Hacking the Vote

Russia has attacked the US in cyberspace in an attempt to influence our national election, many experts have concluded. We need to take this national security threat seriously and both respond and defend, despite the partisan nature of this particular attack.

There is virtually no debate about that, either from the technical experts who analyzed the attack last month or the FBI which is analyzing it now. The hackers have already released DNC e-mails and voicemails, and promise more data dumps.

While their motivation remains unclear, they could continue to attack our election from now to November—and beyond.

Like everything else in society, elections have gone digital. And just as we’ve seen cyberattacks affecting all aspects of society, we’re going to see them affecting elections as well.

What happened to the DNC is an example of organizational doxing—the publishing of private information—an increasingly popular tactic against both government and private organizations. There are other ways to influence elections: denial-of-service attacks against candidate and party networks and websites, attacks against campaign workers and donors, attacks against voter rolls or election agencies, hacks of the candidate websites and social media accounts, and—the one that scares me the most—manipulation of our highly insecure but increasingly popular electronic voting machines.

On the one hand, this attack is a standard intelligence gathering operation, something the NSA does against political targets all over the world and other countries regularly do to us. The only thing different between this attack and the more common Chinese and Russian attacks against our government networks is that the Russians apparently decided to publish selected pieces of what they stole in an attempt to influence our election, and to use WikiLeaks as a way to both hide their origin and give them a veneer of respectability.

All of the attacks listed above can be perpetrated by other countries and by individuals as well. They’ve been done in elections in other countries. They’ve been done in other contexts. The Internet broadly distributes power, and what was once the sole purview of nation states is now in the hands of the masses. We’re living in a world where disgruntled people with the right hacking skills can influence our elections, wherever they are in the world.

The Snowden documents have shown the world how aggressive our own intelligence agency is in cyberspace. But despite all of the policy analysis that has gone into our own national cybersecurity, we seem perpetually taken by surprise when we are attacked. While foreign interference in national elections isn’t new, and something the US has repeatedly done, electronic interference is a different animal.

The Obama administration is considering how to respond, but politics will get in the way. Were this an attack against a popular Internet company, or a piece of our physical infrastructure, we would all be together in response. But because these attacks affect one political party, the other party benefits. Even worse, the benefited candidate is actively inviting more foreign attacks against his opponent, though he now says he was just being sarcastic. Any response from the Obama administration or the FBI will be viewed through this partisan lens, especially because the president is a Democrat.

We need to rise above that. These threats are real and they affect us all, regardless of political affiliation. That this particular attack targeted the DNC is no indication of who the next attack might target. We need to make it clear to the world that we will not accept interference in our political process, whether by foreign countries or lone hackers.

However we respond to this act of aggression, we also need to increase the security of our election systems against all threats—and quickly.

We tend to underestimate threats that haven’t happened—we discount them as “theoretical”—and overestimate threats that have happened at least once. The terrorist attacks of 9/11 are a showcase example of that: administration officials ignored all the warning signs, and then drastically overreacted after the fact. These Russian attacks against our voting system have happened. And they will happen again, unless we take action.

If a foreign country attacked US critical infrastructure, we would respond as a nation against the threat. But if that attack falls along political lines, the response is more complicated. It shouldn’t be. This is a national security threat against our democracy, and needs to be treated as such.

This essay previously appeared on CNN.com.

Tags: , , , ,

Posted on August 1, 2016 at 6:49 AM254 Comments

Comments

Did August 1, 2016 7:24 AM

I can’t believe I’m reading a post from a world class security researcher where the evidentiary standard is some CNN article.

Alex August 1, 2016 7:35 AM

This is a sad state of affairs when a respected security expert jumps on the McCartyite band wagon and calls for counter attacks against a foreign country based on the pot being stirred for purely political advantage. Shame on you sir!!!

Pepito August 1, 2016 7:58 AM

As a matter of academic and even just journalistic integrity I feel this post lacks solid evidence or credible references for the claim in its first sentence, which is a little worrying given the second sentence is an explicit call to arms.

One thing is the general risk and known precedents that manipulation can happen. A very different one is whether the Russian government has a role in these specific leaks. But ‘suspects’ by ‘FBI officials’ and similar insubstantial fluff is all I can find in the linked material.

Of course like anything in history, as soon as one hypothesis becomes accepted as ‘the truth’, what really happened stops to make any practical difference.

When they are not forgeries, embarrassing leaks actually offer useful insight. And while it is appropriate for evidence obtained unlawfully to be thrown out in court, I think politics, public opinion and research can legitimately use it. As for the other leaks often analyzed on this very blog.

Aly August 1, 2016 8:00 AM

U “forgot” to mention that US gov. just loves to influence on all politicians around the world, far beyond its borders.

Do U think it’s acceptable?
Where are the proofs on who did it? Thous U know.. without guessing?

Always considered Schneier as non-political involved blog, well.. I clearly was wrong.

Bardi August 1, 2016 8:15 AM

no-one and Aly,

Good comments. A tipping point has been reached where the “Empire” is realizing that their tactics of yore a shoved right in their faces. Good.

If setting a good example is not good enough, then, instead of jamming election results into other countries, perhaps the US should look at those passing the message and, perhaps, using high school graduates as front people, the US should consider using intelligent and careful people, first.

Damn the US for putzing in other country’s business.

JA August 1, 2016 8:28 AM

Sure, also “many experts have concluded” that Iraq was behind 9/11…

First, he sold himself to IBM. Now this. What’s next?

z August 1, 2016 8:39 AM

Frankly I am far more bitter about how the DNC is corrupt to its rotten core than about the Russians or anyone else exposing it.

de La Boetie August 1, 2016 8:44 AM

Have them pesky Reds taken over Bruce’s blog too? Having trouble with this post for so many reasons.

If one country attempting to influence another’s internal politics (usually a bad idea historically) – is such a threat to national security, how can you possibly be sure it’s only one country? That the evidence is satisfactory? I’ll leave the hypocrisy to one side for the moment, Schadenfreude is so low.

How come the corporate lobbying and electoral funding isn’t also a threat to national security? (hint, it is, but the coup has already happened)

The reason the US is so vulnerable to this kind of attack is that the politicians, media, and IC are – rightly – viewed with such lack of trust and credibility. Might be good to fix that first. As a matter of national security.

yoshii August 1, 2016 8:46 AM

Please read these articles on why it’s actually NOT verified to be Russian state actors, and that even the motives are unclear:

http://www.washingtonexaminer.com/article/2598070

https://medium.com/@jeffreycarr/can-facts-slow-the-dnc-breach-runaway-train-lets-try-14040ac68a55#.15j7axoe0

Seriously, America has bigger problems with propaganda and fake news as well as sensationalism and way too much assumptions and opinions pushed into the spotlight.

Please, Bruce, we need to take the focus back towards technical, logical, objective articles and discussions instead of these recent panic sessions.

Peace

scp August 1, 2016 8:49 AM

If they’re not doing anything wrong, they’ve got nothing to hide.

To protectors of democracy, the contents of those e-mails should be more worrying than the source of the leak. I’ve seen no reports that the contents were altered.

Skiboater August 1, 2016 8:55 AM

Good comment on the tendency towards knee-jerk attribution:

“When it’s possible to identify the origins of cyberattacks­…it’s as a result of months of detailed analysis and investigation. ”

  • Bruce Schneier, January 2015 blogpost

Erich Schmidt August 1, 2016 9:07 AM

I could be wrong, but it seems like there are mostly a lot of sock puppets commenting so far.

Jykell Maxon August 1, 2016 9:18 AM

The attributions of attacks either to the Russians or the Chinese usually come up with statements such as:
– the authors left comments in Russian / Chinese in the code
– the authors used a Russian / Chinese keyboard
– the authors used malware that was developed by Russian / Chinese hackers
– the group is known to be affiliated to the Russian / Chinese government
– etc.

I find it rather funny that year after year and attack after attack those groups are stupid enough to “sign” their code, MO or leave tracks that lead straight back to the Russians / Chinese.

JM

rover August 1, 2016 9:21 AM

@Erich Schmidt — Just about to say the same. OK Wow big sock puppet response. Web Brigades https://en.wikipedia.org/wiki/Web_brigades

The web brigades (Russian: Веб-бригады), also known in English media as the troll army, are state-sponsored anonymous Internet political commentators and trolls linked to Russian government. They are suspected to be organized teams and groups of commentators that participate in Russian and international political blogs and Internet forums using sockpuppets and large-scale orchestrated trolling and disinformation campaigns to promote pro-Putin and pro-Russian propaganda.[1][2][3][4] It has also been found that Wikipedia articles were targeted by Russian internet propaganda activities.

Couldn'tPossiblyComment August 1, 2016 9:30 AM

So it’s virtually undeniable, and yet there are articles such as the one in an
Israeli military intelligence journal stating the complete opposite. I look forward to hearing about why the Israelis are lying about the DNC hacks too.

Lets’ look at some known facts (and if any of these I have in error, delighted if someone corrects me, always happy to learn). Hillary Clinton will not prosecuted for her breaches of national security, but the FBI says anyone else doing so would be. Both the FBI Director & the Attorney General are evasive when challenged on why this is the case. Previously, the head of the NSA was similarly evasive on the accusations of spying on Americans. The DNC emails reveal politicans perfectly willing to adjust headlines and artices to suit their needs. Yet this is the group we must supposedly trust to have established incontrovertibly in the space of days that the Russians are coming.

Detailed investigations over the course of months haven’t happened. What has happened is that a whole bunch of media articles are re-quoting each other to build up a frenzy of Cold War era hype. This isn’t investigation. This isn’t even journalism. This is just spin to distract, and I’m deeply disappointed that Bruce has piled onto this particular bandwagon.

Trust has been eroded. One does not regain trust by shouting the same message slower & louder.

