Russia is the hacker?


Someone explain to me what the proof is that Russia hacked the WikiLeaks e-mails.  pl

This entry was posted in As The Borg Turns, Russia. Bookmark the permalink.

62 Responses to Russia is the hacker?

  1. BabelFish says:

    I believe the process involved a recently disemboweled chicken, which was then studied intently by properly trained and titled employees of the NSA.

  2. Parj says:

    and what does it change ?

  3. shepherd says:

    My experience is limited to working with Internet security companies (so take this with a grain of salt). But my impression has always been that it’s fairly straightforward to track down the rough geographic location from which an attack originated.

  4. This report explains some of the evidence collected about the hack methodology and the hackers involved. If this much is available openly, I tend to believe the USG has more. I spent a decade doing this sort of thing and am very familiar with the Russian and Chinese methodology of cooperating with non-government hackers. It’s a modern version of letters of marque.

  5. Here’s another article describing the Russian hacking group that we call Fancy Bear. We don’t know what they call themselves. That’s how good they are.

  6. elev8 says:

    The word “explain” presupposes that there is a proof out there that only needs to be transported into your brain somehow. This random IT person begs to differ. Nobody has produced any such proof yet.
    Basically this should be taken as a lesson on information technology. The Clinton camp doesn’t seem to have learned anything since the days of the “Blue Ribbon”-campaign. They are stuck in the last millennium.

  7. gowithit says:

    I had heard report that a Russian official had remarked that the latest Wiki leak would be happening–prior to the actual release. This “seems” to indicate Russian involvement/knowledge.

  8. TonyL says:

    I agreed with elev8. There is no proof. It is quite easy for the hackers to make it look like the attacks orginated from Russian servers using the same tools that the Russian hackers use.

  9. Frank says:

    There is no proof. Only flimsy allegations from untrustworthy parties with nothing tangible to back them up.

  10. AriusArmenian says:

    From my forty years in the IT industry my conclusion is that US elites are demonizing Russia without any evidence.
    It tells me that the next big target of the West is Russia. With the realignment of the neocons and Republican elites into the Hillary camp the stage is set for catastrophe in 2017.

  11. jsn says:

    Bill and Donald are both suspected of sexual abuse.
    It looks an awful lot like Hillary’s State was shilling for her Foundation.
    Putin is worse than sexual abuse or treason, so it had to be Putin.

  12. eakens says:

    If they’re good enough to steal all of this information, are they not good enough to make others think they’re Russian? What if they are homegrown?

  13. Karl Boyken says:

    The only case I am aware of where there has been anything definite presented to the public is the Shadow Brokers leak of NSA hacking tools. Originally, the leak was announced as a Russian hack of the NSA: Then in October, Harold Thomas Martin was arrested for having NSA hacking tools on insecure private equipment: There is speculation that Martin’s computer was hacked, ostensibly by Russia, or, that Martin was a whistleblower, or someone out to make a buck. But again, there’s no definitive proof.
    I’m a retired IT guy, and I know how difficult it is to definitively attribute any online activity. Given the Obama administration’s ongoing war on whistleblowers, its attempts to smear Snowden as a Russian or Chinese agent, and the Clinton campaign’s attempts to tag anyone who speaks out against them as Putin stooges, I’m skeptical of all these claims of Russian involvement.

  14. turcopolier says:

    I see no reason why these WikiLeaks could not be collected by someone other than the Russians. pl

  15. JohnsonR says:

    Proof? The Borg don’t need no stinking proof!
    If they needed proof, large proportions of the American population wouldn’t persistently believe so many outright fabrications and absurdities which just happen to conveniently promote the interventionist policy of the day, whether it’s attacking Iraq, murdering Gaddafi or regime changing Syria.

  16. Old Microbiologist says:

    Well, the idiots emailed the passwords so it wouldn’t take a genius to have hacked the DNC.

