Russian Hack of the DNC

Amazingly enough, the preponderance of the evidence points to Russia as the source of the DNC leak. I was going to summarize the evidence, but Thomas Rid did a great job here. Much of that is based on June's forensic analysis by Crowdstrike, which I wrote about here. More analysis here.

Jack Goldsmith discusses the political implications.

The FBI is investigating. It's not unreasonable to expect the NSA has some additional intelligence on this attack, similarly to what they had on the North Korea attack on Sony.

EDITED TO ADD (7/27): More on the FBI's investigation. Another summary of the evidence pointing to Russia.

Posted on July 26, 2016 at 1:40 PM • 124 Comments

Comments

ZdJuly 26, 2016 2:00 PM

It's hard to understate how huge is this story if confirmed to be true. Takes a lot of cojones to so blatantly interfere with the US elections. And Wikileaks will have some 'xplaining to do about their role here.

Carlo GrazianiJuly 26, 2016 2:06 PM

From Thomas Rids piece:

"...American inaction now risks establishing a de facto norm that all election campaigns in the future, everywhere, are fair game for sabotage—sabotage that could potentially affect the outcome and tarnish the winner’s legitimacy."

The idea of some kind of tit-for-tat retaliation for this bit of tactical sabotage by Russia frames the issue poorly. Clearly, Russia views the US as a strategic threat to be undermined, and equally clearly the US must do what it can to undermine the Putin regime. The question is how to do so effectively.

In my view, the answer is "By driving oil prices down". The Russian oligarchy is heavily dependent on the mineral resource extraction that underpins the Russian economy. That oil wealth is the only way that the Russian government can provide even the relatively primitive economic well-being that constitutes the claim to legitimacy of its nationalist program. By pressuring oil revenues, the West can create economic turmoil and popular discontent, while at the same time creating dissension and loyalty conflicts among the oligarchs, many of whom stand to lose vast amounts of money. Putin's power, which seems so absolute now, would certainly come to seem much more fragile in the event of a return of Soviet-era consumer poverty.

Hence, driving down oil prices should become a principal strategic goal of U.S. policy. One important tool to do this is to implement a carbon tax immediately. The US government should announce that gasoline taxes will increase by, say, 10 cents per year for the next 10 years. This would depress demand for gas while driving research and development of zero-emission vehicles -- said research needs a predictable future run of fuel prices to reduce investment risk. While such tax increases are of course unpopular, they are justifiable on grounds of U.S. National Security objectives, which should help sell them politically.

New revenue from Federal gas taxes should fund major increases in Federal research funding in green energy, as well as Federal incentives for investment in zero-emission vehicle and infrastructure development -- think recharging and Hydrogen refueling stations, as well as high-speed rail and urban public transport.

All of this would also, of course, contribute to alleviating the carbon climate crisis, an important goal in its own right. Higher oil production, through fracking-type techniques, is less helpful in this regard, but fracking is with us anyway, and contributes to the strategic security goal driving oil prices down, so it should not be discouraged, although it should also not be exempted from carbon taxes, so as not to compromise the goal of lowering carbon emissions.

The fact that the same set of policy choices could alleviate the climate crisis while simultaneously sticking it to Russia, a corrupt and kleptocratic state that measures the extent of its own security by the degree of insecurity that it can induce in its neighbors and peers, makes it an irresistible package, in my opinion. If this is to be a war, let's for once fight the war with oil, rather than for oil.

SattarJuly 26, 2016 2:11 PM

If you are using Active Directory or Exchange, you are fuxked. No obe talks about the elephant in the room.

AlexJuly 26, 2016 2:11 PM

The main thing is not to get carried away, and to start using encryption.

Remember: these minor problems are a small price to pay in order to address the legitimate needs of law enforcement to gain access to citizens' computers.

xizzhuJuly 26, 2016 2:21 PM

If this leak is really to influence the election, it just happened way too early. How many can still remember this after few months? As a comparison, anyone still talking about the Panama Leak? Anyone? Hello?

I know, I know, you can easily suggest that the leaked emails are manipulated, but so far I haven't seen DNC to do so (they can easily show original copy and prove the leak as fake). So, yep, whatever the leak's aim is, we can only say DNC already manipulated the primaries, among other dirty things.

To make it even more interesting, CNN reported that US officials warned DNC "months before the party moved to try to fix the problem".

JohnJuly 26, 2016 2:25 PM

If politicians didn't constantly bend the rules to their own advantage this wouldn't happen, they only have themselves to blame for these dumps. No wonder people are voting for anti establishment candidates they have had enough of this rigged game.

Ross SniderJuly 26, 2016 2:30 PM

It is common practice for nations to influence elections of one another. The United States does this - in Russia, in Ukraine and elsewhere.

An especially common practice is to oust political parties and aspirants by publishing evidence of corruption.

While Russia denies its role in the hacks, it can always point to the leaks as having been a good deed, as they implicated political corruption within the DNC and Hillary Clinton campaign.

wayward710July 26, 2016 2:30 PM

It's amazing how little Trump's supporters seem to care about this.

AnuraJuly 26, 2016 2:44 PM

@wayward710

Well, they are inventing bullshit stories to rationalize it. A popular theory today is that Putin is blackmailing Hillary. Their proof is basically stated as follows:

1) Hillary is corrupt (no evidence provided, this is just assumed to be true because the media has been suggesting it since 1992)
2) Hillary had a private email server
3) There is no proof that Russians hacked her email server.
4) Given that 3) is not proof that Russians did not hack her email server, it proves that the Russians did hack her email server.
5) Given that Hillary is corrupt, this means she must have had deeply incriminating evidence on her email server.
6) Given that there is no evidence of 5) and given that 4) proves Putin has Hillary's emails, it means that Putin must be holding onto incriminating evidence
7) The only reason why Putin was holding onto incriminating evidence is if he was blackmailing Hillary

Q.E.D.

DanielJuly 26, 2016 2:53 PM

Thomas Rid's piece doesn't summarize the evidence, it is a hit piece designed to make Trump look bad and I say that as someone who doesn't plan on voting for the man. Although the headline says "all signs" point to Russia there is in the analysis precious little actual data that fingers Russia. Indeed, the only factual evidence seems to be links to IP addresses that have been in the past associated with Russian intelligence. Moreover, Rid's piece uses a lot of hedges like "allegedly" so there is wiggle room in the future.

I think it is a huge stretch to say that Russia is behind it based upon the available evidence.

Brian MadisonJuly 26, 2016 3:07 PM

Takes a lot of cojones to so blatantly interfere with the US elections.

Agreed. Wait, are we talking about the Russians or the DNC?

GrauhutJuly 26, 2016 3:23 PM

@All: Help, i need to understand something... :-)

Why were these servers still online if the were long time "russian spy assets"?

"They then linked this deceptive domain to a long-known APT 28 so-called X-Tunnel command-and-control IP address, 45.32.129[.]185.

One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers."

http://www.ipaddressden.com/ip/45.32.129.185.html -> San Jose, US
http://www.ipaddressden.com/ip/176.31.112.10.html -> Paris, France


Why were they allowed to continue to function? Were they monitored?

And if they were monitored, why did nobody stop the DNC hack? LIHOP? ;)

I'm with Kimmie Queen of bJuly 26, 2016 3:37 PM

Grauhut wins the thread. In fact, all signs point to Mossad trying to frame Russia with hokey clues after two thousand baked 4chan punks pwned Hillary and the DNC. Rid speculates his ass off about Russians tampering with documents, but it never occurs to him to question those open-source X-Tunnel links and cyrillic 'fingerprints.'

Rid's job as hack is to yell, Look! Over there!! and divert attention from the sub-Bozo ineptitude of the DNC and its head international money-launderer. For Rid, 'sabotage' means exposing electoral perfidy and corruption in breach of ICCPR Article 25(b) and the RICO Act - what any minimally-competent law enforcement agency would do. If the US had one.

If the US had evidence they could take it the ICJ. They don't, so they won't.

TedJuly 26, 2016 3:39 PM

STATEMENT BY SECRETARY JEH C. JOHNSON REGARDING PPD-41, CYBER INCIDENT COORDINATION

"As Secretary of Homeland Security, I am often asked “who’s responsible within the federal government for cybersecurity? Who in the government do I contact in the event of a cyber incident?”
"Today [For Immediate Release July 26, 2016], President Obama’s Presidential Policy Directive/PPD-41, United States Cyber Incident Coordination, clarifies the answer to these questions. The PPD spells out the lines of responsibility within the federal government for responses to a significant cyber incident, and specifies who to contact in the government in the event of an incident. The PPD delineates between “threat responses” and “asset responses.” A “threat response” essentially involves investigating the crime, so that we can hunt down the bad actor. As the PPD spells out, federal law enforcement is the key point of contact for a threat response. The Department of Homeland Security, through our cybersecurity experts at the National Cybersecurity and Communications Integration Center, will act as the point of contact and lead coordinator for asset response. “Asset response,” like a threat response, is crucial. It involves helping the victim find the bad actor on its system, repair its system, patching the vulnerability, reducing the risks of future incidents, and preventing the incident from spreading to others."

