Ex-CIA Agent on Report Tying Russia to Election Hacking: Absolutely No Evidence
December 30, 2016 <http://www.thedailysheeple.com/ex-cia-agent-on-report-tying-russia-to-elect ion-hacking-absolutely-no-evidence_122016> by Carey Wedler On Thursday, the FBI and Department of Homeland Security released a joint analysis <https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296.pdf> report addressing persistent allegations that the Russian government hacked the U.S. election. Though, as the White House fact sheet asserts, the report largely consists of tips to improve cyber security and prevent future attacks, it also appears to cite evidence Russian Intelligence Services (RIS) actively attempted to hack into U.S. systems, a campaign the government has named GRIZZLY STEPPE. But as the media runs with the story and many outlets accept the 13-page report as fact, veterans of the intelligence community have pointed out flaws with the FBI-DHS analysis. According to Philip Giraldi <http://www.huffingtonpost.com/author/philip-giraldi> , a former CIA agent, the report fails to prove Russia is behind the hack. In a recent Facebook post <https://www.facebook.com/photo.php?fbid=10211513018482795&set=a.10207471427 285541.1073741826.1284085361&type=3&theater> , he asserted that apart from assertions of Russian activity connected to an unnamed political party, [the report] provides absolutely no evidence that the alleged intrusions into the DNC servers were anything beyond normal intelligence agency probing for vulnerabilities. In fact, he adds, it doesnt even provide the evidence for that. Further, he argues: There is no evidence of particular mal-intent that can be traced back to the Russian government, much less to Vladimir Putin. Nine of the thirteen pages of the report deal with advice on how to keep your system from being hacked. Robert M. Lee, a former U.S. Air Force Cyber Warfare Operations Officer and founder and CEO of cyber security firm Dragos <http://dragos.com/> , explains the report is confusing because it states early on that its intention is to aid defenders of the U.S. However, the report makes a point of declaring RIS guilty, veering away from the stated public service goals. Lee highlights <http://www.robertmlee.org/critiques-of-the-dhsfbis-grizzly-steppe-report/> this convolution, highlighting two alleged groups included in the report: The public is looking for evidence of the attribution, the White House and the DHS/FBI clearly laid out that this report is meant for network defense, and then the entire discussion in the document is on how the DHS/FBI confirms that APT28 and APT29 are RIS groups that compromised a political party. But thats not the only problem. As Lee points out, the report notes the FBI has previously refrained from naming specific actors in joint analysis reports but does so for the purposes of this investigation, claiming they can confirm indicators of an attack from private sector attribution. Yet the GRIZZLY STEPPE report <https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZ ZLY%20STEPPE-2016-1229.pdf> reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence, Lee writes. Jeffrey Carr, a cybersecurity consultant and author of Inside Cyber Warfare, has bluntly rejected <https://medium.com/@jeffreycarr/fbi-dhs-joint-analysis-report-a-fatally-fla wed-effort-b6a98fafe2fa#.98f5kmh84> the allegations contained in the report: It merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists. In contrast, Lee shies away from fully disregarding the report, issuing a thank you to the government operators who did fantastic work and tried their best to push out the best information. But he also has words for those who conducted the sanitation of that information and the report writing. Addressing the reports list of alleged RIS groups, Lee points out that the list contains both the names of hacking campaigns and types of malware. He explains the list of reported RIS names includes relevant and specific names such as campaign names, more general and often unrelated malware family names, and extremely broad and non-descriptive classification of capabilities. This, like the reports jumbled intentions, confuses the data. Lee explains: It was a mixing of data types that didnt meet any objective in the report and only added confusion as to whether the DHS/FBI knows what they are doing or if they are instead just telling teams in the government contribute anything you have that has been affiliated with Russian activity. Lee also criticized the report for its failure to distinguish between data gleaned from the private sector versus the public sector, noting these different types of intelligence bear different confidence ratings. [A]lways tell people where you got your data, separate it from your own data which you have a higher confidence level in having observed first hand, and if you are using other peoples campaign names, data, analysis, etc. explain why so that analysts can do something with it instead of treating it as random situational awareness, he advises. He also tackles the IP addresses listed in the report, noting many (30%+) of these IP addresses are mostly useless as they are VPS, TOR exit nodes, proxies, and