  17. Old Microbiologist says:

    Not being a gifted hacker, but fairly astute at securing my network from NSA attacks (determined by setting a trap using keywords), I personally use a two step VPN and TOR on top of that for anything I want to remain secure. My own network is protected using OPNSense with heavy intrusion detection. I can see the IPs of attackers as well as the routing, but it is pretty easy to spoof IP addresses but not the packets. A little labor is necessary to show it was an outsider but the best is to set a trap. Reference a web page in a keyword laced document known only to me and set up by me that logs the IP address of the person logging on. I give them a little “gotcha” message when they log on. I played with that a few years ago but got bored with it after they stopped playing. Now I like to email back and forth emails to separate accounts using PGP encryption knowing they must waste a great deal of CPU time breaking the encryption. If everyone did that it would shut them down. After all, only suspicious people encrypt emails so we must be guilty until proven innocent. They can’t refuse the bait as it is all robotic. Lots of fun. I have nothing to hide but enjoy driving them nuts.

  18. FourthAndLong says:

    One thing’s for sure: the MSM certainly went to great lengths to focus public attention on the sins of hacking rather than those of the egregious collusion revealed.

  19. Old Microbiologist says:

    If I were a hacker of any note, I would use all of these wonderful internet appliances running linux and create a network of cutouts by creating a vast botnet and have them do the hacking (you can attempt to penetrate millions of IP addresses then recirculate it all back through a second bot net and then to a repository to be accessed by a third set of bot nets. This is being done by nefarious characters to mine for bitcoins but it would be just as easy to set up a bot net for penetrations as well. The Linux devices are woefully insecure and are on a plethora of devices now. Also, it should be mentioned that nearly all hardware is made in China or using Chinese produced chips. Many have already been identified to have embedded code in them for back doors. Intel did the same thing here in the US for the NSA. So it could be China or the NSA as well. Perhaps there are people in the NSA who do not wish to see her elected? Anything is possible.

  20. FourthAndLong says:


  21. But Assange has been publicly talking about an ‘October surprise’ for months. This was no secret.

  22. The Beaver says:

    Surprisingly, the cyber security companies seem to follow the politics of DC.
    When the US govt has an axe to grind against North Korea and “Holy Macaroni”, Sony hack and Lazarus Group banks hack are the works of DPRK
    Couple of yrs ago, it was the Chinese and their famous PLA Unit 61398.
    These days it is the Russians.
    However, no mention of the Ukranians thugs nor the goody two shoes from Herzlia who use servers in Bulgaria or Romania.

  23. Old Microbiologist says:

    No, they caught it when it was posted which was 30 minutes before Wikileaks announced it. They probably set up an alert set to report new posts so they could get a jump on reporting it. That is good news skills which apparently are now a lost art in the US where all news is given to reporters who seem to have forgotten how to be reporters at all.

  24. Old Microbiologist,
    I’ve said it before. Ubiquitous encryption is the key to real security. It’ll stop the hackers and the governments from getting the real goods.

  25. Harry says:

    I asked the same question myself and got a fairly comprehensive answer. I haven’t read the link you posted (very kind) but what I noticed from the other report I read that there is a lot of evidence pointing to a russian based hacker that is sophisticated and is thought to have acted in behalf on the Russian state before. However I have not yet seen any evidence that the emails were taken by this routed – please correct if wrong. I think that absence is notable because there freaky should be evidence of that data being taken.
    In addition there has been no discussion of other infiltration. Put another way, just because the Russians hacked the DNC doesn’t mean the French, Germans, Italians, Israelis etc didn’t as well.
    So yes, some Russians hacked the DNC but no we don’t know that they took any thing.
    Forgive me if I have got this wrong.

  26. Also says:

    While staring at sheep.

  27. pl,
    Sure any number of actors are capable of doing this, but these studies are the result of years of collection, forensics and analysis. It may be patriotic hackers acting without government direction or support, but I’m satisfied that the perpetrators are Russians. I was in the thick of the digital action during the Russo-Georgia War. I see similarities. Perhaps they have assistance from others throughout the world. I’ve seen groups use the help of what I called their “auxiliary” in data centers throughout the world.
    I get that Trump supporters want the culprits to be anyone other than the Russians and the Clinton supports desperately want it to be Putin himself.

  28. turcopolier says:

    Did the sheep die? pl

  29. Harold Thomas Martin seems to be a digital hoarder rather than anything else. He wasn’t even charged with espionage. I don’t think much of the whole Shadowbrokers theory either. I think NSA has another whistleblower in their midst. Those leaked NSA tools looked like a training module.

