Top intel officials reject Trump view on Russia hacks - Polidicks

Top intel officials reject Trump view on Russia hacks

48 replies, posted
In This Thread

[QUOTE=Whoaly;51627268]There are 3 branches of the American Government: Judicial, Legislative and Executive. The "intelligence community" isn't a 4th, yet it is very much acting like one right now.[/QUOTE] The United States would lie in fucking ashes in a world dominated by the third installment of the USSR were it not for its absolutely ironclad yet balls-out insane intelligence community. You've got to be absolutely fucking mental to even consider the Alphabet Agencies not-an-element, let alone not important.

[QUOTE=Kigen;51627101]Well, the report they put out to the public had some massive glaring holes in it. These holes lead me to believe that they want to blame Russia for the hacks of DNC and Podesta's emails. But that they had no evidence. Like one of the shells is a publicly available shell that anyone can get. [url]https://www.wordfence.com/blog/2017/01/election-hack-faq/[/url][/QUOTE] What is classified information and intelligence source protection for 500, Alex.

[QUOTE=Whoaly;51627268]There are 3 branches of the American Government: Judicial, Legislative and Executive. The "intelligence community" isn't a 4th, yet it is very much acting like one right now.[/QUOTE] Maybe it [i]should[/i] be [acting like one]. First three branches are already compromised. If a fourth can slap them into shape even if it hadn't been "sanctioned" first, let it. Not like we have another option at this point.

[QUOTE=KillerJaguar;51627495]I don't trust climate change scientists either because it's their job to say there's climate change[/QUOTE] Wow. I didn't think we had any FP members who actively listened into Rush Limbaugh and Coast to Coast AM. [QUOTE=VinLAURiA;51630901]Maybe it [i]should[/i] be [acting like one]. First three branches are already compromised. If a fourth can slap them into shape even if it hadn't been "sanctioned" first, let it. Not like we have another option at this point.[/QUOTE] Boi you dun undertand, if it's not in the constitution we dun need it in our gubment. 3 is a small number, and thus small gubment. 4 is bigger than 3 and that makes it big gubment, god said there will only be 3 branches of gubment in God's Christian America, and if we have any more branches, well, then our gubment is just too big and that's bad. Seriously though, the way I see it is the constitution and all that "founding fathers" bullshit is a barebones framework and it's pointless to uphold it in a vacuum as the end-all-be-all of how a modern government has to be formed. That'd be like saying we don't need modern textile factories because we have a old-school cotton gin and a hand loom. The 2nd amendment protection doesn't apply to thermonuclear warheads, and there's a good reason for that modern development. Maybe it's about time we considered what else in the government is just old and outright in need of change from its archaic framework.

[QUOTE=F.X Clampazzo;51630907]Wow. I didn't think we had any FP members who actively listened into Rush Limbaugh and Coast to Coast AM. Boi you dun undertand, if it's not in the constitution we dun need it in our gubment. 3 is a small number, and thus small gubment. 4 is bigger than 3 and that makes it big gubment, god said there will only be 3 branches of gubment in God's Christian America, and if we have any more branches, well, then our gubment is just too big and that's bad. Seriously though, the way I see it is the constitution and all that "founding fathers" bullshit is a barebones framework and it's pointless to uphold it in a vacuum as the end-all-be-all of how a modern government has to be formed. That'd be like saying we don't need modern textile factories because we have a old-school cotton gin and a hand loom. The 2nd amendment protection doesn't apply to thermonuclear warheads, and there's a good reason for that modern development. Maybe it's about time we considered what else in the government is just old and outright in need of change from its archaic framework.[/QUOTE] what do you suggest as an alternative

