanders supporters. Of course you can’t blame the media entirely when Sanders himself apparently doesn’t care enough.

  36. Herb and David Habakkuk,
    The myth of the brilliant hacker is not a myth at all. This is based on my interaction with this crowd over 18 years primarily over FIDONet and IRC. What marks these hackers is not primarily brilliance, but persistence and patience. They will stick to a challenge for years, learning what they need to learn, testing and trying time after time until the problem is solved. Yes, social engineering is often an important part of an elegant hack. However, as an example, I knew a young hacker who really did live in his mother’s basement who thoroughly penetrated a major Army system without social engineering. He did it through the routers. His ability to manipulate these routers was proven when the much vaunted Army Information Dominance Center couldn’t figure it out even after I gave them the ip address and name of the router.

  37. TTG,
    Most interesting.
    I think one has to keep in mind some of the bizarre contradictions of the Soviet system.
    So, one of its characteristics was a faith in science. But the ‘science’ on which its legitimacy was built, Marxism-Leninism, was pseudoscience. At the same time, however, the system provided very good education in the ‘hard sciences’.
    A predictable consequence was a collapse of faith of much of the intelligentsia – within the system as well as outside – in the system. The contrast between the desperate attempts to shoehorn refractory realities into the intellectual frameworks of Marxism-Leninism and the intellectual rigour of the hard sciences was too glaring.
    In turn, however, this led to a widespread, and uncritical, pro-Western euphoria, back in the ‘Eighties.
    The collapse of this leads to a bizarre situation.
    It is in my view a very common, and fundamental, Western conception, that the contemporary Russian system is a monolithic one, controlled from the top – with Putin being, as it were, a kind of puppet-master.
    In actual fact, one has a very complex interplay of different forces – with both the strengths, and weaknesses, of Putin’s position lying in his being in the centre.
    A corollary of this curious background – and also, the very widespread disillusion with the West – is that you have all kinds of individuals, and groups, who have the technical skills required for rather sophisticated hacking.
    Working out what is, or is not, sponsored by whom, accordingly, becomes very difficult.
    However, it might be easier, if people were not so committed to imposing a simple model on a complex and refractory reality.

  38. David Habakkuk,
    “However, it might be easier, if people were not so committed to imposing a simple model on a complex and refractory reality.”
    Amen. Words to live by.
    I was always impressed by the Soviet Academy of Sciences and the people it produced. I knew several physicists who were top notch scientists and human beings. I don’t know if you are aware of this, but it was Academy of Science types who filled the vacuum of leadership in the days immediately after the fall of the Soviet Union. That didn’t last long. The “sharks” soon pushed the “eggheads” out of the way. In that tumultuous time, the Academy pleaded with Western institutions to take their scientists in so they could continue their research until the Academy could get back on its feet. Russian became the first language in some of the research institutes in Germany. It was a field day for us spook masters.
    As for Soviet computer science (or cybernetics) at the time, I knew an AI researcher who spent his first two years of programming instruction using a blackboard. He wrote in assembler and debugged on that blackboard. That’s how well he understood the soul of the machine.

  39. FB Ali says:

    “It is in my view a very common, and fundamental, Western conception…”
    “Misconception” would have been a more apt word. One can get a good idea of the nature of the power structure in Russia (and the limits of Putin’s ability to “rule” Russia) from this recent NYT piece:
    I think, about the only areas where Putin exercises the control that is usually ascribed to him in the West, is in the formulation of foreign and defence policies.
    Unfortunately, this misconception is not only to be found in popular discourse and the media in the West, but also within policy-discussion and policy-making circles.

  40. F.B. Ali,
    ‘Unfortunately, this misconception is not only to be found in popular discourse and the media in the West, but also within policy-discussion and policy-making circles.’
    Absolutely. The ‘NYT’ report to which you linked seems to be a relatively rare approach to some kind of realism.
    In fact, I think the problem is more general. There is an extraordinary lack of interest among contemporary Western élites in trying to make sense of how societies – including their own – actually work.

  41. FB Ali says:

    “The ‘NYT’ report to which you linked seems to be a relatively rare approach to some kind of realism”.
    I think it was there more to denigrate the Russians than anything else.
    I agree fully with your last paragraph. The delusions that are continually put forward as serious commentary are mind-boggling.

  42. I think your reading of the Andrew Higgins article is absolutely right.
    But this only illustrates the stupidity.
    It is perfectly possible for a correspondent for the ‘NYT’ to observe facts as they are, so long as doing so leads in the ‘politically correct’ direction: almost invariably revealing a kind of maniacal hatred of Russia and Russians.
    Where such evidence might lead in another direction: such as, towards an awareness that Putin is not some kind of demonic mastermind, but a leader trying to grapple with a whole range of rather complex and often highly intractable problems, then the facts are immediately forgotten.
    What makes all this worse is that it is not even a case of intelligent Machiavellianism. In addition to making their lives of others – notably Ukrainians and Syrians – much worse, we have actually been piling up problems for ourselves.
    I do not really understand it.