Of course this will probably labelled as a sock puppet…

rover August 1, 2016 9:41 AM

@Couldn’tPossiblyComment — Israeli military intelligence journal = debka. Debka is BS with little cred. From wiki:

Wired.com’s Noah Shachtman wrote in 2001 that the site “clearly reports with a point of view; the site is unabashedly in the hawkish camp of Israeli politics”.[4] Yediot Achronot investigative reporter Ronen Bergman states that the site relies on information from sources with an agenda, such as neo-conservative elements of the US Republican Party, “whose worldview is that the situation is bad and is only going to get worse,” and that Israeli intelligence officials do not consider even 10 percent of the site’s content to be reliable.[1] Cornell Law professor Michael C. Dorf calls Debka his “favorite alarmist Israeli website trading in rumors.”[5]

debka is ultra republican and anti democrat just like encrazed Netanyahu

CallMeLateForSupper August 1, 2016 9:52 AM

@Bardi
“Damn the US for putzing in other country’s business.”

LOL. Your Yiddish needs work. The verb you want is “futzing”.
Unless, that is, you really meant “ballsing in other country’s (sic) business”, which is nonsensical.

Ted August 1, 2016 9:53 AM

Life After Doxing
http://www.lifeofthelaw.org/2015/01/lifeafterdoxing/

“Kate, who’s asked me not to use her last name, signed up for Facebook in her freshman year of college, as soon as she got her university email address. This was in 2004 when Facebook required one. She had it for only three or four months when she started getting unsettling emails and Facebook”

[…] “It turned out that someone had lifted photos off her Facebook page and posted them to this site. Commenters would argue back and forth about whether or not she was fat, and whether or not they’d have sex with her. The posting included her full name and linked back to her Facebook profile.”

[…] “I was probably only 19 when that happened, and it was extremely scary,” she said.”

[…] “Tech companies, have all of the money in the world,” she says. “So that is why I think activists have really focused on them and hounded them to find some sort of solution to help at least mitigate the effects of those crimes.””

[…] “But there’s a bigger problem. As more of our real lives become integrated with the internet – our jobs, our social lives, even our love lives – so too does our personal safety.”

[…] “Ari Waldman is the Director of the Institute for Information Law and Policy at New York Law School</a href>. He says even lawyers have a hard time understanding the implications of online harassment. That’s why he plans to open a legal clinic that would provide free legal representation for victims, and train lawyers to handle these types of cases. “

Zd August 1, 2016 10:01 AM

I don’t think it’s a question of sockpupetery, and more of the overall readership of Schneier blog.

A lot of people around here have an interest in hacktivism, and less in information security. This is especially true since Snowden, as Bruce commented the affair extensively here, which brought plenty of readers.

Now that he’s taking a position that doesn’t fits well with the anti-US zeitgeist, he’s taking some heat by the very same people.

Ken Hagler August 1, 2016 10:06 AM

The nerve of those Russians, giving information to US citizens that the US government doesn’t want them to have. Where could they have gotten the idea that such a thing is acceptable?

Roy Lipscomb August 1, 2016 10:06 AM

Bruce speaks in favor of voter-verified paper audit trails (VVPAT):

<i>Longer term, we need to return to election systems
that are secure from manipulation. This means voting
machines with voter-verified paper audit trails, and
no Internet voting. I know it’s slower and less
convenient to stick to the old-fashioned way, but
the security risks are simply too great.</i>

However, research has shown that VVPAT is insufficent. Most voters didn’t bother to verify the printout; and, in any event, it’s rare that a VVPAT is ever consulted.

The actual solution is “hand-counted paper ballots” (HCPB), right? Unfortunately no, not as that term is usually understood.

In traditional hand-counting, the paper ballots get hand-tallied in the polling place. That sounds great, until you realize that you’re not personally there to see the counting. Instead, you’re asked to put your trust in the six people who do the counting–and to trust the thousands of other six-person teams in other precincts across the country. Do you really trust all those people? No way.

What’s needed is a new approach to HCPB, one that reduces the “trust-me” factor to virtual insignificance.

Here’s an outline of one such approach:

1. All votes get cast on paper ballots in the polling place on election day.

Yes, there are arguments for allowing paper ballots to be cast at other places and/or times. We can discuss these options if the rest of this proposal is acceptable.

2. When the polls close, each person in the polling place gets to video-record the ballots. Each video should simultaneously show enough of the polling place to help authenticate the video.

3. The videos get published on the Internet, each video serving as a check and balance on the others. As desired, the videos get authenticated against the actual ballots.

4. The public gets to tally the ballot images, by hand, by personal software, by off-the-shelf software, by calculator, or however. Ambiguous and other miscast votes get tallied as such. Alongside each video is a description that includes its tallies as calculated by its creator.

5. Any outlying miscount is quickly detected due to its divergence from the other counts.

The result: All counts soon converge to an accurate count, given the margin for miscast votes.

Pepito August 1, 2016 10:10 AM

Trying to make sense of this embarrassingly unsubstantiated post, even discounting that it was originally written for CNN: Bruce may just be reacting in much the same irrational way as many (most) highly educated people in my home country when faced with the possibility that Berlusconi could be (re-)elected. Any other concern was put aside in the name of avoiding such a disgrace. The opposition to Berlusconi had cultivated a more presentable face, no matter how notoriously vacuous, fractious and, to those not sticking their head in the sand, just as corrupt. It was to the almost universal scandal of my academic peers that I voted for Berlusconi when I was still living in Italy. On the account that I’d rather vote for a villain whose face I see than for an unaccountable shapeless mob. Was I glad when I left the country altogether!

I wouldn’t want to be a US voter bound to choose between a guy like Trump and a lady wide open to domestic and foreign blackmail even before being elected.

Back to the DNC leaks: another hint that emotions are taking over is weak evidence being accepted at face value. I’m thinking of the reports that came out in the recent months from security consultants hired by the DNC (therefore not independent by definition), confirmed by other possibly more independent consultants. As I remember the links to Russian state entities where re-use of known IP addresses and tools previously used against targets in Germany and elsewhere. Even granting the original attribution to Russia of those precedents was genuine, it doesn’t usually come across as ‘high level state actor aggressor’ to reuse well known and compromised assets for such a bold action as interfering with US elections, does it? Of course one can argue this is precisely why the Russians may have reused them so as to cry ‘framing’, but if so they were deliberately inviting detection and possibly interception, which open to even more domestic or foreign parties gaining access to blackmail material, paradoxically even through legitimate defensive work, which would make a leak by somebody almost unavoidable. I’d conclude publicly available info simply say nothing useful in either way. The only point of substance is who, when and how not-yet released bits may be used.

ianf August 1, 2016 10:11 AM

@ Ted RE: Life After Doxing

We’ve all been burned in one way or another, needn’t have been online, but IRL where it hurts/ stings even more. Kate—not her real name—ought to be more grateful that she came away from that experience with mostly a bruised ego. And, having had had this sad experience due to Fuckfacebook’s stupid real names policy (“because nobody’s got anything to hide, and, besides, we’re just like in the real world, with plenty of psychos around, et al“), she should draw lessons from it, and educate her offspring, her posse, her surroundings, as to the dangers lurking therein. If she uses it mainly to whine about it in some blogs, she obviously hasn’t understood what life itself is about: which is

    AVOIDING CONTACT WITH
    PSYCHOPATHS AT ALL COSTS

esp. if they’re the ones running the FFB asylum.

Chris August 1, 2016 10:26 AM

The hackers used software or wrote software that has Russian language in it, therefore undoubtedly it must be the Russians. Great logic there. Bruce, your motivations are clear. From a leading security expert, he wants us to not focus on the legal and security implications of what Hillary did. Oh no, do no look at the man behind the curtain! The conversation should be, is the person running for the highest office have our best interests in mind when it comes to security.

But Bruce doesn’t want us to focus on that. No, we must put all this nonsense behind us and look to the future of securing our voting system!

As with your last article on the voting subject you quote yet another news story from the same people who are paying you to write “essays”. All I say is if you want to see where the corruption is, just follow the money. And how odd that you don’t have one essay on what Hillary did and how housing government secrets on a private server is wrong. No PSA, nothing, at least within the last few months.

One last note, your quoted article says that, surprise, surprise, that the great and all knowing James Comey says that it must be the Russians. I have less than zero trust in a puppet who says that he thinks that Hillary didn’t do anything knowingly wrong, but in the same paragraph states that she was careless. Sad state of affairs Bruce. Done with “Schneier on Security”. You are no more reliable than James Comey is.

Ralph Paul August 1, 2016 10:28 AM

@Pepito: The BSI (Federal Agency for Information Technologie Security) specifically did not attribute the Bundestag hack to Russia. They saw they found a pattern pointing to APT28 but not Russia.

http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-targets-german-christian-democratic-union/

See the pattern, “Pawn Storm clearly targets groups that could be perceived as a risk to Russian politics and interests.”, knowing that anything that is a risk to Russia is clearly of interest to the US, NATO and China, it is a nice agitprop phrasing straight from the cold war days.

rover August 1, 2016 10:36 AM

@Zd — Exactly how does hactivist bent and anti US Zeitgeist comport with a potential Trump Presidency? Oh I know if he’s elected the people will rise up man! They’ll protest man…storm the White House man…eject Trump and carry Bernie on their shoulders to his rightful place in history! Personally I’ll take status quo and politics as usual right now and maybe an improvement in election security.

CallMeLateForSupper August 1, 2016 10:37 AM

@all

Does anyone know what rationalle was used to justify abandoning “lever” voting machines? I don’t remember hearing about/reading a discussion of that per se, just back-and-forth about this electronic machine versus that electronic machine.

I am old enough to have used a lever machine many times. I saw one for the first time in the 1960’s as a student (thought the “straight-ticket lever” especially cool). The man explaining the operation of this machine closed by demonstrating that one could step into the booth, register a straight ticket vote, and leave, all in about five seconds.

The down side was that lever machines took forever to boot up. 😉

BrotherChew August 1, 2016 10:41 AM

There does appear to be quite a bit of evidence:
https://www.threatconnect.com/guccifer-2-all-roads-lead-russia/

Aside from the intelligence community coming right out and stating it has made definitive attribution (which will be immediately decried as having sinister motives anyway), how much more evidence do you want for opening up the discussion about it? This blog has always been about cyber security and implications in the real world. This is 100% on-topic and very relevant.