[QUOTE=ROFLBURGER;51630935]what do you suggest as an alternative[/QUOTE] Ah yes the age old fake argument of "I'd like to see you do it better". Just because I can't perform open heart surgery on a horse doesn't mean I can't figure out that the vet kicking my dog in the dick isn't going to fix his broken leg. As to give you an actual answer because I guess I can humour you, I'd suggest first some major changes to how the election system works and how the congressional branch is constructed to eliminate the two party system and their ability to railroad the entire government in the favour of one party's personal interests so easily. Elimination of FPTP style voting, etc. It's not horribly difficult to see how fucking broken the system is on that level. As to modernisation beyond that, well it's obvious that we have thousands of other areas that the "founding fathers" didn't have to even consider as part of their government. We're talking the difference between colonial expansionist era America and a modern civilisation with things like the internet, modern medicine, electricity, cars, global communication and logistics that are leagues faster than the former's, etc. Do you really think Jefferson and the rest of the Patriotic Stooges wrote the constitution with the idea in mind that one day we'd we able to send not just written or verbal correspondence, but actually meet face to face for interaction anywhere in the world in less than 24 hours, flights depending? Do you really think they accounted for the fact we'd have weapons capable of making entire cities uninhabitable for decades of not hundreds of years? Do you think they had the understanding to consider that we'd be able to have over half a million people in Boston alone as of 2013? Cars? Planes? Space Stations? Gone to the moon? No. They didn't, and it's not really their fault, they made a government framework based on what worked at the time. A time when giving a bunch of bumpkins a few flintlocks was not only basically required for survival in the untamed parts of the land, but a perfectly viable way to have a large enough defensive force against whatever bullshit they gotta face as a fledgling country. It's not their fault their government framework wasn't entirely future proof, it's our fault for trying to follow it so rigidly as if it were. Being buried in tradition and clinging so hard to "what worked" over a two hundred years ago is what caused the Samurai to be utterly obliterated during and before the end of the Edo period in Japan. Failure to adapt to modernisation has time and time again killed so many, but people seem so keen to forget. Hitler was caught thinking WWI tactics during WWII and suffered great losses as a result for example as well.

[QUOTE=Mattk50;51627714]Well, they did it for the iraq war. [/QUOTE] This again? [QUOTE=catbarf;51598961]I like when people bring up the whole WMDS-in-Iraq thing without really knowing the context- the CIA was directed by Washington to interpret their intelligence in a way that supported the narrative of Saddam having imminent access to WMDs. The report, despite this direction, was inconclusive, but still suggestive enough that the HPSCI and SSCI were able to hold it up as incontrovertible proof of Saddam having WMDs. It was such a huge failure in retrospect that the agency was taken to task and their analysis-producing process overhauled to involve greater detachment from Washington and more oversight from other agencies. It is literally why the DNI now exists, to provide an additional layer of isolation between the intelligence agencies and policymakers, so they can do their jobs objectively without politicians breathing down their necks. Now, when the entire intelligence community is saying the same message, without being goaded or directed to by Congress, you can be reasonably certain that they're not skewing facts or bullshitting for political reasons, thanks to the events of 2001.[/QUOTE] Also, this isn't just the intelligence community. Multiple independent security firms have agreed that Russia was behind the hack. [i]Also[/i], as JohnnyMo1 notes, the intelligence community (and for that matter the military), while not exactly pro-Trump, are much more favorable to Trump than Clinton. There's no valid reason whatsoever to think this is a partisan, baseless accusation for political purposes. Not a single person has thus far been able to give me a motive for why the entire intelligence community would collude to support a politically-destabilizing lie. It serves nobody's interests.