  30. Chris Chuba says:

    RT did NOT release info before Wikileaks
    1. Wikileaks posted batch #6 on their public website.
    2. A little over 2hrs later Wikileaks tweets out a notification.
    So now the U.S. media harpies are doing their war dance and we have to use scientific notation to represent the number of stories they have gotten wrong.
    The Evidence
    U.S. govt investigators traced the NW traffic to a Russian ISP but this is not conclusive. Nothing stops someone in the U.S. from logging into a server in Russia and hacking from there.
    In fact, when the Russian ISP learned that they were implicated they were irate that they were never contacted by the FBI. They said that they will provide any NW traffic logs that are requested for specific IP addresses. It doesn’t matter, we got the answer we wanted and perhaps we didn’t want to risk giving up any assets. This is bad work on our part. An investigation should proceed until it hits a dead end. This one stopped prematurely.

  31. Tyler says:

    When I was writing my little borg wars serial, I didn’t expect it would become non fictional.

  32. Klaus Weiß says:

    According to FBI documents, Blumenthal files were discovered on a server in … Romania. Darning Russian Romanians. 🙂 or here in order to ocr it:

  33. Fred says:

    Did the Russians also write the Goldman Sachs speeches? Surely they didn’t cash the checks.

  34. TimmyB says:

    Here is some additional information.
    The Crowdstrike people were the first to claim it was the Russians. They were the company hired by the DNC. Every article published about Russia hacking the DNC, prior to the recent US government allegations, is based upon Crowdstrike’s supposed findings from June of this year.
    Oddly, if you read the Crowdstrike report, they claim two different Russian government groups, each with no idea the other was also hacking the DNC, were involved. That conclusion is nonsensical. In sum, Crowdstrike’s claims carry as much weight as Bush’s claims of WMDs in Iraq. No real evidence, just guesses.

  35. TimmyB says:

    Exactly right. The DNC hired Crowdstrike, which on no real evidence blamed the Russians. The Clinton campaign used “the Russians did it” to deflect from the damning contents of the emails and to smear anyone who seemingly benefited from the released information. A real win for the smear merchants at Team Clinton.

  36. TimmyB says:

    Microscopic hair identification and bite mark analysis both sent a lot of people to jail, including some to death row. They too were the result of years of collection, forensics and analysis. Today, they are both considered “junk science.”
    Hackers aren’t inventing the wheel every time they hack a computer. They copy each other’s code and methods. Attribution based on similar methodology isn’t science. It’s a wild assed guess.

  37. Fred,
    I know you’re being facetious, but whoever hacked the DNC and for whatever reasons has nothing to do with the value of the content of the leaked documents. If the Russian government is behind it, I can’t fault them. It is clearly in their best interest to have Trump as President rather than Clinton. They’d be foolish not to try to influence the election.
    I’ve heard these documents described as showing how the sausage is made. Good. I consider it a robust open government policy. We ought to see how the government sausage is made. I’d like to see more governmental and corporate documents exposed to the light of day. Since the Borg thrives on secrecy, I hope the hackers, whoever they are, continue exposing their secrets. If our “free press” can’t or won’t do it, then let the hackers do us and our democracy a favor.

  38. Keith Harbaugh says:

    Anyone have any clues on the situation described below?
    Russian server co. head on DNC hack:
    ‘No idea’ why FBI still has not contacted us

    But the 26-year-old [Vladimir Fomenko], from Biyskin western Siberia, is far from being scared or unwilling to cooperate. In fact, he recently told the New York Times that “If the FBI asks, we are ready to supply the IP addresses, the logs.” However, he says, “Nobody is asking… It’s like nobody wants to sort this out.”
    That was a follow-up to this New York Times article:
    BIYSK, Russia — Living anonymously, down a winding road in the wilderness of western Siberia, not far from the Mongolian border, the only person so far implicated in the flurry of Russian hacking of the Democratic National Committee and other political sites was obviously enjoying the moment.
    “We have the information, but nobody contacted us,” said Vladimir M. Fomenko, a tattooed 26-year-old who snowboards in his free time and runs a business out of a rented apartment.
    “It’s like nobody wants to sort this out,” he added with a sly grin.
    Mr. Fomenko was recently identified by an American cybersecurity company, ThreatConnect, as the manager of an “information nexus” that was used by hackers suspected of working for Russian state security in cyberattacks on democratic processes in several countries, including Germany, Turkey and Ukraine, as well as the United States.

