Author Topic: Russian interference  (Read 5218 times)

yossarian22c

  • Members
    • View Profile
Russian interference
« on: August 10, 2017, 10:49:36 PM »
There are two stories that I read recently that I think are reasonably informative to the Russia story line.

The first is an interview with the former CIA Moscow station chief.

http://www.npr.org/2017/08/08/542106975/cover-lifted-a-cia-spy-offers-his-take-on-trump-and-russia

Here is one highlight but the whole thing is worth a read and/or listen.
Quote
Hoffman's long experience observing Russian spies at work leads to a surprising conclusion about one of the most sensational revelations from last year's election: that Trump Tower meeting in June 2016. The one attended by Donald Trump Jr., Trump son-in-law Jared Kushner, campaign manager Paul Manafort — and Kremlin-connected Russians.

"To me," Hoffman says, "it pointed to a discoverable influence operation rather than some effort to establish a clandestine channel for collusion."

Both in NPR's interview and in an op-ed for The New York Times, Hoffman argues the meeting was meant to be discovered, that Putin deliberately left a trail of breadcrumbs from Trump Tower to the Kremlin.

And that the objective was simple: to soil the U.S. political process and undermine the credibility of the 2016 election.

Here is the second which shows some evidence of potential Russian hacking.
http://www.npr.org/2017/08/10/542634370/russian-cyberattack-targeted-elections-vendor-tied-to-voting-day-disruptions

There is no smoking gun here but some good circumstantial evidence. A vendor that had been targeted for hacking by Russia had their software malfunction in the most heavily Democratic county in the state of North Carolina. This was the voter role software, not the vote counting software but it did lead to some long delays for voting.


My personal opinion is that Trump didn't actively collude with the Russians during the campaign. However I do feel that he was their preferred candidate because of one or more of the following reasons. I'll give the reason and the likelihood I think it actually is real.
  • They felt he would be easy to manipulate on the world stage. (>90% confidence)
  • They felt he would alienate our allies in Europe, splitting the western alliance and making the former soviet satellites more susceptible to Russian influence. (>90% confidence)
  • They felt he may lift certain Russian sanctions (Magnitsky act). (~40% confidence)
  • They have knowledge of financial dealings by Trump or his family that may be embarrassing or potential illegal that they may be able to use to influence Trump. (<25% confidence)*
  • They have compromising photos of him with women other than his wife. (<5% confidence)

*http://www.npr.org/2017/07/28/539802914/businessman-paints-a-terrifying-and-complex-picture-of-putins-russia

TheDeamon

  • Members
    • View Profile
Re: Russian interference
« Reply #1 on: August 11, 2017, 12:33:08 PM »
The other side of this, if you bother to look, is there are strong indicators that the Clinton Campaign also had communications of their own with the Russian Government, or agents thereof, the group that provided the FBI with the infamous dossier on Trump being only one such example. (They had long standing ties going to high tiers of the Russian, and Venezuelan government)

Regardless of who won, "Russian interference" was going to be a buzzphrase tied in to the 2016 election campaign, if Hillary won, the Republicans would be screaming about it on Hillary's part.  The media's dislike for Trump just "turned things up to 11" on the noise scale on this issue.

Fenring

  • Members
    • View Profile
Re: Russian interference
« Reply #2 on: August 11, 2017, 12:38:52 PM »
I agree with TheDeamon. I was concerned about the Clintons' ties to Russia long before it was ever even mentioned in connection with Trump. Russia may well have been messing around behind the scenes but I have never believed that Trump colluded with Putin.

Crunch

  • Members
    • View Profile
Re: Russian interference
« Reply #3 on: August 11, 2017, 02:06:09 PM »
Quote
There was no hack of the Democratic National Committee’s system on July 5 last year—not by the Russians, not by anyone else. Hard science now demonstrates it was a leak—a download executed locally with a memory key or a similarly portable data-storage device. In short, it was an inside job by someone with access to the DNC’s system. This casts serious doubt on the initial “hack,” as alleged, that led to the very consequential publication of a large store of documents on WikiLeaks last summer.

The Key Event

July 5, 2016: In the early evening, Eastern Daylight Time, someone working in the EDT time zone with a computer directly connected to the DNC server or DNC Local Area Network, copied ,1,976 MegaBytes of data in 87 seconds onto an external storage device. That speed is much faster than what is physically possible with a hack.

