It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
The Smoking Gun and Real Obstruction of Justice
page: 1share:
ob·struc·tion of jus·tice
NOUN
the criminal offense of obstructing the administration and process of the law
The DNC denied multiple requests from the FBI in the wake of the "hacking" allegations. If you so vociferously claim such an egregious act occurred and demanded something be done about it then why would you deny the FBI direct access to examine your servers?
The answer(s) are:
A. You have something to hide.
B. You want to manipulate the findings to drive a false narrative.
C. Both A & B
The private company hired to complete the forensics analysis of the DNC servers was CrowdStrike and their report findings are impossible to verify unless the FBI has direct access to the DNC servers to complete their own forensic analysis. So the FBI is taking the report findings from CrowdStrike at face value and they never even verified the findings.
If you listen to the MSM this case is the biggest scandal to hit since Watergate. Even bigger than Watergate. They salivate and hyperventilate with eyes bulging about how big this scandal is. Yeah...whatever.
The smoking gun that would ultimately DISPROVE the false narrative of a Russian hack are the servers themselves. The DNC knows this which is why they hired a bought and paid for private firm like CrowdStrike who very conveniently has a contract with the FBI. CrowdStrike also employs a large number of former intelligence agency folks so the revolving door there is a big beautiful door.
Obstruction of justice was committed by the DNC for they knowingly obstructed the administration and process of the law by not turning over the servers.
The fact that the FBI makes any hacking claims is mind numbing considering they NEVER DID THEIR OWN REVIEW OF THE DNC SERVERS.
Comey was at the helm during this mess and it is clear in hindsight he was being pressured by powers to toe a line. And the hyperventilating liberals wonder why Trump canned his ass? Amazing.
NOUN
the criminal offense of obstructing the administration and process of the law
The DNC denied multiple requests from the FBI in the wake of the "hacking" allegations. If you so vociferously claim such an egregious act occurred and demanded something be done about it then why would you deny the FBI direct access to examine your servers?
The answer(s) are:
A. You have something to hide.
B. You want to manipulate the findings to drive a false narrative.
C. Both A & B
The private company hired to complete the forensics analysis of the DNC servers was CrowdStrike and their report findings are impossible to verify unless the FBI has direct access to the DNC servers to complete their own forensic analysis. So the FBI is taking the report findings from CrowdStrike at face value and they never even verified the findings.
If you listen to the MSM this case is the biggest scandal to hit since Watergate. Even bigger than Watergate. They salivate and hyperventilate with eyes bulging about how big this scandal is. Yeah...whatever.
The smoking gun that would ultimately DISPROVE the false narrative of a Russian hack are the servers themselves. The DNC knows this which is why they hired a bought and paid for private firm like CrowdStrike who very conveniently has a contract with the FBI. CrowdStrike also employs a large number of former intelligence agency folks so the revolving door there is a big beautiful door.
Obstruction of justice was committed by the DNC for they knowingly obstructed the administration and process of the law by not turning over the servers.
The fact that the FBI makes any hacking claims is mind numbing considering they NEVER DID THEIR OWN REVIEW OF THE DNC SERVERS.
Comey was at the helm during this mess and it is clear in hindsight he was being pressured by powers to toe a line. And the hyperventilating liberals wonder why Trump canned his ass? Amazing.
a reply to: Outlier13
Your thread signifies why the Russian narrative is so prevalent. Why any of it needs to be true, because if the people stop looking at Russia, they will see the blatant septic system that is the DNC.
My hope is that the data is still intact and the Mueller can subpoena the server. However, I'm sure anything remotely incriminating is long gone.
Your thread signifies why the Russian narrative is so prevalent. Why any of it needs to be true, because if the people stop looking at Russia, they will see the blatant septic system that is the DNC.
My hope is that the data is still intact and the Mueller can subpoena the server. However, I'm sure anything remotely incriminating is long gone.
a reply to: Outlier13
Qatar was just hacked, did they call Crowdstrike?
Nope, they called the FBI to investigate for them.
