Hacker News new | ask | show | jobs
by pabloski 3278 days ago
What events? The fact that Russia is the second most targeted country?

Come on, this is the same old and tiring fake news from the "famous" hungarian oligarch's mass media.

Even CNN has admitted to have produced fake news on Russia and Trump http://www.abovetopsecret.com/forum/thread1176663/pg1

Seriously, this bullshit about the russian is starting to become irritating.

My dog died yesterday. I am sure, it was Putin who did it!
1 comments
shallot_router 3278 days ago
For one: if you're using Above Top Secret as a source...

But anyway: there's a lot of sensationalizing and outright falsehoods when it comes to attributing things to the Russian government, no doubt, but we do know they leaked the DNC emails and have a very powerful and aggressive cyber intelligence department.

No, there's no evidence Russia is behind this, but they're starting off as the prime suspect for a lot of good reasons.

It's one day before Ukraine's day of independence from the Soviet Union. Ukrainian tax software, 1 of 2 mandated to be used by all companies in Ukraine, was used to spread it. A high-ranking Ukrainian intelligence official was assassinated the same day. Ukrainian government and companies have been very disproportionately affected. The ransomware was a cover for a data wiper; clearly it has a political rather than a monetary goal. Russia has been caught red-handed in cyberattacks against Ukrainian infrastructure for several years.

It's the Russian government or someone trying to frame the Russian government; I think we can agree on that. We just don't know which it is yet.

link
qb45 3277 days ago
> For one: if you're using Above Top Secret as a source...

I presume the original source is this Project Veritas video where they covertly recorded some CNN employee talking that the stories about Russian interference are mostly empty talk without evidence produced because their viewers want to hear them.

> we do know they leaked the DNC emails

We don't, we know they hacked the DNC if we take CrowdStrike's word for it but there is no proof that Russia contacted WikiLeaks and WikiLeaks claims the documents came from an insider. Though it's another question how well they verified that this insider wasn't a Russian agent.

> Russia has been caught red-handed in cyberattacks against Ukrainian infrastructure for several years.

Any examples of that? I can believe that Russia is screwing with Ukraine but I would like to see some links.

link
shallot_router 3277 days ago
>I presume the original source is this Project Veritas video where they covertly recorded some CNN employee talking that the stories about Russian interference are mostly empty talk without evidence produced because their viewers want to hear them.

No, the recordings were out-of-context clips saying that their Russia reporting was sensationalized. I believe they were likely referring to their constant reporting alleging or implying that Trump or his campaign colluded with Russia - this is a very, very different statement from the nigh-proven allegation that the Russian government tried to influence the election by hacking the DNC. (Side note: they allegedly hacked the RNC too, but did not publicly release any of their data.) That was reported on 7+ months ago, while the recorded clips cover recent events.

Don't get me wrong, CNN is a shitty and very biased organization seeking ratings above all else, but the Russia story is much bigger and more complex than some soundbites.

Countries like the US and Russia do this to other countries all the time: this is not new by any means. What would be new is if Trump's staffers were plotting this influencing with the Russian government ahead of time: that is what there is no strong evidence of, so far, and what CNN and some other outlets have been boosting their ratings with.

>We don't, we know they hacked the DNC if we take CrowdStrike's word for it

Far more than just CrowdStrike. Try all of these private firms, in the US and worldwide, including Kaspersky half-confirming it, plus the entire US intelligence community on every level: https://www.reddit.com/r/NeutralPolitics/comments/52uj5c/do_...

And a few more sources, if you want:

https://www.secureworks.com/blog/russian-threat-group-target...

https://www.secureworks.com/research/threat-group-4127-targe...

http://www.cnn.com/2017/06/27/politics/russia-dnc-hacking-cs... (I know it's CNN, but the pertinent quote is from a FireEye analyst: "We have high confidence that this is a Russian intelligence organization," Hultquist said. "Because we've been tracking this actor for so long and we've seen so many artifacts, forensic and otherwise, that suggests that this actor is carrying out Russian intelligence missions.")

I'll gladly dig up 10+ more if you want to argue about what the private sector says about this. (Disclaimer: I do work in infosec, so I could have a slight bias.)

So maybe you don't trust the CIA, FBI, NSA, DIA, etc. all agreeing... but do you also distrust CrowdStrike, Kaspersky, ThreatConnect, FireEye, and Dell SecureWorks all independently investigating and agreeing that CrowdStrike's initial analysis was not only correct, but even missed other indicators. These are all competing firms. Admittedly, all but one are in the US so you could allege they're all being paid off by the government... but Occam's razor and all.

>Any examples of that? I can believe that Russia is screwing with Ukraine but I would like to see some links.

There are many examples but I CBA to find sources right now. Check the references in these articles:

https://en.wikipedia.org/wiki/December_2015_Ukraine_power_gr... https://en.wikipedia.org/wiki/Cyberwarfare_by_Russia#Ukraine

Note Russia was and sort of still is at war with Ukraine, so it's not remotely surprising they would use these tactics against them. All superpowers use information warfare against countries they're warring with.

Petya/Petna/Nyetya so clearly looks like an attack by Russia that I think it's obvious it's either an intentional framing (by the US, or perhaps a wildcard state like NK or Iran; or who knows) or it's just what it looks like.

link
qb45 3277 days ago
> Far more than just CrowdStrike. Try all of these private firms, in the US and worldwide, including Kaspersky half-confirming it

ACK

> plus the entire US intelligence community

For the record, AFAIK these based their report on data from the above companies. IIRC there was a story that the FBI was denied access to DNC machines but they still signed this report attributing the hack to Russia. That's why I said it's pretty much CrowdStrike's word.

> I do work in infosec

OK, so I'd like to use this as an opportunity to ask another question - is it normal to let such intrusions last for so long? CrowdStrike blog claims that they identified Cozy Bear and Fancy Bear immediately after the DNC hired them, which per the WaPo article they link happened in late April. WL emails run until May 25th and cleanup had been finished on June 14th, shortly after WL announced that they received the material. Does that make sense? I would naively expect that they were supposed to prevent such exfiltration.

link
shallot_router 3277 days ago
>For the record, AFAIK these based their report on data from the above companies.

Perhaps in small part, but it's already leaked repeatedly (see the recent NSA leak from Reality Winner) that the NSA, perhaps along with other agencies, has classified intelligence linking this group directly to their cyberintelligence divisions, along with evidence supposedly showing Putin explicitly ordered it.

>OK, so I'd like to use this as an opportunity to ask another question - is it normal to let such intrusions last for so long? CrowdStrike blog claims that they identified Cozy Bear and Fancy Bear immediately after the DNC hired them, which per the WaPo article they link happened in late April. WL emails run until May 25th and cleanup had been finished on June 14th, shortly after WL announced that they received the material. Does that make sense? I would naively expect that they were supposed to prevent such exfiltration.

I think if it's true that they were hired in April and emails dated May 25th were leaked, then yes, it's unusual they'd be unable to remediate the compromise after so much time. It's possible there's more to that story I'm not aware of (perhaps they intentionally let them stay on the network so they could better monitor them; this is not unheard of at all), or it's possible the group was just really good and hard to evict from the network. Or their incident response team did a bad job securing the network.

link
qb45 3276 days ago
The connection between these APTs and DNC and determination of the scope of each group's activities seems to be dependent on CrowdStrike investigation. That they are likely Russian is another thing.
link