It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Crowdstrike had no evidence Russia -- or anyone else -- hacked the DNC server !!!
page: 10share:
originally posted by: chr0naut
originally posted by: face23785
a reply to: chr0naut
Fascinating how you weren't able to offer any kind of expert rebuttal to what I said.
OK, the hackers, whoever they would be, were only interested in getting all that secret and potentially incriminating data...
If they erased that last bit of evidence, then the evidence of that erasure would be just as damning. And, after all, that [hiding their identity] isn't their goal, anyway. They wanted the data.
So they don't care about being found out. Got it.
Flip-flop 1:
In this case, the hackers did clean up a bit, which was why MIS (the DNC's IT Support company) couldn't find who, or how, and so they called in CrowdStrike (it's in the transcript).
Wait, so they don't care about being found out. They just wanted the data. But then they did clean up to try to keep from being found out?
Well, maybe you'll be consistent from here on out...
Nope. Flip-flop 2:
It makes no rational sense for the hackers to set up fake traces that would be misinterpreted by all the other guys using all their methods as well, otherwise, it would have been fairly pointless for the hackers to try and identify some other hacking group when there would still most likely be some trace of them, that they couldn't remove.
So now we're back to "hackers would never try to cover their tracks."
[sarcasm]And yeah, the only people they would be trying to hide from are other hackers. Not, like, governments and law enforcement and stuff...[/sarcasm]
As it is, what do the Russians care that they have been fingered? It's "so what"? They won't cop any more or less flack over it.
[sarcasm]Oh yeah, they totally wouldn't care. Not only do hackers not care if they're found out, but their state sponsors don't care if they're publicly identified as being behind it.
So, the fact that Russia has been denying they did it means, what, exactly? I mean, by your logic, it must not have been the Russians right? Because, if it was them, they'd just be like "Yeah, it was us, it's 'so what.' No big deal."
No repercussions, like sanctions or anything right? [/sarcasm]
This is what happens when you're obviously wrong, have backed yourself into a corner, and try to talk out of your ass to try to get out of it. You spun yourself around in a circle of complete nonsense. YOU can't even keep track of your own bull# at this point. But we can.
They went for the same data because it was the most exposed and the most likely to be useful.
And this just goes further demonstrate that you don't understand the subject matter. bloodymarvelous explained exactly why this wouldn't, and in fact, couldn't, be the case, and not only can you not refute his point, you don't even understand his point enough to half-ass an answer to it.
Even you know you're done for on this one, your ego is just so huge you can't stop digging that hole.
originally posted by: chr0naut
originally posted by: face23785
a reply to: chr0naut
Fascinating how you weren't able to offer any kind of expert rebuttal to what I said.
OK, the hackers, whoever they would be, were only interested in getting all that secret and potentially incriminating data.
Sure, the hackers could try and cover their tracks, all hackers do, but they would still leave traces, even with log editing tools and file 'touch' modifiers and a massive and complicated cleanup.
Their very last operation in the system could not be erased and so would evidence them as being present in the environment. If they erased that last bit of evidence, then the evidence of that erasure would be just as damning. And, after all, that isn't their goal, anyway. They wanted the data.
You can totally erase your last operation.
Just have the malware program that did that last operation delete itself. A small program running in ram could delete itself from the hard drive (because its running in Ram) and then exit.
But you're making yourself sound like you're not really an IT guy.
What Crowdstrike was finding is these "runDLL" commands in the log. Commands that normal, non-hacker, computer programs don't send to the system. That's what made one of the bears visible to them.
The other was using malware, and I'm not quite as versed in malware. So I don't know what the fingerprints were for that.
But basically when you see the operating system doing things it doesn't normally do, that suggests someone is tinkering with it.
In this case, the hackers did clean up a bit, which was why MIS (the DNC's IT Support company) couldn't find who, or how, and so they called in CrowdStrike (it's in the transcript). And CrowdStrike and other data forensics groups did find traces and have published the findings.
Also, at the time of the hack, it wasn't a foregone conclusion that CrowdStrike would be called in and you are also forgetting the other data forensics guys who worked to find the details of the breach.
It makes no rational sense for the hackers to set up fake traces that would be misinterpreted by all the other guys using all their methods as well, otherwise, it would have been fairly pointless for the hackers to try and identify some other hacking group when there would still most likely be some trace of them, that they couldn't remove.
Also fake traces would be a lot more difficult than simply doing a real hack.
But the DNC could help someone real hack them by leaving them an opening.
As it is, what do the Russians care that they have been fingered? It's "so what"? They won't cop any more or less flack over it. They did the hack, published the data, and then closed up shop, disbanded the groups, wiped their computers, and just disappeared into the woodwork (as they have done)?