Dimitri Alperovitch, cofounder and CTO of Crowdstrike is a Senior Fellow of The Atlantic Council, they should never have gotten the DNC work.
Qatar was just hacked, did they call Crowdstrike?
Nope, they called the FBI to investigate for them.
Dimitri Alperovitch, cofounder and CTO of Crowdstrike is a Senior Fellow of The Atlantic Council, they should never have gotten the DNC work.
I understand your point of view but ...
The FBI requested ... they did not have a warrant and I can never ever support the notion that ...
Just no! That is not on! If the FBI needed it, they could have got a Court to issue a Warrant. It was not important to them. I agree with the rest of your post.
I fervently hope some one can put this charade to rest but I am not holding my breath.
The mid-term election will come along and bite one of your parties so savagely that they bleed out all over the media.
P
The FBI requested ... they did not have a warrant and I can never ever support the notion that ...
The answer(s) are:
A. You have something to hide.
Just no! That is not on! If the FBI needed it, they could have got a Court to issue a Warrant. It was not important to them. I agree with the rest of your post.
I fervently hope some one can put this charade to rest but I am not holding my breath.
The mid-term election will come along and bite one of your parties so savagely that they bleed out all over the media.
P
originally posted by: pheonix358
I understand your point of view but ...
The FBI requested ... they did not have a warrant and I can never ever support the notion that ...
The answer(s) are:
A. You have something to hide.
Just no! That is not on! If the FBI needed it, they could have got a Court to issue a Warrant. It was not important to them. I agree with the rest of your post.
I fervently hope some one can put this charade to rest but I am not holding my breath.
The mid-term election will come along and bite one of your parties so savagely that they bleed out all over the media.
P
Incorrect. The FBI cannot force an affected party to turn anything over.
originally posted by: JinMI
a reply to: Outlier13
Your thread signifies why the Russian narrative is so prevalent. Why any of it needs to be true, because if the people stop looking at Russia, they will see the blatant septic system that is the DNC.
My hope is that the data is still intact and the Mueller can subpoena the server. However, I'm sure anything remotely incriminating is long gone.
Backups were made, however, they can selectively decide what was backed up and what was not. Those servers have been buried somewhere deep underground guaranteed.
edit on 8-6-2017 by Outlier13 because: (no reason given)
a reply to: JinMI
The FBI knew the DNC was hacked months before the DNC knew it and they even knew who had done it.
New York Times - The Perfect Weapon: How Russian Cyberpower Invaded the U.S.
Evidence of the attack was picked up at the time by still others.
Dell SecureWorks - IRON TWILIGHT Supports 'Active Measures'
And others. Ironically, the target here screenshotted the warning and emailed it to Luis Miranda, it was stolen and published in the WikiLeaks release.
Yahoo News - Exclusive: Suspected Russian hack of DNC widens — includes personal email of staffer researching Manafort
But let's just keep pretending that the only evidence of hacking — even among just what is publically know — comes from CrowdStrike.
Your thread signifies why the Russian narrative is so prevalent. Why any of it needs to be true, because if the people stop looking at Russia, they will see the blatant septic system that is the DNC.
My hope is that the data is still intact and the Mueller can subpoena the server. However, I'm sure anything remotely incriminating is long gone.
The FBI knew the DNC was hacked months before the DNC knew it and they even knew who had done it.
New York Times - The Perfect Weapon: How Russian Cyberpower Invaded the U.S.
WASHINGTON — When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.
His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.
The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.
Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.
“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.
Evidence of the attack was picked up at the time by still others.
Dell SecureWorks - IRON TWILIGHT Supports 'Active Measures'
DNC and Hillary Clinton campaign compromises Between March and May 2016, CTU researchers monitoring IRON TWILIGHT’s targeting of organizational and personal Gmail accounts uncovered phishing emails targeting nine DNC accounts, 108 Hillary Clinton presidential campaign accounts, and at least 26 personal accounts belonging to individuals active in U.S. politics. In June 2016, the DNC confirmed its network was compromised by IRON TWILIGHT.