Gerard van VoorenJuly 26, 2016 3:45 PM

@ Brian Madison,

"Agreed. Wait, are we talking about the Russians or the DNC?"

True, very true.

The major problem is that the Americans are being f**ked by their own political elite. I really feel sorry for Sanders. He didn't have a fair chance. The guys who are responsible for this should be brought to a "fair" trial.

flambeJuly 26, 2016 3:48 PM

They were asking for a data breach with Exchange. Funny how no one gets fired for buying Microsoft.

IgorJuly 26, 2016 4:02 PM

Surprisingly, in this case the best security measure against the consequences of this hack/leak would have been a fair democratic process that didn't involve working in the shadows against Bernie. But that's probably too much to ask.

it's a free for allJuly 26, 2016 4:17 PM

"The guys who are responsible for this should be brought to a "fair" trial."

I'm sorry, we have fair trials? I missed that memo. The trials that we do have are more like uphill battles where the government is concerned, and that's if there's even a trial or an investigation to begin with.

AnuraJuly 26, 2016 4:40 PM

@Queen of Mena

The person who had a significant lead in the polls for the entirety of the Primary, and won the popular vote by roughly the same margin stole the election? Again, this is more proof of Clinton Derangement Syndrome - ignore all common sense, ignore reality, and look for the faintest evidence to confirm your bias.

SPJuly 26, 2016 4:50 PM

Politics aside, I have no doubt that the FSB and the GRU have the capability to compromise the DNC network--or that they actually may have. It's their job, just like the NSA's TAO. However, anyone whose done any of this for a living will ask:

The FSB and GRU may very well have compromised the network; is there any indication that they were the only ones (with all respect to Crowdstrike)? Another actor could have been in, out, and long gone. Where are their backups? Are they encrypted? Do they dispose of their retired hardware securely? How well vetted are their support partners?

It's much easier to do this from the inside than the outside. Think about it--there's a much higher probability of a disenfranchised insider airing dirty laundry than a first-world nation-state tinkering with American elections. If that was the goal, capable adversaries like these intelligence agencies would be long gone before the data was released. It's just good trade craft.

JohnJuly 26, 2016 4:57 PM

@JD:

Wikileaks dumped the data, that said, Caveat Emptor. They can't guarantee the authenticity of the data as it came through a third party with no direct affiliation with the DNC, and they have never claimed it was as such. Cryptome has the same policy with its data, you better be opening those files in a sandbox btw...

roverJuly 26, 2016 5:02 PM

Well Rid sure hit a sore spot with this troll(russian?) in the friday squid post

https://www.schneier.com/blog/archives/2016/07/friday_squid_bl_536.html#c6729141

Inselaffen • July 24, 2016 6:23 PM You know who's a shit-for-brains? Thomas Rid, perfesser of security studies. He's fine with the idea that Russia grabbed DNC sausage-making and election-rigging off a comically inept computer setup. Like all security mediocrities, Rid loves spying. But if instead of using it secretly for subversion, you go and expose malversation to defend the public's information freedom, then Rid loses his shit. Rid parrots that cherished catchphrase of the bureaucratic mediocrity, Crossing a Red Line. Just like the big shots say!

Ass-kissing worms are made, not born. Rid got his brainwashing as a Western-Oriented Gentleman (wog) at Johns Hopkins and Rand, where CIA sinks the hook in weaklings' vices and character flaws. And of course in Israel, where the videos of his bestial sex acts are a favorite at Shin Bet movie nights - just in case he ever happens to think for himself, can't be too careful!

This is what passes for studies. And people wonder why NATO is pancaking like WTC7.

Rid's article in Motherboard
THE HACKS WE CAN'T SEE
All Signs Point to Russia Being Behind the DNC Hack
WRITTEN BY THOMAS RID
July 25, 2016 // 08:55 AM EST

I'm not accounting for time zones but July 24, 2016 6:23 PM vs July 25, 2016 // 08:55 AM EST

StanJuly 26, 2016 5:10 PM

The US Stasi's SocPup Corp is seeking balance again. In this instance it asks you to ignore content and corruption.

AnuraJuly 26, 2016 5:39 PM

@Queen of Mena

No, the fact that she was way ahead in the polls proves she didn't steal it, the fact that she won by roughly the same margin she was polling leads to doubts that there was any fraud. Your so-called proof is a non-peer reviewed paper, using purely circumstantial evidence. As with most things in statistics, you can usually easily cherry-pick evidence to support your conclusions, especially if you ignore any context. Also, exit poll data has been historically problematic, and is often off by huge margins as many people refuse to participate in disproportionate amounts.

https://www.thenation.com/article/reminder-exit-poll-conspiracy-theories-are-totally-baseless/

Dirk PraetJuly 26, 2016 6:33 PM

Here's my 5 euro cents:

1) The US consternation and butthurt that other nations are actually indulging in the same kind of operations that have been official US foreign policy for decades is totally hilarious (pun intended). Like a Jew who's upset to find out that he has been conned by a Dutchman.

2) If indeed the Russians are behind the DNC hack, the only innovative element here seems to be the publishing of the exfiltrated data through Wikileaks. Which is beautiful. What a brave new world it would be where IC agencies get bored with surveiling ordinary people and start a competition doxxing each other's politicians and corporate bigwigs as to expose them to world and dog for the lying and scheming b*st*rds they are.

Queen of MenaJuly 26, 2016 6:38 PM

@Anura Oh. So your exit polls are fake. Because you don't need real ones, everything is totally on the up-and-up.

That's very compelling. You should stop the print run of twelve bumper stickers for all your supporters, and put that stuff on them.

SkepticalJuly 26, 2016 6:59 PM


This ties in almost too well with the previous post on the role of deterrence in US strategy vis-a-vis cyberthreats.

My sense is that Russia is more likely than not to underestimate the degree to which the US cares about this type of manipulation, not least of which because certain entities in Russia are conditioned to be far more accustomed to controlled media, and certain Russian Government organs and personalities in particular may have so little attachment to the idea of democratic autonomy via elections that they discount the extent to which the US Government, and the American public, actually are attached to that notion, whether one thinks it naive or not.

This is similar to the mistake North Korea made with Sony - they did not fully understand the role of freedom of speech as a value in the American calculus. I suspect they have difficulty giving credence to the notion that it is taken seriously in the US or elsewhere.

Unfortunately, this renders a US response all the more important, as words alone will not credibly signal the dangerous nature of Russian actions.

The US response must be in proportion to the values/interests threatened and the degree to which they would be threatened by similar conduct in the future, and the US response must be consonant in cost with respect to its available resources and its other interests.

To be a credible signal, it must carry cost - cost for Russia, and cost for the US. Of course it should not seek to escalate matters into a more physically kinetic domain. Perhaps the most telling response would be one that, likewise, utilized stolen information in kind - in a manner that Russian entities would find the potential for alarm.

Revelations of human rights violations? These have been done, and they're largely shrugged off by Russia.

No - the information of gravest concern to Russian entities would be (1) sufficiently specific financial information to imperil the fortunes of key figures, (2) information revealing that key members of one faction are betraying their faction for another, (3) information revealing qualities of personal weakness and gross vanity in key figures such that their standing with the public, and their cohort, was imperiled.

The US need not release any of the above in quantity or quality to a degree that would destabilize Russian ruling circles. But, absent extraordinary apologies by the Russian Government for the unsanctioned actions of well-meaning (i.e. patriotic) but, here, mistaken units of its intelligence and military services, it may consider releasing just enough to send a warning shot across Russia's bow: spy on our politicians, just as we spy on yours, it's all part of the game, but fuck with our elections and we'll fuck with your own version of political selection, and trust us, you won't like it.

Alternatively, certain sources of technology and education might be sharply restricted for a time, along with other measures that would be palpable.

As for Wikileaks, its use by the Russian Government for propaganda purposes has long been an open secret. Ironically Wikileaks is one of the few organizations unwilling to own that fact. Its been a legitimate target of intelligence services for years, and this event gives no one any reason to change strategy towards it.

Frankly, Trump's candidacy is a dangerous temptation for certain other nations, who will see it as an opportunity to land a damaging blow to the United States by undertaking a strategy to see him elected. Although I expect Trump to lose in a landslide, we are entering what may be, depending on the prudence of other governments, the most dangerous election season in our lifetimes.

AnuraJuly 26, 2016 7:02 PM

@Queen of Mena

Huh? Who said anything about them being fake? They are simply historically unreliable in the US as a measure of fraud, as they are designed for the media, not for fraud detection.

roverJuly 26, 2016 7:21 PM

One might also be concerned with nation state intrusions into the election boards and electronic voting systems of swing states.

