[nl]

Bloody Hell.

I find it very frustrating that intelligent people don't seem to follow through their thought process here.

The intelligence community will never be able to release enough information to satisfy people. The information will either be so non-specific as to be useless ("we had spies who told us" - would anyone here believe that anymore than they do now?), or so specific it will damage ongoing interests ("We have communication intercepts between the hacking groups and the GRU/FSB, and there they are, and here is how we got them" - it's likely there are actual humans involved in that process who will die if they are exposed).

It's fair to argue that this issue is so important that burning some resources is worth it, but no one is taking that angle.

Don't mistake this for defending the US report though. It was terrible and made the situation much more confused. Before the report it was much clearer that Russian groups (either government or non-government) were involved, and now people are (incorrectly) questioning even that because of the pathetic report that was produced.

It's much more interesting to discuss the shared conclusion was formed that "the Russians" were trying to throw the election to Trump (rather than just to sow chaos).

[santoriv]

> The intelligence community will never be able to release enough information to satisfy people. The information will either be so non-specific as to be useless ("we had spies who told us" - would anyone here believe that anymore than they do now?), or so specific it will damage ongoing interests ("We have communication intercepts between the hacking groups and the GRU/FSB, and there they are, and here is how we got them" - it's likely there are actual humans involved in that process who will die if they are exposed).

This argument seems plausible. Even so, they are doing a very poor job of convincing knowledgeable folks.

To a large degree, this comes down to an issue of trust.

Do you trust the US intelligence community?

Consider that James Clapper, the current Director of National Intelligence, "wittingly" lied to Congress about spying on US citizens. Also consider that the CIA spied on the Senate Intelligence Committee while the committee was investigating the CIA's torture program, initially lied about it to the Senate, then admitted it but said that it wasn't wrong.

They lie with impunity to Congress, the people who _theoretically_ have power over their budgets.

Do you think they will balk at lying to the press or the American public?

[edblarney]

"To a large degree, this comes down to an issue of trust."

The other major issue was that it was in the context of a political campaign, and one side could claim the other was doing whatever for political reasons.

I think outside of Trump v. Clinton, it might have had more credibility in terms of perception.

[AnimalMuppet]

Clapper lied because he considered the program (the one he lied to defend) to be in the security interest of the US. One could see, from his point of view, why he could think this. (I think it's too narrow a view, but I can see how he could have tunnel vision in this area.)

Does the intelligence community have reason to believe that lying about Russian attempts to manipulate a US presidential election are justified? For them to believe that, they'd have to believe either that Trump is an existential threat to the US, or that Russia must be countered starting immediately.

[apeace]

It's simply not true that "the intelligence community will never be able to release enough information to satisfy people".

A few days back, the same author wrote[0]:

> On the other hand, if they've got web server logs from multiple victims where commands from those IP addresses went to this specific web shell, then the attribution would be strong that all these attacks are by the same actor.

All the FBI/DHS have to do is say: Organizations A, B, and C all have server logs showing this IP address deliver the same malware.

That would be enough information to attribute the hacks to the same actor. If the FBI/DHS were lying about Organization B, then Organization B would speak up about it.

The author of this post is right to point out that the attribution given so far is not only incomplete, but is borderline bizarre.

[0] http://blog.erratasec.com/2016/12/some-notes-on-iocs.html

[nl]

The attribution issue isn't the malware (or it wasn't before this debacle).

The attribution issue was whether it was "the Russians".

[sergers]

I feel I need proof to the fact Russia passed the data to be leaked.... Or was it some other org who had their hands in the same pot and cleaned up better their traces?

The focus has been arguments if they were responsible for hacking incidents during election.

I am sure US hacks many other governments, but does not release/leak the data. I am sure Russia, UK, Germany, china, and others do the same.

So more than highly plausible that they did hack DNC etc during election...

Is there any evidence of the data being extracted to Russia/Russia groups specifically..(not just access to the system).