other non-descriptive internet traffic sites. He explains that in order for the addresses to be valid indicators of an attack, they must contain information around timing. I.e. when were these IP addresses associated with the malware or campaign and when were they in active usage. The report does not include this information. In the same vein, Lee notes that while the report does contain examples of 30 malicious files, all but two have the same problems as the IP addresses in that there isnt appropriate context as to what most of them are related to and when they were leveraged. Other experts had more general critiques of the report. John McAfee, founder of the well-known McAfee anti-virus software and former Libertarian Party presidential candidate argued <https://www.rt.com/usa/372219-larry-king-mcafee-cybersecurity/> that hackers from countries besides Russia could have intentionally made the attack appear Russian. If I was the Chinese and I wanted to make it look like the Russians did it, I would use Russian language within the code, I would use Russian techniques of breaking into the organization, McAfee said. He added that there simply is no way to assign a source for any attack. At least one journalist, Rolling Stones Matt Taibbi, pointed out <http://www.rollingstone.com/politics/features/something-about-this-russia-s tory-stinks-w458439> a similar problem. Though he acknowledges Grizzly Steppe is a sexy name, he notes we dont learn much at all about what led our government to determine a) that these hacks were directed by the Russian government, or b) they were undertaken with the aim of influencing the election, and in particular to help elect Donald Trump. In spite of this pushback from seasoned members of the intelligence community and the award-winning <http://www.hillmanfoundation.org/sidney-awards/matt-taibbi> journalist, media outlets that have parroted <https://www.theguardian.com/technology/2016/dec/29/fbi-dhs-russian-hacking- report> the Russia did it narrative continued to do so with the recent report. Taibbi pointed out that the New York Times headline <http://www.nytimes.com/2016/12/29/us/politics/russia-election-hacking-sanct ions.html> for the story treated the report as fact. Obama Strikes Back at Russia for Election Hacking, it read, though Taibbi did note some outlets were careful to walk the line, using Obama says <http://www.cnbc.com/2016/12/29/malicious-cyber-activity-has-happend-in-prev ious-us-elections-obama-said.html> formulations in their headlines. Ultimately, he observes problems with media outlets simply repeating the statements of government institutions and agents: The problem with this story is that, like the Iraq-WMD mess, it takes place in the middle of a highly politicized environment during which the motives of all the relevant actors are suspect. Nothing quite adds up. He also doubts the existence of substantial evidence implicating Russia: If the American security agencies had smoking-gun evidence that the Russians had an organized campaign to derail the U.S. presidential election and deliver the White House to Trump, then expelling a few dozen diplomats after the election seems like an oddly weak and ill-timed response. Voices in both parties are saying this now. Similarly, Carr noted: If the White House had unclassified evidence that tied officials in the Russian government to the DNC attack, they would have presented it by now. The fact that they didnt means either that the evidence doesnt exist or that it is classified. Of course, the opinions of experts do not wholly disprove the theory Russia hacked the election, and detailed evidence is expected <http://thehill.com/policy/national-security/312132-fbi-dhs-release-report-o n-russia-hacking> to be presented in a report to Congress before President-elect Donald Trump takes office. As Taibbi bluntly asserts, I have no problem believing that Vladimir Putin tried to influence the American election. Hes gangster-spook-scum of the lowest order and capable of anything. Similarly, Graham Cluley, a cyber security expert based in the U.K., wrote in a blog post <https://www.grahamcluley.com/russia-united-states-election-hacking/> that he believes Russia was likely behind the attack. But as even he notes, whats to say that that Russian server isnt itself under the control of hackers in an entirely different country who are covering their tracks? Its hard to put a water-tight case together unless you have the boots-on-the-ground willing assistance of local law enforcement to properly investigate if an overseas computer is itself acting as a proxy for someone else or not. EM On the 49th Parallel Thé Mulindwas Communication Group "With Yoweri Museveni, Ssabassajja and Dr. Kiiza Besigye, Uganda is in anarchy" Kuungana Mulindwa Mawasiliano Kikundi "Pamoja na Yoweri Museveni, Ssabassajja na Dk. Kiiza Besigye, Uganda ni katika machafuko"
_______________________________________________ Ugandanet mailing list [email protected] http://kym.net/mailman/listinfo/ugandanet UGANDANET is generously hosted by INFOCOM http://www.infocom.co.ug/ All Archives can be found at http://www.mail-archive.com/[email protected]/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