And others. Ironically, the target here screenshotted the warning and emailed it to Luis Miranda, it was stolen and published in the WikiLeaks release.
Yahoo News - Exclusive: Suspected Russian hack of DNC widens — includes personal email of staffer researching Manafort
Just weeks after she started preparing opposition research files on Donald Trump’s campaign chairman Paul Manafort last spring, Democratic National Committee consultant Alexandra Chalupa got an alarming message when she logged into her personal Yahoo email account.
“Important action required,” read a pop-up box from a Yahoo security team that is informally known as “the Paranoids.” “We strongly suspect that your account has been the target of state-sponsored actors.”
Chalupa — who had been drafting memos and writing emails about Manafort’s connection to pro-Russian political leaders in Ukraine — quickly alerted top DNC officials. “Since I started digging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often,” she wrote in a May 3 email to Luis Miranda, the DNC’s communications director, which included an attached screengrab of the image of the Yahoo security warning.
“I was freaked out,” Chalupa, who serves as director of “ethnic engagement” for the DNC, told Yahoo News in an interview, noting that she had been in close touch with sources in Kiev, Ukraine, including a number of investigative journalists, who had been providing her with information about Manafort’s political and business dealings in that country and Russia.
“This is really scary,” she said.
Chalupa’s message is among nearly 20,000 hacked internal DNC emails that were posted over the weekend by WikiLeaks as the Democratic Party gathered for its national convention in Philadelphia.
But let's just keep pretending that the only evidence of hacking — even among just what is publically know — comes from CrowdStrike.
edit
on 2017-6-8 by theantediluvian because: (no reason given)
originally posted by: Outlier13
originally posted by: pheonix358
I understand your point of view but ...
The FBI requested ... they did not have a warrant and I can never ever support the notion that ...
The answer(s) are:
A. You have something to hide.
Just no! That is not on! If the FBI needed it, they could have got a Court to issue a Warrant. It was not important to them. I agree with the rest of your post.
I fervently hope some one can put this charade to rest but I am not holding my breath.
The mid-term election will come along and bite one of your parties so savagely that they bleed out all over the media.
P
Incorrect. The FBI cannot force an affected party to turn anything over.
Exactly there is no way even a court would turn over the servers. But after looking at crowdstrike's report is laughable. They base there information off a server that was known to be used by the Russians. So tracing it back to a server tells me thus wasn't a professional at all. Because the first thing any real hacker does is set up a proxy server.
a reply to: theantediluvian
Whats you opinion on the metadata from the first few files let out?
link
Whats you opinion on the metadata from the first few files let out?
link
edit on 8-6-2017 by D8Tee because: (no reason given)
a reply to: theantediluvian
Other than the source that the NYT is using:
labsblog.f-secure.com...
There's not much more meat than that. What they believe and an prove are very different matters.
Whether this is a Russian state sanctioned, Russian intelligence, random group from Russia or some tin foil Vault 7 CIA action is yet to be confirmed anywhere.
Other than the source that the NYT is using:
Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making.
labsblog.f-secure.com...
There's not much more meat than that. What they believe and an prove are very different matters.
Whether this is a Russian state sanctioned, Russian intelligence, random group from Russia or some tin foil Vault 7 CIA action is yet to be confirmed anywhere.
a reply to: D8Tee
My take on the metadata from the MS Word docs released on the Guccifer 2.0 Wordpress blog is that it's a mess and it's wide open to interpretation. Did you read the piece from /u/tvor_22 at Medium?
The inconsistent modification of the metadata is perplexing.
1. At first glance, it superficially appears that they could have been modified by a Russian language user who inadvertently left "fingerprints." The hackers behind the DNC hack are too sophisticated for that.
2. Look a little deeper (but not THAT much more) and you get to the g-2.space layer where Mr. Carter is claiming that the evidence shows a failed attempt to frame the Russians. Anyone competent enough to edit the metadata in the first place in an attempt to "frame the Russians" wouldn't have missed the identical creation datetime fields, the duped RSID numbers, etc.