[QUOTE=catbarf;51631388]There's no valid reason whatsoever to think this is a partisan, baseless accusation for political purposes. Not a single person has thus far been able to give me a motive for why the entire intelligence community would collude to support a politically-destabilizing lie. It serves nobody's interests.[/QUOTE] Maybe political-destabilization is the point, maybe they all really want to see Trump gone? Maybe they're wrong and they're misinterpreting something that looks like Russian government fingerprints when in reality it's just that the malware came from Russia? I do believe that the Russian government was involved, but I honestly find it difficult to do so because the only argument you ever hear is that they all agree. I don't have to be able to explain [I]why[/I] they would say something wrong to suspect that they are wrong, so it confuses me greatly that the hard evidence hardly ever gets presented. What did they see, what did the independent security firms see that made them agree that Russia was behind the hack? I'm not trying to call the conclusion into question, but I want you to know that for someone who is already skeptical, [I]"look at all these people who agree that you're wrong[/I]" isn't particularly convincing, especially in a case where you [I]know[/I] that there [I]is[/I] evidence that for some reason is nowhere to be found. I've only ever seen the following 4 sources from those independent security firms, and they were exactly what convinced me: [QUOTE=Sherow_Xx;51631367]I thought the conclusions came from the multiple third party analyses of the malware that are publicly available, such as: [url]http://www.threatgeek.com/2016/06/dnc_update.html[/url] [url]https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/[/url] [url]https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf[/url] [url]http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/[/url] What's extremely weird to me is that I've [I]only[/I] seen these points being talked about in [URL=https://facepunch.com/showthread.php?t=1547000&p=51601405&viewfull=1#post51601405]2[/URL] [url=https://facepunch.com/showthread.php?t=1547000&p=51601484&viewfull=1#post51601484]posts[/url] here on Facepunch that I've now linked to twice already. Instead, I constantly see people parade around the fact that all the agencies agree, which is indirect evidence [I]and[/I] requires you to actually trust those agencies. Why not use direct, indisputable facts? For this reason, I must admit I actually still find it hard to believe fully that the Russian government really was involved, since I'm not personally well enough informed to interpret those third party analyses.[/QUOTE] But when I realize that I hardly see anyone talk about those points at all and instead appeal to authority, it starts to feel unconvincing again. Clearly, someone technically savvy should be able to point to something in those articles and say [I]"This. This is the thing that means it came from Russia."[/I]?

[QUOTE=Sherow_Xx;51631839]especially in a case where you [I]know[/I] that there [I]is[/I] evidence that for some reason is nowhere to be found.[/QUOTE] You're commenting on a national security issue involving classified sources, so unless you have a security clearance and access to primary sources there's going to have to be an element of trust involved. And I get being skeptical about that trust considering the source, and I get being skeptical of appeals to authority. I really do. But when you have multiple independent bodies, both governmental and non-governmental, all representing the same [i]overwhelming[/i] consensus, without any clear motive to lie, there has to come a point where accepting their conclusion is a default and distrusting their conclusion is what requires more justification. It's simply far more likely that they're telling the truth than that they're all colluding towards unclear goals.

[QUOTE=Sherow_Xx;51631839]Maybe political-destabilization is the point, maybe they all really want to see Trump gone? Maybe they're wrong and they're misinterpreting something that looks like Russian government fingerprints when in reality it's just that the malware came from Russia? I do believe that the Russian government was involved, but I honestly find it difficult to do so because the only argument you ever hear is that they all agree. I don't have to be able to explain [I]why[/I] they would say something wrong to suspect that they are wrong, so it confuses me greatly that the hard evidence hardly ever gets presented. What did they see, what did the independent security firms see that made them agree that Russia was behind the hack? I'm not trying to call the conclusion into question, but I want you to know that for someone who is already skeptical, [I]"look at all these people who agree that you're wrong[/I]" isn't particularly convincing, especially in a case where you [I]know[/I] that there [I]is[/I] evidence that for some reason is nowhere to be found. I've only ever seen the following 4 sources from those independent security firms, and they were exactly what convinced me: But when I realize that I hardly see anyone talk about those points at all and instead appeal to authority, it starts to feel unconvincing again. Clearly, someone technically savvy should be able to point to something in those articles and say [I]"This. This is the thing that means it came from Russia."[/I]?[/QUOTE] I think you're seeing a problem with human nature in general here. People usually roll out the scientific consensus bit first when discussing climate change in part because they're lazy, but also because most people discussing climate change aren't exactly climate scientists. I kind of doubt we have a lot of security experts posting in SH as well. In the same way that an appeal to authority itself isn't a convincing argument for something, the general public's behavior isn't really indicative of the truth value of something either. The evidence is what matters. Those sources claim that the software used in the security breaches are of Russian origin and that the methods of delivery employed and utilized by the party responsible are consistent with state actors. That's not conclusive direct evidence that state actors in Russia are responsible, but it is strong circumstantial evidence, especially in the context of previous documented intrusions by Russian state actors. Looking at the articles posted, what evidence do you have to suggest that these security analysts have come to the wrong conclusion?