Milo M.July 26, 2016 8:35 PM

@Anura • July 26, 2016 2:44 PM

Nicely constructed proof.

The old Broadway saying that satire is what closes on Saturday night may apply to blog comments too, but thanks for the post.

There are also people who feel compelled to argue with satire, which is just another proof of the Law of Large Numbers.

FeltJuly 26, 2016 9:32 PM

Now this is why Manafort makes the big bucks. He pulls off a Watergate burglary and a half and pins it on a patsy that Hillary falls for because it's less embarrassing, and cyber-boffins fall for in an ecstasy of lucrative beltway-bandit groupthink. The patsy can't be bothered to deny it cause he's got 5 gigatons and cause it's funny. And they'll be dribbling the dirt out for maximum devastation for the next three months.

John SmithJuly 26, 2016 9:44 PM

This comment from Dirk Praet, FTW:

"What a brave new world it would be where IC agencies get bored with surveiling ordinary people and start a competition doxxing each other's politicians and corporate bigwigs as to expose them to world and dog for the lying and scheming b*st*rds they are."

One can dream, my friend. One can only dream.

soothsayerJuly 26, 2016 10:42 PM

If you are going to walk naked in Time Square -- someone will shoot your naked pictures and show it to your mama.

Is this a crime to take pictures of someone walking naked? I guess it's written now that it's a crime and you are supposed to turn away ... not look and surely not record -- but don't make me laugh or cry at such rules.

Email -- Hillary -- they just don't seen to work well!

Joe KJuly 26, 2016 10:45 PM

Marcy Wheeler's commentary, on topic, lies on the other side of this pointer:

The Two Intelligence Agency Theory of Handing Trump the Election
https://www.emptywheel.net/2016/07/25/the-two-intelligence-agency-theory-of-handing-trump-the-election/

And here are my own thoughts, somewhat off topic, but related (though they cannot top Dirk Praet's contribution, which was pure gold):

Frankly, no matter who exfiltrated the DNC emails, I suspect that plenty of US voters are glad that (1) they were published, and that (2) Wikileaks does not play gatekeeper.

The lesson can hardly be lost on the millions of Sanders supporters, whom the authors of those emails were so anxious to disenfranchise, that there now springs into action a public relations machine eager to misdirect discussion towards cold-war hysteria.

This Russophobic Revival is like Ladies' 80's night at the dance club!

Ronald Reagan 1984 TV Ad: "The Bear" - YouTube
https://www.youtube.com/watch?v=NpwdcmjBgNA

soothsayerJuly 26, 2016 10:48 PM

@Aruna,
READ THE DOCUMENTS before opinonating ..

there IS REAL CRIMINAL behavior by DNC and Hillary team.
They STOLE THE MONEY that was given to local democratic party. STOLEN money went into Hillary's Victory fund

But I am sure none of this matters -- what mattes is that it's now a wide left wing conspiracy against clintons and BHO justice department should indict Trump for soliciting foreign help from communist russians!
Maybe borrowing a book from Billy Bubba's playbook US should bomb russia.

soothsayerJuly 26, 2016 11:02 PM

NYT has a writeup by someone Max Fischer.

It's near verbatim of of what Rid has written -- No attributions -- just seem to be same language and data .. with one significant difference.

He writes that APT-29 had complete control of DNC systems for nearly a year.
I think Rid says APT-29 seems to have infested in April-2016 and triggered the detection and APT-28 had been there for a year!

I don't know which story is correct -- they both seem goofy to me because BOTH of these guys seems to be reporting from an unknown script --

This is not science or even journalism -- just political wranglings of buffoons.

don't feed the bearJuly 26, 2016 11:03 PM

"said the DNC was not engaged in a fair fight. 'You’ve got ordinary citizens who are doing hand-to-hand combat with trained military officers,'"

The parallels are amusing.

Is this the 'incendiary fear gas' we keep hearing about or just laughing gas this time?

xizzhuJuly 26, 2016 11:20 PM

> xizzhu: You are assuming that this is the only leak of DNC emails that will occur. What if this is the first of several?
So, @David Schwartz, you're saying there will be more dirty DNC actions leaked? Hmm, that would be extremely interesting!

James K Polk the bearJuly 26, 2016 11:25 PM

Where's anonymous when you actually need them?

Still DDoS'n each other?

https://news.slashdot.org/story/16/04/28/2259249/dissension-grows-inside-anonymous-because-of-political-propaganda

http://www.cnn.com/2015/12/11/politics/donald-trump-tower-anonymous-hackers/index.html

Come on guys, even the playing field or is Trump Tower == Fort Knox?

Maybe he's just too out of touch and disorganized for a successful op? I suppose it's possible he has both the Secret Service && the FSB protecting him huh?

AnuraJuly 27, 2016 12:02 AM

@soothsayer

That's not theft, and it's not illegal - it was called the Hillary Victory Fund, after all, they just mislead donors about how much went to down ticket candidates. The DNC violated it's own bylaws, and Sanders supporters have a right to be pissed at the DNC, and it is embarrassing to the party, but this reflects more on the DNC and DWS than it does on Clinton.

JanitorJuly 27, 2016 12:19 AM

@Brian Madison, Gerard van Vooren, Skeptical, et al.

"Agreed. Wait, are we talking about the Russians or the DNC?"

Also agreed. Whether or not the Russians hacked the DNC should be the least of US citizen's concerns. In fact, if the Russians did indeed do this, regardless of their motivations, they provided a valuable service to the people of our country by shining some much needed sunlight into the seamy inner workings of the DNC. The DNC (like the RNC) is completely rigged to ensure that only plutocrat puppets will ever make it on the ballet. Puppets that can always be counted on to the bidding of the 0.001% at the expense of the American taxpayer and at an even greater cost to the more marginalized people of the world. "Crooked" Hillary is merely the poster child for a systemic cancer of what has become institutionalized corruption in this country and the American people need all the help they can get to weed it out and take back our government a greedy few.

So in this case I say, Thank you Russia. More please.

SkepticalJuly 27, 2016 1:02 AM


@Dirk: The US consternation and butthurt that other nations are actually indulging in the same kind of operations that have been official US foreign policy for decades is totally hilarious (pun intended). Like a Jew who's upset to find out that he has been conned by a Dutchman.

By that logic the US should not seek to deter a Russian sponsored coup, since, after all, the US has done the same in other countries.

Bit silly, isn't it? Should Europe submit to a period of colonization for a time, to even things out? You see Dirk, nations may play dirty tricks on each from time to time, even attempt to blast one another to cinder and ash, but that doesn't mean that nations will, out of some bizarre sense of symmetry, decide it only right that they allow themselves to be blown to cinder and ash or suffer dirty tricks.

You're missing the actual reasons for concern. It's not that some standards of decency and propriety were violated and the US is simply aghast; it's that another nation has made use of extensive cyber network exploitation capabilities to fuel a propaganda campaign in an effort to push the US election to a favorable conclusion for Russia.

That type of interference goes to the heart of American autonomy, which is the duty of the United States Government to protect. And quite frankly the U.S. Government doesn't give a damn whether you think America deserves to be meddled with.

If indeed the Russians are behind the DNC hack, the only innovative element here seems to be the publishing of the exfiltrated data through Wikileaks. Which is beautiful. What a brave new world it would be where IC agencies get bored with surveiling ordinary people and start a competition doxxing each other's politicians and corporate bigwigs as to expose them to world and dog for the lying and scheming b*st*rds they are.

What a terrible reading of events. Did you find Trump's tax records among the Wikileaks records? Why do you suppose two Russian intelligence organizations were focused on the DNC, and that one department undertook a campaign to weaken the Clinton campaign, rather than focusing on Trump as well?

Such a cool twist on your part - this isn't about helping a narcissistic disaster of a candidate blunder his way into office by selectively stealing and publishing emails - no no, this is about exposing bigwigs (except, you know, for those bigwigs who are behind the operation or who are to benefit from it).

Nor is there anything new about Russia's appropriation of Wikileaks. They followed a similar playbook throughout the Cold War, particularly during the controversy surrounding the placement of IRBMs in EUrope.

Were the US a less powerful country, one might urge the Democratic candidates to be wary of their food - but I suspect the Secret Service are all too keenly aware of the threat - and I wonder if, even now, both questions and warnings are being sent Russia's way regarding the extent to which Russia believes it desirable to undertake direct action in the American election.

There is a precipice here, and Russia has taken a step towards it.

CuriousJuly 27, 2016 2:33 AM

I am thinking that given how antipathetic USA is and has been towards Soviet Union/Russia, it seems fair to assume that some hacker(s) in Russia might have hacked whatever they came across. Blaming the state of Russia as a knee jerk reaction so to speak, seem like a US thing to me.

I skimmed through the NY Times article and thought the headline was a little vague. Spy Agency Consensus Grows That Russia Hacked D.N.C.. I did not see any explanation in the article for what kind of consensus this way, did I perhaps miss anything?