Call me a nut, but its easier for govt (to save face, alterior motives) to claim state actors than the guy living in a bsmt suite down the street.

Also it was clear Podesta/HRC/US had a vendetta against Julian Assange before specific leaks... Which was confirmed with the leaks.

He could have orchestrated it himself or by WikiLeaks (rather than just receiving the info via leak).

Maybe WikiLeaks has Republican data and other data and just didn't release it.

Julian Assanges goal was to disrupt the democratic election and slap back the DNC Podesta and hrc...

This is a fact. And his goal was accomplished.

[flukus]

> The intelligence community will never be able to release enough information to satisfy people.

Then they should say nothing. "It was the Russians, trust us" simply doesn't cut it.

[Fnoord]

Its not meant to convince those who are skeptical of the intelligence community (the same organisations who failed at 9/11, Boston, Paris, Brussels, Madrid, .., or even Iraq). It is propaganda. Its meant to convince those who believe what the intelligence community has to say. The question is, are we going to convince those believers otherwise? After all, they're in their own bubble.

Is wasting your time on trying to refute this intelligent? Intelligent people can spend our time better than trying to refute obvious propaganda. Ie. we're wasting our time.

The reason people are skeptical is because the track records of CIA, NSA, FBI, .. don't add up in history. Yet only in hindsight -in history, when FOIA requests are granted with less and less censorship on the documents- will we get a better picture on who was right and who was wrong. And we may end up never getting the full picture.

[lsh123]

> Then they should say nothing. "It was the Russians, trust us" simply doesn't cut it.

This would be better than releasing a report that makes no sense to technical/security people.

[petre]

This Russians hacked the election narrative is just like Saddam has WMDs back ten years ago, only more dangerous. So unless any hard evidence comes to light, we can safely dismiss it as propaganda and not get too excited about it.

[extra88]

It's not "just like" that because people in the Bush administration were pressuring the CIA to say the thinnest of evidence proved he had WMDs and was trying to get nukes then repeated the claim again and again.

Cut to 2016 where none of the intelligence branches claim Russians "hacked the election," they claim they hacked the DNC and other political organizations for political ends. There's no evidence that anyone in the Obama administration pressured the CIA, let alone multiple other intelligence branches to make those claims. There have been concerns that Russians tampered with voting machines themselves but they only things LEOs, intelligence branches, and other representatives of the Executive branch have been saying is when they've looked, they've found no evidence that it happened. So, not like "Saddam has WMDs" 14-15 years ago.

[nailer]

It's being used as a shield for the DNC leaks (eg, make the issue that the leak happened, rather than e.g. that the government deliberately played down the Benghazi attacks, DNC had already chosen Hillary as the nominee and was working to undermine Sanders), and to delegitamise the new administration, in the same way Iraq WMD was being used as an excuse to build the US's position in the Middle East.

[extra88]

Those are not analogous at all.

[djsumdog]

Russia and the US are allies and both produce propaganda to propagate the myth they are not. It helps keep Americans unfocused. The anger (misplaced anger really) is used to divide the America people and help them forget about the banks that profited in the 2008 financial collapse and the massive war industry that requires endless conflicts in order to keep its masses employed:

http://fightthefuture.org/videos/does-voting-make-a-differen...

The CIA has admitted before congress that it places adverts in magazines and has refused to answer questions on whether or not they do so on TV as well.

I agree with you entirely. It's exactly like the WMDs. We are in an era where social media networks are talking about filtering out real/fake news. This should worry everyone. "Simply don't use Amazon/Google/Facebook" is less of an option when these industries as so big they control the distribution (and therefore the narrative). Who determines the algorithms on what is real and fake? (I hope it's not the people who created Postini/Google's spam algorithms with its insane false positive rate).

It's not limited to America. We don't live in the Iran/China/Saudi 1984 where governments actively censor content (and consequently, most of the citizens know they are being censored). We live in that other version where lies and facts are mixed into all of our news and content so it's impossible to tell what is real, and what is propaganda.

