[rkcf]

Before the GRIZZLY STEPPE report I found myself asking where the proof for the insinuations of a Russian hack to influence the US elections was. I still ask that question after the report was released. I find it completely plausible. However, given the turbulence and hyper-partisanship of this election cycle, I need a bit more than 'It was the Russians because we say so'.

[dragonwriter]

It was first attributed to the Russians by CrowdStrike. I have yet to see any even remote indication of partisanship, especially pro-Democratic partisanship by CrowdStrike or its ownership.

[bcoates]

CrowdStrike's partisanship is like the news media's: bias towards spectacle, unwarranted certainty, and producing a coherent narrative facts be damned.

[dragonwriter]

Seems if that were true that they'd be pretty ineffective at their job as a cybersecurity firm and easily outcompeted in the market.

[bcoates]

They don't get paid for the accuracy of their public pronouncements, it's just a marketing tool to raise their profile. It doesn't prevent them from being competent and maintaining clients.

Also, most clients would be more than happy to have someone proclaim that the reason they got owned was because they were the target of spooky foreign state actors and not because they're bad at security. There's no money in downplaying the sophistication of an attack.

[stefantalpalaru]

> I have yet to see any even remote indication of partisanship, especially pro-Democratic partisanship by CrowdStrike or its ownership.

Maybe you missed the part where they were hired by the DNC or the part where the ownership is not from the reality-based community: http://www.atlanticcouncil.org/about/experts/list/dmitri-alp...

But the biggest indicator is their attribution based on internally coherent narratives instead of facts - that's not how actual digital forensic experts operate.

[Zigurd]

Another big reason it is plausible, and specifically plausible that it's the Russians, is that you can find the full range of cyberwarfare deployed against US allies, for the purpose of weakening transatlantic and european unity. From accusations by GCHQ of hacking to support a yes vote on brexit, to takedowns of infrastructure in Ukraine.

[lossolo]

Exactly. Democrats lost everything in this elections, they could just blame Russia, why not? But then what does it say about USA democracy if couple of hackers can change who will be the next POTUS ? This is double edged sword.

Until I see evidence of Russia involvement I don't want to make any judgments. I am just tired of constant narration "you know it was Russia, you don't need proofs". It would be great to see some real proofs this time.

[dragonwriter]

> Democrats lost everything in this elections, they could just blame Russia, why not?

It was attributed to Russians first before the election, and by a private cybersecurity that has never, AFAIK -- even since the attribution -- been accused of Democratic partisanship. So the idea that the Russians are being blamed by the Democrats because the Democrats lost everything in the election, while a convenient political narrative for Republicans, isn't consistent with the facts.

[lossolo]

> So the idea that the Russians are being blamed by the Democrats because the Democrats lost everything in the election, while a convenient political narrative for Republicans, isn't consistent with the facts.

Sure, this can be one side of the coin but attributing something to someone without proofs will not make it a fact, doesn't it? I don't recall seeing any proofs. Maybe it was just convenient to democrats to just flow with that tide, they benefit from that for sure in current situation. But then there is second side of the coin, that Russia indeed was behind that hack and then what you wrote would be true. That's why I am not making any judgments.

[ivan_gammel]

Did that private security publish any proof?

[thomasdub]

What sort of proof are you looking for?

If you're looking for firewall logs or hard drives with definitive proof that malware on certain machines was linking back to particular servers then you're out of luck. However Crowdstrike, the firm that the DNC used to investigate the intrusion, published a report that shows some of the code used and other IOCs from the attack [0].

A security firm like Crowdstrike would have lots of familiarity with these APT groups from previous investigations, so when they identify these groups they have evidence (i.e. they found specific malware or tools that are known to have been used in previous attacks, connections to or from known bad domains, IP addresses etc.) that links the attacks to these groups.

This, however, doesn't prove that APT 28 and 29 are Russian, but if you search for information about these groups, their Tools Techniques and Procedures (TTPs), who they have targeted etc. you can draw your own conclusions.

Note, this was long before the election and before there was politics surrounding the attribution. However this data is only about the intrusion into the DNC's network, and not necessarily linked to the release of personal emails of Podesta & co.

[0] https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...

[ivan_gammel]

Proof of any damage or an apparently hostile action that could cause damage, that was confirmed to be done by Russian state actors. Crowdstrike report shows only signs of intrusion, but you would not expel 35 diplomats for a radar touching your airplanes, right?

[thomasdub]

The report shows far more than signs of intrusion - modules for credential theft, data transmission, persistence mechanisms, keylogging etc. were all discovered. I'd call that hostile.

I'm not sure I get your analogy, but no, I wouldn't expel anyone for "radar touching my planes", but in this case that's the equivalent of browsing the DNC website. If someone had broken into my airforce base, stolen security badges to get into other airforce bases, was photographing planes and stealing and leaking blueprints then you better believe I'd take action