  39. TimmyB,
    There’s nothing nonsensical about two hackers in the same system. I’ve seen that time after time over the ten years I ran in these circles. CrowdStrike based their conclusion on the tool signatures. ThreatConnect supported that conclusion based on an analysis of the hacker’s support infrastructure and method of establishing that support infrastructure.

  40. Fred says:

    “We ought to see how the government sausage is made.” I agree. I think we could do with some real lessons on IT security. BTW did they ever figure out who did the OPM hack?

  41. BraveNewWorld says:

    I am a systems and network administrator and can tell you it is almost impossible to say with accuracy where an attack of the scale suggested really originated and who was behind it. An attack like this won’t come from one computer it will likely be anonamized through a “bot” which is a collection of computers belonging to regular shmoes that have been infected with malware and are remotely controlled.
    The other thing I can tell you is that the vast majority of really big hacks involve some on that is or was on the inside. That inside person can be any one from a person that was fired with an axe to grind to some one that was social engineered. Eg.
    “Hello this is Bob from security”
    “Hi Bob”
    “We are trying to fix that issue your team has been having with the billing system. Can you please confirm the password you are using”
    “Sure Bob it’s …”

  42. BraveNewWorld,
    All what you say is true. I’ve known hackers who passed through a minimum of three compromised routers before logging into an IRC server just to shoot the breeze. It’s a long process to follow them back. These DNC hacks used phishing attacks to first get into the systems. So, again, you’re right about social engineering.
    What allowed these hackers to be partially identified was that there was a long history of high profile hacks to examine. The analysis was not just technical, but all source. Even with all the available data, the individual hackers’ identities are not known, nor is their organization known. What is needed to do that is clandestine HUMINT. That’s what I did for ten years.

  43. turcopolier says:

    So, is Assange out of business? pl

  44. pl,
    Assange is just the public face of Wikileaks. He never hacked this stuff. He just disseminated what was given to him. Wikileaks can and will continue to distribute their material even if he’s left with dropping scribbled messages out the window of the embassy to communicate. There’s also DCLeaks out there distributing this stuff. DCLeaks is thought to be a creation of the DNC hackers. This phenomenon, whether you call it whistleblowing, leaking, resisting the Borg or IO, will be a part of our life for the foreseeable future.

  45. Tim B. says:

    According to Crowdstrike, there were only two hackers or groups, both worked for the Russian government, using completely different methods. And each had no idea the other had also hacked the DNC. Sorry, but that’s absurd. Two hackers? Sure, that’s possible. But both working for the same Russian government, both using completely different methods, and neither knowing about the other? Don’t buy it.

  46. Tim B. says:

    Any hack on a US government or political entity would also “closely [mirror] the strategic interests of the Russian government and MAY indicate affiliation.” In sum, if it’s a US entity being hacked, blame Russia. That’s all the evidence needed.