My opinion on this has evolved a bit but whatever anyone tells you, it's all speculation. Also, the metadata of these docs is only one part of the over all body of "evidence" regarding "Guccifer 2.0." What I currently favor is that it's supposed to look like somebody trying to frame the Russians. Then again, it could be somebody trying to make it appear that somebody is trying to make it appear that somebody is trying to frame the Russians.
Have you ever seen Princess Bride? It's like the Vizzini poison scene:
One thing that I've been mulling over that seems to eliminate a couple possibilities is that apparently Guccifer 2.0 provided Aaron Nevins with 2.5 gigs of legit data. We have a number of independent persons who have corroborated these events including Mr. Nevins himself and Roger Stone.
So apparently beyond these problematic Word docs, "Guccifer 2.0" had the goods.
Everything about "Guccifer 2.0" is convoluted and filled with inconsistencies, contradictions and anomalies. Maybe that's the point. The question I ask myself then is, whose interest would best be served by "Guccifer 2.0" creating all this confusion and doubt?
I suspect that the Russians would have the most to gain. Look at all the Internet sleuths who are convinced that the mangled metadata points to a Russian frame up fail. Then again, maybe it's the Chinese. (joking... well half joking)
My take on the metadata from the MS Word docs released on the Guccifer 2.0 Wordpress blog is that it's a mess and it's wide open to interpretation. Did you read the piece from /u/tvor_22 at Medium?
To what degree Guccifer2 wanted us to know this was a deliberate addition is a more difficult question to answer after-the-fact of the results (Russian attribution). If Guccifer2 wanted us to think it was an accidentally ‘touched’ document, why was all the meta-data so haphazardly altered? Granted, he/she wouldn’t have had much time to put it together after the impending leak announcement by WikiLeaks, but still it seems off. I guess the real question is ‘how much tinfoil you got?’
The inconsistent modification of the metadata is perplexing.
1. At first glance, it superficially appears that they could have been modified by a Russian language user who inadvertently left "fingerprints." The hackers behind the DNC hack are too sophisticated for that.
2. Look a little deeper (but not THAT much more) and you get to the g-2.space layer where Mr. Carter is claiming that the evidence shows a failed attempt to frame the Russians. Anyone competent enough to edit the metadata in the first place in an attempt to "frame the Russians" wouldn't have missed the identical creation datetime fields, the duped RSID numbers, etc.
My opinion on this has evolved a bit but whatever anyone tells you, it's all speculation. Also, the metadata of these docs is only one part of the over all body of "evidence" regarding "Guccifer 2.0." What I currently favor is that it's supposed to look like somebody trying to frame the Russians. Then again, it could be somebody trying to make it appear that somebody is trying to make it appear that somebody is trying to frame the Russians.
Have you ever seen Princess Bride? It's like the Vizzini poison scene:
One thing that I've been mulling over that seems to eliminate a couple possibilities is that apparently Guccifer 2.0 provided Aaron Nevins with 2.5 gigs of legit data. We have a number of independent persons who have corroborated these events including Mr. Nevins himself and Roger Stone.
So apparently beyond these problematic Word docs, "Guccifer 2.0" had the goods.
Everything about "Guccifer 2.0" is convoluted and filled with inconsistencies, contradictions and anomalies. Maybe that's the point. The question I ask myself then is, whose interest would best be served by "Guccifer 2.0" creating all this confusion and doubt?
I suspect that the Russians would have the most to gain. Look at all the Internet sleuths who are convinced that the mangled metadata points to a Russian frame up fail. Then again, maybe it's the Chinese. (joking... well half joking)
a reply to: JinMI
Not sure what you're getting at? It was FBI Special Agent Hawkins who identified the attackers as "The Dukes" (APT29, Cozy Bear, what Dell Secureworks is now calling "Iron Twilight") in the calls to the DNC, not a NYT reporter citing F-Secure Labs.
