Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Kompromat
How FANCYBEAR hacked Podesta’s Gmail (as well as Powell’s, Breedlove’s, and many hundreds more) — linking the DCLeaks, G2 and Wikileaks ops. From https://twitter.com/ridt.
I can’t recall which thread gave rise to this question, but I remember that some of you wanted to know what evidence there was that Russia was behind the DNC hack.
Thomas Rid, a professor in the Department of War Studies at King’s College London, is among other things the author of “Attributing Cyber Attacks,” which he wrote for the Journal of Strategic Studies in 2015. He’s written a very clear and readable article for Esquire about Putin, Wikileaks, the NSA and the DNC e-mail hack. It won’t take you but ten minutes to read, but I’ll pull out some of the highlights:
According to Reuters, the FBI first contacted the DNC in the fall of 2015, obliquely warning the Democrats to examine their network. It wasn’t until May, however, that the DNC asked for help from a cybersecurity company called CrowdStrike, which had experience identifying digital espionage operations by nation-states. CrowdStrike immediately discovered two sophisticated groups of spies that were stealing documents from the Democrats by the thousands.
CrowdStrike was soon able to reconstruct the hacks and identify the hackers. One of the groups, known to the firm as Cozy Bear, had been rummaging around the DNC since the previous summer. The other, known as Fancy Bear, had broken in not long before Putin’s appearance at the St. Petersburg forum. Surprisingly, given that security researchers had long suspected that both groups were directed by the Russian government, each of the attackers seemed unaware of what the other was doing.
If you’d like a closer look at what Crowdstrike found, they blogged about it — having been authorized to do so by the DNC, I assume, for obvious political purposes.
Meanwhile, a Twitter account associated with a site called DC Links started linking to Gen. Philip Breedlove’s private conversations. (You may recall that Breedlove, until recently the supreme commander of NATO forces in Europe, testified before Congress last February that Russia posed an “existential threat” to the West. Since Moscow’s seizure of Crimea, Breedlove has been one of Putin’s most vocal critics.)
On June 14, less than an hour after The Washington Post reported the breach at the DNC, CrowdStrike posted a report that detailed the methods used by the intruders. The firm also did something unusual: It named the Russian spy agencies it believed responsible for the hack. Fancy Bear, the firm said, worked in a way that suggested affiliation with the GRU. Cozy Bear was linked to the FSB.
But a hacker who called himself Guccifer 2.0 demurred, claiming to be solely responsible for the attacks. Guccifer offered a large batch of documents to journalists to substantiate his claim.
As soon as Guccifer’s files hit the open Internet, an army of investigators—including old-school hackers, former spooks, security consultants, and journalists—descended on the hastily leaked data. Informal, self-organized groups of sleuths discussed their discoveries over encrypted messaging apps such as Signal. … The result was an unprecedented open-source counterintelligence operation: Never in history was intelligence analysis done so fast, so publicly, and by so many.
Matt Tait, a former GCHQ operator, immediately found an anomaly. One of the first leaked files had been modified on a computer using Russian-language settings. He tweeted an image of the document’s metadata settings. Researchers also discovered that the malware used to break into the DNC was controlled by a machine that had hacked the German parliament in 2015. German intelligence traced the breach to the Russia’s Main Intelligence Directorate, the GRU — also known as “Fancy Bear.”
There was more evidence linking the files to Russia, including the use of a distinctive Russian emoji. But the key evidence came from the hackers’ spear-phishing emails. They had used the URL shortener Bitly to shorten the bait, but they’d neglected to set two of their accounts to “private.”
As a result, a cybersecurity company called SecureWorks was able to glean information about Fancy Bear’s targets. Between October 2015 and May 2016, the hacking group used nine thousand links to attack about four thousand Gmail accounts, including targets in Ukraine, the Baltics, the United States, China, and Iran. Fancy Bear tried to gain access to defense ministries, embassies, and military attachés. The largest group of targets, some 40 percent, were current and former military personnel. Among the group’s recent breaches were the German parliament, the Italian military, the Saudi foreign ministry, the email accounts of Philip Breedlove, Colin Powell, and John Podesta—Hillary Clinton’s campaign chairman—and, of course, the DNC.