  47. Pundita says:

    I venture shutting down Assange’s internet connect could fall back hard on Washington. That’s because the act is in the same category as shutting Iran’s banks out of SWIFT, and forcing down Evo Morales’ plane. These acts, played out on the world stage, greatly reinforced the impression across much of the world that the US was now flagrantly abusing its power and had become very dangerous. Not the kind of impression that a ‘Redeemer Nation’ wants to foster.
    And shutting off someone’s internet connection reinforces everyone’s nightmare scenario.
    1. Re the hack ID issue, there was discussion of the question during one part of Steve Cohen’s 10/18 conversation with John Batchelor about the New Cold War. Consenus from IT sources Steve quoted: if it’s done by [sophisticated] state apparatus, it’s technically impossible to trace to the source. Ergo, there’s no evidence the DNC hack was done by the Russians.
    Batchelor chimed in with the point that it’s suspicious Russian ‘fingerprints’ were left on the hack given that Russians wouldn’t leave fingerprints.
    Steve mentions authority MIT prof. Theodore Postol’s statements re identity of hackers, which he also maintains is impossible to trace. He also makes the point that US is using ‘weasel language’ when it ‘reasons’ that the hacking must be Russian because it’s ‘consistent with Russian motives.’ This kind of reasoning takes us into Wonderland territory (my point, not Postol’s).
    Discussion about hacking starts at 13:00 minute mark
    2. I’ve recently stooped to visiting Drudge; he’s reporting on a ‘Hillary bombshell’ National Enquirer cover story, to be released today (Wed Oct19) that takes Smutgate to a new level. If she wanted a smut war, she’s really got one now. Dems can phoo-phoo the Enquirer all they want but they know the rag is famously known to dig up serious dirt. (e.g., John Edwards very messy extramarital affair while his wife had cancer).
    Here’s link to the Inquirer’s teaser article:
    Will any of it make a difference to Hillary loyalists? I’m not the expert on Clinton scandals but I’ve gathered over the years that the name Vince Foster is toxic.
    At any rate the revelations are so — so — so smutty that the MSM might be unable to resist chewing them over. And of course the story broke on the eve of the third debate. We’ll just have see how much of the smut sticks.
    3. To return to trivial matters, much of the discussion between Steve and John regarded whether Joe Biden had actually declared war on Russia during his chatter on Meet the Press on Sunday. The question is a non-starter to US media but it’s a big deal to the Russians, from what Steve said.
    4, In other trivia news, AMN reported yesterday, with accompanying 36 second video, that the Iraqi air force has been pulverizing IS motor columns as the retreat from Mosul toward Syria. So if the US has indeed been planning to let thousands of IS high-tail into Syria, clearly the Iraqis have a different idea.
    The video is also posted to YouTube
    All the talk about an escape planned for IS from Mosul has also greatly alarmed the Syrian Amy, which issued a stern warning yesterday.
    What’s the world coming to, when so many eyes are on the kitchen it’s getting hard to steal as much as one cookie?

  48. jonst says:

    so, as I think the Col can, cautiously, attest to, I have been doing cybersecurity law/evidentiary issues for over 20 years now, as a practicing lawyer. Spoke at the RSA conf (largest security conf in the world) for most of the past 15 years. Many of my presentations on offensive cyber operations (Legal or Illegal: Effective or Not). All which does not mean my take is, automatically, ‘right’. But here it is.
    Any of a 100 groups could have ‘fired the gun’ on this. The more relevant question is: who paid for the bullet? And who did the party that PAID for the bullet, want to appear to be the guilty party here? All of this, and much more, is what makes “attribution” well nigh impossible. To prove. Definitively. But “definitively” is not the legal standard. Educated guessing is. Perhaps, buttressed by ‘old fashion’ voice and other types of intercepts.
    If you want to grasp the legal and diplomatic complexities here, check out the Tallinn Manuel 2.0, the would be ‘Fodor’s Travel Guide to this stuff. I’ve been working with that document a while now. Good luck deciphering it.
    Regarding most of the ‘cybercrime’ investigators, that the Times, Post, et al go for quotes? The ones that got ‘blessed’ by the hedge fund ‘angels’? Check out their corporate DNA…check out where they come from. Check out who are their biggest clients. This is not to condemn them. It is to most certainly assert THEY have their own agendas, in many cases.
    I assume the Russians engage, on an ongoing basis, entities to throw out the fishing nets. To say nothing of their own ‘fishermen’. I assume the Russians, Putin, in particular, recall (in their minds, anyway, and I think them right) OUR cyber intervention in the most recent Presidential Elections in Russia. And in all the ‘color’ ‘revolutions’ as well. Pay back time.
    I would also offer, just my take, and a generalization at that, that Wikileaks is a rather sophisticated player here, who knows how to protect its ‘brand’. They are only going to play someone’s puppet, so far, and for so long. They are not dopes.
    Right now, there are dozens of white, gray, and black entities going around, whispering they can do ‘hack back’, ‘strike back’, ‘electronic self help’, ‘electronic self defense’, ‘anticipatory retaliation’ (yes, the old DOD stand by)…pimping their services to corporate players. In the same manner, and often with the same results, as those emails that rain down on us implying ‘we can get more eyes on your whatever’. They can give you lots of ‘answers’ on attribution. ‘often wrong, seldom in doubt’.
    In the virtual world no one knows your a “dog?” I would alter that and say in the virtual world, no one knows you are a failure. Until the check is cashed. The clarity of the Magnificent Seven ending is acutely lacking in these scenarios. But that is what the spin artists are for.
    Good luck in trying to figure any of this out with certainty. If “certainty’ be your drug of choice.
    And none of this gets into how the media spins the results from so called ‘cybersleuths’.