Well, this is all part of the investigations that are going on thankfully. Hopefully there will be nauseatingly detailed reports released when they're concluded. Just keep in mind that we're only getting a small piece of a larger picture at this point.
The point I was making specifically is that there is plenty of publically available evidence of the hack taking place, evidence suggesting the identity of the attackers, that has nothing to do with CrowdStrike or the DNC servers.
Other than the source that the NYT is using:
Not sure what you're getting at? It was FBI Special Agent Hawkins who identified the attackers as "The Dukes" (APT29, Cozy Bear, what Dell Secureworks is now calling "Iron Twilight") in the calls to the DNC, not a NYT reporter citing F-Secure Labs.
There's not much more meat than that. What they believe and an prove are very different matters.
Well, this is all part of the investigations that are going on thankfully. Hopefully there will be nauseatingly detailed reports released when they're concluded. Just keep in mind that we're only getting a small piece of a larger picture at this point.
The point I was making specifically is that there is plenty of publically available evidence of the hack taking place, evidence suggesting the identity of the attackers, that has nothing to do with CrowdStrike or the DNC servers.
a reply to: theantediluvian
Snowden has long held the NSA has the answers. The only way they wouldn't know who hacked the DNC was if it was a leak.
Edward SnowdenVerified account @Snowden 25 Jul 2016
More
Even if the attackers try to obfuscate origin, #XKEYSCORE makes following exfiltrated data easy. I did this personally against Chinese ops.
Tweets
Zerohedge article
Then again, maybe it's the Chinese. (joking... well half joking)
Snowden has long held the NSA has the answers. The only way they wouldn't know who hacked the DNC was if it was a leak.
Edward SnowdenVerified account @Snowden 25 Jul 2016
More
Even if the attackers try to obfuscate origin, #XKEYSCORE makes following exfiltrated data easy. I did this personally against Chinese ops.
Tweets
Zerohedge article
a reply to: theantediluvian
Absolutely fair enough.
Abstract question:
Given that on more than one account (possibly citing the same source), the hackers have been labeled as well funded, well organized and not small in number, why is the source area so easily tracked. Now you'll have to forgive my ignorance here, but in a time of spoofing and proxies, wouldn't this be the number one goal of anyone attempting to go through such hassle to obtain information?
Secondly, what do you make of the FBI being the ones to notify the DNC of the hack and then in turn, handing the server(s) over to CrowdStrike for investigation?
Also to whit:
medium.com...
Well, this is all part of the investigations that are going on thankfully. Hopefully there will be nauseatingly detailed reports released when they're concluded. Just keep in mind that we're only getting a small piece of a larger picture at this point.
Absolutely fair enough.
Abstract question:
Given that on more than one account (possibly citing the same source), the hackers have been labeled as well funded, well organized and not small in number, why is the source area so easily tracked. Now you'll have to forgive my ignorance here, but in a time of spoofing and proxies, wouldn't this be the number one goal of anyone attempting to go through such hassle to obtain information?
Secondly, what do you make of the FBI being the ones to notify the DNC of the hack and then in turn, handing the server(s) over to CrowdStrike for investigation?
Also to whit:
In April 2016, two months before the June report was issued, former President Barack Obama appointed Steven Chabinsky, “general counsel and Chief Risk officer” for CrowdStrike, to a presidential “Commission for Enhancing Cybersecurity,” further demonstrating CrowdStrike’s intermingling with powerful Democratic Party factions.
medium.com...
a reply to: theantediluvian
I figured the Russians have the least to gain. This hacking real or fake makes it impossible to remove sanctions from Russia. And make no mistake these sanctions are hurting their economy. The Russians would like nothing more than people get bored with them and they can return to the international community instead of being ostrisized.
I figured the Russians have the least to gain. This hacking real or fake makes it impossible to remove sanctions from Russia. And make no mistake these sanctions are hurting their economy. The Russians would like nothing more than people get bored with them and they can return to the international community instead of being ostrisized.