[QUOTE=Whoaly;51627268]There are 3 branches of the American Government: Judicial, Legislative and Executive. The "intelligence community" isn't a 4th, yet it is very much acting like one right now.[/QUOTE] Maybe this is true. But the intelligence community is like someone trying to stop you from walking in front of a bus: they have no authority over you but you should probably heed their advice.

[QUOTE=Sherow_Xx;51631839]-stuff-[/QUOTE] I think you're operating under the assumption that there is no network security force within the intelligence community. What you have to understand though is that those reports were released with zero classification (found as labeled "unclassified" in intelligence documents). This is the lowest possible level of classification leaving zero room for potentially harmful information to government welfare to be included in those reports. I assure you that you're entirely wrong in the assumption that several agencies within the IC, with evidence, have not / cannot agree on this topic. That report was also released under a Traffic Light Protocol, similar to classifications without the abundant amount of different levels. The report in particular was released under TLP: White, and I'll just quote the description of that level to save you time: [quote]Sources may use TLP:WHITE [B]when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release[/B].[/quote] Now, I hope you can understand why releasing a full in-depth technical document on how a cyber attack conducted on the election process for an entire country isn't exactly a smart thing to do, and so the paper was limited to minimize risk. Looking over open-source information though, the intelligence community began to pick up on key points prior to the election pointing to a Russia-oriented cyber attack. A TLP:GREEN document (one level up from WHITE) was leaked roughly in mid-November relating to Advanced Persistent Threat (APT) actors targeting US government and private sector networks as early as August 2016 utilizing election lures. It was also identified as a Remote Access Tool related to the campaign. For future reference, APTs are almost never referred to if they are a single person. APTs typically refer to state actors (in this case, Russia). [URL="https://info.publicintelligence.net/FBI-ElectionAPT.pdf"]Link to the report here[/URL] In that TLP:WHITE report, you'll note the above attack is actually mentioned again in the document, relating to Russian (RIS for the sake of typing) activity: [quote]Actors likely associated with RIS are continuing to engage in spearphishing campaigns, [B]including one launched as recently as November 2016[/B], just days after the U.S. election[/quote] Not really related to the IC specifically but rather confirming their findings, but one poster on a separate forum noted that the obfuscation of the PHP Shell used was almost if not identical to one [URL="https://news.ycombinator.com/item?id=13280068"]formerly shared on a Russian hacker forum (this isn't the hacker forum, but a separate forum discussing the findings of the obfuscation).[/URL] The method of obfuscation isn't generic and is very rarely used, making it easier to tie back to other sources that used it. These are identical IOCs to ones earlier identified as RIS, and samples can be found within the .csv file attached to the report (you'll have to find that one on your own, but it's out there). Lastly, APT-28 was assigned an alternative name "Fancy Bear," an APT that has been around for several years now. Both FireEye and CrowdStrike have agreed that Fancy Bear is a state sponsored agency operating out of Moscow [URL="https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf"]based on their report[/URL]. This was identified back in [B]2014[/B]. Apt-28 isn't new, this is something that has existed for a long time. The IC have also agreed in accordance with the identification of APT-28 as "Fancy Bear," suggesting their acknowledgement in that TCP: WHITE report that APT-28 is in fact RIS related. -------- Now, this is all information that came from open source material. Hopefully you can then imagine what the collaboration of the private industry and government organizations were able to pool together to further identify and confirm that this was in fact RIS activity and not some small time hack.

