Amerika

Over at Buzzfeed, Sheera Frankel makes the case that Russia launched a cyberattack on the DNC:

In their June 14 report, CrowdStrike found that not only was Fancy Bear in the DNC system, but that another group linked to Russia known as Cozy Bear, or APT 29, had also hacked into the DNC and was lurking in the system, collecting information. The report stated, “Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.”

…Making those emails public, say cybersecurity experts and US intelligence officials, is what shifted the hack from another Russian cyber-espionage operation to a game changer in the long-simmering US–Russia cyberwar. Using the well-established WikiLeaks platform, as well as newly invented figureheads, ensured that the leaked emails got maximum exposure.

I suggest caution with these results. First, that a group operates from within Russia and with the apparent approval of the government is nothing new; Russians have been hacking their way through American corporations for years while avoiding prosecution. It is functionally impossible to tell the difference between a group started by the government, and a group that paid the right bribes.

Notice that the group names are assigned by Western researchers based on conjecture, not actual knowledge of their origins or their presumed connection to the GRU.

Further, this article is a bit of a farce regarding hacking technique. Phishing is less of a targeted attack on a subject than a way of casting a wide net; hackers send out phishing emails to millions, and then when some respond, use those credentials to find credit card numbers and the like.

Notice that the article does not tell us the key factor here: how many emails were sent. If the group sent only forty emails to the DNC, that is a targeted attack. If they sent 40 million emails to dozens of corporations and non-profit entities, then this was just a casting of the net to see who they could snare.

Guccifer 2.0 is mentioned, with the knowledge omitted that this hacker has targeted other sites seemingly randomly. At least one researcher believes Guccifer 2.0 is a clearinghouse or reseller who is not connected to the original hack.

As usual with our media, this article makes a convincing case of proving the data that it has set out to prove. The real problem is all of what is not mentioned or considered, and whether that “proves” that these were Russian state actors. Among other things, it is unlikely that official Russian state hackers would use Russian IPs, since they could easily set up anonymous repeaters in other nations.

Most interesting is that Guccifer 1.0, a Romanian Jew named Marcel Lehel Lazar, also claimed a DNC hack. Now facing legal troubles, he has vanished from the scene after hacking a half-dozen corporations in addition to the DNC. Whether Guccifer 2.0 is merely releasing Guccifer 1.0’s docs remains a question of importance.

Also, as the BBC article notes:

Attribution, the experts say, is always difficult. Translated, this means nobody knows who to blame. One of the first lessons that any competent hacker or hacktivist learns is how to cover their tracks and how to use proxies, encryption and other techniques to obscure who they are and from where they are operating.

…However, the DNC hack does not share some of the characteristics of other hacktivist attacks. Politically motivated hackers tend to release documents as soon as they get hold of them because they want to embarrass the target. By contrast, state-sponsored hackers are much more likely to lurk inside a network for months and slowly steal data over time.

In other words, the current media fixation on attributing the hack to Russia is guesswork based on the date of release of the documents. This further casts doubt on the assessment that Russia was behind it. It is also possible that these docs were merely purchased as then passed along, and that the Fancy Bear hack was more of what we have come to expect from Russia, which is random phishing attacks looking for credit cards and bank accounts to steal.

Another possibility worth considering is that there is a smokescreen being erected by these groups to protect a source. Last week, the Clinton Foundation denied that a hack had taken place:

“No evidence of a #Guccifer hack,” Foundation president Donna E. Shalala tweeted today.

…In his blog post, Guccifer 2.0 gave Assange and Wikileaks a special shout-out. “I’m pleased to congratulate Wikileaks on their 10th anniversary!!! Julian, you are really cool! Stay safe and sound!”

This whole situation seems entirely odd because so little is known and so many conflicting statements are made. What was described as a “hack” looks more like four employees giving up their email passwords. Then the question is whether they did so because they were selected out of thousands, or if they selected themselves by responding to emails sent to millions.

Either way, the evidence is too thin for a rush to war — or even censorship of Pravda International — at this time.

Tags: clinton foundation, cyberwar, dnc, guccifer 1.0, guccifer 2.0, hacking, hillary clinton, russia, russia today