Category Archives: cybersecurity

Kudos to TheForensicator

The latest analysis of the WikiLeaks DNC emails by TheForensicator tends to confirm the opinion that at least the emails, published by WikiLeaks in July 2016, were leaked by a DNC insider who was an unhappy Bernie supporter.

  • The emails were apparently extracted from a Microsoft Exchange email server on May 23-25. This was the time when Hillary’s victory became obvious, and the Bernie supporters were angry at the DNC for supposed cheating. (Sample media reporting: https://www.latimes.com/politics/la-na-clinton-sanders-democrats-20160516-snap-story.html)
  • Only emails from seven accounts were extracted and transferred to WikiLeaks. Five out of seven were finance directors’. That suggests that the leaker was not only a DNC insider, but a high placed insider with confident knowledge of the DNC’s internal workings.

Sources on How the DNC Faked “Russian Interference”

This post expands my article “Russian Interference” Didn’t Happen in the American Thinker.

The DNC Used its Hack to Entrap Trump

The DNC and CrowdStrike Destroyed Evidence in June 2016

The Support for the “Russian Hacking” Theory Came from EU Intel

Steele was Known to the State Department as an Unreliable Source

The DNC, Hillary’s Campaign & FBI Colluded with Ukraine against Trump

The DNC, Hillary’s Campaign & the Obama administration attempted to Collude with Russia

The Obama Administration Hid its “Russian” Activities from Congressional Republicans

Misc Continue reading Sources on How the DNC Faked “Russian Interference”

Karim Baratov and cyber incidents misattribution

This case of Karim Baratov is another refutation of the conspiracy theory of cyber incident attribution. This theory lamps together multiple network security breaches, performed by many unrelated individuals or small groups. Then it attributes these breaches to a small number of alleged government backed hacker groups. This theory was introduced by CrowdStrike, and promoted by CrowdStrike and FireEye (FEYE). One of apparently decent attribution criterias is use of the same network infrastructure — domain names and/or IP addresses — in multiple breaches. But even this criteria doesn’t work, because cyber criminals specialize and divide labor vertically. Spear-phishing incidents using the same deceptive domain and/or IP address are not necessarily connected to a single beneficiary entity. An owner of the domain name can steal passwords from many victims for many unrelated clients, knowing nothing about the clients, like this case.  Continue reading Karim Baratov and cyber incidents misattribution

DNC-2016: Total Ignorance of Computer Security

The Democratic Party is the party of obscurantism. But the following example of cyber-security ignorance is hilarious (WikiLeaks, http://archive.is/K3153):

“From: Palermo, Rachel
Sent: Friday, April 29, 2016 2:07 PM
To: Regional Press
Subject: Factivists was hacked. Here is our new password
Importance: High

We have been compromised! But it's all ok.

Here is our new password: HHQTevgHQ@z&8b6

It will now change every few weeks so prevent future issues. So as it is re-set, I will forward it along.”

This short fragment shows ignorance of basic computer security rules:

  1. Every user must have a separate account and password.
  2. Passwords are never emailed.
  3. If one decides to violate rules 1 and 2, at least don’t email the password to a list!

It is likely they were hacked many times in 2016, and most of these hacks were detected.

Climate of Fear in Cyber-Security

In Dec. 30, 2016 – Jan. 2, 2017, Mark Maunder, CEO of the security company Wordfence, was among many vocal critics of the wrong and incompetent FBI-DHS report GRIZZLY STEPPE, which purported to provide technical indications of “Russian hacking.” A month and a half later, he was afraid to criticize the new version of the same report, citing the political nature of this issue, ostensibly because he feared the repercussions of such criticisms. The danger was coming from Big Tech, which, triggered by the travel ban, joined the “resistance” and had zero tolerance for anybody and anything not opposing President Trump.

Dec. 30, 2016. “US Govt Data Shows ‘Russia’ Used Outdated Ukrainian PHP Malware”

Mark Maunder suggested that ‘Russia’ be put in quotes in his next post on the subject.

