top | item 13349903

Ask HN: Do you believe the Russia hacking story?

60 points| apeace | 9 years ago | reply

I'm interested to hear from security experts: have you seen any evidence of the claims in the media? From a technical perspective, do you believe that 1) Russia hacked the DNC and John Podesta, and 2) Russia provided exfiltrated data to WikiLeaks and under the pseudonym "Guccifer 2.0"?

Keep this on-topic for HN: what are the technical arguments being made that attribute these acts to the same attacker, and what are the technical arguments being made that the attacker is related to the Russian government?

I'm surprised that the tech community hasn't been more vocal in demanding evidence for these claims. In 2010, Bruce Schneier was skeptical of claims that Stuxnet was created by the U.S., or even targeted a specific nuclear enrichment facility[0]. Of course, he later agreed that evidence showed it had targeted the Natanz plant[1]. This is the skeptical and scientific approach I expect from the tech community. Am I missing something the rest of the community has seen?

[0] https://www.schneier.com/blog/archives/2010/10/stuxnet.html

[1] https://www.schneier.com/blog/archives/2012/02/another_piece_o.html

37 comments

[+] ENOTTY|9 years ago|reply

With regard to your first part of your first contention, that Russia hacked the DNC, read the Crowdstrike report[1]. That will contain the most technical indicators publicly revealed.

The second part, that Russia hacked John Podesta, is summarized mostly in these analyses.[2][3] Basically some actor used a single bitly account to create nearly 10,000 bitly links to sites that were obvious phishing domains for Google logins. Many of these links targeted people who only Russia would be interested in, for example, investigators of the MH17 shootdown, journalists and academics with a Russia focus, and organizations in the former Soviet states and Europe. Some of these domains were also linked to other campaigns known to be linked to APT28 or 29 (i.e., Russia).

Your second contention, that Russia provided exfiltrated data to Wikileaks, seems to rely mostly on classified intelligence. All the public evidence is circumstantial. Up to you to believe it or not.

[1]: https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...

[2]: https://www.secureworks.com/research/threat-group-4127-targe...

[3]: https://www.threatconnect.com/blog/russia-hacks-bellingcat-m...

[+] bjourne|9 years ago|reply

Read FireEye's reports about APT28 and APT29:

    http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf
    https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf

They are finding various correlations, such as Russian language settings, compile timestamps matching Russian work days, malware activity ceasing on Russian holidays...

As a software developer, I can say that this "feels" par for the course for software developed in large organizations. Software that does it's job but obvious things, such as not realizing the developers workstation's locale names are being added to the binary, is forgotten.

Note also that the accusations against Russia hacking the DNC aren't coming out of the blue. The same evidence was there already in July when the emails were published by WikiLeaks. It wasn't until after the election that pundits started to believe something other than Russia was behind the hack.

[+] avenoir|9 years ago|reply

> APT28 had consistently compiled Russian language settings into their malware. The second was that malware compile times from 2007 to 2014 corresponded to normal business hours in the UTC + 4 time zone, which includes major Russian cities such as Moscow and St. Petersburg.

You'd think that a state-sponsored attack would be a little less careless. This seems like a rookie give-away and makes me wonder if this is made to look like Russia instead of being Russia. When I think of a state-sponsored attack, I automatically envision something in the realm of Stuxnet in terms of quality and the level of sophistication.

[+] exwebtina|9 years ago|reply

Correlation doesn't imply causation. https://en.wikipedia.org/wiki/Correlation_does_not_imply_cau... The question is about technical specs.

[+] pingswept|9 years ago|reply

I scanned through the 25-page unclassified report released a couple of days ago. I found no technical details, which I'm afraid means that the question devolves to whether you trust the FBI, CIA, and the NSA, (plus the non-technical arguments about Putin's motivations in the report, which I found reasonably compelling).

It seems to me that it would be difficult to get all three agencies to agree that Russia was behind the DNC email hack if that weren't true, so I suspect it's probably true, but not with great certainty.

[+] phkahler|9 years ago|reply

That lack of technical details is pretty much all I need to hear. The whole thing smells of politics. The media have certainly been trying to conflate all of it in an attempt to make people think Trumps victory is invalid - and even worse, a plot by Putin.