It thus appears that the purported "hack" of the DNC by Guccifer 2.0 (the self-proclaimed WikiLeaks source) was not a hack by Russia or anyone else, but was rather a copy of DNC data onto an external storage device.
So probably not a hack but an internal leak by a DNC official with close physical access to the system.

Seriati

  • Members
    • View Profile
Re: Russian interference
« Reply #4 on: August 11, 2017, 03:50:28 PM »
Crunch, I assume you intended to provide a link as well.

LetterRip

  • Members
    • View Profile
Re: Russian interference
« Reply #5 on: August 11, 2017, 04:22:51 PM »
Crunch,

Your source knows nothing about computers apparently.  Most businesses easily have the network bandwidth for such a transfer, and a campaign office will have plenty of bandwidth for that speed.

This data was transfered at 181.701149 Mbps  (1,976 MB/87 seconds to Mbps)

For comparison, Verizon offers

500 Mbps home service, and it is possible to get multiple Gbps for businesses.

https://www.verizon.com/home/fios-fastest-internet/

When you have idiots that don't even have enough of a technology background to know what home internet speeds are available - you can safely ignore any of their claims.

For those interested, here is Crunch's 'source',

http://archive.is/uRabl

Crunch

  • Members
    • View Profile
Re: Russian interference
« Reply #6 on: August 11, 2017, 05:51:45 PM »
Crunch, I assume you intended to provide a link as well.

It come from a report by a groups called Veteran Intelligence Professionals for Sanity. I'm sure you can find them. They are also the group that called the intelligence leading up to the Iraq invasion as faulty.

Crunch

  • Members
    • View Profile
Re: Russian interference
« Reply #7 on: August 11, 2017, 05:53:42 PM »
Crunch,

Your source knows nothing about computers apparently.  Most businesses easily have the network bandwidth for such a transfer, and a campaign office will have plenty of bandwidth for that speed.

This data was transfered at 181.701149 Mbps  (1,976 MB/87 seconds to Mbps)

For comparison, Verizon offers

500 Mbps home service, and it is possible to get multiple Gbps for businesses.

https://www.verizon.com/home/fios-fastest-internet/

When you have idiots that don't even have enough of a technology background to know what home internet speeds are available - you can safely ignore any of their claims.

For those interested, here is Crunch's 'source',

http://archive.is/uRabl
That was not my source, thanks anyway.

You ever notice that everyone is dumb in your world?  If you believe the marketing hype on bandwidth speeds from Verizon, well, pot meet kettle.
Quote
Independent analyst Skip Folden, who retired after 25 years as the IBM Program Manager for Information Technology, US, who examined the recent forensic findings, is a co-author of this Memorandum.
Yeah, clearly someone that doesn't understand networking.  ::)

LetterRip

  • Members
    • View Profile
Re: Russian interference
« Reply #8 on: August 11, 2017, 06:53:28 PM »
They might not be 'your source' but they are the source that originated the claim.  so they are the source that your source is quoting or summarizing.

Quote
You ever notice that everyone is dumb in your world?  If you believe the marketing hype on bandwidth speeds from Verizon, well, pot meet kettle.

Actually most people in my world are smart; but you tend to find sources that don't know what they are talking about.

I don't care if you believe the 'marketing hype' of Verizon, it is immaterial.  They were just a convenient source to to show what is available with a consumer connection; a connection dramatically slower than what is available to businesses.  Anyone with even a slight clue about internet technology knows what the speeds are, and they are dramatically higher than what the source was claiming as being in excess of what was possible.

Quote
Yeah, clearly someone that doesn't understand networking.

There are variety of reasons he might have made a mistake - perhaps he misread; perhaps his knowledge is out of date; perhaps he was given the wrong data; perhaps he mistyped or did a calculation error.  Perhaps the paper lied about consulting him.  Perhaps he rubberstamped it without verifying anything; perhaps he only investigated other claims but failed to investigate that one - if you are interested find his email and ask.  All I know is that the source is blatantly wrong and their claims to have had someone check it doesn't change the fact of their wrongness.

A wrong expert is still wrong.

LetterRip

  • Members
    • View Profile
Re: Russian interference
« Reply #9 on: August 11, 2017, 07:34:33 PM »
For those interested,

essentially the arguement for the speed is that you can't get fast network speed from DC to Romania, especially over a VPN.

https://theforensicator.wordpress.com/2017/08/01/the-need-for-speed/

https://theforensicator.wordpress.com/guccifer-2-ngp-van-metadata-analysis/

His analysis ignores how hackers do this sort of thing - which is to compromise a local system, here is a typical scenario suggested in a comment playing devils advocate.

