US Intelligence Community's History of Wrongly Blaming Other Countries for Cyber-attacks

This may comes as a shock to some of you (or not), but the US Intelligence Community has a history of falsely attributing cyber-attacks on various corporations, institutions and foreign governments on nation states it considers its adversaries with little or no evidence to support those claims.

Based on the recent breathless coverage in the New York Times, The Washington Post and every cable outlet imaginable, in which the CIA, FBI and all the other 17 US intelligence agencies, have definitively proven that Russia and its "associated entities" hacked into the DNC database, John Podesta's emails, and numerous federal, state and local government databases regarding election information in the United States, one would think our intelligence services are literally infallible when it comes to determining the culprits behind some of the most massive cyber attacks in history. Unfortunately that is far from true. A few examples should suffice.

US Blames Iran for Saudi Aramco Hack in 2012.

The hackers picked the one day of the year they knew they could inflict the most damage on the world’s most valuable company, Saudi Aramco. On Aug. 15, more than 55,000 Saudi Aramco employees stayed home from work to prepare for one of Islam’s holiest nights of the year — Lailat al Qadr, or the Night of Power — celebrating the revelation of the Koran to Muhammad. That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.

However, the only evidence suggested that it was an inside job. No connection with Iran's government was ever shown to exist.

But their online message and the burning flag were probably red herrings, say independent computer researchers who have looked at the virus’s code." [...]

After analyzing the software code from the Aramco attack, security experts say that the event involved a company insider, or insiders, with privileged access to Aramco’s network. The virus could have been carried on a USB memory stick that was inserted into a PC.

Aramco’s attackers posted blocks of I.P. addresses of thousands of Aramco PCs online as proof of the attack. Researchers say that only an Aramco employee or contractor with access to the company’s internal network would have been able to grab that list from a disconnected computer inside Aramco’s network and put it online.

While the US never came forward with any assessment pointing to Iran, many experts expressed the opinion that the people behind the attack were "Hacktivists;" i.e., hackers with an activist agenda against the Saudi government or Aramco, itself, who quite likely had no connection to any state actor.

If Cutting Sword of Justice really is a band of hacktivists--as opposed to an operation sponsored by a country that has a poor relationship with Saudi Arabia, such as Israel--then the Shamoon malware represents a first on the hacktivism front, given that groups such as Anonymous and LulzSec have typically targeted known Web application vulnerabilities or used distributed-denial-of-service (DDoS) attacks. "This is the first significant use of malware in a hacktivist attack," said Imperva's Rob Rachwald, director of security strategy, and Barry Shteiman, a principal security engineer, in a blog post. "In the past ... most hacktivist attacks were primarily application or DDoS attacks."

In addition, the attack highlights how nation states aren't necessarily behind all critical infrastructure or other types of advanced attacks. "In the last couple of years, it became very popular to single out the Chinese, U.S., and Israeli governments for cyber-warfare ... [but] this time it was hacktivists working for a political and social cause," said Rachwald and Shteiman. "A group of hobbyists and hacktivists with several very strong minded developers and hackers achieved results similar to what we have allegedly seen governments accomplish. Does this mean that the power of the hacktivism has become so strong that it can compete with government cyber warfare organizations?"

US Falsely blames Russia for the JPMorgan Chase Hack in 2014

Russian hackers attacked the U.S. financial system in mid-August [2014], infiltrating and stealing data from JPMorgan Chase & Co. and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe. [...]

The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.

Unfortunately for the US intelligence agencies, evidence soon turned up to show Russia had nothing to do with what was a multinational criminal conspiracy headed up by the masterminds based in Israel. Thus, the allegations that Russia was involved in attacking our financial infrastructure suddenly became a non-story when criminal indictments, which alleged alleged a criminal conspiracy involving multiple parties in numerous countries, were issued in 2015 by the DOJ.

Hackers and conspirators in more than a dozen countries generated hundreds of millions of dollars in illicit proceeds on pump-and-dump stock schemes and particularly lucrative online gambling, prosecutors said. [...]