Comey sure made a lot of decisions based on dodgy pay-for-play "investigations" by 3rd parties.
Did the FBI even investigate during his reign...or just use questionable reports from questionable actors with deep state pedigrees?
What an incompetent and corrupt actor Comey is. Somebody said elsewhere here, and rightly so, that Trump should've fired the fool during his Innagural Address...
Did the FBI even investigate during his reign...or just use questionable reports from questionable actors with deep state pedigrees?
What an incompetent and corrupt actor Comey is. Somebody said elsewhere here, and rightly so, that Trump should've fired the fool during his Innagural Address...
a reply to: D8Tee
The NSA certainly has capabilities even beyond what was revealed by Snowden (remember, he was only current up to his leaking which was what? 2013?).
Among these, it seems is an ability to track traffic across multiple hops. That is, they have a visibility such that if a connection originates on computer A and is bounced through servers B and C before reaching endpoint D, the NSA is able to analysis the separate connections between D-C, C-B, B-A to trace back to the origin.
There are limitations though. I imagine their visibility of network traffic is excellent in the US and quite a number of our allies, not least of which those who are part of "Five Eyes," and likely far beyond. However, where they can't collect traffic, this falls on its face. There's also a number of methods I can think of by which the signal can be effectively buried in the noise that would be highly resistant to snooping.
The point being, it's not magic. They still have to be able to collect the traffic for analysis and they have to be able to identify the traffic as it exits each hop along the way. I'm certain that foreign intelligence agencies are far more aware than we are of the capabilities and have mitigation strategies.
The NSA certainly has capabilities even beyond what was revealed by Snowden (remember, he was only current up to his leaking which was what? 2013?).
Among these, it seems is an ability to track traffic across multiple hops. That is, they have a visibility such that if a connection originates on computer A and is bounced through servers B and C before reaching endpoint D, the NSA is able to analysis the separate connections between D-C, C-B, B-A to trace back to the origin.
There are limitations though. I imagine their visibility of network traffic is excellent in the US and quite a number of our allies, not least of which those who are part of "Five Eyes," and likely far beyond. However, where they can't collect traffic, this falls on its face. There's also a number of methods I can think of by which the signal can be effectively buried in the noise that would be highly resistant to snooping.
The point being, it's not magic. They still have to be able to collect the traffic for analysis and they have to be able to identify the traffic as it exits each hop along the way. I'm certain that foreign intelligence agencies are far more aware than we are of the capabilities and have mitigation strategies.
a reply to: JinMI
I don't think that there's anything particularly easy about tracing them back to the source and that's the crux of the problem when it comes to attribution and why security professionals urging caution do so. It works basically like this:
* Individual threat actors are identified much like any other serial criminal, by their MOs forensic evidence. Particularly things like toolsets, techniques/tactics and choices in targets, along with various other evidence. This would be analogous to the naming of a serial killer like BTK long before he was eventually identified as Dennis Rader.
You'll see various security groups giving them their own names like APT29 (FireEye), Cozy Bear (CrowdStrike), Iron Twilight (Dell Secure works), The Dukes (F-Secure), etc — all referring to the same group/threat actor/APT (Advanced Persistent Threat).
* Some of the same from above like the sophisticated nature of the tradecraft, the sheer volume of activity, the apparent resources, choice in targets, public communications, etc are used in an attempt to pin down who these groups work for to some degree of certainty.
The indicators from the body of what is known about APT29/Cozy Bear/etc leads analysts to conclude with varying degrees of certainty that this group is state-sponsored and either part of or directed by the Russian intelligence apparatus.
I will also note for the sake of objectivity that just like a copy cat could emulate a serial killer, a state sponsored attacker could in fact employ tactics to misdirect attribution. Logic should make this apparent regardless of WikiLeaks releases that confirm that its a thing.
It all comes down to probabilities based on the strength of the evidence. It's like building any other criminal case and there are rarely "smoking guns" in the real world and yet, we do convict criminals (albeit sometimes wrongly). I expect that in the case of the investigations that have taken plance and those ongoing, there is and will be evidence from a variety of sources including human intelligence.