Quote
Russian hackers intent on staying undiscovered would not access the files directly or over a VPN, but rather compromise a system local (in a general sense) to where the attack end point exists. For example, by taking control of a machine (server or desktop) in a well connected office building they could achieve these speeds. It is not uncommon for a serious office to have OC-48 or even higher bandwidth. In the late 2000’s I worked in such a building. In the late 90’s at BBN I experienced this bandwidth as well. Add to this possibility that the attacker compromised a server in a colocation facility (think Equinix Dulles) that has massive amounts of bandwidth available. At those speeds you could clearly achieve the transfer rates discussed.

His conclusion also rests on particular transfer protocols being used and no parallelism being used (it assumes that the next file isn't started to send till the first file completes, and so the handshake protocols delay the start of the next file).
 
Anywho it is an interesting writeup, but as I said ignores hacker modus operandi and rests on quite questionable assumptions.

I don't think 'the forensicator' is 'skip holden' either.  Supposedly Skip wrote his own technical analysis but I've not seen it on the internet.

yossarian22c

  • Members
    • View Profile
Re: Russian interference
« Reply #10 on: August 11, 2017, 10:09:42 PM »
This data was transfered at 181.701149 Mbps  (1,976 MB/87 seconds to Mbps)

For reference, that is just over the speed (or right at the speed on good days) my laptop has connecting through a wireless network at my place of employment (through a vpn). I imagine that with a dedicated wired connection the internet at my office would exceed that in speed easily. So I don't see any reason why someone wouldn't be able to transfer at that speed out of a server designed to support a large campaign.

Crunch

  • Members
    • View Profile
Re: Russian interference
« Reply #11 on: August 12, 2017, 10:12:05 AM »
They might not be 'your source' but they are the source that originated the claim.  so they are the source that your source is quoting or summarizing.

Quote
You ever notice that everyone is dumb in your world?  If you believe the marketing hype on bandwidth speeds from Verizon, well, pot meet kettle.

Actually most people in my world are smart; but you tend to find sources that don't know what they are talking about.

I don't care if you believe the 'marketing hype' of Verizon, it is immaterial.  They were just a convenient source to to show what is available with a consumer connection; a connection dramatically slower than what is available to businesses.  Anyone with even a slight clue about internet technology knows what the speeds are, and they are dramatically higher than what the source was claiming as being in excess of what was possible.

Quote
Yeah, clearly someone that doesn't understand networking.

There are variety of reasons he might have made a mistake - perhaps he misread; perhaps his knowledge is out of date; perhaps he was given the wrong data; perhaps he mistyped or did a calculation error.  Perhaps the paper lied about consulting him.  Perhaps he rubberstamped it without verifying anything; perhaps he only investigated other claims but failed to investigate that one - if you are interested find his email and ask.  All I know is that the source is blatantly wrong and their claims to have had someone check it doesn't change the fact of their wrongness.

A wrong expert is still wrong.
I think you call anyome that disagrees with your opinions stupid or wrong, certainly that's your history. Being that you're a post factual kind of guy, it's not surprising you feel that way.

You use Verizon marketing data as proof of your opinion, get serious. Here's a thought to start with, bandwidth across the Atlantic and the latency involved.  Work your way from there and, for god's sake, stop pointing to marketing copy as technical proof.

Crunch

  • Members
    • View Profile
Re: Russian interference
« Reply #12 on: August 12, 2017, 10:20:51 AM »
Let's meet the stupid people:
Quote
The chief researchers active on the DNC case are four: William Binney, formerly the NSA’s technical director for world geopolitical and military analysis and designer of many agency programs now in use; Kirk Wiebe, formerly a senior analyst at the NSA’s SIGINT Automation Research Center; Edward Loomis, formerly technical director in the NSA’s Office of Signal Processing; and Ray McGovern, an intelligence analyst for nearly three decades and formerly chief of the CIA’s Soviet Foreign Policy Branch. Most of these men have decades of experience in matters concerning Russian intelligence and the related technologies.
What's more compelling, these guys or some Verizon marketing copy?

Crunch

  • Members
    • View Profile
Re: Russian interference
« Reply #13 on: August 12, 2017, 10:35:16 AM »
Also, a link. https://www.thenation.com/article/a-new-report-raises-big-questions-about-last-years-dnc-hack/

"The Nation is the oldest continuously published weekly magazine in the United States, and the most widely read weekly journal of liberal/progressive political and cultural news, opinion, and analysis."