The N.Y. Times article also seem to want to bash Assange (usually characterized as 'character assassination' when that happens), by writing (...)Julian Assange has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency." This kind of sentence seem almost normal if trying to understand something one doesn't know much about, however it is iirc the only sentence about Assange in that article that the NYT author opines about, and so it seems more like NYT demonizing Assange, something that other newspapers apparently does from time to time.

I saw in an other article, something about how it is suspected that people's mobile phones was thought to have been hacked into, which might be interesting if true.

TomJuly 27, 2016 3:21 AM

@Dirk Praet

Nice way to go, playing on racist and openly antisemitic stereotypes:

"Like a Jew who's upset to find out that he has been conned by a Dutchman."

And treating "politicians and corporate bigwigs" in the same posts as "b*st*rds" augurs well on your capacity of well-pondered judgement. You seem to me like some right-wing populist that likes to play on preconceived opinions and stereotypes in an effort to gain the approval of all the John and Jane Does out there.

It seems to me that you like your world simple. Too simple.

JohnJuly 27, 2016 4:00 AM

So its much more important who hacked this information than information itself?

Clive RobinsonJuly 27, 2016 4:25 AM

@ Arthur,

Edward Snowden and William Binnney's answers "Not So Fast On Claims Russia Behind Hillary Clinton Email Hack"

There is a problem with both William Binney and Ed Snowdens claims which I've mentioned before with the SPE attack and stood out like an elephant sized sore thumb.

It's to do with communications nodes and what you can see thus assume about their function when you don't have full control of them.

Internet traffic goes through many nodes when going from source host to destination host, for most traffic this is routers from one of a handfull of manufactures. However those moving illicit data exfiltrated from a site have a habit of using multiple host to host links in order to cover their tracks. Whilst it is conceivable the likes of the NSA control some prime "choke point" routers, it is unlikely in the extream that they control every host, or for that matter even record all the information from the few hosts they do have covert access to.

Most people --including some security professionals-- assume that the fact data can be seen both entering and leaving a host means it is being used as a way point from source to destination. Thus they incorrectly identify the destination as being where they see data finally enter a host but not leave it...

If you realy want to cover your tracks you get control of several hosts, one of which appears to be owned/run by your chosen scapegoat. You make this the apparent destination host. This would be a typical setup for a false/red flag operation. What you also do is find a suitable way-point like a hotel, university or business with WiFi or other non Internet based access you can get to use. This host you then use as a "Data Tee" in that you collect the data from the host without it being visable to the internet and traffic recording by the NSA etc at choke point routers.

One way to do this false/red flag attack is to be an insider, who simply copies the data or "borrows" a backup tape etc and uses the false exfiltration as a cover.

The NSA can not see these copies unless they are also on the inside at the host they occur, and are recording all host activity.

Think of it in terms of real world crime, like a drive by drop or a pick pocket theft. In a drive by drop a vehical that may be being followed goes out of sight momentarily around a corner, under a bridge etc and "drops" what is being carried and caries on to some innocent location. If it is being followed but is not stopped prior to the drop those observing get misled. In the case of a pick pocket gang the dipper that lifts the item of value from the mark passes it to a cut out as fast as possible who in turn passes it to a runner. This way if the mark realises they are being dipped they can not catch the dipper with the items on them, thus the dipper is plausably innocent, even though they are blocking the mark from the first cut out. So whilst the mark may chance to see the first cut out they probably not will not see the runner who leaves with the items. Often the runner will have a basket or similar, such that the cut-out can drop it in as they pass, that way the runner has plausable deniability as well. The cut-out makes a get away and even if caught again has plausible deniability as like the dipper they do not have the items of value on them.

Thus whilst the NSA might be able to say where they saw the data go and stop, they can not say because they can not see it that the data was not copied. Pretending otherwise would be dishonest, and it's why attributing attacks just on recorded data movment is so difficult. Likewise there is only so much you can read into the use of attack methods. The fact you have seen a group use method XXX does not mean that others have not also seen the group at work and is deliberatly using method XXX either because it gives them a new attack method, or misatributation deliberatly (false/red flag) or otherwise.

Even in the real world "means motive and oppertunity" do not provide attribution, evidence has to be found sufficient to pass the burden of proof.

Currently all we see is people trying to invent motive and use it for diversionary activities or as your grandma might have said "Pots calling kettles black".

Peter GalbavyJuly 27, 2016 4:40 AM

I'm confused; Panama Papers / Mosack Fonseca was OK but DNC e-mails not? The public interest is of a similar order so I don't really case who the agent was, it's the contents - if verifiable - that matter unless hypocrisy?

Dirk PraetJuly 27, 2016 5:26 AM

@ Tom

Nice way to go, playing on racist and openly antisemitic stereotypes

Apologies if I have offended you in any way, but I found it a very funny comparison, especially because it actually came from a Jewish friend of mine whom I was discussing this very issue with earlier on. He obviously has a better developed sense of humour than you do.

And treating "politicians and corporate bigwigs" in the same posts as "b*st*rds" augurs well on your capacity of well-pondered judgement.

Feel free to think of politicians and corporate execs as honest people who only have the best interests of their consumers in mind. In my experience, these are unfortunately as rare as four-leaves clover.

@ Skeptical

it's that another nation has made use of extensive cyber network exploitation capabilities to fuel a propaganda campaign in an effort to push the US election to a favorable conclusion for Russia.

I understand the concern, not the indignation. If indeed this was a Russian thing, then you have been served a taste of your own medicine. Stop whining about it.

Were the US a less powerful country, one might urge the Democratic candidates to be wary of their food ...

Aren't you being a bit hysterical now? It's not like whoever was behind the hack has been supplying money and arms to the opposition, which, of course, is something the US would never do either.

Where ever it came from, the obvious intent here was to destabilize the DNC and hurt HRC. But in the end, if whatever wrongdoing exposed here swings the November election in favour of an unpredictable madman, 75% of what he's saying is nothing but lies, then your country has a much bigger problem than just alleged Russian interference.

The success of both Trump and Sanders has everything to do with large parts of the US population being sick and tired of the wholly unaccountable power held by a Wall Street dominated political establishment. Blaming the Russians or the Chinese for whatever happens is nothing but diversion tactics and the exact same thing Putin is doing in Russia to distract the attention of the populace from domestic issues.

Keith GlassJuly 27, 2016 5:28 AM

Who CARES who did it: the rock has been lifted, and we can see all the bugs scattering for cover.

You might even say. . .

. . . .at this point, what difference does it make ?

Now, as for interfering in elections, what about the Obama Administration interfering with the recent Israeli elections, or openly advocating the "Stay" side in the Brexit vote. .

WinterJuly 27, 2016 5:56 AM

@Clive
"Thus they incorrectly identify the destination as being where they see data finally enter a host but not leave it..."

This assumes the data end-point is their main evidence.

What I remember from earlier investigations, most digital forensics goes far beyond following the trail of the exfiltrated data. I know there is "never" digital evidence that cannot be faked or planted by the attacker. But in most cases investigators seem to go after the tracks left by the code used to break and enter.

This is how the Stuxnet malware was traced back to the USA and Israel. This is also how, e.g., the Diginotar breech in the Netherlands was traced back to Iranian state sources.

It is no secret that the Republican candidate Trump and his main advisor(s) have very close ties to Putin and that Trump is strongly aligned to Russian interests in Europe and the Middle East. The Democratic candidate is the opposite, policy wise. Also, Russian actors have done much worse cyber attacks before, e.g., in Estonia and Ukraine.

So, when we an actor that has done it before, and we have motives, opportunity, capabilities, and evidence all pointing to the same actor, this merits much more than a token interest.

And seriously, Hillary is much more likely to win the elections than Trump. What actors in the world would be willing to risk the wrath of the likely next US president?

Putin is a man who was willing have an opposition leader shot in the streets in front of the Kremlin and to poison an opponent in London with Polonium in a way that EVERYONE in the world knew he had done it. I consider him completely able and willing to mess with the US elections just for the fun of it.

AnonJuly 27, 2016 6:05 AM

@Dirk Praet:

What a brave new world it would be where IC agencies get bored with surveiling ordinary people and start a competition doxxing each other's politicians and corporate bigwigs as to expose them to world and dog for the lying and scheming b*st*rds they are.

I'd pay to see that! Where's the popcorn?

AnonJuly 27, 2016 6:12 AM

Why do people keep talking about Clinton as if she is somehow better than Trump?

Everyone is bashing Trump, yet apart from having questionable business ethics and a loud mouth, he hasn't done anything approaching the severity of Clinton, who as Secretary of State only risked and likely lost state secrets and then somehow had the FBI drop the investigation.

What am I missing?

pascaJuly 27, 2016 6:49 AM

Oh, of course Russia did it. Crowdstrike said so. It's not possible that Russia was set up to be the culprit. No one else could possibly have done it. Case closed. (And Assange must be lying when he says we'd be surprised to know who leaked them.)