Rid then explains why, in the view of the researchers who worked on this, the GRU’s tradecraft was so sloppy. (It tightened up after this. When files next appeared, they were scrubbed of this kind of metadata.)
“The operators behind Guccifer and DC Leaks,” he writes,
appear to have recognized that American journalists were desperate for scoops, no matter their source. The Russians began to act like a PR agency, providing access to reporters at Politico, The Intercept, and BuzzFeed. Journalists were eager to help. … The most effective outlet by far, however, was WikiLeaks. Russian intelligence likely began feeding hacked documents to Julian Assange’s “whistleblower” site in June 2015, after breaching Saudi Arabia’s foreign ministry.
His discussion of the NSA hack — a far more difficult breach to pull off — is very worth reading in full. The connection is this:
American investigators had long known that the Russians were doing more than spear-phishing, but sometime around April they learned that the intruders were using commercial cloud services to “exfiltrate” data out of American corporations and political targets. Cozy Bear, the hacking group believed to be affiliated with the FSB, used some two hundred Microsoft OneDrive accounts to send data from its victims back to Moscow.
Using cloud services such as OneDrive was a clever but risky move—it was a little like taking the bus to make off with stolen goods from a burglary. Though the widespread use of the services by legitimate users offered a degree of cover for the hackers, data provided by Microsoft also helped America’s elite digital spies identify the DNC intruders “with confidence” as Russian. It is even possible that the U. S. government has been able to identify the names and personal details of individual operators. The Russians knew they’d been caught.
When WikiLeaks published the first batch of Podesta’s emails, the US intelligence community publicly declared itself “confident” that Russia’s “senior most officials” had authorized the hack:
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.
The intelligence community declined to explain how they reached their conclusion, but it’s reasonable to assume they have data we can’t see. That said, the data harvested by SecureWorks is publicly available. And this, Rid writes, “makes it clear that Fancy Bear broke into the Clinton chairman’s account as early as late March.”
Trump was briefed about this. Despite this, he said during Thursday’s debate that “Our country has no idea” who was behind the hacks. I don’t know if Hillary Clinton was correct to say that 17 intelligence agencies have concluded Russia was behind them, but she probably is — and it is certainly not true that we have no idea.
Motherboard is also running a well-written, clear article about the evidence, with screenshots of the malicious Bitly URLs. They interviewed Rid for the article: “We are approaching the point in this case where there are only two reasons for why people say there’s no good evidence,” Rid said. “The first reason is because they don’t understand the evidence—because the don’t have the necessary technical knowledge. The second reason is they don’t want to understand the evidence.”
Published in General, Science & Technology
“Trump was briefed about this. Despite this, he said during Thursday’s debate that “Our country has no idea” who was behind the hacks. I don’t know if Hillary Clinton was correct to say that 17 intelligence agencies have concluded Russia was behind them, but it is certainly not true that we have no idea.”
Almost all of us have to rely on the conclusions of experts, some who have mysterious tools and access to data we don’t. So do we trust the experts? I once easily would have. But Hillary and her last boss, Obama, have compromised the honesty of the IRS, State Department, and Justice Department – at a minimum. Why not the intelligence agencies, too?
I’m trying to work out whether Russia would prefer a Trump or Hillary presidency. Seems Putin has thrived with Obama (with the exception of oil prices), so why not further that line of fecklessness? Putin needs to sell oil into a glutted market. Hillary, like Obama, will try her best to keep American oil in the ground. Some things are simple.
I think the Russians did it, and got caught on purpose. If Americans believe Putin is helping Trump, would that not tend to make them lean towards Hillary?
So was it a good or a bad thing Trump didn’t blab about the contents of a security briefing?
There are facts and there are goals. This is so far outside my ken, I am forced to rely on the integrity of our intelligence agencies. Still, I have no reason to accept the claims of the politicians as it comes to purpose or goals.
Would Putin prefer a Trump or Clinton administration? No idea. I could make a case either way. It very much depends on your assumptions. Clinton, may or may not, be an unpleasant and corrupt incompetent. It’s always possible she might screw up and act in the interest of the nation. The same goes for Trump.
If you read enough history, it’s apparent intelligence warfare is wheels within wheels within wheels. Reading the enemies mail is advantageous. Knowing the enemy knows you are reading his mail, can be even more advantageous. At some point the entire story becomes too complicated to follow.