And yes there sure appear to be a lot more sock-puppet posts than usual on here, which I find suspicious all by itself.

CallMeLateForSupper August 1, 2016 10:43 AM

@all

Did a Tea Party National Convention just close? Trolls are all over this blog again.

Ralph Paul August 1, 2016 10:50 AM

Final note:

The IP adress given as proof to the Bundestag hack (176.31.112.10) is located in France.

The French equivalent of the NSA/FBI keeps a complete log of internet traffic in and out of the country for 2 years not only since the state of emergency was officially declared after the Paris massaker.

2014: http://www.bbc.com/news/world-europe-23178284

2015: https://www.theguardian.com/world/2015/jul/24/france-big-brother-surveillance-powers

Thus the French and thus the NSA should have a complete log of what was transfered thru this server. Why would a professional Russian cyber warfare unit expose themselves this way. “FALSE FLAG”, Gladio style ?

qwertty August 1, 2016 11:01 AM

@BrotherChew

from the linked article:

“Now, after further investigation, we can confirm that Guccifer 2.0 is using the Russia-based Elite VPN service to communicate and leak documents directly with the media.”

Using a Russian VPN is not the same as belonging to a russian intelligence agency.

Henry Edward Hardy August 1, 2016 11:16 AM

Jim Clapper has quite specifically refused to confirm Hillary’s counter-propaganda effort regarding how the DNC cheated and stole the election from Bernie.

Ever since you started hanging out with and taking money from the pro-NSA, anti-privacy crowd at Berkman, you have lost some of your objectivity, Bruce.It looks like probably all of it.

Of course that is why they wanted to co-opt you in the first place, right?

Money is honey my little sonny
And a rich man’s joke is always funny

Remember the closed seminar on “Intelligence Gathering and the Unowned Internet,” at Harvard? I was invited and was there. You appeared to be quite clearly on the side of the NSA panel members and Berkman anti-privacy plutocrats.

But look, here is what Jim Clapper said:

Director of National Intelligence James Clapper, speaking about the hack of Democratic Party emails, said on Thursday the U.S. intelligence community was not ready to ‘make the call on attribution” as to who was responsible.’

http://www.reuters.com/article/us-usa-election-hack-idUSKCN1082JL?il=0

ZR August 1, 2016 11:19 AM

This event occurred in May, and was made public knowledge in June – including the evidence suggesting Russian involvement.

If this was truly about security, why did we wait to see what was released before officials and the media decided that this is serious and merited attention?

I was all for exploring this issue when first reported – it is now clearly in the realm of political opportunism (on both sides). Once that happens, I have little hope for any productive outcomes yielding from further discussion, in this instance. Unfortunately, I think we’re better-off waiting for the next troubling breach realization to pick this back up.

Jorel August 1, 2016 11:21 AM

A powerful nation trying to influence public opinion / vote of another powerful nation using all available means, including cyber attacks.
This is the norm of diplomacy of last decades.
I would rather be VERY surprised if a single first tier nation could prove itself innocent of that, instead.

C. Worthy August 1, 2016 11:29 AM

How disappointing that someone long perceived to possess independent, critical thinking skills has so easily rolled over. Schneier joins Brian Krebs, who recently attempted to draw a moral equivalence between one campaign not using DMARC and the other campaign engaging in criminal conduct by not protecting classified information.

Guess we’ve always been on our own, though.

Dirk Praet August 1, 2016 11:36 AM

@ Erich Schmidt

I could be wrong, but it seems like there are mostly a lot of sock puppets commenting so far.

Thank you for this valuable contribution, Mr. Google chairman.

@ rover

Just about to say the same. OK Wow big sock puppet response. Web Brigades …

The somewhat simpler explanation is that many of the regular visitors of this blog – including myself – are gobsmacked that @Bruce apparently is participating in the current anti-Russia sentiment. Today’s essay for CNN is also almost a carbon copy of last week’s The Security of Our Election Systems that originally appeared in WaPo.

There’s two parts to it: first up, nobody likes foreign meddling into domestic elections, and online voting systems from a security vantage are a genuinely stupid idea. I don’t think anybody has an issue with that. Puting the blame squarely on Russia (pun intended), however, is so completely unlike his usual apprehension about such matters that I’m almost wondering if there’s not another message he’s trying to convey to his audience.

From what we know today, there are several indicators and other circumstantial elements pointing to Russia, but there is no such thing as bullet proof evidence that they were indeed behind the DNC hack or delivered the stolen documents to Wikileaks. Even DNI Clapper, of all people, is urging folks to calm down.

What I am seeing here is plain hysteria on behalf of an MSM backed political establishment that through cold war rhetoric is desperately trying to divert attention away from questionable practices within the Democratic party and on behalf of Mrs. Clinton herself, all while struggling to adequately counter with a more positive narrative the ravings of a populist madman.

Mike Amling August 1, 2016 11:47 AM

Erich Schmidt: “I could be wrong, but it seems like there are mostly a lot of sock puppets commenting so far.”

I noticed the same thing. The tactics, namely ad hominem attacks and trying with desperation beyond what any normal commenter would have to cast doubt on the attribution to Russia, make an unusually large number of this thread’s comments appear to be artifice.

Mark August 1, 2016 12:20 PM

@ Henry Edward Hardy,

Those are harsh accusations, but I doubt it’s money. Bruce had always striked me as a patriotic kind of guy and the kind of person who do the right things.

Milo M. August 1, 2016 12:28 PM

#CallMeLateForSupper • August 1, 2016 10:37 AM :

The main motivation may well have been lack of patience to wait overnight or even a few days to see the outcome.

The Help America Vote Act (HAVA) of 2002 is another brick in the wall.

http://www.eac.gov/about_the_eac/help_america_vote_act.aspx

http://www.eac.gov/assets/1/workflow_staging/Page/41.PDF

On the earlier gear and lever machines:

http://americanhistory.si.edu/vote/intro.html

http://americanhistory.si.edu/vote/votingmachine.html

http://americanhistory.si.edu/vote/resources_gearlever.html

Mark August 1, 2016 12:35 PM

@ Ericht Schmidt, “I could be wrong, but it seems like there are mostly a lot of sock puppets commenting so far.”

It’s an election year; sock puppets are out in full force. 😉

Of recent years, the Chino-Russian attack on neo-liberal western ideology is the concept of “King Makers” mostly grew thru memes of the crowds. The concept is a supposition that under democracy, your consent is given to rigged games, thus it is in reality beauracratic totalitarianism. As the net grew, information travels a lot faster, and disinformation campaigns grew sophisticated. We do live in interesting times.

AlexT August 1, 2016 1:01 PM

I guess all informed person – the host of this blog being one – will agree that attribution is a very tricky business in all things cyber.

Hence the obvious question: Bruce, have you been privy to some hard evidence in this case (no specifics needed, obviously, but you have to give more context here) ?

Also I am happy that the security of electronic voting is finally getting on the MSM radar – it’s been a while but maybe, jut maybe, this could be the tipping point.

Ted August 1, 2016 1:10 PM

@ ianf

NATIONAL PRIVACY RESEARCH STRATEGY, June 2016
https://www.whitehouse.gov/sites/default/files/nprs_nstc_review_final.pdf

“People’s lives are inextricably interconnected with cyberspace and information systems. The computing revolution is enabling advances in many sectors of the economy, while social interactions have been profoundly affected by the rise of the Internet and mobile communications. Increasing computerization and data collection in transportation, education, health care, and other areas will accelerate these trends. Massive data collection, processing, and retention in the digital era challenge long-established privacy norms. On the one hand, large-scale data analytics is indispensable to progress in science, engineering, and medicine; on the other hand, when information about individuals and their activities can be tracked and repurposed without the individual’s knowledge or understanding, opportunities emerge for unauthorized disclosure, embarrassment and harassment, social stigma, crime, discrimination, and misuse. The fact that such an opportunity exists can itself have a detrimental and chilling effect on people’s behaviors.”

“The Federal Government is mindful of this risk, and the resulting need for research and development. The White House report Big Data: Seizing Opportunities, Preserving Values highlights the need for large-scale privacy research: “We should dramatically increase investment for research and development in privacy-enhancing technologies, encouraging cross-cutting research that involves not only computer science and mathematics, but also social science, communications, and legal disciplines.”

tz August 1, 2016 1:11 PM

We arranged for the overthrow of the democratically elected president of the Ukraine to put in our neocon puppet. Ukraine has large Russian population centers – Imagine if we removed all bilingual signage and access so hispanics would need translators everywhere.

Putin is just returning the favor in a more gentle way.

We’re playing the great game of empire and we don’t want a ceasefire. Don’t expect cyberspace to escape the battle.

Dirk Praet August 1, 2016 1:25 PM

@ Henry Edward Hardy

Ever since you started hanging out with and taking money from the pro-NSA, anti-privacy crowd at Berkman, you have lost some of your objectivity, Bruce.

That’s entirely uncalled for. I believe our host is well entitled to controversial opinions, especially on his own blog.

@ Mike Amling

The tactics, namely ad hominem attacks and trying with desperation beyond what any normal commenter would have to cast doubt on the attribution to Russia

The entire point is that the attribution to Russia at this time is an educated guess based on circumstantial evidence and speculation, not irrefutable proof that somehow would hold up in court.

Richard August 1, 2016 1:34 PM

I’m glad to see that the majority of the comments share my same frustration. I have lost a bit of respect for Bruce due to his obviously slanted article. Something tells me that if the tables were turned and Donald Trump was severely damaged by a hack then we don’t see this post nor do we hear any concern from Bruce at all. I hope he’s not bringing this level of distortion to Tor.

yoshii August 1, 2016 1:36 PM

Very important logical extract taken from https://medium.com/@jeffreycarr/can-facts-slow-the-dnc-breach-runaway-train-lets-try-14040ac68a55#.asvs0mnia



Problem #1: The IP address 176.31.112[.]10 used in the Bundestag breach as a Command and Control server has never been connected to the Russian intelligence services. In fact, Claudio Guarnieri, a highly regarded security researcher, whose technical analysis was referenced by Rid, stated that “no evidence allows to tie the attacks to governments of any particular country.”