The co-conspirators deceived financial institutions into processing and authorizing payments to and from the casino companies and others, prosecutors wrote in their latest indictment of Gery Shalon, Joshua Aaron and Ziv Orenstein, who they say are at the center of the scheme. Shalon and Orenstein were arrested in Israel in July. Aaron remains at large.

“They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” according to the indictment of the three.

I know. Hard to believe they could eff that up so badly.

And then there was the infamous Sony Hack of December 2014 blamed on North Korea and/or China by the US government.

"U.S. officials have concluded that a massive hack targeting Sony Pictures was done by hackers working for North Korea, multiple news outlets reported on Wednesday. Officials are reportedly preparing a formal announcement on Thursday, but news about the source of the hack came almost immediately after Sony announced it was canceling the release of “The Interview," a comedy depicting an assasination (sic) of North Korea's leader. The New York Times quoted unnamed senior administration officials who said that the Obama administration is still weighing how to respond to the incident."U.S. officials have concluded that a massive hack targeting Sony Pictures was done by hackers working for North Korea, multiple news outlets reported on Wednesday.

Officials are reportedly preparing a formal announcement on Thursday, but news about the source of the hack came almost immediately after Sony announced it was canceling the release of “The Interview," a comedy depicting an assasination (sic) of North Korea's leader.

The New York Times quoted unnamed senior administration officials who said that the Obama administration is still weighing how to respond to the incident.

Starting to see a pattern here? Unnamed sources in the intelligence services or the Obama administration blaming a foreign government. No offer of any evidence other than bare assertions of certainty that a nation state/foreign government actor is involved. The attack is seen as incredibly unsophisticated - hardly the sign that a state actor was behind the infiltration of the Sony databases. The demand that terrorist attacks would occur if the film was not pulled from distribution by the group claiming responsibility looked liked an attempt at pure blackmail. Damage to Sony's files seemed to indicate a motive based on revenge. And then ...

Security experts investigating the devastating hack against Sony Pictures appear to be moving away from the theory that the attack was carried out by North Korea, focusing instead on disgruntled former employees of the firm.

Researchers at Norse cybersecurity claim that six former employees could have compromised the company’s networks, arguing that accessing and navigating selective information would take a detailed knowledge of Sony’s systems.

... Norse senior vice president Kurt Stammberger told the Security Ledger that nine researchers had begun to explore the theory that an insider with motive against Sony would be best placed to execute a hack.

The team had started by examining a leaked database of employees made redundant during a a restructuring in May. [...]

Working with pro-piracy activists in the US, Asia and Europe, she may have used secretive discussion forums and IRC (chat) to coordinate the attack, researchers claim.

“We see evidence for those two groups of people getting together,” Stammberger said.

Oh and by the way, the claim that computer code written in a specific language provides a clear identifier of who is behind any alleged hacking incident is complete and utter BS, at least according to Jaime Blasco, Director of the Labs at the security firm, Alien Vault, who examined samples of the malware used in the Sony hack.

All four of the files Blasco examined appear to have been compiled on a machine that was using the Korean language—which is one of the reasons people have pointed a finger at North Korea as the culprit behind the Sony attack. Essentially this refers to what’s called the encoding language on a computer—computer users can set the encoding language on their system to the language they speak so content renders in their language. The fact that the encoding language on the computer used to compile the malicious files appears to be Korean, however, is not a true indication of its source since an attacker can set the language to anything he wants and, as Blasco points out, can even manipulate information about the encoded language after a file is compiled.

“I don’t have any data that can tell me if North Korea is behind it … the only thing is the language but … it’s really easy to fake this data,” Blasco says.

So much for the claim that the use of Cyrillic text in the code proves the Russian government or its agents and contractors were responsible for an alleged hack of the DNC and Podesta emails.

It's no surprise that any database of any large institution can be hacked, as the electronic intrusions of databases of major financial institutions, other multinational corporations and even the highest officials of the German government (most likely by the NSA on behalf of the US government) can and does occur on a regular basis. However, evidence that any particular nation state was responsible for the "alleged hacks" of the DNC and the Podesta emails set forth in the meager declassified intelligence assessment released by the Office of the Director of National Intelligence, dated January 6, 2017, can be tied to the Russian government is sketchy, at best, and possibly a deliberate disinformation campaign by the US intelligence community, at worst.