[+] wodencafe|9 years ago|reply

If this is true, I really have to wonder why there is no evidence of this. Gov't already had their chance to release evidence in their 25 page JAR report, but after reading it, I found 0 evidence of Russia being responsible for the DNC hack.

[+] alistproducer2|9 years ago|reply

Watching so-called "liberals" defending the CIA is really the icing on the cake for the last 8 years. The tribalism in this country transcends principles. As long as your team is the one winning, it doesn't matter what it does. If your team is losing, no alliance is too strange, no principle is too important to be cast aside in pursuit of destroying the enemy.

Do I like Donold Trump? Not a chance. Does my dislike of Trump make me more conducive to believe spies and spooks more than I did before November? Not really.

[+] stinkytaco|9 years ago|reply

I think you are creating a strawman. One does not have to approve of the CIA to think that they are correct. Indeed, if one believes the CIA and NSA are adept at collecting intelligence on the American people, it follows that they might also be good at collecting it on Russia. There does not have to be an "alliance" to agree on established facts.

Indeed, I would argue that your point that if one disproves of CIA tactics that everything the CIA says or asserts is now somehow in question is probably more "tribalistic" than viewing data and agreeing on facts. That smacks of conspiracy theory.

Whether or not this makes any of this true is another story, but tribalism is a bad response.

[+] setra|9 years ago|reply

Watching various media outlets they tend to say something along the lines of: "Russia hacked the election!". Reporting on the hack of the DNC / Podesta, followed by saying that Russia attempted to influence the US election. Both of which are documented and true events. However they attempt to conflate the two in presentation into the literal "Russia hacked John Podesta and Clinton to help Trump". Which is not justified from the limited amount of information available. Similarly they will talk about voting machine hacks, followed by Russia's attempted influence, and in presentation giving you the impression that "Russia hacked US voting machines".

[+] morganvachon|9 years ago|reply

I think the first (Russia hacked to install Trump) is more likely than the second (Russia successfully hacked US voting machines). I draw this conclusion only because of things I had noticed long before the hacks came to light, mostly Trump's ambiguity regarding his relationship with Putin and Russia from a business point of view. It didn't help his position when he started appointing Russia-friendly cabinet members.

Still, I don't think you can draw a direct line from Trump to Putin regarding the hacks themselves; in other words, Trump didn't order the attacks, he just reaped the benefits.

[+] tyingq|9 years ago|reply

The hack was cheap, low-tech phishing and social engineering. Almost anyone could have sponsored it. That makes it difficult to attribute to anyone in particular.

[+] rweba|9 years ago|reply

There are 3 possibilities:

1) Russia hacked the election

2) Russia did not hack the election but the intelligence community wrongly believes they did

3) Russia did not hack the election and the intelligence agencies don't believe they did but have decided to lie to the American people for their own reasons.

Some of the reasons to believe they did:

[1] They had the motivation

[2] They have the capability

[3] They have done similar attacks in the past (as has the US)

[4] Russian linked hacking groups like Fancy Bear have been tied to the attacks

[5] The choice of targets and leaked information appeared to benefit Russia.

I think there is enough evidence to point to Russia hacking as the most probable explanation.

[+] droithomme|9 years ago|reply

The Podesta emails were acquired by someone who downloaded them from gmail after Podesta voluntarily gave his password in response to a standard mass phishing email that many other people got as well. I don't think this is reasonably called hacking, it's more social engineering or scamming. It also doesn't seem to be spear phishing (a targetted attack) given that large numbers of people got the same emails.

Wikileaks says the DNC leaks were given to them personally by an insider. This is not a hack either.

Did foreign state intelligence services hack or try to hack servers of political operations in the US? Undoubtedly. That's their job and we've seen that there's not a lot of sense or security awareness by a lot of politicians, so it's likely a lot gets through.

Did foreign states give the info to Wikileaks? There's no evidence of that, and there's evidence from those who are in a position to know, such as Wikileaks, to the contrary.

[+] joatmon-snoo|9 years ago|reply

> I don't think this is reasonably called hacking, it's more social engineering or scamming.

The vector doesn't matter.

