Russian Code

Not being a programmer myself, I'm puzzled as to why this document fingering Russian hackers doesn't explain how they can conclude that this was indeed the Russian Spy Agencies: Grizzly Steppe

After a summary, pages 1-4 of the report details how the hack took place. Page 5 shows us the incriminating code, with no explanation about why this code is Russian. And page 6- 13 is focused on recommendations for improving security on networks.

Again... "Why is this evidence Russian Code?"

I'm sure I'm not the only one pointing this out, but the lack of journalism on this matter is pathetic as the mainstream runs with the story.

Share
up
0 users have voted.

Comments

CB's picture

The following is what $50 billion dollars/year worth of "Intelligence" gets you:

Report on ‘Russian hacking’ offers disclaimers, barely mentions Russia
“The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.”
“activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the US government and its citizens.”

In addition to CozyBear and FancyBear, the 13-page report includes a list of more ridiculous names for alleged Russian hacker groups, such as CakeDuke, CrouchingYeti, Energetic Bear, EVILTOSS, OLDBAIT, and SEADADDY.

The second half of the report is focused on mitigation strategies, from backing up one’s data and changing passwords to information-sharing with the government and giving Homeland Security access to networks for “voluntary assessments” of vulnerabilities.

An appendix to the report lists hundreds of IP addresses and code the authors say are “used by Russian civilian and military intelligence services.” While some of the addresses are in Russia, others are in the US, and none of the data actually points to Russian involvement.

The US is getting ripped off. I could hire three teenage hackers for a large pizza and a dozen cokes to do the same hack.

up
0 users have voted.
Oldest Son Of A Sailor's picture

But... But... But...

Here is WordFence Security's Analysis on the subject.

I use WordFence Security on some of my WordPress sites, it is an excellent security plugin.
I was about to do a quick essay when I saw Dark Knight had published...

“The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.”
https://www.dhs.gov/news/2016/10/07/joint-statement-department-homeland-...

“This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The report contains specific indicators of compromise, including IP addresses and a PHP malware sample.”
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Mal...

This is the kind of web shell that we see all the time in our day-to-day forensic operations. It includes the following basic features:

  • File browser/explorer
  • File search function
  • A database client to download the contents of a hacked site database
  • Network tools including a port scanner and the ability to bind a service to a port
  • A tool to brute force attack passwords on FTP and POP3 services.
  • A command line client to run arbitrary operating system commands
  • A utility to view server configuration info

By viewing the source code, we could find the name of the malware and the version. It is P.A.S. 3.1.0.

We googled it and found a website that makes this malware. You can find the site at this address: http://profexer.name/pas/download.php

Screen Shot 2016-12-30 at 1.03.07 PM.png
https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

Analysis of the IP addresses provided by DHS and DNI

DHS provided us with 876 IP addresses as part of the package of indicators of compromise. Lets look at where they are located. The chart below shows the distribution of IP addresses by country...

Screen Shot 2016-12-30 at 1.12.03 PM.png

...Out of the 876 IP addresses that DHS provided, 134 or about 15% are Tor exit nodes, based on a reverse DNS lookup that we did on each IP address. These are anonymous gateways that are used by anyone using the Tor anonymous browsing service...
https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

Conclusion regarding IP address data

What we’re seeing in this IP data is a wide range of countries and hosting providers. 15% of the IP addresses are Tor exit nodes. These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.

Overall Conclusion

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

You can find a public repository containing the data used in this report on github.
https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

Yep! Positive Proof the Russians Did It!
Sanctions and Let's Get Ready For War! /Snark

Lets hope that Trump can end this madness...
We know for sure the Hillary "The Mad Bomber" Clinton wouldn't and indicators of this baseless accusation point squarely back to her and her campaign...

up
0 users have voted.
"Do you realize the responsibility I carry?
I'm the only person standing between Richard Nixon and the White House."