Most of the information about the hacks is available from independent investigators. Even a few code analyses, all of which definitively say "this isn't small time script kiddie stuff," and most of which at the very least [I]suggest[/I] or otherwise [I]imply[/I] that the actions and code and tactics used reflect Russian intelligence operations. APT-28 has been known about since at least 2014, and it was involved in hacking the German government and other high-profile government hacking cases. Using similar tactics and code, highly obfuscated, and using anti-forensic code to hide and erase as much evidence as possible. It isn't explicit proof of Russia's involvement, but there's like 12 bright red shiny arrows saying "it was really probably this guy"

[QUOTE=.Isak.;51632793]Most of the information about the hacks is available from independent investigators. Even a few code analyses, all of which definitively say "this isn't small time script kiddie stuff," and most of which at the very least [I]suggest[/I] or otherwise [I]imply[/I] that the actions and code and tactics used reflect Russian intelligence operations. APT-28 has been known about since at least 2014, and it was involved in hacking the German government and other high-profile government hacking cases. Using similar tactics and code, highly obfuscated, and using anti-forensic code to hide and erase as much evidence as possible. [B]It isn't explicit proof of Russia's involvement, but there's like 12 bright red shiny arrows saying "it was really probably this guy"[/B][/QUOTE] This line of thinking is dangerous and was why the 2014 Crimean crisis was allowed to unfold. Military perpetrators weren't "technically" identifiable as Russian but every single sign pointed to Russian involvement and there was an overwhelming amount of evidence that suggested it. If needing Russia to admit they're at fault is the only concrete evidence that will convince you then you may as well be waiting for the ocean to settle.

[QUOTE=catbarf;51631891]You're commenting on a national security issue involving classified sources, so unless you have a security clearance and access to primary sources there's going to have to be an element of trust involved. And I get being skeptical about that trust considering the source, and I get being skeptical of appeals to authority. I really do. But when you have multiple independent bodies, both governmental and non-governmental, all representing the same [i]overwhelming[/i] consensus, without any clear motive to lie, there has to come a point where accepting their conclusion is a default and distrusting their conclusion is what requires more justification. It's simply far more likely that they're telling the truth than that they're all colluding towards unclear goals.[/QUOTE] I just think that, with everything that has happened, maybe especially in 2016, you have to admit that people have reason to be increasingly skeptical of governments. The US government has lied before, and the relationship between USA and Russia is known to be strained and complicated. I personally do believe the claims, albeit with slight difficulty. But my point is that you should not expect someone who actually doesn't believe it to be even slightly convinced by an appeal to authority. The fact that this may involve classified information [I](still doesn't explain why the information found in the articles I posted aren't used more)[/I] is a huge issue to me, because this accusation is potentially historical and potentially affects permanently the relation between USA and Russia. So with that in mind, I feel that the evidence should be [I]clear[/I] and [I]indisputable[/I]. I'm not saying I expect them to release classified information to prove it, but it's an issue considering the climate of distrust we live in now. Just please remember that my main point with posting here is not to try to dispute the claims, but to make it clear that [I]people who are skeptical[/I] won't be won over by arguments that appeal to authority. So I'm hoping that people who read this will consider, when they encounter a real skeptic, using the information gathered by CrowdStrike and others instead. [QUOTE=1legmidget;51631904]Looking at the articles posted, what evidence do you have to suggest that these security analysts have come to the wrong conclusion?[/QUOTE] None, they are what convinced me when Isak posted them here. [QUOTE=WitheredGryphon;51632705]Now, I hope you can understand why releasing a full in-depth technical document on how a cyber attack conducted on the election process for an entire country isn't exactly a smart thing to do,[/QUOTE] Under the assumption that some of the information is compromising, then absolutely yes. But there should still be enough public evidence that the fact that it happened is indisputable. If that is not possible, then that is a problem because people will be justified in not believing it. [QUOTE=WitheredGryphon;51632705]I assure you that you're entirely wrong in the assumption that several agencies within the IC, with evidence, have not / cannot agree on this topic.[/QUOTE] What? Anyway, the rest of your post is great, thanks for that! [editline]6th January 2017[/editline] [QUOTE=.Isak.;51632793]Most of the information about the hacks is available from independent investigators. Even a few code analyses, all of which definitively say "this isn't small time script kiddie stuff," and most of which at the very least [I]suggest[/I] or otherwise [I]imply[/I] that the actions and code and tactics used reflect Russian intelligence operations.[/QUOTE] What would you say to the claim made by McAfee that this could simply be, while not [I]coded[/I] by a 'script kiddie', merely downloaded and employed by one? Is there any indication as to how sophisticated the on-going configuration and customization of the malware was? How possible would it actually be to download and employ APT29 and APT28 malware yourself?