Seriati

  • Members
    • View Profile
Re: Russian interference
« Reply #14 on: August 14, 2017, 09:09:38 AM »
Can you guys clarify something for me.  The original quote by Crunch, said what is possible via a hack, is that the same analysis, as you are implying, of the maximum theoretical connection speed?  I'm not savvy in this area, but I would have thought that hacks tried to remain on the downlow?  Is it routine that they do smash and grabs at the maximum speed?

TheDeamon

  • Members
    • View Profile
Re: Russian interference
« Reply #15 on: August 14, 2017, 10:33:07 AM »
Can you guys clarify something for me.  The original quote by Crunch, said what is possible via a hack, is that the same analysis, as you are implying, of the maximum theoretical connection speed?  I'm not savvy in this area, but I would have thought that hacks tried to remain on the downlow?  Is it routine that they do smash and grabs at the maximum speed?

Depends, ideally you'd try to leave no evidence so you could return later.

But if you're sure that either
1) You're going to be detected sooner rather than later. (return isn't a viable option)
or
2) What you're going to be doing to be doing with the data is going to trigger an audit resulting in #1 happening.

Then stealth is no longer warranted, and speed becomes the primary driver. Obtain as much as you can, as fast as you can, before they detect the breach and either shut it down, or find a way to track you.

Seriati

  • Members
    • View Profile
Re: Russian interference
« Reply #16 on: August 16, 2017, 10:57:27 AM »
In my view, this is the kind of article that should have started the Russian investigation, not shown up a year into the thing, but still a good read:

https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news&_r=0

LetterRip

  • Members
    • View Profile
Re: Russian interference
« Reply #17 on: August 16, 2017, 02:35:50 PM »
Can you guys clarify something for me.  The original quote by Crunch, said what is possible via a hack, is that the same analysis, as you are implying, of the maximum theoretical connection speed?  I'm not savvy in this area, but I would have thought that hacks tried to remain on the downlow?  Is it routine that they do smash and grabs at the maximum speed?

Seriati,

what (skilled) hackers do to hide their tracks is hack into a neighboring network with lower security that high traffic to wouldn't arouse suspicion.  Any IP address that looks like it is from Russia/Ukraine/etc. will set off red flags.  But if you hack into a local business that will have the same network neighborhood, it will look like normal traffic.  The hacked business will have a DC IP address range, and thus not arouse suspicion.

Some network monitoring tools do have monitors for traffic volume over time - but they tend to set off so many false positives that many admins shut them off.

Also as mentioned by TheDeamon - if you are going to trigger an audit - stealth isn't really as necessary.

Crunch,

none of those people listed appear to have backgrounds in relevant fields for discussing and analysing network hacking.  Just working at the NSA or in intelligence related fields doesn't provide any sort of expertise in this specific field. Unless they were part of the teams that do network penetration and exfiltration software - they are highly unlikely to have any relevant knowledge.  Indeed most of these people have titles that are management related, and may well not have any related skills or knowledge.

I've actually provided by far the strongest evidence consistent with your claims - although I also pointed out why that evidence was likely wrong based on the likely flawed assumptions needed to arrive at the conclusion - that was due to a lack of knowledge of how hackers actually work.

As to 'stupid people' - you can believe what you wish.  I only call out stupid comments which are easily refuted.  You want to go on living in fantasy land - feel free.  Calling them "idiots that don't even have enough of a technology background to know what home internet speeds are available" - was probably a bit unfair - but characterizing the statement as idiotic was completely fair.  The statement in the memo was an obviously wrong statement.  Now it appears that what was stated in the memo was a wrong summary of a thoughtful analysis that was in turn based on flawed assumptions.

It could be that
1) they didn't read the summary and thus didn't realize it was wrong
2) they misunderstood the analysis
3) they knew that the summary was wrong but felt that their target audience wasn't bright enough to understand the truth so knowingly submitted a wrong summary

Also they presumably weren't aware of the flawed assumptions needed for the analysis to be correct (that highly skilled hackers would use a VPN from the Ukraine to directly connect to and hack the DNC - something that would 'trigger alarm bells' on most networks; rather than the actual modus operandi of hackers - to hack a local target in the 'neighborhood' so that the traffic looks 'normal' and wouldn't arouse suspicion or trigger network intrusion detection systems).

Also it appears they are taking credit for the analysis done by the source that I provided, in addition to not understanding it.
« Last Edit: August 16, 2017, 02:38:49 PM by LetterRip »