~John F. Kennedy~
Economic: -9.13, Social: -7.28,
Dark Knight's picture

This is worth an essay of its own to help explain things.

Thank you!

up
0 users have voted.
Oldest Son Of A Sailor's picture

Spend some time over the weekend rather than a quick one...

up
0 users have voted.
"Do you realize the responsibility I carry?
I'm the only person standing between Richard Nixon and the White House."

~John F. Kennedy~
Economic: -9.13, Social: -7.28,

The comments were interesting. There were comments. There were people who believe the Russians did it, but in asserting that, had to perform gymnastic leaps of logic, or perform acts of faith.

up
0 users have voted.

Any server left insecure, as the DNC servers where, WILL be hacked, if it wasn't the russians, it would have been the chinese, if not the chinese then some teenager in his/her parents basement.

Not to say that hackers shouldnt be prosecuted when possible, its just that much more of the blame lies with whoever setup the hacked server. And the hacker can rarely be prosecuted, 99.9% they are either not in the US's jurisdiction, or if they are won't be found regardless.

Any server on the internet is a continuing task, requiring continual monitoring and maintenance. firewalls, intrusion detection, software, monitoring security updates for all their server software, ensuring updates are installed. More computers are hacked using known security problems then unknown ones because people haven't updated their computers, and given the software that is alleged to have been used then this is the case with the DNC servers.

And an organization such as the DNC shouldn't be using email in the first place for most of their communications, email, or smtp protocol even with encryption is hideously insecure, due to emails design to work across different types of networks, In this case I mean something more basic Email works on networks that are not based on Internet Protocol(IP), and is designed to allow messages to be proxyed across multiple different networks, In effect its impossible to maintain authoritative control of ANY message sent out of the email system, or obtain authoritative control over ANY message sent in.

Alternative secure message exchange protocols, or Email that only works internally with white listed servers that also use client SSL certificates are an absolute must.

Further an organization like the DNC should probably run their own root Certificate authority, as they should NEVER trust any third party, even organizations such as Verisign should not be trusted.

Client devices that access messages need to also be controlled, intentionally using client software that does not store messages locally, even a cached message is a security risk, Older messages should automatically be removed and archived as to limit the scope of a co-promised client devices leak. Client devices should as well use Client SSL certificates, that can be revoked at a moments notice.

If I was the DNC, well I would be suspecting inside job, not russian hacking, but If I where them, I would start with firing the entire IT staff, firing ALL IT contractors, The rebuilding the IT infrastructure from the ground up. They have had compromised servers, they need to move on the assumption that NONE of their servers can be trusted.

Honestly the DNC's non-chalant attitude towards IT is one of the things I find to be really disturbing.

up
0 users have voted.

I didn't read the attachments, so maybe the evidence is in there, but that document didn't have evidence of anything. For starters, with the exception of a few sprinkled sentences, what is described is an observed pattern of behavior, not a description of the intrusion. Which also happens to be just a general description of how hacking is often done, its not a signature. For example, this sentence

This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the
U.S. government and its citizens. These cyber operations have included

... If you read it carefully, that's how a lot of the document is worded - allowing the reader to jump to the conclusion that behaviors observed over time are the ones being described in this incident.

I also didn't see anywhere that apt28/29 is linked to the Russians, other than the US government confirms it.

The whole thing reeks of obfuscation. If I'm writing this and trying to convince a non-technical audience, I'd be a lot more specific with things like
a) this is how hacking is often done
b) this is what we've observed from this actor in the past
c) this is what makes the actions we've observed in the past distinguishable and unique - a "signature"
d) this is what we observed in this instance
e) point out what matches c) above
f) therefore....the actor is guilty
and further
g) this is how we know the actor is Russian

I saw a lot of a) and b) indistinguishable, and used interchangeably, with d). I didn't see anything c) or e) or g)
Maybe all that is in the attachments, I don't know, I guess I should read them.

up
0 users have voted.
Alex Ocana's picture

evidence putin hacked.jpg

From the Hamosh Warez Group where you can get Faith Osmosis Porn Nanny Software complete with a keygen for free Smile

up
0 users have voted.