[QUOTE=WitheredGryphon;51632802]This line of thinking is dangerous and was why the 2014 Crimean crisis was allowed to unfold. Military perpetrators weren't "technically" identifiable as Russian but every single sign pointed to Russian involvement and there was an overwhelming amount of evidence that suggested it. If needing Russia to admit they're at fault is the only concrete evidence that will convince you then you may as well be waiting for the ocean to settle.[/QUOTE] Totally agree, I'm convinced Russia was involved, they just take great care in obfuscating their involvement (both in the hacks and in Crimea), which makes it very difficult to get absolute, unquestionable proof of their involvement. It's effectively certain that they were behind the hacks, one of the reasons (other than ignorance) that people refuse to accept it is that there's no picture of Putin crouched over a laptop wearing a ski mask and a tracksuit. There's evidence, but there's no undeniable proof, and people won't abandon their preconceived positions unless there's explicit proof that can't reasonably be denied. That said, with the amount of evidence I've looked through (even though a lot of it is too technical and difficult to parse), I'm totally convinced. Some people won't be, to the point of being unreasonable, because they don't want to be wrong.

[QUOTE=Sherow_Xx;51632860]Under the assumption that some of the information is compromising, then absolutely yes. [B]But there should still be enough public evidence that the fact that it happened is indisputable.[/B] If that is not possible, then that is a problem because people will be justified in not believing it.[/quote] I'll lay out a scenario for you. Let's say they fully unclassified a document that detailed, with undeniable irrefutable evidence that the Russian government in fact hacked the election which resulted in Trump's eventual election. Now the media has picked this report up and spun it with their own title to sensationalize it even further, "Russian Government Successfully Elects Trump as Puppet President through Cyber Attack According to FBI" or something stupid like that. Just think of the kind of chaos and damage that would cause to the IC, to international relations, to the public (because the retaliation would not be pretty if that were the case), and to the government. Sometimes keeping information from people is what keeps the rest of the world safe. And letting people be justified in that belief is fine. Our president refusing to accept advice and information from one of the most powerful tools available to him is not. [QUOTE=Sherow_Xx;51632860]What? Anyway, the rest of your post is great, thanks for that![/QUOTE] I was referring to your point that regardless if the agencies agree you would have to trust that consensus they've come to even with indirect evidence. The fact that so many agencies agree on this subject should be a surefire sign from the get-go, so doubting that large consensus was confusing to me. [editline]Edited: [/editline] [QUOTE=Sherow_Xx;51632860]What would you say to the claim made by McAfee that this could simply be, while not [I]coded[/I] by a 'script kiddie', merely downloaded and employed by one? Is there any indication as to how sophisticated the on-going configuration and customization of the malware was? How possible would it actually be to download and employ APT29 and APT28 malware yourself?[/QUOTE] I think you have the misconception that APT-29 and APT-28 are malware. APT-29 and APT-28 employed malware themselves, but they are not malware. They are state sponsored groups / entities. Like I detailed in my post though, the obfuscation behind APT-28 ['s PHP shell] was unique and very rarely used which made it easier to tie back to its origins (someone may have identified the actual PHP shell used which I linked to the forum talking about it in that other post). The complexity of the attack in addition to its longevity is one of the key identifiers for APTs though, and given that these have been around for so long it's almost a certainty that they are not one single person.