  43. Herb says:

    I said compared to the power of a state-run a lone hacker is a myth. That doesn’t mean they may occasionally hack into an important system that is poorly set up and maintained.
    But in the case at hand, the vast consensus of investigators now including the FBI believes based on very specific and compelling evidence, is that at least one, if not two Russian security teams were behind the DNC hack, and that they created the mythical “Guccifer2” sock puppet as a false flag to attempt to deter or confuse investigators and the public.
    The evidence being known ip addresses hard-coded in the attack software, ssl certificates that are the same as those used in the Bundestag hacks, etc., etc..

  44. FB Ali says:

    “I do not really understand it”.
    I haven’t examined the issue in any detail. However, I have thought about it of and on, especially when faced with these strange actions.
    It seems to me that the answer lies in a combination of the following: there are all these separate power centres, each pursuing its own policy; some of these policies seek to dominate the world; others merely to knock down Russia and China; some seek to serve the interests of the “military-industrial complex”; many serve Israeli interests; others the interests of whoever has bought that power centre; then there are power-seeking or/and money-seeking people and organizations, pursuing their own interests, even if it be at the cost of the country; …..
    An incomplete list,I readily admit.

  45. herb,
    “But in the case at hand, the vast consensus of investigators now including the FBI believes based on very specific and compelling evidence, is that at least one, if not two Russian security teams were behind the DNC hack, and that they created the mythical “Guccifer2” sock puppet as a false flag to attempt to deter or confuse investigators and the public.”
    I have spent my life being told that the ‘vast consensus’ of experts believed so-and-so. Sometimes the belief has withstood rational scrutiny, on other occasions it has turned out to be hokum.
    A couple of recent posts by a cybersecurity expert called Jeffrey Carr bring out, in my view, some of the compelling reasons for suspecting that, in this case, hokum may very well be at issue. They are entitled ‘Faith-Based Attribution’ and The DNC Breach and the Hijacking of Common Sense.’
    (See .)
    In the former, Carr makes the point that what is required in the kinds of ‘intelligence analysis’ relevant to attributing responsibility for an incident like the leak of the DNC materials to WikiLeaks is ‘hypothesis testing’ – a ‘structured methodology.’
    Some intelligence analysts practice this, others do not. The argument Carr was making was that commonly people working for cybersecurity companies do not.
    Properly practised, such a methodology involves broadening the range of hypotheses to be tested in explaining a given incident to include all that could be reasonably possible.
    One then attempts both to narrow the list of possibilities down, and see what testable predictions each one generates.
    In relation to the material from Hillary Clinton and the DNC, a critical question which needs to be answered in order to see how far one can narrow the range of hypotheses down becomes what a capable individual or small group of hackers could be expected to achieve.
    Actually, this involves different questions – one set about the nature of hacking, another about how poor the security on the relevant networks was.
    As a matter of fact, we have a high-flying young software engineer in our social circle, so I e-mailed to him the same question I had put to TTG.
    In essence, our contact confirmed, and elaborated, what TTG had said in the original post and also what Sam Peralta said in response to my question.
    Summarising his technical observations, I hope accurately: computer systems of their nature are not easily replaced, so that keeping them secure against newly emerging vulnerabilities is a difficult and complex operation, which commonly those running them aren’t well-equipped to do.
    Moreover, once vulnerabilities have been found, automated tools can be devised to exploit them, which can be quite widely distributed. From what he had been able to learn, getting into the DNC server really was not very difficult.
    Accordingly, what would be required to establish Russian state responsibility for the release of the material obtained from the DNC network would not simply be to prove beyond reasonable doubt that the GRU and FSB had hacked it. It would also be necessary to establish that others had not.
    Given that a vast mass of people who for a widely different range of reasons could have been expected to have an interest in breaking into DNC networks, two obvious questions should have been put to CrowdStrike et al.
    What steps do you did you take to attempt to ascertain who, besides the GRU and FSB, might have hacked into the DNC network? is one. How far is the case that all successful hacking attempts into that network would have left traces that enable you to identify them? the other.
    As Thomas Rid made no effort to ask either question, his and the other article to which you link demonstrate little beyond that the fact that, on this issue, the ‘vast consensus’ of ‘experts’ is something which deserves to be regarded with the most acute suspicion.
    As to the notion that metadata using the name ‘Felix Edmundovich’ is ‘specific and compelling evidence’ of a GRU ‘false flag’ operation in relation to ‘Guccifer 2.0’, words fail me.
    If the claim about the metadata is accurate – have the documents been publicly produced? – if anything it would suggest a complicated ‘double bluff’, by someone completely ignorant of the history of the relations of the Russian military and the ‘Cheka’.
    (Just possibly, it could be a ‘triple bluff’, but that seems to me somewhat unlikely.)

  46. jld says:

    In any case it has been meant to be “Russian”:

Comments are closed.