Like I said, I hope for a detailed report when this is all over but I'm always aware that to protect sources of intelligence, we're likely never going to get close to the whole picture in terms of evidence uncovered.
AFAIK, there was no "turning over" of the DNC servers to anyone at any point. I do not know but I am highly interested to know, how in September of 2015, the FBI was aware of the DNC compromise and was already identifying the attackers as "The Dukes" (aka APT29, Cozy Bear, etc).
It appears that CrowdStrike came in, probably backed up everything immediately to preserve everything, deployed their proprietary IDS (intrusion detection system) in situ, located the compromised systems and began monitoring the activity of the intruders for a period of about two weeks.
I imagine that from the backups which I assume they made, CrowdStrike deployed VMs for further analysis concurrent with the monitoring of the intruders.
Why wouldn't the DNC hand over servers at the request of the FBI? I can think of some reasons. FTR, they deny being asked but I tend to believe the FBI over the DNC (or the RNC or Trump or Clinton for that matter).
There's a story with an interesting detail that is never brought up by those who insist on painting CrowdStrike as in bed with the DNC (not that IT firms don't have relationships, Palantir co-founder Peter Thiel is well known supporter and associate of Trump):
Reuters - Hackers targeted Trump campaign, Republican Party groups: sources
I haven't searched for corroboration and that was from August but it would be intersting if CrowdStrike was ALSO employed by the Trump campaign as was reported.
Abstract question: Given that on more than one account (possibly citing the same source), the hackers have been labeled as well funded, well organized and not small in number, why is the source area so easily tracked. Now you'll have to forgive my ignorance here, but in a time of spoofing and proxies, wouldn't this be the number one goal of anyone attempting to go through such hassle to obtain information?
I don't think that there's anything particularly easy about tracing them back to the source and that's the crux of the problem when it comes to attribution and why security professionals urging caution do so. It works basically like this:
* Individual threat actors are identified much like any other serial criminal, by their MOs forensic evidence. Particularly things like toolsets, techniques/tactics and choices in targets, along with various other evidence. This would be analogous to the naming of a serial killer like BTK long before he was eventually identified as Dennis Rader.
You'll see various security groups giving them their own names like APT29 (FireEye), Cozy Bear (CrowdStrike), Iron Twilight (Dell Secure works), The Dukes (F-Secure), etc — all referring to the same group/threat actor/APT (Advanced Persistent Threat).
* Some of the same from above like the sophisticated nature of the tradecraft, the sheer volume of activity, the apparent resources, choice in targets, public communications, etc are used in an attempt to pin down who these groups work for to some degree of certainty.
The indicators from the body of what is known about APT29/Cozy Bear/etc leads analysts to conclude with varying degrees of certainty that this group is state-sponsored and either part of or directed by the Russian intelligence apparatus.
I will also note for the sake of objectivity that just like a copy cat could emulate a serial killer, a state sponsored attacker could in fact employ tactics to misdirect attribution. Logic should make this apparent regardless of WikiLeaks releases that confirm that its a thing.
It all comes down to probabilities based on the strength of the evidence. It's like building any other criminal case and there are rarely "smoking guns" in the real world and yet, we do convict criminals (albeit sometimes wrongly). I expect that in the case of the investigations that have taken plance and those ongoing, there is and will be evidence from a variety of sources including human intelligence.
Like I said, I hope for a detailed report when this is all over but I'm always aware that to protect sources of intelligence, we're likely never going to get close to the whole picture in terms of evidence uncovered.
Secondly, what do you make of the FBI being the ones to notify the DNC of the hack and then in turn, handing the server(s) over to CrowdStrike for investigation?
AFAIK, there was no "turning over" of the DNC servers to anyone at any point. I do not know but I am highly interested to know, how in September of 2015, the FBI was aware of the DNC compromise and was already identifying the attackers as "The Dukes" (aka APT29, Cozy Bear, etc).