  49. Fred,
    I’m not privy to any governmental info on the OPM hack. Publicly, they seem convinced it was the Chinese. My experience was that the Chinese did very little to hide their activities. And I do know some Chinese hackers worked with the Chines government.
    I believe the biggest obstacle to effective IT security is IC and LE resistance to encryption. I’d like to see a “moon shot” like effort to bring ubiquitous encryption to all.

  50. Keith Harbaugh,
    Fomenko’s virtual private servers were physically located in data centers throughout the world, even in the US. There’s a good sized industry out there providing these kinds of services. Being physically in the data center is more important to the FBI than talking to Fomenko. I have a lot of experience obtaining such servers and shell accounts and paying for them anonymously. Some make a point of wiping all logs and forensic data off the systems every 24 hours.

  51. JJackson says:

    No, but they were electric sheep. The men merely dreamt about them.

  52. Cee says:

    I’ve read NSA insiders did it. No matter. NOTHING has been denied. Someone did try to create some fake emails to discredit all of them. Heh… the tactic didn’t work.

  53. Pacifica Advocate,
    “The guy who is currently being prosecuted for this hack and others (and who has claimed responsibility) is a Romanian in a US jail cell.”
    You’re confusing Guccifer with Guccifer 2.0. The Romanian hacked Blumenthal’s email among many others. He claimed to have hacked Clinton’s home server, but never released any proof. The Guccifer 2.0 hacker or hacker claims to have hacked the DNC and has released documents.

  54. Valissa says:

    I believe it’s the androids that do that 😉

  55. Clwydshire says:

    The evidence that TTG is pointing to seems analogous to tool-mark analysis, and that remains a respectable forensic method. Bruce Schneier, who many people judge to be one of the best independently minded security experts, accepts the same evidence (here with additional links). Schneier’s link there to the work of Thomas Rid is worth following.
    Like others, I see nothing wrong with this kind of information gathering. Especially if the idiots who hold the information present it to you on a silver platter. What concerns me more is the atmosphere of boundless hostility to Russia that surrounds Clinton.

  56. MarkC says:

    It wasn’t geography or location of routers that was used to establish that Russian hackers perpetrated the hack but rather digital “fingerprints” in the code and tools used that led to a specific group of people whose prior work allowed the “fingerprints” to be catalogued.

  57. Pundita says:

    Wow. Thanks. If it was hacked — I’m trying to imagine what the NEXT prez election campaign will look like

  58. Pacifica Advocate,
    Clinton’s basement email server is a separate issue from the DNC hacks. We have no idea if the basement server was hacked because it was wiped clean before the FBI could get its hands on it. Maybe it was never hacked or maybe it was infested with hackers. We’ll never know. I thought for sure that would lead to obstruction of justice charges. Unfortunately, the FBI telegraphed their move to the very slick Clinton people and the server(s) were wiped before the FBI declared their intent. Instead we are left with a situation in which Clinton could truthfully claim that the FBI discovered no evidence of her now sterilized server being hacked.
    Who knows. Perhaps we’ll see those erased Clinton emails before November 8.

  59. Chris Chuba says:

    How conclusive is conviction by profiling? This Administration takes a year to investigate HRC’s email server where there are easily establish-able facts, yet after only a month they come up with ‘the Russians did it’ narrative conveniently before the election. Since when can this Administration do investigations in a month, answer, when it is to their political advantage and without regard to the damage it does to international relations.
    the peaceful transition of power
    Can someone tell the dodos in the MSM that only Obama can threaten the peaceful transition of power? Trump does not have any power to give to a successor because he is not the incumbent President.

Comments are closed.