MarkHJuly 27, 2016 7:20 AM

@Karla, who wrote:

"A contest between two despised gerontocrats ... What does Russia care?"

I suggest that the Kremlin strongly prefers Trump to Clinton.

From Trump's statements, it seems likely that his vision of intervention in matters between foreign states is limited to rather narrow anti-terrorism operations in the middle east.

Trump can be expected to shrug off Russia's aggression against its neighbors as matters in which the USA has no significant interest.

By contrast, Clinton is an internationalist who regards the recent Russian and Chinese interest in land-grabs as a serious danger to orderly relations in the world.

She is regarded as a "hawk" by many in the peace movement, with a history of endorsing armed intervention in a variety of situations. It is clear that she is more interventionist than her erstwhile chief, president Obama.
_________________________

Recent Kremlin policy has been heavily focused on the threat or application of military force to exercise control over neighboring countries recently liberated from Russia's imperial domination. The rewards of this policy include:

• restoration of the triumphal/imperial aspect of Russia's national self-image
• hoped-for (but not as yet realized) economic advantages from domination of weaker neighbors
• distraction from crucial disappointments and failures in Russia's domestic sphere
• heavy popular support

If a more interventionist US policy were to reduce the perceived success of Russia's domination-by-force policy, the consequences to the Putin regime could be serious.
_________________________

In particular, US response to Russia's invasion of Ukraine has been exceedingly gentle.

The importance Russia attaches to its military aggression in Ukraine is demonstrated by two years of utterly profitless persistence in Donbass, even though a Russian withdrawal there would swiftly end almost all of the costly sanctions.

If a Clinton regime were to act so as to render the Donbass invasion ever more miserably unsuccessful than it already is, this would be a painful -- and possibly dangerous -- development for the Kremlin.

Mwah MwahJuly 27, 2016 7:32 AM

Gee, I wonder if in all the excitement anybody checked for APTs on Seth Rich's computer.

ianfJuly 27, 2016 7:45 AM


@ Winter misremembers earlier cases “… investigators seem to go after the tracks left by the code used to break and enter.

This is how the Stuxnet malware was traced back to the USA and Israel.
” […]

Nope. The Stuxnet (in Natanz, etc) attack vector was deduced to have happened via infested USB drives; we don't know how/ when/ by whom they were infested, and how many of them were deployed (theoretically could have been hundreds such sold in local Iranian electronics stores, but more probably perhaps a dozen surreptitiously infested/ replaced on targeted unknowing "mules" with access to the air-gaped facilities… unless the foreign IC perp had an engineer-agent already in place).

Similarly, Stuxnet = the fruit of American-Israeli coöperation is strictly a logical inference from cui bono? and which adversary had the potential industrial muscle/ capability to pull something like that off questions. It was so complex a piece of SW that it must've taken at least 6 months to write… still cheaper than an A-bomb, if not as spectacular. The servers that Stuxnet originally accessed for updates were in Denmark and… The Netherlands(?), hardly the origin of the caper. The closest "Israeli connection to Stuxnet" to date was this one, so enjoy.

Clive RobinsonJuly 27, 2016 7:47 AM

@ Winter,

This assumes the data end-point is their main evidence

I was not talking about those who examined the DNC machines and network, I was talking about the supposed claims of William Binny and Ed Snowden that the NSA could "track them down" the exfiltration from their collect it all logs. I was pointing out that this would post event be unreliable and therefore be treated with caution.

Speaking of caution, you correctly say,

I know there is "never" digital evidence that cannot be faked or planted by the attacker. But in most cases investigators seem to go after the tracks left by the code used to break and enter.

People showld consider this an "investigative MO"(IMO), and the better attackers would play to this quite easily as an "anti-MO". As I said you need to consider "who else knows the MMO" of the supposed Rusian APT groups. Others who know or can surmise the IMO from observation/insiders such as the likes of the Sigs Intel Services of quite a number of countries to those working in other investagative organisations and AV companies will also have access to thr MMO information of the supposed APT groups.

With regrds,

It is no secret that the Republican candidate Trump and his main advisor(s) have very close ties to Putin

So what it's public knowledge as is the fact that Bill Clinton as one of his last acts as president pardoned a very very suspect financial person, so there is another questionable contact they are both potential motives. The point is as I originaly said they are part of an MMO analysis, and that is not evidence, it's just a way of getting investigative pointers that might but in all probability won't lead anywhere.

MMO pointers usually only work with simple crimes, especialy those of "crimes of passion" where little or no planning was involved. Based on what has been indicated a lot of thought and planning went into this supposed attack on the DNC. Where MMO analysis does not work is where the actors take considerable care. Thus MMO analysis under a False/red flag situation will in all probability give incorrect information of little or no actionable content. This is why Kinetic Response to Cyber Espionage is so scary, a point that appears to have been forgoton in this "Drum banging parade" being run by the Main Stream Media agitated by a number of very vested interests.

What we don't have in the public domain is a coherent and cohesive set of facts supported by real evidence. All we have is snippits, one of which was a two hour analysis by a commercial operation that "set the tone" of further investigation backed up by selected facts as supposadly positive evidence...

Which is problematic as even evidence such as the shared PubKey certificate might not be as solid as first sight suggests. For instance has it been checked for "common primes" with other known PubKey certs? Also what other elementd does it use? As should be fairly well known by now there is an efficient way to check for common primes, and if there is one and you can build a chain back to a known prime you have or can get easy access to then it takes little time to factor out the PubKey and build a coresponding PriKey.

But most of all I want to see the "negative evidence" that is what comes up as it not being these supposed two Russian APT groups, and why such evidence was discounted. As the reality is a lack of negative evidence is evidence that something is wrong, and an indicator that it's a "copycat" or false/red flag attack.

Clive RobinsonJuly 27, 2016 8:15 AM

@ ianf,

The Stuxnet (in Natanz, etc) attack vector was deduced to have happened via infested USB drives; we don't know how/ when/ by whom they were infested,

It's been posited that it was infilyrated on to UN inspectors USB keys.

Further at the time I posited that for the US the real target was not Iran but North Korea, as there was a degree of supporting evidence for this. Iran had historical nuclear and missile technology ties with North Korea through AQ Khan of Packistan. Due to the way North Korea was issolated from the rest of the world, perhaps through Iran was the only viable way for the US to get at North Korean production. I personaly suspect that one of the reasons the Israeli's were involved was "boots on the ground" and their expertise at black bag jobs and wet work.

I was not alone in my reasoning and a very short while later North Korea showed they thought so to. This was by thumbing their nose at the US by inviting UN inspectors in and "blowing their socks off" by showing several thousand working centrifuges of an updated design of that of AQ Khan. They also very pointedly showed that they believed that UN inspectors were not just the --probably unwitting-- infection vectors but also the leakers to the US and Israel of propriatory information used for Stuxnet.

It now appears from later disclosures from US sources that North Korea was most certainly the US target of Stuxnet...

Cord's boyJuly 27, 2016 8:25 AM

Have to admit, the Russians are coming the Russians are coming is a pretty clever way to shift attention from the real scoop, mostly from Hillary's server, that the Clinton Foundation is CIA's slush fund for foreign dictator protection payments.

WinterJuly 27, 2016 8:31 AM

@ianf
"Similarly, Stuxnet = the fruit of American-Israeli coöperation is strictly a logical inference from cui bono? and which adversary had the potential industrial muscle/ capability to pull something like that off questions."

I know (most of) that. But do you doubt Stuxnet was the fruit of American-Israeli coöperation?

Is there ANYone in the security industry who doubts that Stuxnet was created in a collaboration of the USA and Israel? I have not heard of them (I exclude people like Skeptical who deny every involvement of the USA as a matter of principle).

We are not in a criminal court deciding on jailing specific persons. We are trying to make the best out of the information we have and that information was pretty convincing.

Dave KJuly 27, 2016 9:57 AM

Regardless of the politics of it, it is completely unsurprising to me that the DNC's security was hacked. Their security was incredibly lax, for one simple reason: Their IT was set up by a contractor chosen primarily for its CEO's associations with and donations to the party and its candidates' campaigns, not based on an evaluation on the merits, nor did they have any assistance from DHS or the NSA or any other serious security body.

Some things we know they didn't do:
- Any kind of enforcement of password complexity policies.
- Two-factor authentication.
- Encrypting anything, including the things that they are obligated to encrypt like credit card numbers and Social Security numbers.
- Set as a matter of policy the use of internal email only for internal communication, which meant that the contents of emails were flying around the public Internet rather than moving around within the DNC's email server(s).

And in a particularly fun email, they were pish-poshing the idea that their security was weak.

This, in other words, looks exactly like a typical business that hasn't had anyone with a clue come in and tell them what actual security looks like.

And I wouldn't be surprised if the RNC was in basically the same situation.

Ergo SumJuly 27, 2016 10:17 AM

@Janitor...