Problem #2: The Command & Control server (176.31.112.10) was using an outdated version of OpenSSL vulnerable to Heartbleed attacks. Heartbleed allows attackers to exfiltrate data including private keys, usernames,
passwords and other sensitive information.

The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.

Problem #3: The BfV published a newsletter in January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure — these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.”

Professor Rid’s argument depended heavily on conveying hard attribution by the BfV even though the President of the BfV didn’t disguise the fact that their attribution was based on an assumption and not hard evidence.

Personally, I don’t want to have my government create more tension in Russian-U.S. relations because the head of Germany’s BfV made an assumption.



The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police

OK. Raise your hand if you think that a GRU or FSB officer would add Iron Felix’s name to the metadata of a stolen document before he released it to the world while pretending to be a Romanian hacker. Someone clearly had a wicked sense of humor.

So yeah, the “evidence” is really not there.
And yes, the USA Director of Intelligence said, …

“Americans need to calm down and stop blaming Russia for hacking the Democratic National Committee, Director of National Intelligence James Clapper said on Thursday.”

http://www.washingtonexaminer.com/article/2598070

Asked if analysts in the media and elsewhere were getting ahead of the facts when it came to attributing the attack, Clapper said, “Yes … We don’t know enough to ascribe motivation regardless of who it might have been.”

Wake up and smell the reality.

hawk August 1, 2016 1:38 PM

Just following along here…

Sounds like any skeptics must be uneducated anti-Hillary sock puppets, but BS groupies are always hyper-intelligent level-headed Guardian & Intercept liberal actors who know better.

Hmm..OK

David Smith August 1, 2016 1:57 PM

I’m more inclined to agree with Dr. Jerry Pournelle, who pointed out that having access to Secretary Clinton’s State Department mail, as well as the DNC and RNC servers, would be a fundamental competency requirement for any world-class intelligence organization.
https://www.jerrypournelle.com/chaosmanor/russian-hackers-quiet-sun-nato-and-the-baltics/

Almost certainly, the Russian, British, French, German, Danish, Swedish, Israeli, etc. intelligence organizations have the files, all or part, and arguably more than just the Russians may have reason to prefer that she not become President. Or, the human mind being complex and devious, whoever leaked the DNC files to Wikileaks may expect the outcome of the leaks to be in Secy. Clinton’s favor.

At any rate, I generally believe that reality is more complicated than anything that CNN (or any of their competitors) will present to their audiences.

Another vote for disappointed.

fajensen August 1, 2016 3:01 PM

@Roy Lipscomb

In Scandinavia, we vote with pencil & paper. Anyone can volunteer for helping with counting the votes or just hang around and monitor the process.

I am not convinced about the results, but, the election process IMO is very secure because even an idiot can understand what goes on and how it works.

Digital voting obscures the election process and makes it untrustworthy. The only benefit is to maybe get results faster, however, elections are held once every 4-5 years so how hard is the need, really? It’s telling that the politicians really like the idea of “modernising democracy”.

biggb August 1, 2016 4:34 PM

WOW … lot’s of posters here with a tenuous grasp of english and english language spelling? Russian trolls maybe? They are out in force here.

As for anyone here asking about “the facts” … have you gone thru (and actually understand) the Initial Crowdstrike report?

https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/

Howabout the follow up report from Crowdstrike competitor Fidelis?

http://www.threatgeek.com/2016/06/dnc_update.html

Another competitor Mandiant also agreed.

I’m going with what the expert reports say. I can understand that most of you don’t really grasp the technical aspects of this. That’s a fault of your grasp and command of the facts, not the facts themselves.

Joe Stalin August 1, 2016 5:00 PM

Bruce doubles down and cites Trump and Melania as agents of the Rooskies (Boris and Natasha) to hack our elections in 50 states and thousands of counties.
I remember seeing that one, Bullwinkle saved the day with Admiral Wrong-Way Schneier.

FH comments above that the column is a recent Schneier 2015 movie plot winner.

Bruce sez it is no longer “whistle blowing” like Snowden (exposing bad things) but “organizational doxing” (evil cyber action) by the fugitive criminal foreigner Assange. Any questions of Hillary Clinton’s Foundation and
missing State Dept. emails is treason, even a joke is suspicious.
Meanwhile, ignore the many previous election hacks by our local oligarchies, they
are weak compared to the all powerful Rooski Putin. Look at his manly bare chest.

The resulting question of many of the comments: how much is Bruce paid?

My questions: has anyone actually seen Bruce in person lately? Do the NSA/FBI got something on him?

Word Playa August 1, 2016 5:08 PM

Bruce sez it is no longer “whistle blowing” like Snowden (exposing bad things) but “organizational doxing” (evil cyber action)

I find it noteworthy how (Schneier’s) definition of orgaznizational doxing has lost its vestigal superset that incuded the publishing of collected public (not private) information.

There is some serious morphing of verbiage going on in this industry… Internet Of Things… Because Things are Magic to most citizens.

Sister Sip August 1, 2016 5:21 PM

@BrotherChew

Aside from the intelligence community coming right out and stating it has made definitive attribution (which will be immediately decried as having sinister motives anyway), how much more evidence do you want for opening up the discussion about it?

Personally I’d like to hear Putin take credit. Given the posturing I’ve seen reported, it almost seems out of character for him to do something like this, and lie about not doing it. Giving the U.S. the finger (ok, forgiving cross cultural sign language translation matrices) seems to be something he’d jump at, not shy away from.

Absent that, I’d reflect on the Schneier quote another commenter pointed out from long ago reminding us that proper attribution takes months, and that implicitly, one ought to be extremely suspicious of people who can’t wait awhile, and instead act as if they are members of a chorus of cyberhawks. Or, if this did happen months ago, one can be suspicious of how it fits into various newscycles.

And in general, am I the only person who doesn’t have an urge to go to cyberwar with a superpower, but instead imagine the proper result is a chastisement of some politico geek that chose to run a program of dubious security? I mean, of all the geeks here, how many of us really imagine this is anything other than some DNC geek who made stronger claims about their system’s security than were warranted, then had that perception acted on for months, then had that illusion shattered? People are still pretending like computers are magical, and even though Schneier said for a decade that they weren’t, people still freak out when their magic stops working just right. And now Schneier probably is just joining a chorus of washington d.c. insiders, rather than find himself as the witch they burn at the stake for causing their magic to stop working.

Classified Clinton August 1, 2016 5:50 PM

@Chris

And how odd that you don’t have one essay on what Hillary did and how housing government secrets on a private server is wrong.

I too am fascinated by the fact that Hillary has apologized for a mistake, but I can’t figure out what precise mistake that was. Hypothetical: Hillary, as secretary of state, finds herself in some kind of time-constrained situation, and makes a tactical decision to use the private server. Perhaps due to the .gov server experiencing technical difficulties that day, or perhaps due to suspected russian hacking that day. Alternately, she uses the private email server to house a sole backup of the unredacted 6000 page torture report that apparently was ‘criminally’ transferred from one room (physical) in the capitol, to another (same building IIRC). Third hypothetical- she got a copy of everything snowden might have taken, so she could sell it to the Chinese government. It seems to matter a lot to me which of these hypotheticals if any are closest to the truth.

albert August 1, 2016 5:51 PM

“…There is virtually no debate about that…” – Bruce.

Good! There shouldn’t be any debate about it.

It’s BS.

When you got one crook running against another crook, what do you get?
[the question is rhetorical]

This is all political theater, folks. Nothing to see here, move along.

Presidents don’t make foreign policy, nor do they make domestic policy. This is a fact.

The playbook is written.

The juggernaut rolls on, regardless.

Let us give this the attention it deserves: None!

Let us pray…

. .. . .. — ….

Grauhut August 1, 2016 5:52 PM

@Dirk: So many earnest voices here! 🙂

en.wikipedia.org/wiki/Operation_Earnest_Voice

Sancho_P August 1, 2016 5:53 PM

@Bruce, do you sometimes re-read the next day, before you go public?

This is a terribly populist essay, driven by paranoia, bare any facts.
Plus the usual “we must …” and “we need …” admonitory words.
Whining like a child.

Pointing at the others (the evil Russia, China, North Korea, Cuba, – the communists).

Shooting the messenger.
Drawing wrong conclusions.
But never admitting our own bad:

  1. Absolutely unacceptable conduct in the Democratic Party (democratic – what a joke, lobby at work).
  2. Using insecure technology in critical environment.
  3. Having no control over critical infrastructure (also see private email server of Secretary of State, and the reason why).

Yes, it is a national security threat when the guard is blind.
And instead is listening to Angie’s conversation with her hairdresser.

Gary Yeagley August 1, 2016 5:56 PM

It is sad to see and have one more good guy fall to the evils of group think without any evidence. Just like with lack of evidence concerning L.H. Oswald, Al Qaeda on 9/11(just the preplanted explosives alone would clue you in on that); lack of evidence is missing here. Did I say lack of evidence enough here?

Tom Kenney August 1, 2016 5:57 PM

Wow…lots of new names on both sides of the aisle today. It’s a regular “Punch & Judy Show”.

Anyway, I must also register my disappointment. This is like watching your favorite TV show, and suddenly the main character does something completely out-of-character simply to further a plot element. This so completely veers off from Mr. Schneier’s previous course. Is this a ‘canary’? Is he saying to us he’s not allowed to tell the truth anymore?

Lastly, the ‘victims’ seem to be spending an inordinate amount of energy proving the identity of the messenger, rather than proving their own innocence of wrongdoing. That’s damn suspicious!

Grauhut August 1, 2016 6:03 PM

@Bruce: “This is a national security threat against our democracy, and needs to be treated as such.”

Come on, is it really a threat to democracy if a hack shows a group of party insiders conspired against one of their fellow presidential candidates? Who is the threat in this case?