From the Light House.

"Might as well say Bigfoot did it."

up
0 users have voted.
Oldest Son Of A Sailor's picture

With Flimsy Evidence at best...

up
0 users have voted.
"Do you realize the responsibility I carry?
I'm the only person standing between Richard Nixon and the White House."

~John F. Kennedy~
Economic: -9.13, Social: -7.28,

We knew conclusively it was Russians. Even if we knew that it was official Russian agencies. Given that the released data was not doctored (and none of those screaming claims it is), what's the beef/ Why is Obama creating an international incident? Yes, it's illegal and warrants a stiff note. but we do the same thing. at least I hope we do.

How is it "interfering with our election"? No ballots were falsified or ruined. No one was kept from voting. No ballot boxes stuffed. No false narrative released. Is this any different from the Pentagon Papers? or Woodward and Bernstein? The DNC was caught lying and that's Putin's fault?

Look I'm an old Cold Warrior. I hate Putin's guts. Trump disgusts me. But fair is fair. This is the world today and how it has been for more than a century. If true, Putin did us a favor! At least we know the incoming President is a sleazy incompetent. Without the Russians we would be inaugurating the other sleazy incompetent without the public knowing it.

up
0 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

Dark Knight's picture

....the Russians we would be inaugurating the other sleazy incompetent without the public knowing it."

*Snark* Been reading any Fake News Lately?

up
0 users have voted.
Pluto's Republic's picture

Perfect. Just the person to ask.

Can you tell me what big horrible thing Putin did to the United States to make Americans hate him with such intensity?

I know he must have done something really terrible to the American people, but I can't find any mention of it anywhere.

Thanks.

up
0 users have voted.
IMAGINE if you woke up the day after a US Presidential Election and headlines around the the world blared, "The Majority of Americans Refused to Vote in US Presidential Election! What Does this Mean?"
dervish's picture

diplomatically that is, and he kicked out those who were robbing Russia under Yeltsin. Our thug and bandit class hate him, thus the toadies who lick their boots do too.

up
0 users have voted.

"Obama promised transparency, but Assange is the one who brought it."

he kicked out those who were robbing Russia under Yeltsin.

It's all you need to know.

up
0 users have voted.
Redstella's picture

We keep screaming -' but what the emails revelaed was the election interference by the DNC!'. Obama and the Clinton crime family and virtually the entire MSM say-'but Russia, Russia, Russia!'

And now we see that Russia and Turkey have a good chance to broker the Syian ceasefire and it looks like the 'moderate' rebels the US backed have massacred Aleppo citizens. Nice foreign policy, eh? This is what Obama and Clinton foreign policy has brought us.

Trump, meanwhile, has been put into a hell of a situation. Either he agrees that Russia hacked and bought him an election or he reverses Obama's sanctions and becomes Russia's stooge. Unpredictable Trump now has a chance to astonish all of us!

up
0 users have voted.
CB's picture

of the fence and is superb at selling Shinola. He's the guy at the carnival that gets you to buy something that you think you want but wonder why you bought it when you get home. There is one saving grace - he can be persuaded to sell whatever most of the people want. It's going to be all about who gets his ear.

Hillary, on the other hand, advertises a product you want but packages it in a brown paper wrapping. It's only when you get home and unwrap it do you realize it was not what you thought you were buying (Obama redux).

up
0 users have voted.
Oldest Son Of A Sailor's picture

That the "Democrats Hacked The Primary Election" than any other election hacking in 2016...

up
0 users have voted.
"Do you realize the responsibility I carry?
I'm the only person standing between Richard Nixon and the White House."

~John F. Kennedy~
Economic: -9.13, Social: -7.28,
Amanda Matthews's picture

"Look! Over there---> Squirrel!!!" defense category in the Blame Game Olympics where the only rule is "Oh yeah, WE did it but it's all ________________'s fault".

up
0 users have voted.