So in this case I say, Thank you Russia. More please.

Agreed... It's one thing to suspect shenanigans in the "democratic process", and it's an entirely other to have confirmation for it. Whoever did it, keep doing it...

KarlaJuly 27, 2016 10:48 AM

Hey MarkH, speaking of utterly profitless persistence in Donbass, Poroshenko's off to the Costa del Sol. Guess Nuland's big coup d'état is kind of down the toilet, huh? At least it lasted longer than that clown coup in Turkey.

ianfJuly 27, 2016 11:11 AM


Clive,
          while there are no large holes in your "real target for Stuxnet was North Korea" assumption, it rests on so many IF-this-THEN-ONLY-that conjectures, piled on top of one another, that it can not be used as a springboard for serious deliberations (a sample: "DPRK got its nuclear technology from Khan in Pakistan, so next we see infestation of allegedly pea-in-a-pod-identical centrifuge installations in Iran—which, as we know, is closer to Pakistan than to Israel." Etc.) Also Stuxnet allegedly pinged outside servers for updates… how was it to do that from unwired NK? Similarly, would Iranian security really allow any UN inspectors—already US & Israeli spies by association—to insert ANYTHING into a socket in a plant they just were ocularly inspecting?

I've read a number of Stuxnet speculative scenarios, and all I can say is that there were bits in every one of them that sounded plausible, but were then nullified by the phantasmagoria of other bits. So I'm wary of adopting some logic[k]al narrative as most likely to have occurred, because I know from past experience, that IRL the R often surpasses the A—as in "Art." And that, when "players" on such a "plateau" are afoot, it is "game over" for my limited ability to understand the rules. Perhaps, having been outed as a savant, you are endowed with insights suitable for that. As for myself, were I to attempt that, I know that "idiot" wouldn't be far behind.


@ Winter,
                what does it matter what I think.

First the Stuxnet was thought up by someone, somewhere;
then the idea was "sold" to someone higher up;
then some tight secure body did a feasibility study and came up with a cost estimate;
then it was approved;
then the team was assembled, and a model PLC test-run environment created;
then the work begun in earnest and completed;

      … at the end of which some other, hitherto uninvolved and no-need-to-know shadow operatives were tasked with infecting pen drives belonging to selected key Iranian personnel (which only that must've taken quite an effort to not be detected – I wouldn't rule out a scenario where carefully selected targets' home computers were rooted from afar in order to infect all USB sticks, then delete trace of themselves after Stuxnet eventually phoned home).

    I know that the Israelis could have done it alone (but then hardly bother with Clive's theory of targeting the DPRK); or together with the Yanks – but either is a conjecture on hazy grounds. Or that the NSA did it on its own, and then realized its usability everywhere in the world where there are similar Siemens PLC-driven cascading centrifuges, and made a deal with the "Izzies."

But all I know FOR SURE is that, contrary to popular belief, parts of Israeli security establishment, and the US ditto do not mesh all that well… vide Jonathan Pollard's 30+ years in prison for treason, for illicitly spying for the US favorite client state in ME, Israel. Strange times make for strange bedfellows, yes—but, where safety of the realm is concerned, the Israelis won't be asking for anyone's permission to play nice (that is, in between heeding Bibi Netanyahu's orders to rewrite the Stuxnet code to act ever more "like a chain saw, than a surgical scalpel.")

MarkHJuly 27, 2016 11:12 AM

!!! Troll Alert !!!

What does Karla's second comment have to do with whether Russia has a significant interest in the outcome of the US presidential election?

What does it have to do with attribution of the information system intrusion, which is the subject of this thread?

SkepticalJuly 27, 2016 11:28 AM


@Dirk: I understand the concern, not the indignation. If indeed this was a Russian thing, then you have been served a taste of your own medicine. Stop whining about it.

Powerful nations intrigue in the affairs of others - this is hardly a medicine invented in the United States.

That the US interfered in elections in foreign nations under certain circumstances, such as in Italy as the USSR clenched its fist around Eastern Europe and lit fires across the world, hardly means the US hasn't the right to be angry when Russia interferes with US elections.

As to "whining", I don't think you have a good grasp of US dialogue. Most of the influential Republican core, and obviously the breadth of the Democrats, agree that Trump is unfit for office - indeed, that he would be dangerous in office. The GOP lends half-hearted support because they hope that the election is more about "Trump" than "Republicans", and that when Trump fades the Republicans can recover.

Now, to this rather remarkable agreement on the threat Trump himself poses, add to it the meddling of a nation notorious for its poisoning of dissidents abroad with radioactive substances, for its continued attempts to reassert an imperial status, for a level of corruption that would make the most unscrupulous third-world border guard blush.

There is a serious discussion of options being undertaken. The only persons eager to short-circuit any talk of action are those who claim that because the US has interfered in elections elsewhere under different circumstances, it has no right to say anything here.

Aren't you being a bit hysterical now? It's not like whoever was behind the hack has been supplying money and arms to the opposition, which, of course, is something the US would never do either.

Not in the least. Russia's use of force, of poison in particular, to silence opposition candidates in foreign nations too weak to threaten Russia, and to silence dissidents in foreign nations, is notorious. Were the US not - all bluster aside - a beast with which Russia has no desire to engage outright, I do not doubt for a moment that the active measures of propaganda would be augmented by the active use of force.

Where ever it came from, the obvious intent here was to destabilize the DNC and hurt HRC. But in the end, if whatever wrongdoing exposed here swings the November election in favour of an unpredictable madman, 75% of what he's saying is nothing but lies, then your country has a much bigger problem than just alleged Russian interference.

Sure, the US does have bigger problems. But being a big nation, the US must deal with many problems at once. And Russian interference in American democracy has now become one of those problems.

My point about this being a dangerous election season rests on the possibility that some nations may view the possibility of a Trump presidency as the equivalent of a rare opportunity to seize decisive ground. From one kind of Russian perspective, a President Trump would deeply undermine US credibility, divide Western allies, lift economic sanctions, free Russia to pursue its policies in Eastern Europe, and betoken a permanent loss of US standing in the world, accompanied by a decisive US disengagement.

How far would one of that perspective go to see Trump elected? Add the prospect that Trump might be susceptible to deep influence by you throughout his term(s).

How far? I'd place the odds of a real "bet the house" strategy, such as an attempt to kill Trump's opposition days before the election, as rather low - but they're higher than normal due to the temptation that Trump represents. It's in Putin's interests to appear slightly irrational at times, so I take much of what he says and does with a grain of salt, but I hope he understands how terribly swift, brutal, and horrific the retaliation would be should Russian interference ever escalate to such a level.

More likely is, absent US response, a continued development of Russian propaganda and influence through less risky means. But this is not an acceptable outcome. If they do not understand that THIS game is most assuredly not worth the candle, then their eyes must be opened.

KarlaJuly 27, 2016 11:40 AM

MarkH yammers ceaselessly about the Russian domination-by-force policy in his wet dreams, and when somebody upends his fantasy world with a embarrassing fact, then he tries to be the scope police, we weren't talking about that, we were talking about this.

What MarkH tried to shoehorn into technical discussion of a hack he can't attribute was the US coup in Ukraine, which was accomplished thusly:

https://www.academia.edu/8776021/The_Snipers_Massacre_on_the_Maidan_in_Ukraine

https://eadaily.com/en/news/2015/04/20/presidential-candidate-in-poland-says-poland-and-cia-were-behind-maidan-and-maidan-snipers

Now that Nuland's illegal coercive foreign interference has failed in yet another NATO Charlie Foxtrot, Russia's triumph is moot and we are happy to return to the subject of clownish DNC ineptitude and the criminality it has revealed.

Dirk PraetJuly 27, 2016 12:31 PM

@ Skeptical

And Russian interference in American democracy has now become one of those problems.

The rise to power of a dangerous buffoon like Donald Trump with no one in the GOP able to put up an even remotely credible challenge is unfortunately symptomatic for the fact that the US - in the words of former president Jimmy Carter - no longer has a functional democracy. I guess it's easier to up the anti-Putin rhetoric than to admit that there is something so very rotten in the state of Denmark that the theft and public release of a number of compromising documents by either a foreign state actor or a hackers collective has the potential to wreak irrepairable havoc on the self-proclaimed leader of the free world.

Mail Order DebrideJuly 27, 2016 1:19 PM

Roughly half of the entire US population is now registered to vote. (Of these, roughly 80% think Ad Hominem is either a rapper, a terrorist or a browser extension.)

These are the people who are vehemently arguing over which band-aid to slap onto a sucking chest wound.

Good "luck" with "your" "choice".