Continue reading Climate of Fear in Cyber-Security

Summary of the Brennan-Clapper Hoax

An article in the New Yorker, promoting the “Russian interference” conspiracy theory, referred to the first week of December 2016 as the time “when Obama was intent on an orderly transfer of power.” The real meaning of this phrase is that Obama has failed to orderly transfer power to the elected administration – for the first time in more than 200 years! On December 9, two day after Trump selected “climate denier” Scott Pruitt as the future EPA head, the Washington Post published a putative leak, falsely alleging that “Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others” and other lies. It also falsely claimed “that’s the consensus view” of the Intelligence Community. On the same day, Obama ordered a “full review” of the alleged Russian hacking, to be led by James Clapper, and delivered before January the 20th. But the “full review” has been completed much faster, on January the 5th. Miraculously, it took only one day to prepare an unclassified version of it! Of course, miracles don’t happen. Brennan and Clapper made a forgery, and released it in the morning of January the 6th before certification of the Presidential election by Congress!  Continue reading Summary of the Brennan-Clapper Hoax

Jeffrey Carr, the “Russian Hacking” Skeptic

Jeffrey Carr is a cyber-security expert, and one of few open skeptics of the narrative that the leaked DNC and/or DCCC internal documents came from hacking by Russia. Few remarkable quotes from his posts, mostly from 2016-2017.

Can Facts Slow The DNC Breach Runaway Train?

“Here’s my nightmare. Every time a claim of attribution is made — right or wrong — it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified.”

Why aren’t there more skeptics in InfoSec?

“There’s a cost to being too critical. One infosec company threatened to sue a researcher if he didn’t make substantive changes to a published paper that was critical of their report. Many employers don’t allow their employees to express controversial opinions that could hurt the company’s business or reputation. And if the company or organization that you’re critical of has influential connections in Washington D.C., your professional reputation may suffer as well.”  Continue reading Jeffrey Carr, the “Russian Hacking” Skeptic

FBI/DHS Report GRIZZLY STEPPE was Junk

The GRIZZLY STEPPE – Russian Malicious Cyber Activity released jointly by FBI and DHS on December 29, 2016 was an update on another propaganda piece — the Joint Statement from DHS and ODNI on Election Security, published by the Obama administration on October 7 to aid Hillary and other fellow democrats in the elections.

GRIZZLY STEPPE was so incompetent that even convinced partisans laughed it off. Continue reading FBI/DHS Report GRIZZLY STEPPE was Junk

Silicon Valley Totalitarian Dystopia

The enlightened Silicon Valley has apparently created a totalitarian dystopia. Here, the term Silicon Valley includes Google, Facebook, Twitter, Microsoft, and Apple (“GFTMA”), even as Microsoft is headquartered in Washington state.

GFTMA have developed tools for nearly total speech control and deployed them against conservatives and other opponents of the Left. They tied themselves to the Left under the Obama administration. The political censorship and discrimination against the “right of left” authors and readers is well documented. This article focuses on the scientific and technical human potential of this country, a large part of which is computer and network engineers, scientists, businessmen, and other specialists affected by Silicon Valley. Continue reading Silicon Valley Totalitarian Dystopia

Voodoo Attributions in Cyber Security

The Official Attribution of Network Breaches is Based on Conspiracy Theories

The DNC has not been hacked by the Russian hacking groups Fancy Bear (APT28) or Cozy Bear (APT29) for one simple reason: neither of these groups exists or existed at any time.

APT (Advanced Persistent Threat) was a code name for Chinese Espionage. There were attempts to detect specific groups under the broad umbrella of the APT. Then Mandiant (later acquired by FireEye) attempted to generalize the definition to include putative state-sponsored hacker groups from other countries. But such generalization cannot work. The attribution of cyber-security incidents to state backed sophisticated hacker groups worked only for China because it was a cyber-fortress surrounded by the Great Firewall of China. Continue reading Voodoo Attributions in Cyber Security

What is the ‘Advanced Persistent Threat’?