It appears that CrowdStrike came in, probably backed up everything immediately to preserve everything, deployed their proprietary IDS (intrusion detection system) in situ, located the compromised systems and began monitoring the activity of the intruders for a period of about two weeks.
I imagine that from the backups which I assume they made, CrowdStrike deployed VMs for further analysis concurrent with the monitoring of the intruders.
Why wouldn't the DNC hand over servers at the request of the FBI? I can think of some reasons. FTR, they deny being asked but I tend to believe the FBI over the DNC (or the RNC or Trump or Clinton for that matter).
There's a story with an interesting detail that is never brought up by those who insist on painting CrowdStrike as in bed with the DNC (not that IT firms don't have relationships, Palantir co-founder Peter Thiel is well known supporter and associate of Trump):
Reuters - Hackers targeted Trump campaign, Republican Party groups: sources
The Trump campaign has hired security firm CrowdStrike, which also is assisting the Democratic National Committee, according to one person briefed on the matter. The company declined to comment .A different outside security firm was hired to examine software the Trump and Clinton campaigns use to manage mailings, electronic outreach and other campaign efforts, another person who was briefed on the issue said.A spokeswoman for Trump's campaign declined to comment. A spokesman for the Republican National Committee could not immediately be reached for comment.
I haven't searched for corroboration and that was from August but it would be intersting if CrowdStrike was ALSO employed by the Trump campaign as was reported.
Mueller has no interest in the DNC server...He apparently is Comey's private counsel...His job is to attack Trump and continue protecting the DNC just as Comey is...
originally posted by: JinMI
a reply to: Outlier13
Your thread signifies why the Russian narrative is so prevalent. Why any of it needs to be true, because if the people stop looking at Russia, they will see the blatant septic system that is the DNC.
My hope is that the data is still intact and the Mueller can subpoena the server. However, I'm sure anything remotely incriminating is long gone.
new topics
-
The Carpet Coating that Attacked the Environment
Medical Issues & Conspiracies: 1 hours ago -
Microplastics in your drinks
Medical Issues & Conspiracies: 2 hours ago -
Happy Rush Day 2024 - 2112
Music: 7 hours ago -
China Working on 'Drone Mothership' Plane
Military Projects: 7 hours ago -
12-21-24 Usyk-Fury II
World Sports: 10 hours ago
top topics
-
My Retirement
General Chit Chat: 15 hours ago, 19 flags -
China Working on 'Drone Mothership' Plane
Military Projects: 7 hours ago, 9 flags -
Driving home for Christmas… fast!
General Entertainment: 14 hours ago, 8 flags -
‘Something horrible’: Somerset pit reveals bronze age cannibalism
Ancient & Lost Civilizations: 16 hours ago, 6 flags -
Happy Rush Day 2024 - 2112
Music: 7 hours ago, 4 flags -
Microplastics in your drinks
Medical Issues & Conspiracies: 2 hours ago, 4 flags -
The Carpet Coating that Attacked the Environment
Medical Issues & Conspiracies: 1 hours ago, 3 flags -
12-21-24 Usyk-Fury II
World Sports: 10 hours ago, 1 flags
active topics
-
Microplastics in your drinks
Medical Issues & Conspiracies • 9 • : KrustyKrab -
The Carpet Coating that Attacked the Environment
Medical Issues & Conspiracies • 4 • : rickymouse -
Driving home for Christmas… fast!
General Entertainment • 5 • : rickymouse -
'Mass Casualty event' - Attack at Christmas market in Germany
Mainstream News • 133 • : Freeborn -
My Retirement
General Chit Chat • 18 • : Flyingclaydisk -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7941 • : KrustyKrab -
Spiritual Solstice
Short Stories • 10 • : Naftalin -
US Federal Funding set to Expire December 20th. Massive CR on the way.
Mainstream News • 76 • : IndieA -
12-21-24 Usyk-Fury II
World Sports • 3 • : Blueracer -
Happy Rush Day 2024 - 2112
Music • 3 • : NorthOS