FBI, DHS release report on Russia hacking - "Grizzly Steppe" - Polidicks

[QUOTE]The FBI and the Department of Homeland Security (DHS) on Thursday released a joint report detailing how federal investigators linked the Russian government to hacks of Democratic Party organizations. The document makes clear reference to the hacks of the Democratic National Committee (DNC) and Hillary Clinton campaign chairman John Podesta, though it does not mention either by name. The 13-page report provides technical details regarding tools and infrastructure used by Russian civilian and military intelligence services to “compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.” [/QUOTE] [url]http://thehill.com/policy/national-security/312132-fbi-dhs-release-report-on-russia-hacking[/url] [url]https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity[/url]

[img]https://s24.postimg.org/by0epneo5/warranty.png[/img] Gotta love how it starts with a disclaimer that means they can't guarantee any of the information/conclusions.

I guess it's interesting? It doesn't really tell us anything that everyone didn't already know.

[QUOTE=Tudd;51600420][img]https://s24.postimg.org/by0epneo5/warranty.png[/img] Gotta love how it starts with a disclaimer that means they can't guarantee any of the information/conclusions.[/QUOTE] [img]https://i.gyazo.com/f2f10bc240a358388ca7a10a5a559269.png[/img] It doesn't mean "this is entirely fabricated and/or we're not sure of anything". It actually means: "don't jump the gun and try to sue russia before the us government, we haven't given you all the cards." and "don't sue us if you end up erasing your hard drive because this guide said to install a firewall and you cocked it up" also you mentioned like 3 times that it didn't mention wikileaks but it mentions it in spirit. I don't see how wikileaks' inclusion is relevant when the issue is that it was leaked to the public. [img]https://i.gyazo.com/ccddb58bb345c918fc7adcf5dd00618b.png[/img]

They put that disclaimer on every report, iirc. It's standard bureaucracy shit.

[QUOTE=Tudd;51600420][img]https://s24.postimg.org/by0epneo5/warranty.png[/img] Gotta love how it starts with a disclaimer that means they can't guarantee any of the information/conclusions.[/QUOTE] Its a liability disclaimer that is present on many DHS/CERT publications. Why would they publish this information then lead it with a disclaimer saying they can't guarantee it?

Well I would be curious how often such a disclaimer gets used then in actuality. Like for even the most mundane reports or what context/examples basically.

This is good, regain some credibility on the 'russia hacked them emails' front

[QUOTE=Blizzerd;51600562]This is good, regain some credibility on the 'russia hacked them emails' front[/QUOTE] And Trump and his supporters will continue to forever deny it in spite of all evidence.

[QUOTE=Raidyr;51600533]Its a liability disclaimer that is present on many DHS/CERT publications. Why would they publish this information then lead it with a disclaimer saying they can't guarantee it?[/QUOTE] Just going to reply here cause I saw your other example in a different thread. I am now curious if this disclaimer applies to a majority of cyber related reports? Cause it seems like it was the case for this one aswell.

[QUOTE=Blizzerd;51600562]This is good, regain some credibility on the 'russia hacked them emails' front[/QUOTE] [QUOTE=Maegord;51600619]And Trump and his supporters will continue to forever deny it in spite of all evidence.[/QUOTE] Have you guys even read a report? If so, please point out where does it specifically provides conclusive evidence of connection behind hacker groups and Russian Intelligence?

This whole thing is some "red scare" bullshit.

[QUOTE=MightyLOLZOR;51600771]This whole thing is some "red scare" bullshit.[/QUOTE] Putin, thy name is sadaam

[QUOTE=karimatrix;51600707]Have you guys even read a report? If so, please point out where does it specifically provides conclusive evidence of connection behind hacker groups and Russian Intelligence?[/QUOTE] Tell me, how do you show "conclusive evidence" of something this complicated to the public?

I gotta admit, reading this document they haven't really said much about how it's linked to Russia. One thing I noticed was that one of the malware domains had a Russian TLD but that's only one in tens. They explain vaguely how the attacks were done and give fingerprints for some malware to detect, but that's about it. Is there more to this? This is pretty disappointing.

[QUOTE=Maegord;51600619]And Trump and his supporters will continue to forever deny it in spite of all evidence.[/QUOTE] You are but a tiny gear in the problem that got trump elected. [editline]30th December 2016[/editline] [QUOTE=karimatrix;51600707]Have you guys even read a report? If so, please point out where does it specifically provides conclusive evidence of connection behind hacker groups and Russian Intelligence?[/QUOTE] I never said it did or i read it, but the action of releasing some information is better then doing nothing... even if some ploy to cheat people into a war.

Don't worry, it's not only you who thinks this is a weak ass report. [quote]Security experts on Twitter criticized the government report as too basic. Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center. Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?”[/quote] [url]https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking-report[/url]

[QUOTE=Tudd;51601212]Don't worry, it's not only you who thinks this is a weak ass report. [url]https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking-report[/url][/QUOTE] Yes, this is the general taste i get of people with knowhow responding to it... more questionmarks with the strong anti russia message since the rapport basically cannot be used to make that assumption, and only further enforces that it was a really small hack anyone could have done.