I'm tired of this back-slapping "Isn't humanity neat?" bullshit. We're a virus with shoes, okay? That's all we are. - Bill Hicks

Politics is the entertainment branch of industry. - Frank Zappa

CB's picture

lies and half truths. Putin affects regime change by spreading truths.

Without the Russians we would be inaugurating the other sleazy incompetent without the public knowing it.

I doubt that. Very few people actually read the hacked emails. It was the media's response to them with Trump taking advantage. Trump knew how to play the media like a fine fiddle. He's a skilled carnival barker. We all knew that. Just look at the viewer ratings of his show The Apprentice.

If you look back, Hillary had a lower favorability rating with Trump before the primaries. She got a small bump at the convention but went even lower afterwards. At this time only her emails as Secretary of State had been released from a FOI request to the State Department - nothing to do with Russia (unless you believe Putin made the FOI request).

Pre-Primary News Coverage of the 2016 Presidential Race: Trump’s Rise, Sanders’ Emergence, Clinton’s Struggle
Share

June 13, 2016, 6:00 am
By Thomas E. Patterson, Bradlee Professor of Government and the Press

A new report from Harvard Kennedy School’s Shorenstein Center on Media, Politics and Public Policy analyzes news coverage of the 2016 presidential candidates in the year leading up to the primaries. This crucial period, labeled “the invisible primary” by political scientists, is when candidates try to lay the groundwork for a winning campaign—with media exposure often playing a make or break role.

The report shows that during the year 2015, major news outlets covered Donald Trump in a way that was unusual given his low initial polling numbers—a high volume of media coverage preceded Trump’s rise in the polls. Trump’s coverage was positive in tone—he received far more “good press” than “bad press.” The volume and tone of the coverage helped propel Trump to the top of Republican polls.

The Democratic race in 2015 received less than half the coverage of the Republican race. Bernie Sanders’ campaign was largely ignored in the early months but, as it began to get coverage, it was overwhelmingly positive in tone. Sanders’ coverage in 2015 was the most favorable of any of the top candidates, Republican or Democratic. For her part, Hillary Clinton had by far the most negative coverage of any candidate. In 11 of the 12 months, her “bad news” outpaced her “good news,” usually by a wide margin, contributing to the increase in her unfavorable poll ratings in 2015.

Hillary lost, fair and square, because she was a tainted product. She had finally triangulated herself into a corner she could not get out of. All this Russian hacking crap is just a way of trying to cover up America's embarrassment in voting in a carnival barker for president.

BTW, back in July, Putin publicly stated that the US is not a real democracy because "twice in history was a president elected that did not have the popular vote". He explicitly stated that the Electoral College was not a democratic entity. Hillary's supporters laughed at him. It seems they've changed their tune. Too bad that Putin can now say "three times".

Say what you will, but the American public knows the difference between shit and Shinola. They went for the Shinola.

Edit: This post was in response to The Voice In th...

up
0 users have voted.
Dark Knight's picture

coverage was positive, it was positive in a "you childish Socialist" tone. Especially in Editorial Content: Swat Team

up
0 users have voted.
CB's picture

https://shorensteincenter.org/pre-primary-news-coverage-2016-trump-clint...

Figure 7 provides a summary of the tone and volume of Clinton’s issue coverage, including the scandals, compared with the tone and volume of the issue coverage of Sanders, Trump, and Cruz during 2015. For those candidates, issues accounted for 12 percent or less of their total coverage and ranged from a low of 17 percent negative in Sanders’ case to a high of 43 percent negative for Trump. Clinton’s issue coverage was a much larger proportion of her overall coverage and was far more negative. Her issue coverage was proportionally twice that of Trump, three times that of Cruz, and four times that of Sanders. In terms of tone, it was 84 percent negative, which was twice that of Trump, two-and-two-thirds that of Cruz, and five times that of Sanders. Even the non-scandal portion of Clinton’s issue coverage—what she was saying on trade, jobs, foreign policy, and the like—was reported more negatively than positively. Clinton was the only one of the major candidates whose policy platform generated an unfavorable balance of news coverage.[37]

You should read the full article. It actually pointed out why Hillary would lose to Trump back in June. It also shows that Sanders could have won if the DNC would have played square and fair. This election was won on who had the least perceived negatives.

up
0 users have voted.