The only ones who have any skin in the game about 'who did what' were the Trump and Hillary campaigns.
Just more trolling. What else is new?
ETA: Oh, I see you saved your real firepower for this guy:
originally posted by: bloodymarvelousNone of that explains why they both went directly to the same data.
Some real expert analysis there...
originally posted by: chr0naut
Umm, because it was there?
You've GOT to be getting paid for this. I refuse to believe someone would make such a fool of himself for free.
They went for the same data because it was the most exposed and the most likely to be useful.
Reading more about it, it looks like they might not have even targeted the same things.
www.cnn.com...
One of them basically monitored emails for a whole year. The other went after opposition research on Trump.
What's hard to believe is that they were so deep into the system, and for so long.
But now what remains suspicious:
en.wikipedia.org...
That after the emails were leaked to WikiLeaks, it was decided to not leak more, but to engage in misinformation: "Rather the tactics would be to spread rumours and misinformation about the content of what already had been leaked and make up new content.
They clearly had a lot more emails than what they leaked. It just strikes me as so surprising that nothing truly "game ending" came out of that.
It's like we're somehow supposed to believe that either:
A: - Even when the DNC has its pants totally down, exposed to the wind. They *still* aren't doing anything that would really upset the public? (They're politicians.... but they don't lie very much to us?)
or
B: - Putin didn't want to do too much harm. Just a little bit.
Option C:
The dems turned over the emails to Guccifer 2.0 themselves, and cherry picked them so they wouldn't be too incriminating.
edit on 15-5-2020 by bloodymarvelous because: more about the hacking stuff
originally posted by: bloodymarvelous
originally posted by: chr0naut
originally posted by: face23785
a reply to: chr0naut
You can totally erase your last operation.
Just have the malware program that did that last operation delete itself. A small program running in ram could delete itself from the hard drive (because its running in Ram) and then exit.
Yes, a program can stay resident in RAM and delete its source files. But just deleting some files still leaves all sorts of traces. Especially on modern multitasking server operating systems with redundancy, data detection/correction, operational transactionality, and built in recovery options, file/folder access control listsings (ACL's) and swap.
Deleting from the file system, doesn't even entirely remove the files from the disk (or the disk image). It marks the file as deleted (an invisible initial character overwrites the initial character of the file name), at the start of the allocation chain (in the case of NTFS). In most cases, the entire allocation chain, its ACL's, and its data remains in place except for that single overwritten character and perhaps a state flag or two.
Unless the rest of the disk is filled, the data will remain on the drive until the operating system begins to run out of unused space for file writes and then the data is overwritten. Normal file deletion does nothing but hide the file and overwrite its first character. The process of fully overwriting all de-allocated file space is long and slow on large capacity drives.
In terms of removing other transient details of a hack, there are further considerations with journalling file systems (such as NTFS), file and volume shadow copies, file and folder security database (ACL's), continual incremental and offsite backups and so forth. Simple deletions just don't cut it.
Not to mention data left behind in swap/pagefiles!
But you're making yourself sound like you're not really an IT guy.
What Crowdstrike was finding is these "runDLL" commands in the log. Commands that normal, non-hacker, computer programs don't send to the system. That's what made one of the bears visible to them.
Dynamic-link library
From Wikipedia, the free encyclopedia
Absolutely ALL program code makes frequent calls to DLL's by way of standardized rules called Application Programming Interfaces, or API's.
Application programming interface
From Wikipedia, the free encyclopedia
Badly written malware and applications may make some calls to some DLL's in unusual ways that aren't compliant with API's, but you really do seem to have the wrong idea entirely about "runDLL" calls. They aren't uncommon.
The other was using malware, and I'm not quite as versed in malware. So I don't know what the fingerprints were for that.
But basically when you see the operating system doing things it doesn't normally do, that suggests someone is tinkering with it.
Umm, yeah...
Also fake traces would be a lot more difficult than simply doing a real hack.
But the DNC could help someone real hack them by leaving them an opening.
Which they would do for what reason? To have some bizarre future weapon of dubious allegation to impeach someone who was not even President at the time?
Reading more about it, it looks like they might not have even targeted the same things.
As it is, what do the Russians care that they have been fingered? It's "so what"? They won't cop any more or less flack over it. They did the hack, published the data, and then closed up shop, disbanded the groups, wiped their computers, and just disappeared into the woodwork (as they have done)?
The only ones who have any skin in the game about 'who did what' were the Trump and Hillary campaigns.
Just more trolling. What else is new?
ETA: Oh, I see you saved your real firepower for this guy:
originally posted by: bloodymarvelousNone of that explains why they both went directly to the same data.
Some real expert analysis there...
originally posted by: chr0naut
Umm, because it was there?