Trumpet AlJuly 27, 2016 2:25 PM

@SoWhatDidYouExpect,

I hate to play devil's advocate here, but incidentally I don't see anything wrong with that particular style of goading. It's the same thing as calling on the NSA to bring injustices to light, if it's possible it should be done regardless of who has them. Unfortunately, all of this is one sided, whereas you view it as "consorting" there so far is very little evidence of collusion or direct motive. More info is needed to sort this all out.

roverJuly 27, 2016 2:41 PM

@ Armchair: quarterbacks, Churchills, Walts, spies, security experts, partisan trolls

"Honestly, I wish I had that power [Putin's]. I’d love to have that power..." -- Donald Trump

He's already eating from Putin's hand, Trump can be easily manipulated with any little ego boost. He and Manfort have business ties in Russia, and Trump wants a hotel in Moscow with his name on it, but he's been unsuccessful thus far. At some point you have to pick a side, and I've chosen my candidate in this presidential election... Somebody hacked the emails, releasing them stirs up the election and hurts the Democrats. I'm sure Putin is shedding tears of joy and laughter at the political brouhaha. Buzz our planes, buzz our ships, now buzz our election. Today at press conference, Trump wishes Russia or any other country hacked the emails and would release them, which may hurt Trump more.

@Stan -- Zersetzung, state sponsored gaslighting and surreptitiously undermining and interfering in a political opponent's life with the intent to mentally destabilize the target -- could actually be happening (it would only take a few pokes to have you tripping over yourself and hypervigilent) or it may just be an ego boosting distortion of reality.

Other ego boosts include self designation as a wine connoisseur, an audiophile, a cigar aficionado, security expert...

Gerard van VoorenJuly 27, 2016 3:08 PM

@ Skeptical,

Since you are carefully avoiding the DNC issues, and we don't know your stance in this, I would like to ask you two questions, to set a common baseline for further discussion.

1) Do you think the involved DNC political elite committed serious crimes?
2) What's your opinion about that this issue is now public knowledge. Is that good or bad?

AnuraJuly 27, 2016 3:41 PM

2) What's your opinion about that this issue is now public knowledge. Is that good or bad?

Selective transparency only serves to manipulate the public, and when the other party is likely just as corrupt (or worse), then it is as a whole a bad thing. Odds are the GOP was trying to find ways to defeat Trump as well, and I'm sure you can find much more damning stuff if you got access to their emails and got communications strategizing their plans to obstruct Obama, to utilize the Benghazi hearings for purely political purposes (I give you about a 50% chance that committee members sent Clinton emails they claim to be classified to GOP insiders with no security clearance). All parties should be fairly transparent, but this does nothing to accomplish that.

albertJuly 27, 2016 3:59 PM

It's hard to imagine that anyone would try to 'disrupt' a US presidential election by exposing DNC information. Hil'ry has plenty of public history that exposes her politics for all to see. She's a Wall Street Hawk. Trump is a complete fool. Does anyone with at least two brain cell connected together think that he's capable of actually fighting the entrenched Political Establishment? That's naive to the extreme. US foreign policy isn't created by the president, nor is it created by Congress. Clinton, Bush, Obama all followed the same play card, and in the event that Trump got elected, he would too.

Hil'ry will be elected. And by any means necessary. Just like she got the nomination.

Have faith in The System!

(I think it's time to watch "Dr. Strangelove..." again.)

. .. . .. --- ....

Gilbert ChagoureyJuly 27, 2016 4:05 PM

TrumpRussiaTrumpRussia is propaganda for NPR morons, a notion for poseurs to bullshit about. Old timey red-baiting for progressives. What's mind-boggling is that people here fall for it even though a CIA ventriloquist already has his hand up Trump's shirt.

Manafort's BMSK partners were the second generation of CREEP, a domestic CIA operation, and Manafort's international work and remittance arrangements would be impossible without CIA protection and support. Manafort was UNITA's flack, ISI's flack. Where do you think he got those referrals, from TaskRabbit?

Let us savor the genius of convincing American dimbulbs that a CIA dupe is a traitor aiding Russian enemies. Again. They fooled you with Lee Harvey Oswald but you didn't learn a thing.

Joe StalinJuly 27, 2016 5:53 PM

I remember when Bruce charged the Chinese with every hacking incident, now its the Rooskies.

Even if a Rooski hacked the files the Supreme Court with "Citizens United" gives foreign Govs, agents, Corporations, etc. the 1st Amendment right to manipulate our elections.

If Snowden had a whistle blower 1st Amendment right to expose NSA files the poor old Rooskies get their whistle blower shot at showing what a "democracy" really is and they save on bribing politicians(oops, I mean donations to politicians.)

I don't think most people of Cuba, Korea,Vietnam,Congo,Chile,Zambia,Greece,Italy,Grenada,El Salvador,Mexico, Honduras, Guatemala,Syria,Iraq,Georgia,Argentina,Libya,Yemen,Ukraine,Haiti,and the dozens of other victims of USA coups, CIA assassinations, USA funding of elections since WWII care if the DNC was hacked. Why should I care? Whistle blowing is good even if it is done by Rooskies or some movie plot Dr. Evil.

roverJuly 27, 2016 6:01 PM

"Members of the intelligence community are worried that Donald Trump ― who has deep ties to Russia and is apparently the preferred presidential candidate of Russian dictator Vladimir Putin ― could have access to highly classified national security briefings as early as Friday. Trump and presumptive Democratic nominee Hillary Clinton will begin receiving the briefings after the Democratic National Convention ends on Thursday."

--HuffPost

Trump with no security clearance and well no restraint likely to blurt out and tweet that stuff. Foreign adversaries can't wait.

roverJuly 27, 2016 6:12 PM

Trump doesn't read books on good authority. If they make the briefings long enough, he won't read them. Trump Vodka anyone?

roverJuly 27, 2016 6:15 PM

@Bumblyography -- did you mean waterboarding? Or an NDA with jail time?

BumblyographyJuly 27, 2016 6:24 PM

Verbal information, actionable information can be watermarked just as easily as books with DRM. I imagine the trick is the actionable part, anyways my solution past that point is a title of traitor and a gun.

Executions are considerably cheaper than jail and I would hope that with McCain and others recognizing the problem of skew with foreign interests a Patsy Kline would be far more homogenizing than money and donations from China.

There's another solution, disqualify both of them set some precedents and reopen the primaries.

Enjoy.

BumblyographyJuly 27, 2016 6:28 PM

@kopykrat,

Yes, this is far beyond any level of basic shenanigans.

soothsayerJuly 27, 2016 8:21 PM

@Aruna
Rules are written to comply with laws. In politics there is NO other reason.

I can go on to expound how diverting money from it's intend destination is a criminal act -- but you may do better by reading Mike Taebii of Rolling Stone.

First reason was that they were falling behind in donations to Bernie! Oye wei ..
Second was to get around the max limit of $5600.
PEOPLE HAVE GONE TO JAIL FOR THIS -- ask Dinesh D'Souza

But political figures(some) have always been above the law or she would have gone to jail for that $100K cattle trade in 80s -- and that WAS A BRIBE -- if you don't understand that then there is no point worrying about these things.

CuriousJuly 28, 2016 1:46 AM

Off topic I guess:

Funny that you mentioned Dinesh D'Souza just now as I was sitting here wondering if I should point out or not, that D'Souza is apparently the director of the documentary (or whatever it is) called "Hillary's America: The Secret History of the Democratic Party". Apparently now running at the cinemas. From the little I read about this, it isn't pro Hillary/Democrat, and might not even be a good documentary (Imagine if Trump directed a documentary himself, who knows what it would turn out like).

CuriousJuly 28, 2016 2:00 AM

Found another article:

"NSA could hold 'smoking gun' in DNC leak"
http://www.politico.com/story/2016/07/nsa-dnc-hack-russia-226315 (27.July)

If Russia hacked Democratic computers, the spy agency likely knows and will tell the FBI.

I wonder, if Russia hacked Democratic computers why couldn't NSA stop them?


I thought the following paragraph was amusing:

At a cybersecurity conference in New York City Wednesday, FBI Director James Comey was mum about the DNC hack, but defended the value of the so-called name-and-shame approach. "If we can't lock them up, we have to call them out," Comey said.

Couldn'tPossiblyCommentJuly 28, 2016 3:30 AM

Sorry but I call shenanigans, particularly on the inflammatory title. I admit I expected better of Bruce.

It's easy to attribute blame to a group when you have an existing predilection to blaming them, and a political & financial incentive to attribute blame and find a distraction to the actual content of the leak. There are plenty of articles about how terrible the email security is at both parties. Why is such blind faith being given to a single source claiming the Russians did it?

Crowdstrike was hired by the DNC. The DNC have already been visibly shamed as a group that will have journalists edit their copy to produce the desired outcome. The 'forensics' are unpublished. All the linked article appears to say is 'trust us, it looks like them' and then goes on to indicate what the APT groups normally do. As others have pointed out, attribution based on methods ignores any ability of any other agency to copycat methods.

Leaping on blaming the Russians is a convenient way to attribute blame and suggest that the US elections are being tainted by outside forces (because it's apparently ok and not newsworthy if _Americans_ screw over the US elections by all sorts of methods, but the moment someone outside the country does it, that isn't ok...)