I think you read my last sentence wrong or I worded it clumsily.

up
0 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

Outsourcing Is Treason's picture

paying to secure the Democratic Party's network and to avenge the alleged Russian hackers, can anyone tell me why they are a private organization entitled to hold closed primaries (again at taxpayers' expense)?

up
0 users have voted.

"Please clap." -- Jeb Bush

Pluto's Republic's picture

up
0 users have voted.
IMAGINE if you woke up the day after a US Presidential Election and headlines around the the world blared, "The Majority of Americans Refused to Vote in US Presidential Election! What Does this Mean?"

pissed off because Putin has out-maneuvered him in every important confrontation of the past several years. Especially in Syria, where his Administration has doggedly pursued a wrong-headed policy from the start, only to have finally failed to achieve its objectives. How humiliating to Obama's considerable vanity that must be.

These recent hacking accusations are ill-founded, they ring hollow. Worse, Obama's retaliatory gestures are utterly ineffectual.They make him look weak and petulant, while handing to Putin the role of being the responsible diplomat -- once again! Why would a seemingly intelligent man like Obama be acting so foolishly? What possible strategic benefit can there be in deliberately and pointlessly antagonizing Russia? How can re-starting the Cold War possibly benefit America and Americans in any way?

up
0 users have voted.

native

gulfgal98's picture

are the same ones I have been asking myself. Obama is playing a very dangerous game here and it plays into the hands of the neocon warmongers.

I keep asking why would Obama do such a foolhardy thing to push us closer to the brink of war with Russia over something that we have no proof of. This is a war that the United States cannot win and iIt makes no sense. There is zero proof that the Russians or anyone else hacked our election system and even if they did, it does not appear to affected the ultimate outcome. Second, expelling diplomats is a serious thing to do. Like you posted, it makes Obama look childish and petulant, just like another blog owner has lately. It is not an action that is becoming to the President of supposedly, the richest and most powerful nation on earth. I see no benefit to the American people from these actions by Obama.

If I could characterize Obama's foreign policy, it has been attempts to isolate China economically via the TPP and to isolate Russia militarily. Again, the question becomes, what is the benefit to the American people to do these things? My own answer is that Obama has not been, nor is he now, working for the American people.

up
0 users have voted.

Do I hear the sound of guillotines being constructed?

“Those who make peaceful revolution impossible will make violent revolution inevitable." ~ President John F. Kennedy

CB's picture

I believe he allowed himself to be pulled/pushed in whatever way the winds in Washington blew at any particular time. The entirety of all his foreign policy decisions have been schizophrenic in every single major decision he had to make (including some major domestic ones).
Iraq - troops out/troops stay,
Afghanistan - more troops/less troops
Libya - bomb/not bomb
Syria - bomb/not bomb, supply weapons/stop weapons, support terrorists/don't support
Ukraine - leave to basement crazies
Russia - read prepared scripts
Obama appears to be a front man who reads well and looks good in public.

up
0 users have voted.

How? it allowed them to sue over every federal safety and food purity regulation. It opened up laissez-faire trade.

up
0 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

CB's picture

The member states are: the US, Japan, Malaysia, Vietnam, Singapore, Brunei, Australia, New Zealand, Canada, Mexico, Chile and Peru. Members of the TPP were to have preferential trade policies to foster trade between them. It was likened to having a single market like the EU - no tariffs, common regulations, packaging, etc.