You've GOT to be getting paid for this. I refuse to believe someone would make such a fool of himself for free.
They went for the same data because it was the most exposed and the most likely to be useful.
Well CrowdStrike was moving stuff off the compromised servers to new and secured ones (it is in the transcript), so the hackers were still looking for the easiest way to get any data, but what was easiest, changed over time.
www.cnn.com...
One of them basically monitored emails for a whole year.
No the hackers were opportunistic and chose to download the .PST files that MIS Support had forgotten to delete off the system as per standard cybersecurity protocols.
The other went after opposition research on Trump.
What's hard to believe is that they were so deep into the system, and for so long.
But now what remains suspicious:
en.wikipedia.org...
They clearly had a lot more emails than what they leaked.
Yes, the .pst files were only individual extracts from the mail datastore, which the hackers could not penetrate.
It just strikes me as so surprising that nothing truly "game ending" came out of that.
It's like we're somehow supposed to believe that either:
A: - Even when the DNC has its pants totally down, exposed to the wind. They *still* aren't doing anything that would really upset the public? (They're politicians.... but they don't lie very much to us?)
or
B: - Putin didn't want to do too much harm. Just a little bit.
Option C:
The dems turned over the emails to Guccifer 2.0 themselves, and cherry picked them so they wouldn't be too incriminating.
Possibly option A.
Option B is , I suppose, possible, but Putin is more of an 'all in' type of guy. There's no reason for him to pull any punches.
Option C, however, is ludicrous, motiveless, self destructive and evidenced against.
There could be other possibilities, too:
Option D, where the Trump campaign actually had an, as yet, unrevealed 'inside' resource that planted the 'dropper' files that gave the Russian initial entry.
Option E, where the Trump campaign forced Seth Rich, under duress, to steal the files, that they then leaked and killed Seth Rich to cover their tracks. The other signs of hacking were simply coincidental.
I could probably go on, inventing other possible options that you haven't really considered, either, and that are more plausible than option C.
edit on 15/5/2020 by chr0naut because: (no reason given)
originally posted by: chr0naut
originally posted by: shooterbrody
a reply to: UKTruth
Some dont know a computer from a car lot.
Tho Wikipedia tells them they do.
I think the testimony under oath is enough.
I am the CIO IT&T Manager for the company I currently work for. I have worked for more than 30 years at a number of technology companies, including IBM and IBMGSA. I have done disaster recoveries several times, for several companies, and have held an MCSE and A+ and other IT qualifications in the past. I have also written some commercial applications and have a software development portfolio. I would consider myself an expert in IT and computing.
I am confident that what CrowdStrike wrote in their blog post, or what is in the Wikipedia article on the DNC compromise, is technically correct.
and yet, when you rebuild servers, you use all the same hardware? In the US, we usually upgrade the HDD to give more storage. I can send you some papers on the process if you need.
originally posted by: network dude
originally posted by: Gryphon66
a reply to: UKTruth
Quick question: Do you know who hacked the DNC?
Thank you kindly.
quick question, are you sure they were hacked?
Nope. Are you sure they weren't?
Everything here in regard to this topic for the most part is willful speculation based on team preference.
a reply to: chr0naut
Your posts, while I don't agree with every statement factually, are cogent, well-reasoned and rational.
Those posting "against you" i.e. in this case trolling, are merely repeating their preferred media narrative.
Some do it with more eloquence, some as blatant trolling. Yet, you persist in trying to have a reasonable discussion.
There are those out here in the All Trump Supporters borderlands that appreciate such.
Your posts, while I don't agree with every statement factually, are cogent, well-reasoned and rational.
Those posting "against you" i.e. in this case trolling, are merely repeating their preferred media narrative.
Some do it with more eloquence, some as blatant trolling. Yet, you persist in trying to have a reasonable discussion.
There are those out here in the All Trump Supporters borderlands that appreciate such.
originally posted by: Gryphon66
a reply to: shooterbrody
Because no one ever lies under oath, eh?
Oh so NOW they are lying?
Ahahahaha
Wowzers
originally posted by: network dude
originally posted by: chr0naut
originally posted by: shooterbrody
a reply to: UKTruth
Some dont know a computer from a car lot.
Tho Wikipedia tells them they do.
I think the testimony under oath is enough.
I am the CIO IT&T Manager for the company I currently work for. I have worked for more than 30 years at a number of technology companies, including IBM and IBMGSA. I have done disaster recoveries several times, for several companies, and have held an MCSE and A+ and other IT qualifications in the past. I have also written some commercial applications and have a software development portfolio. I would consider myself an expert in IT and computing.