Wikileaks has repeatedly denied its source was Russian agents of any kind, and former US intelligence officers say that all signs point to a "leak" by insiders with respect to the DNC material and not a hack. The Podesta emails were likely obtains by one of the most primitive unsophisticated techniques available to any hacker - spearfishing - a well known scam technique to which John Podesta fell victim.

Even media outlets that support the "Russia did it!" narrative have found plenty of flaws and obvious mistakes in what the US intelligence community has released as proof of Russian involvement.

Rather than focusing on the Russian intelligence services, the U.S. seemingly opted to gather all Russia-sourced hacking under a single rubric, code named “Grizzly Steppe,” putting everything from online bank heists to identity theft in the same bucket as the Kremlin-linked intrusions into the White House, State Department, and the DNC.

Though the written report is confusing, it’s the raw data released along with it that truly exasperates security professionals. [...]

Lists of IP addresses used by hackers can be useful “indicators of compromise” in network security—admins can check the list against access logs, or program an intrusion detection system to sound the alarm when it sees traffic from a suspect address. But that assumes that the list is good

The DHS list is none of these things, as Lee, founder of the cyber security firm Dragos, discovered when he ran the list against a stored cache of known clean traffic his company keeps around for testing. The results stunned him. “We had thousands of hits,” he says. “We had an extraordinary high amount of false positives on this dataset… Six of them were Yahoo e-mail servers.”

It turns out that some, perhaps most, of the watchlisted addresses have a decidedly weak connection to the Kremlin, if any. In addition to the Yahoo servers, about 44 percent of the addresses are exit nodes in the Tor anonymity network, The Intercept’s Micah Lee reported Wednesday. Tor is free software used primarily for anonymous web browsing. Russian hackers use Tor, but so do plenty of other people.

Just as has been the case so often in the past, the US intelligence community is acting as if we are all idiots who should just shut up and accept everything they say as the truth, despite their past record of shoddy work on investigating cyber attacks, if not outright disingenuous and misleading sourcing offered as proof. So, again, the question remains: Why should we trust the Obama administration and our government's intelligence community in this instance when they have failed so miserably in the past when attempting to assign blame to foreign governments for cyber attacks/hacks that had nothing to do with the governments they previously misidentified as the culprits? Especially when it is in their interest, the interest of the MIC, and the interest of neoconservatives of both parties, to de-legitimize the Trump election while advancing an agenda to promote a widening diplomatic ( and potentially military) conflict with Russia in Eastern Europe and the Middle East?

Share
up
0 users have voted.

Comments

How DARE you use facts and examples to discredit the official story.

Actually, this is a great compilation of examples. I'm surprised no one else has noticed this trend before.

up
0 users have voted.

up
0 users have voted.

With their hearts they turned to each others heart for refuge
In troubled years that came before the deluge
*Jackson Browne, 1974, Before the Deluge https://www.youtube.com/watch?v=7SX-HFcSIoU

They hardly matter at all to the ruling elite. Propaganda, that's the ticket, used to justify the DHS/MIC/Intelligence agency's budgets. Justifying the billions of dollars we spend on the various intelligence, police and defense agencies seeded throughout the government requires a BIG ENEMY!!! Not the pooty little terrorist organizations that have continuously given us trouble since the 1990's, both domestic and foreign. This is not about the election or the Democratic Party, it is about money, as always...

up
0 users have voted.

up
0 users have voted.

"The justness of individual land right is not justifiable to those to whom the land by right of first claim collectively belonged"

snoopydawg's picture

Just as has been the case so often in the past, the US intelligence community is acting as if we are all idiots who should just shut up and accept everything they say as the truth, despite their past record of shoddy work on investigating cyber attacks, if not outright disingenuous and misleading sourcing offered as proof.