APT [Advanced Persistent Threat] is a term to refer to Chinese espionage
without saying Chinese espionage. Full stop.
Scott J Roberts
, APT is a Who not a What …

The full quote:

“This classified intelligence was a problem. … These DoD/IC teams wanted to help, but couldn’t disclose classified information. They came up with a compromise: sharing indicators and information without disclosing the actual actor behind it. Specifically APT, supposedly coined by Colonel Greg Rattray, was a couple groups of actors primarily operating out of mainland China and believed to be members of the People’s Liberation Army. We now know these groups today as APT1Anchor Panda, and Elderwood, as well as other private designations.

APT is a term to refer to Chinese espionage without saying Chinese espionage. Full stop.”

Continue reading What is the ‘Advanced Persistent Threat’?

Russian Bears with Donkey Ears

The “assessment” that the Russian government hacked the DNC and leaked its emails was wrong. It’s almost impossible to attribute a network breach to a sophisticated hackers group.

When #CrowdStrike and FireEye started making the fraudulent attribution on cyber security events, many other companies followed. The Obama regime has corrupted and dumbed down the DHS, DNI, and FBI. They bought this fraud, and then added some.

In 2016, Hillary and the DNC were deceived by CrowdStrike into believing that Russia was behind the leaks of their emails that shouldn’t have been written in the first place. Together with Obama they forced that deception on the FBI and intelligence. Then they blamed Russia for their election defeat!

Most successful network security breaches are conducted by criminal hackers, many of whom are based or originate from Russia and Eastern Europe. Most unsuccessful attempts are conducted by amateurs. Organizations should protect their networks, rather than blame nation states.

Read Jeffrey Carr, FBI/DHS Joint Analysis Report: A Fatally Flawed Effort or Robert Graham, Dear Obama, From Infosec – both are (or were) anti-Trump.

All “Evidence” of “Russian Meddling” Came from the DNC

What a tangled web we weave …

Continues Origin of Operation “Crossfire Hurricane”

Update: Steele might have learnt what the DNC wanted him to write about Trump directly from the DNC, rather than indirectly through MSM. DOJ official Bruce Ohr reportedly communicated with Steele in the time when his wife Nellie Ohr worked for Fusion GPS that hired and worked with Steele.

The leaked “opposition research” (mostly smear) on Trump consisted of 230 pages. Only one short paragraph was devoted to allegations about Trump’s relations and attitudes towards Russia. Thus, neither the DNC nor Hillary campaign believed around May 2016 that there was even a small impropriety in Trump’s connections with Russia.  The opposition research file was apparently dated December 2015, but the DNC allowed it to leak between late April to early June of 2016 (likely on June 12-14), then advertised it in the WaPo article on June 14, 2016.

The liberal media attitude toward Putin changed from lukewarm to hostile almost overnight between July 16 and July 21, simultaneously with the creation and adoption of the Trump-Putin conspiracy theory as a major part of the Democratic Party line. Continue reading All “Evidence” of “Russian Meddling” Came from the DNC

CrowdStrike: Crooked, Shrill, Unashamed

Since the misattribution of a suspected breach into the DNC network in early 2016 to Russia, CrowdStrike has been boosted by:

  • DNC loyalists in the FBI, CIA, DHS, and DNI
  • the fawning coverage by mainstream media
  • NBC News employing Shawn Henry, a CrowdStrike top officer and former executive assistant to FBI Director Robert Mueller, as a cyber security consultant
  • $300M investments by Google and Silicon Valley VCs

Continue reading CrowdStrike: Crooked, Shrill, Unashamed

Why has FBI Accepted DNC’s “Russian Hacking” Claims?

The conservative media keeps tripping itself over lies invented by the left-stream media. I cannot blame it.  People know the left-stream media lies, but still read it and take in much of what is written there.  This time, conservatives fell for the fake news that Guccifer 2.0 (who took credit for release of the damning internal DNC documents) revealed as a GRU officer.

On or around March 21, 2018, The Daily Beast, a leftist tabloid on the lower end of the spectrum, published an “exclusive”: “‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer.”  Continue reading Why has FBI Accepted DNC’s “Russian Hacking” Claims?