• FBI: DNC rebuffed request to examine computer servers
    31 replies, posted
[quote]Washington (CNN)The Democratic National Committee "rebuffed" a request from the FBI to examine its computer services after it was allegedly hacked by Russia during the 2016 election, a senior law enforcement official told CNN Thursday. "The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated," a senior law enforcement official told CNN. "This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier." This statement is in response to reports that the FBI never asked the DNC for access to the hacked systems. Clapper: 'Disparagement' of intel agents cause for worry The DNC told Buzzfeed News that they did not receive a request from the FBI to access their computer servers. "The DNC had several meetings with representatives of the FBI's Cyber Division and its Washington Field Office, the Department of Justice's National Security Division, and US Attorney's Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC's computer servers," Eric Walker, the DNC's deputy communications director, told BuzzFeed News. The FBI instead relied on the assessment from a third-party security company called CrowdStrIke. The DNC did not immediately respond to a request for comment by CNN. [/quote] [url]http://www.cnn.com/2017/01/05/politics/fbi-russia-hacking-dnc-crowdstrike/[/url]
Last thing you guys need to do is give those GOP douchebags more ammo, DNC. At the very least, start making moves towards the moral high ground so you have a vantage point once Trump inevitably brings things crashing down. Start with this.
[quote]The DNC told Buzzfeed News that they did not receive a request from the FBI to access their computer servers[/quote] If this is true, why the fuck didn't you tell CNN or someone actually more... readable? Here's the BuzzFeed article (god forgive me) [quote]“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” Eric Walker, the DNC’s deputy communications director, told BuzzFeed News in an email.[/quote] [url]https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for-access-to-hacked-computer-servers[/url]
McAfee on Russia Today talking about the hacking and Buzzfeed News report. Keep the bias in mind and that McAfee may not be the most credible man. Still relevant and interesting though. [media]https://www.youtube.com/watch?v=C2jD4SF9gFE[/media]
[QUOTE=MadPro119;51631172]McAfee on Russia Today talking about the hacking and Buzzfeed News report. Keep the bias in mind and that McAfee may not be the most credible man. Still relevant and interesting though.[/QUOTE] Guy on reddit had an interesting response to that claim: [quote]I know this is the wrong subreddit to be posting this in, but I'll risk the downvotes to give my professional view. In my experience working with the FBI on various breaches in Critical Infrastructure, this is not unusual at all. Just because the FBI does not come on site physically and sit their tech in front of a workstation does not mean they did not examine all the evidence. In the investigations I've been a part of, the first step is always the initial collection of evidence which is happening as the FBI is notified. Before they ever get back to us, we have a mountain of information (and forensic images of everything) to go through. Once they get involved they will request everything we've gathered so far and setup a liaison between us and them. The FBI then pours over everything we gave them, and determines whether we are missing anything, or if there is anything else they'd like to look at. If so, they send the request to us asking us to gather that evidence. If we do not have the capability to do so then, and only then, do they actually pay to bring a specialist onsite. When you have a company like CrowdStrike investigating a breach, there is virtually nothing the FBI can do that they can't do themselves. So every request the FBI makes would be filled by CrowdStrike personnel and delivered back to the FBI. They would also have worked with the FBI to coordinate the active monitoring of the malicious activity within the DNC network. None of this requires anything beyond an FBI liaison on site. It is a recipe for disaster if you have agents from 3 different agencies, internal security personnel, and a third party specialist all poking around in the same systems. It is much more effective to allow a single entity to do the hands-on work and provide the results to everyone else. Before I take any flack on this point, the investigations I've been involved in have been in the energy sector. We don't work with some small time business getting hit with ransomware - this is attempted breaches of the electric grid (and before you ask, I am not talking about the BED fiasco). Our clients have constant interactions with the FBI and DHS, and still don't get onsite FBI techs unless there is something we can't handle first. That's just the way the FBI operates.[/quote]
[QUOTE=MadPro119;51631172]McAfee on Russia Today talking about the hacking and Buzzfeed News report. Keep the bias in mind and that McAfee may not be the most credible man. Still relevant and interesting though. [media]https://www.youtube.com/watch?v=C2jD4SF9gFE[/media][/QUOTE] McAfee moved to a drug smuggler's paradise to live out his dream of being Charles Bronson. I wouldn't believe a single word he says.