[petre]

Career politicians always divert the public's attention and engage scaremongering to hide the fact that they are in fact incapable of managing the economy. They do this to stay in power. If nothing else works, blame the <insert other country, ethnic or religious minority here> and start a war.

Just look at Turkey's Erdogan. He's blaming an expat preacher and his followers for the coup in order to tigthen his grip on institutions and the media, arrest HDP (Kurdish moderate left wing party) MPs and leaders, ultimately leading to PKK (Kurdish commie extermists) reemergence. Putin is a role model for him.

[agildehaus]

> It's much more interesting to discuss the shared conclusion was formed that "the Russians" were trying to throw the election to Trump (rather than just to sow chaos).

Not sure those are mutually exclusive. Tipping the election to Trump seems to be a good way to sow chaos.

[hartator]

> It's much more interesting to discuss the shared conclusion was formed that "the Russians" were trying to throw the election to Trump

And it's why we need proof. Guessing a password or phising it can be a one man operation.

[thomasdub]

I appreciate the sentiment that anyone can phish or password guess, but even a cursory glance at infosec reports shows there was an operation targeting the DNC that was far more sophisticated than a one man job.

Firstly we know that that Podesta's account was targeted by a phishing email with a bit.ly link [0]. We have proof the bit.ly phishing link in this email was clicked twice in March [1], and his wikileaks dump stops two days after that. The bitly link uses the TTP of base64 encoded strings targeting a google account. We know DNC staffers whose information was leaked by DC Leaks, like Rinehart, were targeted the same way [2] and that the same infrastructure hosted the Rinehart and Podesta phishing pages, along with plenty of other phishing sites [3]. You can verify the bitly links if you like.

We have reports long before Wikleaks released Podesta's information, and before DC leaks had released most of their information, that the same TTP of bitly links with base64 encoded strings that targeted Podesta, Rinehart etc. were targeting other high profile targets in Clinton's campaign [4] as well as Russians, Ukranians etc. [5]. According to security firms these were all using the same two bitly accounts.

Those attacks were attributed to APT 28 by private companies long before Wikileaks released any Podesta information.

We also have proof the same infrastructure that hosted dcleaks [6] hosted domains targeting Syrian human rights groups, Ukranians, Turks, Google accounts, Microsoft accounts etc. or that other IPs used were also used in attacks against the German Parliament, Tv5 etc. That's definitely circumstantial, but a one man job would be terribly unlucky to use a private Romanian server seen used in previous attacks attributed to a state actor.

Sure this could all be circumstantial, it definitely doesn't prove Russia did anything, but the suggestion that this is a one man operation is ludicrous - almost 4,000 people were targeted by the group that targeted the Clinton campaign. In relation to your other comment below, Assange has less credibility than the DHS report unless he comes out with some sort proof.

[0] https://wikileaks.org/podesta-emails/emailid/34899 [1] https://bitly.com/1PibSU0+ [2] http://www.thesmokinggun.com/documents/investigation/trackin... [3] https://www.passivetotal.org/search/80.255.12.237 [4] https://www.secureworks.com/research/threat-group-4127-targe... [5] https://www.secureworks.com/research/threat-group-4127-targe... [6] https://www.threatconnect.com/blog/does-a-bear-leak-in-the-w... and indeed this entire series.

[ivan_gammel]

There's a lot of state and private actors interested in collecting intelligence on possible outcome of the elections. Many could touch DNC networks and leave some trails (including two supposedly Russian intelligence agencies). Publication of e-mails can be related to the intrusion, but can be the result of an inside job. It's not one man's job - yes, sure, but how many people can rob the same supermarket during riots?

[ivan_gammel]

Some attributions of the attack came from private security firms, not from intelligence community. Can their analysis be released or they have ongoing interests too? It would be interesting to know if espionage activities are privatized in USA and "actual humans who will die" work for private corporations.