It's an attempt to curtail China's growing economic power as the US can no longer achieve that w/o outside help. Economic power now trumps (!) military power when it comes to the major nations. The US is slowly but surely coming to this realization. Unfortunately, it has a 600 billion dollar gorilla hanging around its neck sucking its life blood that it cannot shake off.

If you look back at the last two plus decades, you will have seen China rapidly filling coffers while the US has been filling coffins in every corner of the globe. China is copying the US rise to economic power while the US is copying Caesar with military overexpansion and overspending.

But, as you say, TPP can open up laissez-faire trade if the members work to the lowest common denominator (which, being run by corporatism always looking to increase the bottom line, they definitely will attempt to do).

up
0 users have voted.
lotlizard's picture

This was an essential aspect of the TPP concept from the very start.

up
0 users have voted.
Pricknick's picture

How can re-starting the Cold War possibly benefit America and Americans in any way?

Many in official government positions will make bank on a new cold war. As for america and the general population.......Notta.

up
0 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

CB's picture

Putin's (mature) response was he will not play the tit-for-tat game.

Putin gives Obama another well deserved spanking:

We regard the recent unfriendly steps taken by the outgoing US administration as provocative and aimed at further weakening the Russia-US relationship. This runs contrary to the fundamental interests of both the Russian and American people. Considering the global security responsibilities of Russia and the United States, this is also damaging to international relations as a whole.

As it proceeds from international practice, Russia has reasons to respond in kind. Although we have the right to retaliate, we will not resort to irresponsible ‘kitchen’ diplomacy but will plan our further steps to restore Russian-US relations based on the policies of the Trump Administration.

The diplomats who are returning to Russia will spend the New Year’s holidays with their families and friends. We will not create any problems for US diplomats. We will not expel anyone. We will not prevent their families and children from using their traditional leisure sites during the New Year’s holidays. Moreover, I invite all children of US diplomats accredited in Russia to the New Year and Christmas children’s parties in the Kremlin.

It is regrettable that the Obama Administration is ending its term in this manner. Nevertheless, I offer my New Year greetings to President Obama and his family.

My season’s greetings also to President-elect Donald Trump and the American people.

I wish all of you happiness and prosperity.

up
0 users have voted.

"adult in the room?" Certainly not our war mongering Obummer, working as hard as he can to cover up another Clintonian mess. I guess we can figure out just where he might end up, eh? He looks just like a spoiled petulant child as others out here have put it so well. He'll fit right in at the Clinton Foundation, won't he? Only narcissists need apply.

up
0 users have voted.

Only a fool lets someone else tell him who his enemy is. Assata Shakur

Lookout's picture

The DNC staffer that was murdered this summer?
http://www.nbcwashington.com/news/local/Man-Shot-Killed-in-Northwest-DC-...

Assange and wikileaks offer reward.
http://www.zerohedge.com/news/2016-08-10/wikileaks-assange-hints-murdere...

Podesta's leak could have been a phishing scam
http://nypost.com/2016/10/29/heres-how-hackers-stole-50000-of-john-podes...
or could have been accessed when he lost his phone
http://www.inquisitr.com/3628787/wikileaks-clintons-campaign-chairman-lo...

It is easy to see right through this Russia distraction.

up
0 users have voted.

“Until justice rolls down like water and righteousness like a mighty stream.”

not to see through it. Unfortunately there's plenty of willful blindness in the higher reaches of the Democratic Party, and plenty of paid-off MIC supporters too.

up
0 users have voted.

native

This made me laugh.

Whenever they talk about hacking of elections, can they replace "elections" with "Podesta's gmail account"? For example instead of saying Russians hacked our elections, they should say Russians hacked our Podesta's gmail account. Say that a few times and stick it in reports a few times and they'll see how ridiculous their accusations are.

I'd be fired if I exposed our customer's data because I clicked a phishing link.

up
0 users have voted.

Thank you.

up
0 users have voted.