You shoot into the fog onto a messenger for the message he reads loud, two classic mistakes in one.

Mr. Obvious (cheeky) August 1, 2016 6:16 PM

Hah the stupidity is entertaining, I’ll join in before taking a drink and making a toast.

My commiserations to the regulars and lurkers for their and our loss and may the tatters of Schneier’s reputation rest in peace relatively unmolested. He, like everyone and everything, was not trustworthy. Hipp hipp 🙂

Pay attention Clinton mobsters and TLA noobs (who the hell trained you?) this is how you do it and not the kinds of comments you peddle against established handles: you use the truth!

As for continuing to visit this blog there’s still enough signal in some of the comments that it might be worth it, so who knows.

Gotcha. August 1, 2016 6:31 PM

He’s yanking your chain. This is A Modest Proposal. The non sequiturs, the jumping from conditional to unconditional statements, the hilarious invocations of ‘our democracy,’ even after it got exploded as a sham by the hacks.

Think it through. Did Bruce fall for it when Saddam bought the aluminum tubes that could only be used for atomic bombs, and smuggled uranium from Mali with blurry but highly incriminating documents, and had a secret meeting with Osama bin Laden, and hid his weapons of mass destruction really, really well? Did he fall for it when Gaddafy gave his armies mass quantities of boner pills so they could rape everybody in sight? Did he fall for it when Assad released his poison gas on his population for some reason? Did he fall for it when Russians shot down MH 17 with those Ukrainian missiles?

No.

So what would make him fall for the latest and lamest war propaganda, against an enemy that could make the USA a parking lot in 15 minutes? Did he suddenly get brain damage or Mad cow or Alzenheimers? No, then he would be stupid about everything, not just this.

This is a massive goof. When the war is over and you’re fumbling around around blind with no skin, crapping blood, he’s going to be like Ha Ha on you, you morons.

Psyop Monopolists August 1, 2016 7:32 PM

On the one hand, this attack is a standard intelligence gathering operation, something the NSA does against political targets all over the world and other countries regularly do to us. The only thing different between this attack and the more common Chinese and Russian attacks against our government networks is that the Russians apparently decided to publish selected pieces of what they stole in an attempt to influence our election,

So let me get this straight- The only thing that was different in this instance, than prior “standard stuff that has been going on all along”, is that the public was involved? I.e. before, all the same kinds of manipulations were happening, but it was controlled by the “Intelligence Community”. In other words, it’s OK when spies steal secrets from politicians, and then use and spread them tactically and covertly to influence public opinion, but as soon as the public finds out that such secrets have been stolen and used in such a fashion- then it’s time to launch cyber world war 3. Okie dokie.

Clive Robinson August 1, 2016 8:18 PM

@ Dirk Praet,

I’ve kind of already said my piece on this a while ago so I was going to sit it out. Then you said,

The entire point is that the attribution to Russia at this time is an educated guess based on circumstantial evidence

I do not in any way think what we have been told sofar meets the burden of proof required as,”circumstantial evidence”, not close, not at all.

As for an “educated guess” again my doubts are quite strong. The company called in supposadly found it was two –supposed– Russian groups within two hours… These groups it has been alleged were in the DNC network for months, yet the company just came in and went “It wos the Ruskies wot dun it” before their second cup of coffee… It’s sounds way to pat to me.

I think that they conveniently found what they were ment to find because somebody has been rather less than subtle. Thus the question of “follow the money” has to be thought about.

From the little that has been reported, a few moments thought will alight on the fact that what has been said are “cherry picked” details to allege it’s the Russian’s. With a little further thought you realise that also what has been claimed is also widely known by others, thus you have to ask if anybody else could do the same? And the answer is an overwhelming YES.

Which brings us to the idea of a false/red flag attack and how easy would it be to do. As far as I can tell due to the fact the supposed APT group had used the same MO a number of times that it was widely known and is would thus be fairly easily reproducible…

Whilst I can not say it is not the Russians I importantly can not say it was not anyone else faking them either. Thus I would be looking very much closer to home for the culprit, possivly an insider…

And lets be honest the Clinton camp needs major diversionary tactics currently.

Pupsocket #327 August 1, 2016 9:00 PM

Did you ever notice that when people claim to have seen a ghost, they ALWAYS describe it (usually in quite some detail) as having been dressed in such-and-such a manner? Shrouds, previous-centuries formalwear, crinoline nightgowns, cowboy chaps, pirate boots, pilgrim hats, whatever? But you absolutely NEVER hear them say something like, “Yeah, he was standing right in front of me, naked as a jaybird, and the guy was hung like a horse!” or “Wow, she really had some wrinkled tits.”

Seems to me there’s been a lot of self-proclaimed Supernatural Belt Buckle Believers around here lately.

Just sayin’.

Mark August 1, 2016 9:11 PM

@ Dirk Praet, “The entire point is that the attribution to Russia at this time is an educated guess based on circumstantial evidence and speculation, not irrefutable proof that somehow would hold up in court.”

It meets the axiom of “never let a crisis go to waste” preached/taught by numerous thinktanks of the belt way (and beyond). The DNC attribution is so obviously a farce, by my educated guess, that it can only be attributed to an election ploy, because election ploys were historically kept dumb & simple (to meet the bell curve of the populace).

Mark August 1, 2016 9:22 PM

@ Grauhut, “Come on, is it really a threat to democracy if a hack shows a group of party insiders conspired against one of their fellow presidential candidates? Who is the threat in this case?”

As I said in my previous-previous post, this DNC revelation fits in-line with recent-year Chino-Russian attack on western neo-liberal ideology from the Progressive Era. Mainly, it’s the conceptual existance of “King Makers” -i.e. a group of permanant cons (and libs) who rig commoner’s games. It is an intrepretation of the “invisible hand” in Adam Smith’s classic.

Thus, the attack and revelation fits in-line with Chino-Russian objectives, as tensions escalate.

Citizenzero August 1, 2016 10:59 PM

@Clive

“[Your entire comment.]”

Precisely.

And thank you for your efforts to apply some badly needed critical reasoning to this issue.

What in the world is happening with Bruce? He’s off the rails.

koanhead August 1, 2016 11:38 PM

I’m sorry if this is a threadjack, but on a related subject it seems that our electoral process could use some hacking by us, the citizens. The Democratic Party has nominated a candidate for President who regularly polls poorly against the Republican candidate. There’s a large pool of potential Democratic voters who have stated their intention to not vote for the Democratic candidate on the grounds of distrust. It seems to me that, if the candidate were to execute some unambiguous, non-repudiatable public signal of trustworthiness, then at least some proportion of this pool of voters might be persuaded to vote for the Democratic candidate. The variety of signal I have proposed (at https://koanhead.dreamwidth.org/2759.html) is a published contract, but there are probably better ones available. I hope that this idea is useful in some context. If you like it, take it.

Anonymous person August 2, 2016 12:11 AM

Bruce I can’t believe you believe this bullshit about it being the Russians who hacked Hillary’s basement server and the corrupt DNC. Even worse you’re perpetuating the bull it without proof. If you don’t provide proof YOU are part of the problem.

Pepito August 2, 2016 3:59 AM

@Dirk Praet and others disappointed with Bruce and contemporary politics

Do not discount irrational reactions when cultivated learned people are faced with the prospect that the ‘proudly gross and non-learned’ may be elected. I saw it in Italy during the Berlusconi era. Smart good people feel compelled to fight for the ‘good against evil’, and peer pressure to fall in line and make common wall against the unpalatable candidate is strong, to the point of setting aside long-held opinions and siding with candidates who may themselves be troubling.

Here, leaks exposing malpractice turned from whistle blowing to cyber-war attacks, admonitions that attributing IT security breaches is a lengthy and complex process gave way to quick finger pointing and calls to arms, weak evidence is credited as strong proof, extreme vulnerability to black mailing by domestic and foreign entities is of no concern for a presidential candidacy and even unworthy of discussion. Contrary opinions come from sock puppets, ends start to justify means, double standards of prosecution for deliberate security and public accountability violations are accepted, due questions are not asked, and embarrassments are rationalized away or tacitly accepted as the lesser evil.

Unfortunately this has a corrosive effect on democracy itself. It discredits ‘the learned few’ at the same time telling the majority of voters that no matter how many votes, their ‘populist’ candidate of choice is nevertheless unacceptable, because those votes must be coming from gullible/uneducated/scared ‘unworthy’ voters. After a while this backfires as we may be seeing here in Europe with the Brexit win, nationalist parties growing, and politics descending even more into the ‘us against them’ attitude, ironically following the example set by the wise and educated out of their concern to stop ‘evil and ignorance’ at all costs. Catchy enemies are easy to make up, be it Russia, populism, the lobbyists, government spending, tax evaders, welfare leeches, American imperialism, xenophobes, foreigners, or whatever can be rallied against in any given country. The majority democratically electing the winner is by definition not the most educated or 1%. There is no gain in opposing wrong with wrong while patronizingly telling the average voter that some are smarter and know better. Especially when ‘the smarter’ are not perceived as sharing the same concerns as the average person, and the average person feels educated enough (rightfully or not is immaterial) not to look up in awe anymore to the local priest, doctor and school teacher as unfathomable sources of wisdom whose recommendations one just conforms to.

Re. lots of new names today: doesn’t necessarily mean much. It’s conceivable that regular lurkers who don’t feel qualified to comment on technical topics may have something to on-topic say when the post has primarily political character. My perception is this blog over the years drifted from technology toward policy and it may now be drifting toward politics.

Lurking from UK August 2, 2016 4:59 AM

Looking at this from the UK, it is starting to bear a number of similarities to the Brexit campaign, in that Hilary is taking the “vote for me or the Russians will take over and the world will end” stance.

In terms of who did the leak, based not on evidence just gut feel, is that it is one of two options:

1) A very upset Bernie Sanders supporter, working to expose the wrongs that have been done.
2) The IC themselves, as a shot across the bow to Hilary, to just remind her what they have and to behave.