[probablyexcept]

Private companies like Crowdstrike would probably love to reveal their analysis however they would be restricted by the actual data owners (e.g. the DNC) and I would guess ongoing government investigations. Plus why blow all of your signatures when they still work?

Outside of that, there's tons of data online already regarding Russian government hacking activity: http://researchcenter.paloaltonetworks.com/2016/06/unit42-ne... https://www.fireeye.com/content/dam/fireeye-www/global/en/cu... https://securelist.com/blog/research/72924/sofacy-apt-hits-h... http://researchcenter.paloaltonetworks.com/2016/09/unit42-so...

Do you think understanding the tools, infrastructure, coding styles, activities, targets of these groups allows them to perform attribution?

[ivan_gammel]

I'd say, there should be a report that assembles all this data and makes proper statements on facts that cannot be disclosed. I personally don't have enough time to read and verify all these links to be able to reconstruct the full picture. I just see that some parties report the intrusions (and I agree that it's likely happened); US government publishes some BS as a proof; some parties discuss the impact of Wikileaks publication on elections; some link all this together and build a theory about Trump winning because Russia influenced the elections by publishing dirty stuff of DNC (it's at least not obvious that the actor thought that victory could be achieved by such means and that there existed any intent to alter the result of elections that way).

[stefantalpalaru]

> Do you think understanding the tools, infrastructure, coding styles, activities, targets of these groups allows them to perform attribution?

No. First they ignored all the other intruders on the DNC network because they didn't fit the Russian narrative, then they took a Chinese tool of choice like X-Tunnel and claimed it's some custom Russian tool, then they forgot to tell us that the actual email exfiltration had nothing to do with the internal intruders - it was just phishing, done from the outside.

These private digital forensics companies act more like PR companies, so trusting them with something you can't verify is silly.

[mtgx]

As Snowden recently said (and it was already logical to assume that) the NSA should have the proof if the hacks as described by the U.S. government right now happened.

And they wouldn't really have to "burn sources" to do it, at least not in the sense that they would put spies in danger. But seriously, if this was such an issue, I would've rather they'd pulled those spies and showed the proof, than just trust them to start WW3 over "secret info that's totally real."

[ivan_gammel]

This case does not worth to pull the spies. If such intelligence was collected by spies (which I highly doubt), it would mean they have extraordinary access to information and they are too valuable to be exposed on such cause (it's much more important to keep them on their place and continuously monitor cyberwarfare capabilities of Russia). Protecting them would be the top priority and there would be a whole another game to hide their traces (probably not pointing to Russia at all and taking hidden asymmetric measures). So, I don't believe such information could be collected by spies if intelligence community presents it this way.

[voidr]

> I find it very frustrating that intelligent people don't seem to follow through their thought process here. > The intelligence community will never be able to release enough information to satisfy people.

This is as far as my personal intelligence takes me:

* US officials and departments like the NSA have a history of lying to the public

* professional hackers are impossible to track down, therefore any evidence suggesting that they know exactly who it was will be met with great scepticism

* the information they released actually confirms that it could have been any hacker, because they used tools that are easily accessible

* the US seems to have a political agenda here

Knowing these facts I am just unable to believe the narrative. You could argue that they cannot release actual evidence, however that just makes me question the act of the DHS getting into this mess in the first place.

[Shivetya]

How can they not convince Congress, apparently both parties don't trust the claim? If you cannot convince another branch of government, in particular one that can fund and write laws to assist in continued action against, then you have an apparatus that is more politically oriented than public oriented.

[akhilcacharya]

> were trying to throw the election to Trump (rather than just to sow chaos).

It could be argued that both of those are the same.

I doubt they would be reckless enough to gamble on the former to be honest, when almost everybody thought HRC had it in the bag.

[unclebucknasty]

>I doubt they would be reckless enough to gamble on the former

I'm not sure how it would look any different if they did.

>when almost everybody thought HRC had it in the bag.

Wouldn't that be the only reason to try throwing it to him? If he had it in the bag, it would be unneccessary, right?