[jwtadvice]

I wouldn't characterize everything-is-Russia complicity as an infosec community consensus. I'm in the infosec industry and disagree. In fact, my colleagues and coworkers tend to have far more nuanced and informed positions than what mass media has inappropriately characterized as the infosec consensus.

I remember when Wasthington Post and others were claiming that Russia had hacked voting machines and that the infosec community agreed with that. All kinds of researchers reached out to complain but their voices were never heard. Instead the story was quietly dropped when it turned out it was PR and propaganda bullshit.

I'm sorry that you have an impression that there's an infosec consensus on this.

It doesn't exist.

[thraway2016]

Thanks for your response. I'm peripherally interested in application security, so I've followed SwiftOnSecurity, the grugq, HN's very own tqbf, 0x00string, xntrik, matt blaze, etc. I also listen to Risky Business, LiquidMatrix, cyberwire, etc.

My impression based on following "thought leaders" and listening to the most highly-regarded podcasts is that the community is, in fact, exactly as I described. (even the recent appointment of IC shill Jeff Man as a regular on Paul's Security Weekly has dramatically shifted his show in that direction.)

If you don't mind, can you recommend other people to follow/listen to that might balance out the impression I have received? Thanks.

[cyber_gr1zzly]

In terms of the NatSec - which has a broad overlap with InfoSec on twitter: pwnallthethings, shaneharris, jimsciutto, josephfcox, etc. all provide useful insight.

Broadly though, punditry shouldn't be used as a proxy for consensus.

[daddyo]

I thought pwnallthethings is also in the Russians-did-it camp.

DNC hack: https://twitter.com/pwnallthethings/status/74319706484310425... "Gosh, I wonder what outlet Russian intelligence is going to use to launder these stolen documents."

Podesta Hack: 14 year old hackers vs. Russian Intelligence

https://twitter.com/pwnallthethings/status/81662561706823680... "How many accounts did this "14 year old" hack? About 1800. In 2015. Who were these accounts? Mil, govt personnel in the West, defence cos, journos critical of govt in Russia etc"

DNC hack connected to German government hack

https://twitter.com/pwnallthethings/status/75689252388524032... "Reminder: Malware control servers used in DNC hack were also used in the hack on Bundestag linked to Russian intel."

Influencing politics

https://arstechnica.com/security/2016/06/guccifer-leak-of-dn... ""There's also the fact that the hacker is publishing documents at all, which rules out lots of nation-states," the PwnAllTheThings researcher told Ars in a private message. "China, for example, would happily spy on the DNC to try and get the Trump oppo [opposition] research to support their foreign policy objectives, but they wouldn't publish the documents to influence the election.""

[snowwrestler]

pwnallthethings has also gone through great pains to walk through the evidence (much of it public) and analysis that informs their opinion of attribution.

[jwtadvice]

I follow a number of the podcasts, blogs and outlets that you've listed and have a different impression entirely.

So I don't really know how to resolve that for you.

[nunobrito]

"Russians" seems to be the answer for mainstream media that forgets the ongoing internal power fight between FBI/CIA/NSA. This just got worse and more divided since the election cycle.

The infosec community does not has a "consensus". If the article writer wanted to do something useful, please consider a deeper investigation and pressure the alphabet agencies to work together rather than against each one another.