Why have the experts sold their souls? Promises of future contracts and a long and prosperous future. Wouldn’t be the first time and certainly won’t be the last.

I’ll take my tin foil hat off now and go back to lurking.

doesn't matter August 2, 2016 6:15 AM

This whole debate is futile when the entire ‘democratic’ process boils down to who can pull together 10e8 USD campaigns. I’d like some reference to the history of how this system came to be. It’s also pretty funny that the Russian bogeyman is being revived. Does it really evoke anything in any US citizen younger than say 40? The Russian economy is broken and without hints of being fixed anytime soon. All this hysteria is actually a gift to Putin and his reputation in the eyes of his own public.

Skeptical August 2, 2016 7:53 AM

@Clive: The company called in supposadly found it was two –supposed– Russian groups within two hours… These groups it has been alleged were in the DNC network for months, yet the company just came in and went “It wos the Ruskies wot dun it” before their second cup of coffee… It’s sounds way to pat to me.

Where did you read “two hours”?

The DNC network operations team asked in April for an expert security firm to be retained for the purpose of examining what the operations team believed to be indications of compromise, and if so, for taking remedial action. In other words, before Crowdstrike was ever hired, the network operations team had collected something sufficient to merit an expensive engagement.

Two months later, in mid June, Crowdstrike released a post stating its findings. Within 24 hours or so of that post, “Guccifer 2.0” emerged to dispute Crowdstrike’s conclusions – and as with many a hastily organized disinformation campaign, this one went quickly and rather disastrously awry.

Two other firms, Fidelis and Mandiant/FireEye, obtained samples of the malware used in the DNC exploitation. After reverse-engineering the samples, they drew the same conclusion as Crowdstrike.

Let me tell you what I find remarkable:

Three independent companies with strong expertise in this area found the evidence sufficient to identify the actors responsible. If the particular components isolated were easily replicated, it is rather surprising that they are not in wider use (cue someone to stand up and shout something about procedure Z being available on github – which is as persuasive as someone shouting that implant X could not be advanced malware because it uses publicly available encryption).

All three companies obviously believe that aspects of the operations detected are NOT easily replicated. All three companies staked their most precious asset – reputation – on the conclusion.

The alternative hypotheses – another government who both perfectly reflected the techniques of the two actors detected and who engaged in the high-risk Guccifer 2.0 stunt to burnish (without need) Crowdstrike’s conclusion, or that this was an “inside job” of some kind, etc. – are rather dubious, to say the least.

Of course, we should bear in mind that the decision to compromise a system and collect information is not a decision to use that information in a particular way. It’s very possible that the collection operations were mounted almost as a matter of standard procedure – what nation with the capability would not want to learn everything they could about the person likely to become US President.

One might also ask whether one would risk one’s best techniques and newest creations on the penetration of a political campaign, or whether one might use tools effective in the past and against most targets but which were no longer useful against the most protected.

Of course, at some point, a decision was made to feed the take to a long-standing information operation.

The decision to use the fruit of an intelligence operation as the material for an information operation… that’s the truly interesting part about this.

Interesting because whoever made that decision must have known of the risk that the intelligence operation had been compromised. Was the risk of compromise underestimated, or was the risk of a damaging US response underestimated? Or both?

The current US President is deliberative. He’ll have all the facts, will have heard all the opinions, and will have assessed all the options – and then decision will fall.

Though I don’t expect it, I would imagine the price for avoiding a US reprisal per its deterrence policy in the cyber-domain might be the cutting of ties with assets, witting and not, who have served Russia in the past in such operations – such as Wikileaks and certain of those (not all) associated with it. Little else would be sufficient to signal that Russia understands the miscalculation it made, and that it does not intend to engage in similar conduct in the future.

Clive Robinson August 2, 2016 8:10 AM

@ Skeptical,

Three independent companies with strong expertise in this area found the evidence sufficient to identify the actors responsible.

Yes and guess what if you look back a little you will find “previous” at misatribution.

So I’ll stop at that point and let you do a little revision on your definition of “strong expertise”.

For the record these companies are generaly founded by or use ex US Mil “cyber” bodies. The history of exifiltration etc from .mil networks etc should be ringing bells in peoples heads…

Oh Mandiant has the enviable record of post fact agreeing with USG “China APT” and ignoring warnings that China was not the main player in the game. Now the USG spotlight has moved to worrying about “Russian APT” guess who Mandiant are post fact agreeing with them again…

The simple fact is sometimes the organ grinder’s monkey dances the way it’s supposed to lest it looses the life style it has become accustomed to…

Ricardo August 2, 2016 8:30 AM

Writing from Brazil, where electronic voting machines were adopted in 1996.
This is a disaster! Here, it is impossible to audit the results.
The communist governments of Fernando Henrique Cardoso, Lula and Dilma Roussef followed the Stalin’s quote:
“I consider it completely unimportant who in the party will vote, or how; but what is extraordinarily important is this—who will count the votes, and how.”

Robert Shaw's Evil Twin August 2, 2016 9:45 AM

We’d just finished havin’ our eyes bleached after watching the 2015 “reality TV” season, and it was suddenly time for the next election cycle. Flipped on The Big Glowin’ Tit just before dawn. We didn’t see the first blow-dried sociopath’s press conference for about a half hour. Fifty-IQ-er. Ya know how you can tell that when you’re in a barcalounger, Chief? Ya tell by feelin’ the last vestige of hope for the human race being sucked out through your ears. Very first light, the politicians would come cruisin’. So we formed ourselves into tight groups in dens and rec rooms, and the idea was, the mealy-mouthed puke would start to convince the nearest watcher of the validity of some meretricious gibberish, and that poor bastard’d start whinin’ and hollerin’ and screamin’ and sometimes the politician would stick his own foot in his mouth. Sometimes he wouldn’t. Sometimes that politician, he looks right into you. Right into your eyes. You know, the thing about a politician is, they’ve got lifeless eyes, black eyes, like a doll’s eyes… until that red light on the camera comes on and they see all of you sitting out there, and those black eyes roll over all glassy. And then, ah, then ya hear that terrible high-pitched manufactured-crisis-shriekin’, and the camera zooms in to reveal the Spectre ring on that podium-poundin’ hand, and in spite of all the cringin’ and the remote-punchin’, they all come in and destroy your last rational thought. Ya know, end o’ that first hour, I’d flipped through a hundred of those “debates” and “announcements” and smear commercials. I don’t know how many beady-eyed blowhards, maybe a thousand. I don’t know how many watchers they electronically lobotomized, they averaged three million an hour. Ten o’clock, Chief, I noticed a friend of mine next to me on the couch, Professor Farnsworth from MIT. I thought he was asleep, reached over to wake him up. Well… he’d been turned into a morbidly obese wifebeater with little piggy eyes. Noon the second day, an independent screenwriter saw us. Young feller, not much older than Mr. Hooper here. He passed by a TV in a department store window and he saw what they were doing to us, and he started pitchin’ thousands of sissyboi sitcom plots to draw the network executives away from us. You know, that was the time I was most frightened, waiting for my turn? I’ll never turn on a television set again.

TL/DR: I am reminded of John Nash’s memorable quote about how the conquest of his mental illness began “with the rejection of politically-oriented thinking as essentially a hopeless waste of intellectual effort”.

Dirk Praet August 2, 2016 10:02 AM

@ Skeptical

Three independent companies with strong expertise in this area found the evidence sufficient to identify the actors responsible.

Unless said companies are withholding certain findings from the public, the so-called “evidence” they brought up was either debunked or cast serious doubt upon. I believe there are several pointers to that somewhere in this thread. That’s why @Clive, myself, many others and even James Clapper remain all but convinced at this time.

@ Pepito

There is no gain in opposing wrong with wrong while patronizingly telling the average voter that some are smarter and know better.

It is a persistent myth that all votes cast for populist parties are from idiots and racists. The majority thereof comes from ordinary people that have been left behind by a political establishment that, controlled by lobby groups and corporate money, has lost touch with large parts of its electorate and that has exempted itself from accountability and punishment.

Democracy, all over the planet, has been hijacked by global capitalism to the point that many people have lost faith in it and have become susceptible to populists like Trump, Farage, Johnson, Le Pen, Salafist preachers and the like and whose cure will unfortunately prove even worse than the disease. You don’t counter their narrative with patronizing people, implementing a police state or reviving cold war rhetoric. You do so by listening, being transparant and cleaning up the mess. If that’s no longer possible, then your democracy is doomed.

r August 2, 2016 10:08 AM

@Dirk,

Debunked? Really??

At best I would say it’s just not concrete, especially where the X-Tunnel malware is concerned: anyone who had the chinese version (source) could’ve easily rebound it with Russian.

But then again, I don’t believe in co-incidents.

r August 2, 2016 10:14 AM

@Dirk,

Furthermore, malware aside.

The encoding schemes would’ve been privy to investigators only, and as stated they were shared with previously (assumedly) identified state or state aligned actors.

Everyone has their own quirks, if one wants to avoid being fingerprinted then HLL is the only route and as we’ve seen recently EVEN HLL isn’t enough to remove all traces of fingertips from emitted binaries. There are specific encryption methodologies to the variant employed that overlap previous footholding techniques.

Dirk Praet August 2, 2016 11:38 AM

@ r

Debunked? Really??

Debunked in the sense of “not a smoking gun”.

The encoding schemes would’ve been privy to investigators only, and as stated they were shared with previously (assumedly) identified state or state aligned actors.

Assumptions are ok for working theories, not for definitive attribution. Fortunately, in court, the burden of proof is somewhat higher. And no argument over the metadata or footprinting. Some traces are indeed very hard – if not impossible – to get rid off, but conclusive evidence so far? None.

But I’m not surprised that Russia is being fingered. Ever since they intervened in Ukraine and Syria, thwarting US foreign policy in those regions, there has been a spectacular revival in cold war rhetoric on behalf of US MSM and politicians. And Mrs. Clinton going live on national TV formally accusing Putin without even positive confirmation of the facts by her own IC fits perfectly with that picture. Politically way more expedient than admitting the unsavory practices revealed within her Democratic Party. Let’s just shoot the messenger, and who better to shoot than the man everyone loves to hate.