I’ll make up my own mind with the information I have and leave the guessing games to others.
If the hackers know what we think we saw, they will be better able to hide it.
When it comes to Putin, Trump is the most credulous bumpkin to ever fall off of a turnip truck.
It would be nice if he gave some indication that he understood it.
I think the information contained in the email is much more important than how it was obtained. I believe its disclosure is Putin’s way of embarrassing Obama rather than a way to influence the election. He has had his way with BHO and HRC. I don’t see him in the Trump Camp.
Fascinating article and great detail. Thank you for this background information.
One observation that I’m still interested in is the whole timeline of this. This was going on well before the two presidential Party primaries. From the article …
If this was the case, how on earth was this Russia trying to influence the United States Presidential election for one Donald J. Trump?
I know everything about you Comrade. Please don’t lecture me. And don’t act tough just because you are taller.
I truly don’t know what Fred Fleitz is talking about. I met him once, and I thought he was a good man, but the language couldn’t have been less “ambiguous.”
I wonder what he could mean?
Yes, certainly the agencies can be politicized — or wrong — and certainly Podesta’s an idiot for using Gmail and falling for a phishing attack. But all the evidence we can see points to Russia. There’s a lot of evidence. As for the more esoteric theories to explain that evidence — when you hear hoofbeats, think horses, not zebras. This is how Russians behave everywhere in the West; this is what they’re good at doing; they left their fingerprints behind, and every bit of this reeks of Moscow.
And they’re not confining themselves to Podesta.
And Hillary is the corrupt official who sold him 20% of our Uranium stocks.
It has been said that the Russians are the best programmers in the world because they grew up using such poor hardware. Also they have a tradition of mathematics excellence. Chess, etc. This is no great surprise. The other possible culprit, an interesting mental puzzle with no evidence, is what if it was Israel ? Also excellent programmers. I have read some discussion of the Russian metadata as false flag work.
I’m a barely technically proficient user of technology – the post was interesting but doesn’t that seem like an awfully lot of professional information? I realize I don’t read this stuff for a living but was the published information on the Sony, various electricity/water utilities or the Federal Government’s personnel hack this detailed?
Also, the Russians are not stupid. I’d argue that relatively harmless DNC hacks are a diversion. If I’ve got Hillary’s emails, I don’t publish those – way more leverage with her in office.
Trump is an idiot but as several Right thinking columnists have made the point, susceptible to flattery. If by a miracle he won, they could manipulate him easily (he already agrees with them on many of their initiatives). He may be on the hook to Russian banks/financiers, but I guess that some Lois Lerner type would have definitively leaked any such information from his tax/financials if that was the case and they could have blown him out of water with that information.
My guess, they want Hillary. When you have a winning hand, you wait till the pot is the largest before showing your cards. When she’s in, they’ll “call”.
This kind of jaded carelessness in Washington—seen in the FBI’s ignoring Disney’s warning about the Orlando terrorist, seen in Clinton’s keeping a server for her State Department electronic correspondence in her bathroom in Chappaqua, seen in Clinton’s saying during the most recent debate that the response time between when the president makes “the call” to the launch of a nuclear strike is four minutes, and other such incidents—is the biggest reason I’m voting for the Republican ticket. We need some fresh eyes in Washington. The Democrats have been there for too long now. They are numb to what is going on around them. It has led to a dangerous complacency.
Ah yes. The “he’s not Hillary” position.
If that argument were a horse, some humanitarian would have shot it by now.
Hillary is mendacious. Trump is stupid. Suppose it is easier to allow for the former rather than the latter. Does that affect your calculus at all?
In Which I Root for Russia….
Generally by the Russians. That doesn’t make it true.
And I’m willing to bet that the original Clinton.com email server fiasco was the initial “Keys to the Kingdom” opportunity for every hacker and foreign intelligence service for Podesta and the DNC, and God only knows what else.
Mendacious and stupid. Who ran that private email server and compromised National Security?