Points taken, it's just frightening to know that something happened that the public cannot be trusted with knowing, for their own safety. [QUOTE=WitheredGryphon;51632921]I was referring to your point that regardless if the agencies agree you would have to trust that consensus they've come to even with indirect evidence. The fact that so many agencies agree on this subject should be a surefire sign from the get-go, so doubting that large consensus was confusing to me.[/QUOTE] Still not sure I get what you're saying in the first line. I said that it isn't impossible that they could merely be wrong, and that a wide consensus is an indirect measure of truth and therefore not as convincing as showing technical details. I agree that they have no reason to lie, and it would be an unrealistically huge conspiracy for all of them to follow along and an unlikely convenient coincidence that third party investigators happen to accidentally agree with the conspiracy or somehow be in on it. [QUOTE=WitheredGryphon;51632921]I think you have the misconception that APT-29 and APT-28 are malware. APT-29 and APT-28 employed malware themselves, but they are not malware. They are state sponsored groups / entities. Like I detailed in my post though, the obfuscation behind APT-28 ['s PHP shell] was unique and very rarely used which made it easier to tie back to its origins (someone may have identified the actual PHP shell used which I linked to the forum talking about it in that other post). The complexity of the attack in addition to its longevity is one of the key identifiers for APTs though, and given that these have been around for so long it's almost a certainty that they are not one single person.[/QUOTE] Thanks for this clarification! So are you saying that it would technically be feasible for a 'script kiddie' to obtain all the pieces that APT-29 or APT-28 use, but that it would be impossible to employ the pieces as efficiently and uniquely obfuscated as these groups have done?

[QUOTE=Sherow_Xx;51633029]Thanks for this clarification! So are you saying that it would technically be feasible for a 'script kiddie' to obtain all the pieces that APT-29 or APT-28 use, but that it would be impossible to employ the pieces as efficiently and uniquely obfuscated as these groups have done?[/QUOTE] Technically, yes. Both groups relied on spearphishing campaigns (targeted phishing campaigns with these two groups focusing on government organizations). You have to understand that APTs don't utilize stuff like Low Orbit Ion Cannon that a script kiddie can just download and use though. Both APT-28 and APT-29 compromised .org and .edu domains for their attacks. This image is probably the best way to describe it: [t]http://i.imgur.com/hCQXFZr.png[/t] APT-29 (top half) leveraged their domain to establish a secure connection to the party systems. Someone (at least one) from the party's end activated the malware from the compromised domain and the malware established a presence in the system through obfuscation and detection evasion (privilege escalation helped here). It then silently extracted emails, information, etc. from the party systems without being detected. APT-28 was similar to start with, utilizing a spearphishing campaign that redirected to a compromised domain. This tricked those caught by the phishing to change their passwords through a fake webmail form and harvested credentials to gain access to the party systems. They were then able to install malware as a RAT and navigate through the party servers to extract information as well. I don't know the specifics of what was used, but in the past APT-28 has utilized (from Wikipedia): [quote]ADVSTORESHELL, CHOPSTICK, JHUHUGIT, and XTunnel. Fancy Bear utilises a number of implants, including Foozer, WinIDS, X-Agent, X-Tunnel, Sofacy, and DownRange droppers.[/quote] This was in addition to the malware they crafted specifically for these campaigns. Both of these campaigns were executed on their own servers (hence the operational infrastructure) and allegedly were all routed through TOR exit nodes, though I don't know the validity of that. But the complexity of these attacks is so far beyond reach for a single person to avoid detection that a single script kiddie wouldn't ever be able to pull it off. Finally though, here's what the final process looks like for those curious: [t]https://upload.wikimedia.org/wikipedia/commons/0/08/APT28_APT29_Techniques_-_Malware.png[/t]

Sorry, you need to Log In to post a reply to this thread.