[QUOTE=DOCTOR LIGHT;51631184]McAfee moved to a drug smuggler's paradise to live out his dream of being Charles Bronson. I wouldn't believe a single word he says.[/QUOTE] If you actually watch the video he doesn't say anything anyone else couldn't say.
I will say, it does intuitively feel suspicious that the evidence is so vague and elusive. I had not heard that they attributed the hack to Russia via Russian language, Cyrillic keyboard, time stamps and IP in the malware before McAfee said it. And he says those are 4 facts in the Grizzly Steppe report? Is [URL=https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf]this[/URL] not the Grizzly Steppe report? It doesn't say any of those those things, though? I thought the conclusions came from the multiple third party analyses of the malware that are publicly available, such as: [url]http://www.threatgeek.com/2016/06/dnc_update.html[/url] [url]https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/[/url] [url]https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf[/url] [url]http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/[/url] What's extremely weird to me is that I've [I]only[/I] seen these points being talked about in [URL=https://facepunch.com/showthread.php?t=1547000&p=51601405&viewfull=1#post51601405]2[/URL] [url=https://facepunch.com/showthread.php?t=1547000&p=51601484&viewfull=1#post51601484]posts[/url] here on Facepunch that I've now linked to twice already. Instead, I constantly see people parade around the fact that all the agencies agree, which is indirect evidence [I]and[/I] requires you to actually trust those agencies. Why not use direct, indisputable facts? For this reason, I must admit I actually still find it hard to believe fully that the Russian government really was involved, since I'm not personally well enough informed to interpret those third party analyses.
[QUOTE] The DNC told Buzzfeed News that they did not receive a request from the FBI to access their computer servers. "The DNC had several meetings with representatives of the FBI's Cyber Division and its Washington Field Office, the Department of Justice's National Security Division, and US Attorney's Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC's computer servers," Eric Walker, the DNC's deputy communications director, told BuzzFeed News.[/QUOTE] sounds like a miscommunication somehow
[QUOTE=Sherow_Xx;51631367]I will say, it does intuitively feel suspicious that the evidence is so vague and elusive. I had not heard that they attributed the hack to Russia via Russian language, Cyrillic keyboard, time stamps and IP in the malware before McAfee said it. And he says those are 4 facts in the Grizzly Steppe report? Is [URL=https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf]this[/URL] not the Grizzly Steppe report? It doesn't say any of those those things, though? I thought the conclusions came from the multiple third party analyses of the malware that are publicly available, such as: [url]http://www.threatgeek.com/2016/06/dnc_update.html[/url] [url]https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/[/url] [url]https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf[/url] [url]http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/[/url] What's extremely weird to me is that I've [I]only[/I] seen these points being talked about in [URL=https://facepunch.com/showthread.php?t=1547000&p=51601405&viewfull=1#post51601405]2[/URL] [url=https://facepunch.com/showthread.php?t=1547000&p=51601484&viewfull=1#post51601484]posts[/url] here on Facepunch that I've now linked to twice already. Instead, I constantly see people parade around the fact that all the agencies agree, which is indirect evidence [I]and[/I] requires you to actually trust those agencies. Why not use direct, indisputable facts? For this reason, I must admit I actually still find it hard to believe fully that the Russian government really was involved, since I'm not personally well enough informed to interpret those third party analyses.[/QUOTE] +1. And isn't it possible it was just some random Russian hacker? If some script kiddie in the US tries to hack something in the UK, that doesn't mean the UNITED STATES is trying to hack the UK "because it came from an ENG keyboard and US IP".
[QUOTE=Smoot;51631846]And isn't it possible it was just some random Russian hacker?[/QUOTE] You quoted four links laying out the overwhelming evidence and professional consensus that the Russian government is behind sophisticated attacks that basically must have come from a state actor, and then comment 'yeah what if it was some rando'?