Rule one in quoting articles and analysis - understand the bias of the source. This is all from a single source that has a significant financial bias to produce the result their employer wishes. Show independent confirmation from a non-US security firm.

TS/SAP/FORSCRIPTKIDDYUSEONLYJuly 28, 2016 6:45 AM

"If we can't lock them up, we have to call them out," Comey said.

Yeah, that's the approach he took with Hillary.

Clive RobinsonJuly 28, 2016 8:44 AM

@ All,

I wonder from thrse comments just how many people are making Type 1 (intuitive) judgments as opposed to Type 2 (reasoning) judgments over this.

I can see way more Type 1 judgments than I can Type 2, which is distinctly worrying. Rids commentry is strongly type 1 thinking based on type 1 thinking from those who have supposedly investigated and come to a hard decision "It was the Russians".

As I've already said if you take the time to look and reason --Type2 thinking--, you realise there is no credible evidence, not even circumstantial evidence that can not be quite easily challenged by any upto date security practitioner. Worse what is called evidence has been cherry picked from the information available.

I'm sorry if those who have "gut reacted" --Type1 thinking-- but you need to understand that instinct is of little use in Cyber-Space analysis.

Have a read of this review of Daniel Kahneman's "Thinking, Fast and slow",

https://www.theguardian.com/books/2011/dec/13/thinking-fast-slow-daniel-kahneman

I know he's an economist, and I usually have little favourable to say about them. But yes I think it's worth the read.

Ole' PinionJuly 28, 2016 11:33 AM

@Curious,

Here's your answer as to why they wouldn't be able to stop them or publicly confirm:

"That’s where things really get messy, because explaining how the U.S. Government zeroed in on suspects can expose sources and methods and compromise ability to do the same thing again in the future."

It's from the article you link, basically the methods and sources aren't worth burning.

Dirk PraetJuly 28, 2016 4:16 PM

@ Clive

I wonder from these comments just how many people are making Type 1 (intuitive) judgments as opposed to Type 2 (reasoning) judgments over this.

I think it's reasonable to assume that most people's opinions have been shaped by the usual MSM reporting of the story. Without precluding the Russians were indeed behind the hack, I'm not taking either FireEye's or the FBI's word for it without seeing some tangible proof.

In addition to that, there is at this monent no proof whatsoever that whoever did it also passed the captured data on to Wikileaks. As I already told @Skeptical, it is much easier (and cheaper) to blame the Russians than to admit failure and face a class action suit. We saw something similar with the Sony hack, and for all I know, this might as well be an inside job by a disgruntled Sanders supporter.

Poll PoltJuly 28, 2016 4:39 PM

@Dirk Praet,

OoO, the pot thickens! Nothing gets the mass fomenting like a healthy serving of speculative execution.

SkepticalJuly 28, 2016 8:11 PM


@Dirk: The rise to power of a dangerous buffoon like Donald Trump with no one in the GOP able to put up an even remotely credible challenge is unfortunately symptomatic for the fact that the US - in the words of former president Jimmy Carter - no longer has a functional democracy. I guess it's easier to up the anti-Putin rhetoric than to admit that there is something so very rotten in the state of Denmark

False dichotomy.

On the one hand, Trump's nomination IS a serious problem in itself. He is perhaps the most unqualified, unbalanced, and manifestly dangerous serious contender for the office since Aaron Burr. Many factors contributed to this situation, some internal to the Republican nomination process and some not.

So there is that, as an issue in itself. But that's not really the topic here, just as there are lots of worthy problems and issues that are not topics in any given discussion. It doesn't make them any less worthy.

On the other hand, there is the problem of a foreign power attempting, by clandestine means and convenient cut-outs, to undermine the integrity of a democratic election for the benefit of Russia and enable the election of a candidate viewed as dangerous to the very institutions of the United States. This is not conduct that can be safely tolerated by the United States, and the defense of American self-determination is the very heart of the duty and purpose of the United States Government.

It is this problem that IS the subject of discussion. Russia has long viewed information operations as a useful weapon against open societies. But here it has undertaken an operation far greater in scale than the Watergate attempted burglary, the cover-up of which eventually felled a sitting President (note: investigating journalists were not poisoned, shot, jailed, or otherwise silenced - the institutions protecting free speech proved stronger than those who would subvert it).

Moreover, precisely because of the danger Trump poses to the US and to the West in general, and precisely because those dangers are what motivated Russian operations, these operations must be regarded as acts of particularly hostile intent. Russia chose to smuggle gasoline into what was already a fire of some concern.

Put differently: the US interest is in paying the price for deterring such acts, and the escalation ladder here is not one which anyone in Russia has any rational interest in climbing.

The question is what the appropriate means of deterrence are in this case. The means selected must be effective and indicate US willingness to pursue this affair further if need be; Russia must understand the price that the US is willing - indeed MUST be willing - to pay, and Russia must understand the cost that the US is willing to exact.

Russia's problem, if it understands the US Government at all, is to demonstrate that it comprehends its miscalculation, and that it fully believes that it is against Russian interests to pursue such actions in the future - and to do so in a way that could persuade the Americans that deterrent measures are unnecessary.

Now, in an important way the two topics tie together. Many persons in the US Government believe that Trump IS genuinely dangerous; and that therefore continuing interference by Russia on Trump's behalf is equally dangerous, if not more so. This will engender a feeling of determined anger, supported by a strong rationale - Russia is playing with fire. The US will be inclined, in my opinion, should Russia fail to repent as it were, to undertake deterrent measures at a time, place, and manner of its choosing. The response will match strengths to weaknesses, it will harm Russia without leaving Russia recourse for anything other than self-defeating reprisals. It will carry the thinly veiled potential, if veiled at all, for follow-on measures of an increasingly damaging nature.

I don't think those less familiar with the United States quite grasp the almost unprecedented nature of the current state of affairs. The mere possibility of Trump has actually - fully - ALARMED every moderate and consensus driven politician and person of influence in the United States; it has ALARMED long-standing figures of power on the right, in the center, on the left. NO ONE will stand in the way of taking deterrent measures, and if anything the bias may be towards measures that are too strong.

The very things that make Trump so tempting for Russia to aid, are the very things that make Trump so incredibly dangerous an occasion for Russian involvement.

Trump is unwitting and unintended bait for a bear-trap. To return to your Hamlet reference, US is more Fortinbras than Hamlet. While generalizations about any complicated nation should come with a tome of qualifications, the US is less apt to be led around a maze of mirrors and more inclined to simply smash through them.

Chopped Mutton DelightJuly 28, 2016 10:08 PM

@Skeptical,

Are we certain he meant Denmark? As a dimbulb'ed-twolip I found myself having to re-re-re-read it as 'the state of democracy'.

Does it matter?

Dirk PraetJuly 29, 2016 4:59 AM

@ Skeptical

This is not conduct that can be safely tolerated by the United States, and the defense of American self-determination is the very heart of the duty and purpose of the United States Government.

But isn't that pretty self-evident? No one is denying that. The point I'm trying to make is that you've got a much bigger problem than the Russians if your democracy has become so fragile that it can no longer survive the publication of documents stolen from a political organisation that even in your own opinions on the matter is a perfectly valid espionage target for foreign powers.

So let me join @Gerard Van Vooren in asking you: what do you actually think of the document content itself and to which extent is the American public justified in its outrage? There was no wrongdoing? The system is not rigged? The DNC applied due diligence in adequately protecting their IT systems?

If I leave my unprotected cellphone containing messages and pictures of my mistress home on the table and my jealous wife finds out about it by browsing through them, then which party is most to blame when the marriage blows up?

SkepticalJuly 29, 2016 12:22 PM


@Dirk: So let me join @Gerard Van Vooren in asking you: what do you actually think of the document content itself and to which extent is the American public justified in its outrage? There was no wrongdoing? The system is not rigged? The DNC applied due diligence in adequately protecting their IT systems?

I'm not aware of any illegal conduct revealed by the documents. We see the usual ugliness that comes with party politics, nothing more, which nonetheless would have garnered more attention had they not been introduced via a hostile act by a malicious foreign government.

Nor is the issue that American democracy cannot survive the publication of those emails.

The issue is that to allow a foreign state to commit such a gross act of interference in an election is to invite additional attempts, which will erode and reduce American autonomy - and even if only at the margins, those margins can be significant.

Americans are furious at Russia's actions - few care about what is in the documents.

CuriousJuly 29, 2016 12:54 PM

I wonder: what part of the accusation is damning here, any hacking, any distribution of such content in an attempt to interfere with an election, or both?

DudeJuly 29, 2016 2:41 PM

Bruce,

For the love of God please turn off your comments! The voices in my head have more sanity than most of these people - assuming they are humans in the first place.

Seriously, people, get help. Therapy, medication, electroshock, doesn't matter to me.

Comments on this entry have been closed.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.