I’m actually quite sure that at the height of the Chinese APT or Korea hacking craze some time ago Mandiant and FireEye would have been able to produce equally convincing evidence leading to one of those governments.

Skin In The Game August 2, 2016 12:04 PM

@Skeptical

All three companies obviously believe that aspects of the operations detected are NOT easily replicated. All three companies staked their most precious asset – reputation – on the conclusion.

Isn’t it remarkably fascinating that despite all the logic of this, Skeptical neglects consideration of why U.S. citizens have to make their assessments based on the word and reputation of these three courageous companies… Instead of, like, ya know, the NSA putting ITS REPUTATION at stake. Funny how they don’t like to do that.

Ink Still Matters August 2, 2016 12:10 PM

@doesn’t matter

This whole debate is futile when the entire ‘democratic’ process boils down to who can pull together 10e8 USD campaigns.

Something about not fighting a war of words and ideas with people who buy, or can afford to buy, ink by the barrel. Printing presses are f’ing awesome. Maybe someday someone will invent some magical global cloud that makes barrel buyers less relevent. Probably some politician will then try to steal that cloud and fit it in their basement to hog it all to themselves after they get their sysadmin to plead the fifth…

Zd August 2, 2016 1:18 PM

@Skin In The Game: Trusting or an independent third party (like a security company investigating the case) is basically the only way one can have an opinion of the DNC hack – or, in fact, on any hack and on any attribution ever.

Mandiant, Crowdstrike and all the others won’t ever publish their full technical review of the DNC hack or the entire basis of their intelligence regarding APT28 and APT29. It’s just not going to happen. First of all because all these details would be, at this point, second hand source, so why would it convince anyone? One could always claim these companies are lying about the information they are providing, and then we would be back to square one.

Second, because a lot of their intelligence is based on proprietary information, or things they don’t want the bad guys to know. Pretty much any evidence can be “faked” one way or another in the IT world, so when you can reliably identify a threat actor because of an error they reliably do, you don’t tell them so that they continue doing it.

In the end, like a lot of other things in life, it all comes down to trust. Should we trust a company like Mandiant or not? We’re talking about one of the top shop around, so for me personally it’s going to take more than vague claims on the fact that they did mistakes in the past (who hasn’t?) to convince me they are lying or part of some grand DNC conspiracy. And the people who are trying to “debunk” Crowdstrike assessment based on meager details written in media outlets are kind of telegraphing how out of the loop they are about how these things are done in the real world.

As for the NSA, they are even less in the business of convincing the general population about what they know or not – plus, many have a knee-jerk reaction over anything they are saying, so why the hell would they even bother?

Kurt August 2, 2016 1:50 PM

@Zd and Wael: When somebody with the reputation of Bruce can find to publish a piece like this one it becomes difficult to trust anybody just on their word. Barring confirmation bias.

r August 2, 2016 1:54 PM

@Zd,

Better you than me, my multiple attempts at drawing that picture would lead to an escalation of the skillsets involved. Thank you for letting me keep all of my eggs (in one basket).

@Skeptical,

The more I see you write, the less I understand why people don’t like you.

r August 2, 2016 2:00 PM

@Guccifer 2.0,

If you’re listening – there are no more welfare lines in Russia – the jig is up for you my friend; you’re OPSEC was subpar and caused co-lateral damage to your employer and thus your fellow countrymen. My recommendation? Take a vacation (far away from Russia) and come clean with your story – there’ll be one less Russian Vx’r and the world public can have a nice fresh insider’s view of the troll farms on that side of the planet.

doesn't matter August 2, 2016 2:09 PM

Ink Still Matters:
I don’t understand what you’re saying. I just mean no other democracy in the world seem to need nearly as much money going round just for running an election campaign. BTW what is the average budget of a congressman campaign?

Skeptical August 2, 2016 2:24 PM

@Dirk: Unless said companies are withholding certain findings from the public, the so-called “evidence” they brought up was either debunked or cast serious doubt upon.

They publish enough for one to understand the general method used, and general indications and identifying characteristics used. They provide a few examples to illustrate their points. For the kind of specifics you seem to be after, I suspect you’d need to sign a NDA. This is their business; you’re not going to get a HowTo.

Nor has anything been “debunked.” Some seem to think a blog post represents the entirety of their analysis in full specificity – which is a truly silly conclusion to make.

Crowdstrike’s conclusions, based on their expertise and the stake they have in getting this right, raise the probability of accuracy to more likely than not. That’s without the detailed specifics that would enable an expert to draw more definitive conclusions.

But this company sent samples of the malware to two other highly respected firms – both of which conducted their own analysis, and both of which came to the same conclusion.

The people who do this aren’t idiots. Neither are they parties to some utterly massive conspiracy to deceive the public. They’re experts at the top of the field.

Now – one can take those vague phrases in the respective statements of these companies seriously, understand the illustrative purposes of the examples offered, and conclude that behind them is a sound methodology and execution – or one can think that, after reading a few blog posts here and there, one can determine that these experts have all been duped.

The statements alone aren’t sufficient for the President to render a decision, of course. We can count on every detail receiving extreme scrutiny, and we can count on the US Government having access to additional sources of information, and expertise. There will be a process, scrutiny, and then more process and scrutiny of policy options. And then – maybe – we’ll learn what the conclusions were.

Moreover – and I love the way that no one has said much about this – no details have been released as to what made the DNC network operations team decide that they needed to engage a firm like Crowdstrike. Was it the ops team on their own? Who actually detected the network intrusion, and data exfiltration, in the first place?

What the Russians should be asking themselves is: how early in this were we owned, and what the hell did we take back with us other than those documents?

I have no idea. But I find that possibility far more likely than that the three companies to have actually examined the evidence are all wrong, that the hasty Guccifer 2.0 was anything other than a rushed attempted at obfuscation run by the Info Ops side, which quite plausibly may have bumbled a detail or two in the technical handling of the documents, etc.

Then again – sometimes things are that simple. An alert engineer notices an anomaly, digs a little, sees something else, does some passive data collection, and gets enough for the team to make a call to the boss.

I believe there are several pointers to that somewhere in this thread. That’s why @Clive, myself, many others and even James Clapper remain all but convinced at this time.

Clapper’s statement on attribution: I don’t think we’re quite ready to make a call on attribution.

Now, I do think it’s charming that suddenly so many are willing to take Clapper at his word. It shows a very admirable agility of mind not to remain committed to simplistic old lines of thought.

In any event, Clapper can’t express a view on this before a policy decision is made. For him to do so, at this juncture, would immediately alter the political landscape and limit the President’s options. Congress is out for blood – and I mean both parties. If Clapper had so much as hinted that he thought Russia responsible, the President would have 535 members of Congress standing united in demanding an immediate response. And if the President didn’t pass out from shock at the sight of Congressional unity, he’d be hard-pressed to actually put them off for long.

So until the President has made a decision, and only if that decision is to be made public, don’t expect Clapper to offer an assessment – other than very vague procedural truths such as the above.

Incidentally, keeping options open is also the point of his “don’t hyperventilate” line. They don’t want to be boxed into a response before they have a chance to fully weigh their courses of action. They want to understand what they’re dealing with – and that understanding will determine the nature of the response.

Let’s just hope Russia didn’t place too much on this particular roll of the dice. Because the consequences could be quite unpleasant for everyone. China didn’t agree to a massive reduction in commercial espionage out of the kindness of their hearts; they understood that US interests were such that the US would undertake mutually painful countermeasures to combat the practice. Anyone who thinks the US Government to be willing to do any less here should rethink things.

David Leppik August 2, 2016 4:38 PM

According to VerifiedVoting.org, hackers are unlikely to swing the election.

Florida, Ohio, and North Carolina use a mix of paper ballots and electronic machines with VVPAT (Verified Voter Paper Audit Trail.) Pennsylvania is mainly electronic without VVPAT. According to FiveThirtyEight.com, these are the most contested swing states.

Pepito August 2, 2016 4:40 PM

@r
Putin must be scoring big domestically on this whole story no matter what Russia’s true role was, if any. Their economy may be bad but sure they are having fun thinking their country first hacked, then exposed the pretty workings of US politics, and finally made fools of the leading US presidential candidate and her party. To the point of Clinton publicly freaking out accusing another country (a former Secretary of State even!) at the same time Clapper says there is no attribution yet.

Wael August 2, 2016 4:54 PM

@Kurt, @Zd,

When somebody with the reputation of Bruce can find to publish a piece like this one it becomes difficult to trust anybody just on their word. Barring confirmation bias.

That should be the normal mode of operation! Trust no one. Can be @Bruce Schneier trusted? He answered that in the past. Me? Look at the foot note in one of my responses on the topic.

As far as what @Zd said (wrote), it’s 100% true and the logic is sound. I read the sources, the logic and justification, then base my conclusion or formulate my opinion based on what I could verify. That doesn’t mean that @Zd is correct (or incorrect) in his conclusion, it just means that his approach and logic are sound.

r August 2, 2016 5:10 PM

@Pepito,

That’s the point I was going to make the other day, when somebody said “their economy is broken.” I was like, Russian economy fsck’d ??? only during a low oil economy! It’s like people can’t even see a dog with rabies will bite you. To Russia, unfortunately: America is the big bad guy. There’s just no other way to put it, if you’re in prison you’d like nothing more than to stick it to the man yanno?

r August 2, 2016 5:11 PM

@Pepito,

But nobody wants to blame the snitch in the other cell, getting fat off turning you in for your vouchers.

Dirk Praet August 2, 2016 6:12 PM

@ Skeptical

Incidentally, keeping options open is also the point of his “don’t hyperventilate” line. They don’t want to be boxed into a response before they have a chance to fully weigh their courses of action. They want to understand what they’re dealing with – and that understanding will determine the nature of the response.