[QUOTE=catbarf;51631880]You quoted four links laying out the overwhelming evidence and professional consensus that the Russian government is behind sophisticated attacks that basically must have come from a state actor, and then comment 'yeah what if it was some rando'?[/QUOTE] If they're convinced that the attacks were the actions of some rando surely they have [I]evidence[/I] that this is the case? Surely they can account for the evidence suggesting that the attacks are consistent with previous Russian state intrusions as well?
[QUOTE=catbarf;51631880]You quoted four links laying out the overwhelming evidence and professional consensus that the Russian government is behind sophisticated attacks that basically must have come from a state actor, and then comment 'yeah what if it was some rando'?[/QUOTE] McAfee brings this up though and was invited to Capital Hill just yesterday. The malware is 1.5 years old, why would state actors not update malware in that time?
[QUOTE=MadPro119;51631947]McAfee brings this up though and was invited to Capital Hill just yesterday. The malware is 1.5 years old, why would state actors not update malware in that time?[/QUOTE] The malware they used still worked. Why change your program's functionality if it still accomplishes the intended goal? This question doesn't do anything to address the nature of the [I]delivery[/I] of the malware involved either.
[QUOTE=MadPro119;51631172]McAfee on Russia Today talking about the hacking and Buzzfeed News report. Keep the bias in mind and that McAfee may not be the most credible man. Still relevant and interesting though. [media][URL]https://www.youtube.com/watch?v=C2jD4SF9gFE[/URL][/media] [/QUOTE] What a crock of shit these accusations are. We now have 2 of these guys telling us that Russia didn't hack into the DNC. [media][URL]https://www.youtube.com/watch?v=vx8gCNQTij0[/URL][/media]
McAfee is bonkers, I wouldn't trust him at all though.
[QUOTE=RocketSnail;51631990]What a crock of shit these accusations are. We now have 2 of these guys telling us that Russia didn't hack into the DNC. [assange video][/QUOTE] Since when did Assange become a security expert?
[QUOTE=RocketSnail;51631990]What a crock of shit these accusations are. We now have 2 of these guys telling us that Russia didn't hack into the DNC. [media][URL]https://www.youtube.com/watch?v=vx8gCNQTij0[/URL][/media][/QUOTE] That's two people directly involved with Russia Today now giving the same opinion.
[QUOTE=RocketSnail;51631990]What a crock of shit these accusations are. We now have 2 of these guys telling us that Russia didn't hack into the DNC. [media][URL]https://www.youtube.com/watch?v=vx8gCNQTij0[/URL][/media][/QUOTE] Thank goodness, we all know that McAfee and Assange are far more reliable, given their histories, than 17 US Security Intelligence Agencies with thousands of employees putting their lives on the line in some cases to make sure this is right.