I have just read the info on the Podesta hack. The man is a moron and unfit to be anywhere around confidential information. Companies and the government have secure email servers for a reason. It is so that they can be secure and compliance requirements while being monitored by TRAINED IT staff familiar with penetration methods. To put confidential info on an open FREE platform just so you avoid the security and compliance ramifications then cry because you got hacked is the epitome of stupid. The phishing attack he fell for is the most basic of hacks and would have been avoided with a little common sense (which he seems to lack) and maybe a $30 anti malware (which he also seems to lack) program. He could not have made it easier for them if he just email the info to them himself.
I have worked with many Russians programmers over the years. They typically have a very good work ethic but their skills are about normal for any group. I believe the US and some EU countries still produce the best programmers as a rule. It really has more to do with technology available at younger ages so potential hackers can self select their skill. Some of the Asian countries like Japan do well also.
I’m afraid you don’t understand how intelligence officers write. To say you are “confident” but not express a “confidence level” would be a rookie mistake caught at the first level of supervision. There are explicit guidelines—that is, specific words denote specific confidence levels—that all intelligence analysts follow as basic tradecraft. The Director of National Intelligence (DNI) would know—his organization develops and enforces analytic standards for the 17-member U.S. Intelligence Community (IC).
This DNI-DHS press release will strike any fair minded intelligence professional as politically motivated excrement. Not only does it fail in terms of elemental tradecraft on confidence levels, it then jumps to motivation and intent for which it offers no evidence nor even a compelling narrative. The statement simply makes a declaration: “These thefts and disclosures are intended to interfere with the US election process.”
That may be true, but it seems equally plausible that through this joint communique the DNI is using the prestige of his position atop the IC “to interfere with the US election process.” We’ve seen the same politically motivated abuse of authority by other Obama administration apparatchiks—the Attorney General meeting with Bill Clinton days before her FBI underling intentionally threw the match in the case of Clinton’s wife, for example. So why would we not expect the same from the DNI?
Not only is this comment and the underlying NRO article smack-on, but I think it’s fair to add this: the Left usually tips its hand with its obfuscations and falsifications. If the case against Russia were as slam-dunk obvious as Hillary would have you believe, she would have no need to mislead voters with lies about what “17 intelligence agencies” have manifestly NOT done.
Kudos to you and anonymous for saying what needed to be said.
Is there any part of the government that the Democrats have not corrupted? I am rapidly coming toward the conclusion that a purge is in our future. It will either be the government purging anybody willing to point out their corruption or the other way around.
Why not “mendacious and stupid” for Hillary? What “smart” things has she achieved in public life—or private life, for that matter? The Russia “Reset”, Libya, Syria, the Benghazi fiasco, HillaryCare, bullying, shaming, and intimidating victims of sexual assault and rape, selling access while a Cabinet officer, voting for the Iraq war but admitting it was only for political reasons, taking money from woman-oppressing regimes, approving ninth-month abortions (aka infanticide) . . . all clever moves by a brilliant woman?
The only reason you view Hillary as smart is because, unlike Trump, the vast majority of the media and other mainstream political operatives tell you that she is every day. Six months of biased press reporting that discounted or ignored Trump’s boneheaded remarks and actions, while simultaneously denigrating his opponent’s every utterance—coupled with the truth about her decades of dissembling—and you’d be declaring her stupid too.
If Lady MacBeth had just had the foresight to build an award winning foundation funded by outside money and switch to pantsuits, Shakespeare’s play would have been a comedy that really needed Evelyn Waugh as an assist.
Billary 2016 – Because the beatings will continue until 2024.
Does it really matter what non-government people think? If the government believes this is credible, where are the sanctions? It’s a much bigger issue if the government actually has evidence and doesn’t act on it. It seems like a minor issue for Trump to deny or not really know what the security agencies have.
Suppose it’s all true and the government doesn’t sanction Russia and the emails take Hillary down. Does that imply the Obama administration is in the tank for Trump?
The interesting thing is that Democrats hardly conceal their use of government authority in corrupt ways. It’s a feature, not a bug. Their base demands it. Their operatives (major media outlets) ignore it. For example, when the IRS is weaponized against conservatives it’s a ‘dog bites man’ story, pooh-poohed by the Democrat President running the operation, and buried by the media. Compare coverage of IRS abuse of TEA Party groups with that of George W. Bush’s legitimate dismissal of prosecutors.