And I can't believe some of the comments people are writing about how Trump is Putin's puppet.
Every time trump does something, there's a diary full of how Putin is pulling his strings.
Some times I think that I accidentally clicked on Red State because of how people have swallowed the propaganda, hook, line and sinker.
These are the same people who questioned everything that the Bush administration told us, but because the information is coming from the Obama administration they have stopped questioning it.

up
0 users have voted.

Which AIPAC/MIC/pharma/bank bought politician are you going to vote for? Don’t be surprised when nothing changes.

dervish's picture

of Clapper's DNI report, and what lying bastards they are. Check it out:

[video:https://youtu.be/LLMwN1S6D0M]

up
0 users have voted.

"Obama promised transparency, but Assange is the one who brought it."

Steven D's picture

LOL

up
0 users have voted.

"You can't just leave those who created the problem in charge of the solution."---Tyree Scott

Bluesee's picture

despite their past record of shoddy work

There is statecraft at work here, cannot attribute any of this misinformation as shoddy. It would be wise to consider the larger picture. To me, the important part is that the principals at the helm are motivated by sane objectives, in the least (if not noble, at least not crazy ya know). But if one considers that their considerations are merely temporal - issue a press release on Russia hackers; confuse-a-cat, then wait two weeks, then one can perceive a deeper game. The time element is so underrated! haha

We Americans are so far through the looking glass already. What can we believe, what can we act on?

You do realize that this is a GOP talking point, that the revelations are fake news, right?

Good shit man.

up
0 users have voted.

Bernie is a win-win.

Tue, 01/10/2017 - 12:49am — Bluesee

Excellent Compilation, Steven

despite their past record of shoddy work

There is statecraft at work here, cannot attribute any of this misinformation as shoddy. It would be wise to consider the larger picture. To me, the important part is that the principals at the helm are motivated by sane objectives, in the least (if not noble, at least not crazy ya know). But if one considers that their considerations are merely temporal - issue a press release on Russia hackers; confuse-a-cat, then wait two weeks, then one can perceive a deeper game. The time element is so underrated! haha

We Americans are so far through the looking glass already. What can we believe, what can we act on?

You do realize that this is a GOP talking point, that the revelations are fake news, right?

Good shit man.

Whoops, recced you by accident! This isn't 'statecraft' acceptable in anything termed - however loosely - as a democracy, and the mere fact that an unconstitutional law has been passed to 'legalize' the government's illegal propaganda campaigns against the public ought to be a revelation in itself - and one making you think.

Please note the year in which this was passed, and under which Dem President - and that the State Dept. (among others) seems still loaded with 'above the law' Clinton appointees/supporters publicly and purportedly 'legally' lying through their teeth.

http://www.businessinsider.com/ndaa-legalizes-propaganda-2012-5?op=1

The NDAA Legalizes The Use Of Propaganda On The US Public

Michael B Kelley

May 21, 2012

The newest version of the National Defense Authorization Act (NDAA) includes an amendment that would legalize the use of propaganda on the American public, reports Michael Hastings of BuzzFeed.

The amendment — proposed by Mac Thornberry (R-Texas) and Adam Smith (D-Wash.) and passed in the House last Friday afternoon — would effectively nullify the Smith-Mundt Act of 1948, which explicitly forbids information and psychological operations aimed at influencing U.S. public opinion.

Thornberry said that the current law “ties the hands of America’s diplomatic officials, military, and others by inhibiting our ability to effectively communicate in a credible way,” according to Buzzfeed.

The vote came two days after a federal judged ruled that an indefinite detention provision in the annual defense bill was unconstitutional.

Lt. Col. Daniel Davis, who released a highly critical report regarding the distortion of truth by senior military officials in Iraq and Afghanistan, dedicated a section of his report to Information Operations (IO) and states that after Desert Storm the military wanted to transform IO "into a core military competency on a par with air, ground, maritime and special operations." ...

... If the NDAA goes into effect in its current form, the State Department and Pentagon can go beyond manipulating mainstream media outlets and directly disseminate campaigns of misinformation to the U.S. public.

And for those who may be on devices making the following of links difficult:

https://www.occupycorporatism.com/how-the-ndaa-allows-us-gov-to-use-prop...