I am confident that what CrowdStrike wrote in their blog post, or what is in the Wikipedia article on the DNC compromise, is technically correct.
and yet, when you rebuild servers, you use all the same hardware? In the US, we usually upgrade the HDD to give more storage. I can send you some papers on the process if you need.
When you build a hardware host from scratch, you always upgrade the drive arrays. It makes sense because the MTBF means that older drives are closer to failure.
However, in the case of a server farm of virtualized servers such as in the case of the DNC, you can spin-up and down servers at whim and you always use the same hardware. Decommissioning a server these days doesn't mean throwing away any hardware.
Definitely, in the case of remediation of a malware attack or a hack, as CrowdStrike did (it's in the testimony) you don't change any hardware at all. Just spin up a new instance, get the services operational and point your clients towards the new instance and away from the old.
edit on 15/5/2020 by chr0naut because: another weird double post.
a reply to: shooterbrody
It's not a complicated concept.
You offered a statement "under oath" as evidence, when you know as well as anyone else that there's nothing magical about making an oath.
Do try to address the content rather than your sloppy strawmen and ad homs, eh?
It's not a complicated concept.
You offered a statement "under oath" as evidence, when you know as well as anyone else that there's nothing magical about making an oath.
Do try to address the content rather than your sloppy strawmen and ad homs, eh?
edit on 15-5-2020 by Gryphon66 because: Better
phrasing
originally posted by: Gryphon66
a reply to: shooterbrody
It's not a complicated concept.
You offered a statement "under oath" as evidence, when you know as well as anyone else that there's nothing magical about making an oath.
Do try to address the content rather than your sloppy strawmen and ad homs, eh?
You poo pooing testimony under oath to congress is delicious.
You attacking that process is even more delicious.
But only when it is cross with your bs trump hating narritive, right.
Otherwise testimony under oath is good?
Lol
What a joke
(post by face23785 removed for a manners violation)
originally posted by: shooterbrody
originally posted by: Gryphon66
a reply to: shooterbrody
Because no one ever lies under oath, eh?
Oh so NOW they are lying?
Ahahahaha
Wowzers
The completely willingness of these people to make absolute fools of themselves is downright scary. If they're not getting paid to do this, I seriously worry about their mental health, their safety, and the safety of those around them.
a reply to: shooterbrody
Just keep repeating to yourself "Orange Man Gud!"
The rest of the screed-post is blatantly absurd. As usual.
Just keep repeating to yourself "Orange Man Gud!"
The rest of the screed-post is blatantly absurd. As usual.
new topics
-
Ed Dowd some good news
Medical Issues & Conspiracies: 10 minutes ago -
Anyone like the Scorpions?
Music: 27 minutes ago -
What if this is true?
2024 Elections: 1 hours ago -
Merry-Go-Round Ride
Short Stories: 3 hours ago -
It's toast
General Chit Chat: 7 hours ago -
Man Stabbed or Cardiac arrest on Westminster Bridge, London, UK
Mainstream News: 8 hours ago -
A fix for the Trans players in sports
Social Issues and Civil Unrest: 10 hours ago
top topics
-
Petition Calling for General Election at 564,016 and rising Fast
Political Issues: 13 hours ago, 14 flags -
A fix for the Trans players in sports
Social Issues and Civil Unrest: 10 hours ago, 14 flags -
Man Stabbed or Cardiac arrest on Westminster Bridge, London, UK
Mainstream News: 8 hours ago, 7 flags -
It's toast
General Chit Chat: 7 hours ago, 7 flags -
What if this is true?
2024 Elections: 1 hours ago, 7 flags -
Merry-Go-Round Ride
Short Stories: 3 hours ago, 5 flags -
Anyone like the Scorpions?
Music: 27 minutes ago, 2 flags -
Ed Dowd some good news
Medical Issues & Conspiracies: 10 minutes ago, 2 flags
active topics
-
What if this is true?
2024 Elections • 16 • : xuenchen -
Anyone like the Scorpions?
Music • 1 • : worldstarcountry -
Ed Dowd some good news
Medical Issues & Conspiracies • 0 • : annonentity -
Merry-Go-Round Ride
Short Stories • 5 • : randomuser2034 -
Results of the use of the Oreshnik missile system in Dnepropetrovsk
World War Three • 217 • : worldstarcountry -
Russia Ukraine Update Thread - part 3
World War Three • 6876 • : worldstarcountry -
Petition Calling for General Election at 564,016 and rising Fast
Political Issues • 65 • : Oldcarpy2 -
It's toast
General Chit Chat • 9 • : Bluntone22 -
A fix for the Trans players in sports
Social Issues and Civil Unrest • 18 • : Tolkien -
Inca stone masonry at Sacsayhuaman, Ollantaytambo and the Sun Temple
Ancient & Lost Civilizations • 16 • : xxtrapsxx