[QUOTE=Tudd;51601212]Don't worry, it's not only you who thinks this is a weak ass report. [url]https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking-report[/url][/QUOTE] I can't find Zdziarskis mentioned tweet and the link to it is dead but reading the rest it seems he agrees with just about everyone else that it was probably Russia. [editline]30th December 2016[/editline] [QUOTE=Blizzerd;51601219]Yes, this is the general taste i get of people with knowhow responding to it... more questionmarks with the strong anti russia message since the rapport basically cannot be used to make that assumption, [B]and only further enforces that it was a really small hack anyone could have done[/B].[/QUOTE] Then report suggests no such thing

[QUOTE=Blizzerd;51601219]Yes, this is the general taste i get of people with knowhow responding to it... more questionmarks with the strong anti russia message since the rapport basically cannot be used to make that assumption, and only further enforces that it was a really small hack anyone could have done.[/QUOTE] Where did you get the idea that it was a "small hack that anyone could have done?" The initial [URL="https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"]CrowdStrike[/URL] analysis noted that APT-28 has been linked publicly to the 2015 German Bundestag hacks, through both the malware used and the specific techniques used. Their general phishing tactic is to exactly mimic the original site on a similarly-named link, and then use specific [I]custom[/I] malware to compromise the system through stolen credentials - in this case, APT-29 used mostly modified publicly-available tools, while APT-28 used a custom and unused PowerShell exploit to gain access to DNC systems. FireEye, another independent cybersecurity group, [URL="https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf"]recognized APT-29 first in 2014[/URL] and immediately noted connections to Russian intelligence, speculating that it is run or sponsored by Russian intelligence because of how it consistently targets political groups of interest to Russian state interests and follows Russian cyberintelligence methodology. They note that APT-29 actively tries to mitigate attempts to clear them out of systems, consistently and regularly engage in forensic coverup of evidence, and customizes and modifies hacking tools for each hack based on both system architecture and attempts to resist the hacking. The fact that Guccifer 2.0 went out of the way to say "shame on Crowdstrike" and actively claimed to be an independent actor [I]perfectly fits with Russian intelligence tactics,[/I] where they make an independent actor claim to be doing the hacking to claim innocence. There's not even any evidence that Guccifer 2.0 actually exists as a human being - while there is for the "original" Guccifer. Meaning there's some likelihood that Guccifer 2.0 doesn't exist at all and is instead a Russian coverup. There's plenty of analyses to read about this shit, if you aren't too busy slobbering all over Putin's cock.

The report is so generic it makes it sound like they phished a user and made a remote C: connection and took whatever they found. They should've referenced some of CrowdStrike's findings especially in regards to APT-28.

[QUOTE=Raidyr;51601373]I can't find Zdziarskis mentioned tweet and the link to it is dead but reading the rest it seems he agrees with just about everyone else that it was probably Russia. [editline]30th December 2016[/editline] Then report suggests no such thing[/QUOTE] Well he could have taken it down, but he sure isn't for the report still just doing a quick scroll. I mean that is the position I am currently at too. I really don't doubt that Russia could do it, but this "evidence" has just been alot of high confidence posturing. [t]https://s27.postimg.org/ao0948n8j/Screenshot_2016_12_30_07_21_32.png[/t]

It's funny how when it was exposed that the US was basically spying on their allies, people claimed "lol everyone does it, stop crying". But now that Russia is supposedly behind this hack, Americans are flipping their shit, demanding retribution. The hack didn't cause people to lose faith in the Hillary, it was the fact that it exposed her campaign being shady as fuck. "Voters aren't supposed to know we're bareback fucking them up the ass!". Stop aiming for the messenger and fix your undemocratic democratic party instead. Good luck beating Trump in four years when Democrats keep pointing fingers at everyone but themselves.

Yeah, I don't know where you guys get the idea that Zdziarski is skeptical of Russian involvement. He's just saying that the report is very basic about the methodology, which is because it's more of a 'hey America, this happened, get your shit together so you don't get hacked' publication than a 'here's exactly how it happened and here's exactly how we know' kind of analysis. Edit: [QUOTE=V12US;51601456]It's funny how when it was exposed that the US was basically spying on their allies, people claimed "lol everyone does it, stop crying". But now that Russia is supposedly behind this hack, Americans are flipping their shit, demanding retribution.[/QUOTE] I've seen variants on this whataboutism posted in various places and I understand where you're coming from, but I think you misunderstand the American reaction. Passive spying to gather information is one thing, but active intervention in another country's political system is a whole other issue entirely. There's a tacit understanding that countries will try to figure out what other countries are doing behind closed doors, but interfering with elections crosses a line. Now, that's not to say we have any moral authority on the subject, considering the number of governments in the world that the US had a hand in installing. But a lot of Americans aren't just angry about the election interference, they're angry about the utter refusal of other Americans to acknowledge that it happened because they support the guy it benefited. I don't think this is cause to go to war, but I do think that people need to realize that the political system is vulnerable to outside influence, and stop trying to deny it just because they like the outcome.