How the NDAA Allows US Gov to Use Propaganda Against Americans

22 Jul, 2013 by Susanne Posel

The US government has unbound the legal regulations against using propaganda against foreign audiences and American citizens. The intention is to sway public opinion by using television, radio, newspapers, and social media targeting the American and foreign people in controlled psy-ops.

The newest version of the National Defense Authorization Act (NDAA) has an amendment added that negates the Smith-Mundt Act of 1948 (SMA) and the Foreign Relations Authorization Act of 1987.

These laws made propaganda used to influence foreigners and US citizens illegal. Without these laws, disinformation could run rampant throughout our information junkets.

This amendment added to the NDAA has passed into implementation as of this month.

SMA defines the prohibition of domestic access to influence information through a variety of means, from broadcast to publishing of books, media, and online sources by restricting the State Department.

The Broadcasting Board of Governors was created from SMA. This agency claims to “inform, engage, and connect people around the world in support of freedom and democracy”. They omit that their specialty is making sure propaganda is added to the informational flow we all depend on.

The amendment sanctions the US government, without restriction, the use of any mode of message to control how we perceive our world. ...

... According to Michael Hastings : “The new law would give sweeping powers to the State Department and Pentagon to push television, radio, newspaper, and social media onto the U.S. public. “It removes the protection for Americans,” says a Pentagon official who is concerned about the law. “It removes oversight from the people who want to put out this information. There are no checks and balances. No one knows if the information is accurate, partially accurate, or entirely false.”

Representatives Mac Thornberry (R-TX) and Adam Smith (D-WA) in the Smith-Mundt Modernization Act (2012) (H.R. 5736), advocate that it is time to liberate the authority of the US government to broadcast American produced foreign propaganda in the U.S.

The amendment, which was hidden within the NDAA, has remained relatively unnoticed. However, it empowers the State Department and Pentagon to utilize all forms of media against the American public for the sake of coercing US citizens to believe whatever version of the truth the US government wants them to believe.

All oversight is removed with Amendment 114 . Regardless of whether the information disseminated is truthful, partially truthful or completely false bears no weight. ...

... Four billion dollars per year is spent by the Pentagon on propaganda aimed at the American public; as well as $202 million spent by the Department of Defense on misinformation operations in Iraq and Afghanistan in 2011.

Currently, the Pentagon is using “ sock puppet ” (fake handles) on social media sites to purvey false information, harass users and enact psy-ops to influence Americans. ...

... US Army whistleblower, Lieutenant Col. Daniel Davis believes there is a definitive aspiration within the US government “to enable Public Affairs officers to influence American public opinion when they deem it necessary to “protect a key friendly center of gravity, to wit US national will.”

Edward Bernays would be proud.

As those reporting facts are threateningly accused of somehow unduly 'influencing the election', one can also see by the light of the projection itself that those accusers using expedient and multipurpose fictions to do so themselves always accuse others of what they do themselves...

up
0 users have voted.

Psychopathy is not a political position, whether labeled 'conservatism', 'centrism' or 'left'.

A tin labeled 'coffee' may be a can of worms or pathology identified by a lack of empathy/willingness to harm others to achieve personal desires.

Oldest Son Of A Sailor's picture

But rather Fake News that is state run propaganda...

up
0 users have voted.
"Do you realize the responsibility I carry?
I'm the only person standing between Richard Nixon and the White House."

~John F. Kennedy~
Economic: -9.13, Social: -7.28,

Thank you, dennis1958, for the information about Stuxnet, and thank you, dervish, for the video with Abby Martin. Hopefully, these information pieces will increase Americans' understanding of the malware that is our political/media machine.

up
0 users have voted.

Kudos.

up
0 users have voted.

So for the record DNI James Clapper has previously lied under oath to Congress. In contrast, WikiLeaks has never published false information.

In his most recent appearance before the Senate Armed Services Committee, Clapper was asked about the bogus, politicized NIE that was used to promote the illegal invasion of Iraq. Basically he said mistakes were made, lessons were learned, that can't happen again. Uh huh.

up
0 users have voted.

"We've done the impossible, and that makes us mighty."