i made the case in the last shill thread, they relied on a very reputable, cyber security firm whom they worked with frequently and already had direct access and knowlege about the workings of the DNC in order to get to the heart of the matter in a quick manner
[QUOTE=RocketSnail;51631990]What a crock of shit these accusations are. We now have 2 of these guys telling us that Russia didn't hack into the DNC. [URL]https://www.youtube.com/watch?v=vx8gCNQTij0[/URL][/QUOTE] Dude, Julian Assange [B]can not[/B] say yes to any question about who gave him the leaks. And even if he did, he's still only talking about who [I]gave him[/I] the leaks. He doesn't know - and doesn't claim to know - who [I]stole[/I] the info. [editline]6th January 2017[/editline] [QUOTE=MadPro119;51631947]McAfee brings this up though and was invited to Capital Hill just yesterday. The malware is 1.5 years old, why would state actors not update malware in that time?[/QUOTE] Where do you have this from? I thought one of the key aspects of why the malware was considered sophisticated was that they were continuously modified and are known to be customized for individual attacks? [QUOTE=CrowdStrike]both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected. [...] The implants are highly configurable via encrypted configuration files, which allow the adversary to customize various components, including C2 servers, the list of initial tasks to carry out, persistence mechanisms, encryption keys and others.[/QUOTE]
[QUOTE=Smoot;51631846]+1. And isn't it possible it was just some random Russian hacker? If some script kiddie in the US tries to hack something in the UK, that doesn't mean the UNITED STATES is trying to hack the UK "because it came from an ENG keyboard and US IP".[/QUOTE] No, and to save myself the trouble of typing this up again I'm going to just link the same post I made in the other thread: [quote]... That report was also released under a Traffic Light Protocol, similar to classifications without the abundant amount of different levels. The report in particular was released under TLP: White, and I'll just quote the description of that level to save you time: [quote]Sources may use TLP:WHITE [B]when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release[/B].[/quote] Now, I hope you can understand why releasing a full in-depth technical document on how a cyber attack conducted on the election process for an entire country isn't exactly a smart thing to do, and so the paper was limited to minimize risk. Looking over open-source information though, the intelligence community began to pick up on key points prior to the election pointing to a Russia-oriented cyber attack. A TLP:GREEN document (one level up from WHITE) was leaked roughly in mid-November relating to Advanced Persistent Threat (APT) actors targeting US government and private sector networks as early as August 2016 utilizing election lures. It was also identified as a Remote Access Tool related to the campaign. For future reference, APTs are almost never referred to if they are a single person. APTs typically refer to state actors (in this case, Russia). [URL="https://info.publicintelligence.net/FBI-ElectionAPT.pdf"]Link to the report here[/URL] In that TLP:WHITE report, you'll note the above attack is actually mentioned again in the document, relating to Russian (RIS for the sake of typing) activity: [quote]Actors likely associated with RIS are continuing to engage in spearphishing campaigns, [B]including one launched as recently as November 2016[/B], just days after the U.S. election[/quote] Not really related to the IC specifically but rather confirming their findings, but one poster on a separate forum noted that the obfuscation of the PHP Shell used was almost if not identical to one [URL="https://news.ycombinator.com/item?id=13280068"]formerly shared on a Russian hacker forum (this isn't the hacker forum, but a separate forum discussing the findings of the obfuscation).[/URL] The method of obfuscation isn't generic and is very rarely used, making it easier to tie back to other sources that used it. These are identical IOCs to ones earlier identified as RIS, and samples can be found within the .csv file attached to the report (you'll have to find that one on your own, but it's out there). Lastly, APT-28 was assigned an alternative name "Fancy Bear," an APT that has been around for several years now. Both FireEye and CrowdStrike have agreed that Fancy Bear is a state sponsored agency operating out of Moscow [URL="https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf"]based on their report[/URL]. This was identified back in [B]2014[/B]. Apt-28 isn't new, this is something that has existed for a long time. The IC have also agreed in accordance with the identification of APT-28 as "Fancy Bear," suggesting their acknowledgement in that TCP: WHITE report that APT-28 is in fact RIS related. -------- Now, this is all information that came from open source material. Hopefully you can then imagine what the collaboration of the private industry and government organizations were able to pool together to further identify and confirm that this was in fact RIS activity and not some small time hack.[/quote] APTs almost exclusively never refer to a single person. They refer to a consistent (typically state sponsored) entity that is behind the attacks because they are the only ones capable of the type of sophisticated attacks that were identified.
[QUOTE=Smoot;51631846]+1. And isn't it possible it was just some random Russian hacker? If some script kiddie in the US tries to hack something in the UK, that doesn't mean the UNITED STATES is trying to hack the UK "because it came from an ENG keyboard and US IP".[/QUOTE] Russia, in this context, refers to the Russian government, not the people of Russia. If it was an independent actor, the Russian government wouldn't be at fault. But the code analyses I've looked at have unanimously agreed that the code is way too obfuscated and in-depth to be a lone wolf. It's frustrating to me that the media doesn't even try to report on the actual details. It's technical shit, absolutely, but they're doing the public a disservice by not even attempting to explain the full details of the hacks. Most people won't be motivated to google around and do some independent research to figure out what the hacks were and what the available evidence is - media keeps shoving a particular narrative (either "intel lying" or "just trust intel") and neither address the facts of the matter.