[QUOTE=Tudd;51601450]Well he could have taken it down, but sure isn't for the report still just doing a quick scroll. [t]https://s27.postimg.org/ao0948n8j/Screenshot_2016_12_30_07_21_32.png[/t][/QUOTE] He's not wrong - compared to the independent analyses, it's pretty weak, especially for the FBI and DHS who presumably have access to more concrete information (if such a thing exists). But considering that APT28 and APT29 have been recognized and documented by dozens of different antivirus and cybersecurity groups, including Fidelis, Kaspersky, CrowdStrike, FireEye, Palo Alto Networks, and a number of other groups - all of whom have taken the time to mark down how both APTs match international intelligence operations - I'm still going to believe it was a Russian intelligence hack. The [URL="http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/"]Palo Alto Networks code analysis[/URL] of SeaDuke, one of the types of malware used by the APTs, linked to in the [URL="http://www.threatgeek.com/2016/06/dnc_update.html"]Fidelis[/URL] investigation of CrowdStrike's Russia claims, goes into a good amount of detail into the intentional obfuscation of Python variable/class names and other details. This was one of multiple programs used by these groups. This is a custom Python script, and even though it's just Python, it's incredibly functional. Fidelis even notes that the malware used was definitely not "script kiddie" stuff - it's complex, well-obfuscated, and uses novel exploits to achieve goals. It's also customized and modified for each hack. That doesn't sound like some fat 300-pound Russian guy, it sounds like an intelligence operation, and the incredible capability of APT-28 and 29, combined with their choice of targets, and their resilience, and their relationship to Russia, all hints really strongly that it's probably Russian in origin. There's evidence out there, it's just either not understandable to the layman (I've taken one fucking semester in computer science so I barely understand a thing they're saying), or it's classified. This report wasn't meant to be a technical analysis of code used - there are other sources out there doing that - but it should've gone into further detail. Compared to the stuff FireEye and these other networks are putting out, it's basically just a Gawker article. [editline]30th December 2016[/editline] [QUOTE=V12US;51601456]It's funny how when it was exposed that the US was basically spying on their allies, people claimed "lol everyone does it, stop crying". But now that Russia is supposedly behind this hack, Americans are flipping their shit, demanding retribution. The hack didn't cause people to lose faith in the Hillary, it was the fact that it exposed her campaign being shady as fuck. "Voters aren't supposed to know we're bareback fucking them up the ass!". Stop aiming for the messenger and fix your undemocratic democratic party instead. Good luck beating Trump in four years when Democrats keep pointing fingers at everyone but themselves.[/QUOTE] Again, this isn't just Democrats, and this is not a partisan issue anymore. Lindsey Graham (R) and John McCain (R) are spearheading the senate on this particular issue. This has gone beyond complaining about Trump winning and looking for a scapegoat and into the "yeah we got hacked, now what?" situation. This is a bipartisan consensus in the senate, it's agreed upon by all of our intelligence agencies, and everyone with higher security clearance is basically agreed upon on this issue. The DNC fucked up and they're paying the price for that now - fingers are pointed at DNC leadership and things are starting to shift. But the Russia hacks are a real thing that need to be addressed - and luckily, some politicians (even [I]Lindsey fucking Graham[/I]) realize that we should probably set partisan bitching aside to deal with an international hacking threat intended to interfere in our electoral process. Espionage and intelligence ops are to be expected. Par for the course in international relations. Selectively releasing information to influence the elections of a foreign government isn't okay. The US has done that too - and never has it been okay. None of the US's regime changes in the past have been justified, and this is not justified either. There's no "librul hypocrisy" going on here - the US is wrong when it does this, and Russia is wrong when it does this.

[QUOTE=Tudd;51601450]Well he could have taken it down, but he sure isn't for the report still just doing a quick scroll. [/QUOTE] I didn't say he was for the report tho. [editline]30th December 2016[/editline] [QUOTE=V12US;51601456]It's funny how when it was exposed that the US was basically spying on their allies, people claimed "lol everyone does it, stop crying". But now that Russia is supposedly behind this hack, Americans are flipping their shit, demanding retribution. The hack didn't cause people to lose faith in the Hillary, it was the fact that it exposed her campaign being shady as fuck. "Voters aren't supposed to know we're bareback fucking them up the ass!". Stop aiming for the messenger and fix your undemocratic democratic party instead. Good luck beating Trump in four years when Democrats keep pointing fingers at everyone but themselves.[/QUOTE] Stop getting wrapped around the axle of partisan politics. Maybe if you paid attention you would see its not just Democrats.

but hey guys, trump says he knows computers really good and gets really confused by them so nobody could ever know so we should roll back these disasterous horrible sanctions! god i wish for once the GOP would take a position that isnt out of spite.

[QUOTE=Sableye;51601530]but hey guys, trump says he knows computers really good and gets really confused by them so nobody could ever know so we should roll back these disasterous horrible sanctions! god i wish for once the GOP would take a position that isnt out of spite.[/QUOTE] He probably asked Barron for advice on this issue.