The mark of sophistication is not that they use highly technical vectors, but that they know how to use their toolbox, and social engineering remains one of the most powerful tools in there.

Data was still exfiltrated without consent. That's hacking.

[+] captainmuon|9 years ago|reply

Is there hard proof though that the Podesta leak was just a mass fishing by-catch and it was nothing else? It would be trivial for a hacker to place false emails as a red herring.

What I find more interesting than the origin of the leaks is that almost nobody is talking about their content. Little in the US, almost not at all internationally. The only reporting about the Podesta leaks I noticed was that they occurred, and that some people described as cranks were discussing them on reddit - but at least in Germany no discussion of the contents, and in US media not much more. Same for the DNC leaks. The "pied piper" memo, where Democrats were hoping Trump would win the primaries... And how they tried to undermine Sanders - how did that not cause more outrage?

[+] artursapek|9 years ago|reply

I understand why Wikileaks refuses to announce their sources, but I really wish they would in this case. I would love to see the shake-up if they were to show proof that the DNC leaks were provided by the late Seth Rich[1], for instance.

[1] https://en.wikipedia.org/wiki/Murder_of_Seth_Rich

[+] petermcd|9 years ago|reply

Researchers traced the phishing link back to a bitly account that wasn't password protected. When they saw the other links in the account, they were able to decode the email address each link corresponded to. This unveiled that gaining access to Podesta's emails was part of a coordinated attack against the Clinton campaign. See http://motherboard.vice.com/read/how-hackers-broke-into-john...

The second question is one of attribution (i.e. "Who did it?"). That's harder. I believe it was the Russians, but that's based more on faith in the U.S. and British intelligence services getting this one right than a smoking gun linking back to the Kremlin.

[+] unknown|9 years ago|reply

[deleted]

[+] wonderflpancake|9 years ago|reply

EXECUTIVE SUMMARY: Trump had RT and Fox News. Clinton had MSNBC, CNN, Politico, NY Times, Washington Post, and most other MSM.

The whole report sounds so whiney and political. It reminds me of the evergoing effort by the left to dismiss Fox News (or flip the tables, its the same thing). Its an admission that the news that got out, justly or unjustly, wasn't the news they wanted to get out.

The media still purposely confuses the story. It was never about voter machine/count hacking. It was about narrative and whether or not the leaks changed hearts and minds.

[+] unknown|9 years ago|reply

[deleted]

[+] 3131s|9 years ago|reply

I'm not inclined to trust the US government, but more importantly it seems like the focus on Russia is a distraction (whether or not Russia is responsible). What's important is the content of those emails.

[+] unknown|9 years ago|reply

[deleted]

[+] mcphage|9 years ago|reply

You should read up on the history of political primaries. The majority of our history, the parties chose the candidate outright. Now we have a mixed system, with some electors chosen by open voting and some by party leadership. The idea that the party having an opinion and influence on the candidate selection undermining democracy is deeply ignorant of our history.

[+] unknown|9 years ago|reply

[deleted]

[+] wickedOne|9 years ago|reply

you might want to take this to reddit or any other playground...

[+] kapauldo|9 years ago|reply

This is a bizarre question. It's tantamount to asking "do you think the fbi and cia lied to the american people?"

[+] ticviking|9 years ago|reply

When you put it that way...

What about Iraq? Or MKUltra, or Iran-Contra?

That does not mean they lied this time, but that context makes this question less bizarre than many seem to think

[+] bigmanwalter|9 years ago|reply

Well, we know they're constantly lying by omission. Is it such a stretch to believe they'd actively lie as well?

[+] mark-r|9 years ago|reply

Not so much lie as be mistaken. There's a lot of groupthink in these agencies. Remember WMD?

[+] AndrewKahr|9 years ago|reply

I think the U.S is very behind when it comes to cybersecurity. We are throwing kids who are talented into prison and giving them felonies at a young age because the U.S does not understand them. If they get a felony for minor drug possession or messing around online as a teen, they have this negative feeling towards law enforcment and choose private sector.

But hey, isn't the private sector the new law enforcement? I recall the FBI not even requesting the DNC server for forensic analysis, we just passed it off to a 3rd party. https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for...