[QUOTE=.Isak.;51632837]Russia, in this context, refers to the Russian government, not the people of Russia. If it was an independent actor, the Russian government wouldn't be at fault. But the code analyses I've looked at have unanimously agreed that the code is way too obfuscated and in-depth to be a lone wolf. It's frustrating to me that the media doesn't even try to report on the actual details. It's technical shit, absolutely, but they're doing the public a disservice by not even attempting to explain the full details of the hacks. Most people won't be motivated to google around and do some independent research to figure out what the hacks were and what the available evidence is - media keeps shoving a particular narrative (either "intel lying" or "just trust intel") and neither address the facts of the matter.[/QUOTE] Unfortunately even the media wouldn't understand the technical details behind it enough to actually report on it. See: The Hacker 4Chan. That's why there is so much ignorance about this stuff, the media is incapable of reporting on it and people are too uninformed / lazy to research into the technical details of the attack and form their own opinions.
[QUOTE=MadPro119;51631947]McAfee brings this up though and was invited to Capital Hill just yesterday. The malware is 1.5 years old, why would state actors not update malware in that time?[/QUOTE] Define "update malware," because they absolutely customized it for each attack according to CrowdStrike. They didn't just mass-spam phishing mail, they customized their malware on the fly to work around security constraints and maintain obfuscation and hinder forensic attempts. They don't need to develop new malware, they just adjust their malware configuration - changing the code. That's why it's sophisticated, and that's why it's unanimously agreed upon by cybersecurity experts to not be a lone wolf hacker. The two APTs, combined, use dozens of different malwares written in multiple different languages to breach vulnerabilities and give greater access to breached systems, and to hinder investigation/forensics.
[QUOTE=.Isak.;51632837]It's frustrating to me that the media doesn't even try to report on the actual details. It's technical shit, absolutely, but they're doing the public a disservice by not even attempting to explain the full details of the hacks. Most people won't be motivated to google around and do some independent research to figure out what the hacks were and what the available evidence is - media keeps shoving a particular narrative (either "intel lying" or "just trust intel") and neither address the facts of the matter.[/QUOTE] This, so much! Exactly what I've been trying to convey in my recent posts; I'm worried that the arguments used against skeptics aren't effective because people are distrustful. And that sucks when some technical evidence actually does exist and is available!
Why hack the DNC alone if not for some politically motivated reason? God only knows what the RNC / Trump Campaign was fucking saying in their emails.
[QUOTE=Llamalord;51633271]Why hack the DNC alone if not for some politically motivated reason? God only knows what the RNC / Trump Campaign was fucking saying in their emails.[/QUOTE] as much as it's incredibly fucking likely that republicans have shady shit in their emails (voter suppression, shit that makes trump look like a child) it just might be a fallacy to claim that the RNC also have shady stuff maybe that's just my liberal guilt talking
I wonder whose decision it was to not let the FBI have access. If I remember correctly an MSP was in charge of the DNC's IT stuff. Podesta's sys admin was also the one who told him that the phishing page was legit. I'm just unsure if the Sys Admin was employed with the MSP or what. Usually in situations like these MSP's tend to just Cover their ass and hand it over to the authorities. I dunno a graph of who did what would be oh so helpful.
[QUOTE=Lambeth;51632001]McAfee is bonkers, I wouldn't trust him at all though.[/QUOTE] Except every thing he pointed out, each piece of evidence, and the way he dis-guarded it made perfect sense. Stop discrediting people based on their name..... why not explain to everyone why they are wrong with facts. A statement is a statement, a fact is a fact, an idea is an idea. it does not matter who it comes from, it matters what it MEANS and what it SUGGESTS. by all means dig into an idea because it's flawed, but you have to be a true fool to discredit an idea based solely on who put it forth.
Sorry, you need to Log In to post a reply to this thread.