Well, ain’t that the truth? Until such a time that there has indeed been a fully confirmed attribution based on damning evidence and appropriate policies agreed upon within the administration, perhaps it would be better if politicians and especially presidential candidates would STFU and exercise a minimum of restraint instead of openly accusing other state actors to cover up their own dirty business.

If at some point the USG believes it has irrefutable proof based on the full or partial reports of both private parties and its own IC, let them present their evidence before the UN to be objectively reviewed by the international community. And no, nobody will take your word for it. That ship sailed a long time ago after your false allegations about Saddam’s WMD’s. Or you could take it to the ICJ. But yes, that’s right, the US does not recognize that court’s compulsory jurisdiction.

@ Zd

And the people who are trying to “debunk” Crowdstrike assessment based on meager details written in media outlets are kind of telegraphing how out of the loop they are about how these things are done in the real world.

Trust is earned. The USG and the IC have lied before. And without calling Mandiant, FireEye etc. liars too, the simple fact of the matter is that not everyone is prepared to make positive attributions based on assumptions and partial reports, the more sensitive elements of which are above the public’s paygrade.

If “the way things are done in the real world” means that we should just accept the word of politicians and go with incomplete information for reasons of “national security”, then we have just given the USG and for that matter any other government a blank cheque to bomb the cr*p out of the next country.

In a sane world, the (probably) incomplete FireEye and other reports should never have been published and Hillary Clinton should have kept her mouth about Russia until a solid case could have been presented for international arbitration and through diplomatic channels. In the current political climate in the US, it was just not politically expedient to do so.

r August 2, 2016 6:43 PM

@Dirk,

In all fairness, you’re in what? middle europe dirk? This type of sabre rattling probably makes you very nervous. With all due respect, when it comes to EW – I wouldn’t show jack squat to the UN. There’s too many interests at play, and Europe has a long history of being under various forms of authortarian rule. Do you have the right to know what’s going on behind the scenes when you’re caught in the middle? Sure, but I’m still not going to tell you guys how to defend yourself or how to recalibrate your attacks to not be detected. Just because the wall fell doesn’t mean that the shadow has passed, or did you miss that memo? You heard Russia, your governments are all under the control of proto-fascist-nationalist regimes and you want the US to give you power? BAH!

Unfortunately for democracy, the totalitarians have learned that the only long lived legacy’s are the ones that don’t transfer power. How do we build dikes against that kind’ve constant pressure?

Education, Security, Transparency, Accountability…

We’ve already lost this war haven’t we?

Haw-Haw August 2, 2016 7:09 PM

Painful countah-meashahs.

Now, Skeptical has been practicing another little fantasy speech in the mirror, and he’s going to give it to you up there at 2:24, so everybody pretend you’re famous statesmen, and you’re giving Skeptical the little prissy finger clap and nodding and going Hear, hear! and Decidedly! so he can pretend he’s Lord Arthur Somerset.

Course you’re really thinking, Yeah, right. Peng Dehuai ground you down and forced you to the table. Giáp humiliated your ass, with a little help from his allies. The Habargidirs chased you home. Sadr took Iraq away from you. Brennan sent one of his Turkish traitors to shoot a Russian fighter out of the sky in a sneak attack in breach of Hague III, and the agonizing pain of it made Russia give up and rip Turkey outa NATO.

Give the СБРФ too much shit and they will show you crooked beltway timmies what pain is.

r August 2, 2016 7:27 PM

@Haw-Haw,

What’s that speel?
Gestapo??
Gespacho???

Who ya gonna exposé next? You see, we already KNOW they’re corrupt… So the only people you can hurt are your own, and the turks by your words.

And here I was enjoying my evening when one of your 9-5 vladivostok time trolls came online, make sure you’re using Tor or i2p you wouldn’t want to bring someone home with you at the end of your shift.

You’re still mad about losing your weekend to triage, if you had real unions over there like we have over here there’d be no way in hell you would’ve lost your weekend to that stunt.

https://www.f-secure.com/virus-info/v-pics/ambulanc.gif

tyr August 2, 2016 8:00 PM

@Clive

This looks like what Varoufakis calls the
bankruptocracy making a vain attempt to play
CYA by diversion to the designated Villain.

We know the ‘Putin done it cries’ sell well
to the gullible public after decades of brain
washings. Particularly when the advocates are
ready to toss the rules of evidence out to start
the procedure.

Conflating this with the egregious mess of USA
politics just makes it all the worse. The DNC
has screwed up badly (maybe criminally) in their
rush to shove their choice down everyones throat.

They need a scapegoat and something to take the
heat off them. The sock puppetry here shows who
the IC has chosen to promote probably in hopes
they won’t be rifed for incompetence if the
poster boy child gets into the office.

The Bruce done it chorus is ridiculous since I
missed the part where he presented the article
as gospel that must be trusted.

OT
@ianf,
Gutenberg #52680

A marvelous Vilfredo Pareto style footnote scandal.
Wife of French Finance Minister shoots editor of
Figaro in his office to save the editor from her
husbsnds violent temper, with pictures, political
scandal, recriminations and a great hoohaw as only
the French can do it.

Grauhut August 2, 2016 8:28 PM

@Mark: “It is an intrepretation of the “invisible hand” in Adam Smith’s classic.”

What would Adam Smith tell you if you could tell him this interpretation? 🙂

The “invisible hand” is not a cartel.

Grauhut August 2, 2016 8:35 PM

@Skeptical: “They publish enough for one to understand the general method used, and general indications and identifying characteristics used. They provide a few examples to illustrate their points.”

Do you remember those funcking funny AAA-Ratings for dead credit bundles? 🙂

These funny rating agencies also published enough for one to understand the general method used, and general indications and identifying characteristics used. They also provided a few examples to illustrate their points.

These “researchers” are all payed digital age mercenaries and they find what they are payed for. Just like those raters rated as they were payed for. Wake up, check your credit card, buy some common sense! 🙂

Mark August 2, 2016 10:40 PM

@ Clive Robinson, “For the record these companies are generaly founded by or use ex US Mil “cyber” bodies.”

Lol, that should be a plus not a minus.

@ Grauhut, “The “invisible hand” is not a cartel.”

Sure, but as far as I know, you cannot be Adam Smith.

“These “researchers” are all payed digital age mercenaries and they find what they are payed for. Just like those raters rated as they were payed for. ”

follow the money…

Anon10 August 2, 2016 10:43 PM

@dirk

If at some point the USG believes it has irrefutable proof based on the full or partial reports of both private parties and its own IC, let them present their evidence before the UN to be objectively reviewed by the international community.

That’s never going to happen, because any proof that approaches irrefutable in cyber would probably involve sensitive intelligence sources or methods. What the UN chooses to believe or not in this case is of no concern to the US.

Mark August 2, 2016 10:47 PM

@ r, “The more I see you write, the less I understand why people don’t like you.”

Then Skeptical is a reflection of your true self, my friend.

r August 2, 2016 11:14 PM

@Mark,

In all fairness, do I sound Skeptical to you?
https://www.schneier.com/blog/archives/2016/07/friday_squid_bl_537.html#c6730129

Anyways, these trolls all came out at just about the same time – they pretty much operate from what seems to be a script. Point counter point. The first thing they did before their ever prescient arrival was test the spam filters. They (mostly) wont even get into real discussions like someone pointed some barrels sputnik agents over here. The few that dew are so lack luster brilliant that they sound like they’re history majors… And I know for one that the books they’re reciting word for word from are not sold on Amazon.

When was the last time you saw ‘The Glorious Soviet Empire’ offered up on amazon?

They have been trained in english, that costs alot more than your typical ice farmer can afford.

And they’re all epousing our leaders are corrupt? Are you even sure they can read the new york times?

Every last one of us are targets, don’t kid yourselves. We know that because of the NSA. And the one thing the United States wouldn’t want to do is get into a showdown with the wrong people.

SO INCASE YOU’RE JUST TUNING IN:
Do you know what the 1 magic spell is that all magicians know?

It’s the spell of doubt.
They will cloud your field of vision with chaff until you can’t see anymore and only then will they strike. So yeah, you heard the man – turkey is next, syria is next door. The Russians are coming and the seeds of distrust have been planted all around.

The harvest moon is rising, and Europe and the Middle East are going to get plowed.

Mark August 2, 2016 11:21 PM

@ Dirk Praet wrote, “Trust is earned. The USG and the IC have lied before. And without calling Mandiant, FireEye etc. liars too, the simple fact of the matter is that not everyone is prepared to make positive attributions based on assumptions and partial reports, the more sensitive elements of which are above the public’s paygrade.”

Trust is earned, indeed.

We’re writing about present day events, with such uncertainty, that it makes me wonder about all things past, as Histories were written by the victors, and chosen by the victors of victors, reciprically. What lurks in the shadows of our past, as what evil lurks in the hearts of men, once wrote. When a mistep took place as your first step, chances of making it out of a sophisticated maze is slim to none. All the metrics and indoctrinations, of tangible and “intangible” worth, of which derivatives are conjured to place value out of apparently “thin air” is another rather interesting subject, and in coherence to “attributions”, “assumptions”, “partial reports”, and “paygrade.”

Mark August 2, 2016 11:28 PM

@ r, “In all fairness, do I sound Skeptical to you?
https://www.schneier.com/blog/archives/2016/07/friday_squid_bl_537.html#c6730129

It’s a poor man’s con game. The rich don’t play it that way.

“SO INCASE YOU’RE JUST TUNING IN:
Do you know what the 1 magic spell is that all magicians know?”

Two-trick ponying goes a long way…

“And they’re all epousing our leaders are corrupt? Are you even sure they can read the new york times?”

I don’t follow them as closely as you do, so I don’t know, but the attack is on an ideological one for sure. It’s the moral high ground that we built a mote around, that they are attempting to cross, that much I know.

r August 2, 2016 11:38 PM

@Mark,

They don’t have to cross it, unless there’s an optical illusion involved:

The DNC crossed it. But I hear you on the 2nd trick, I forgot about misdirection but that’s not a spell for your head it’s one for your eyes. What’s China got going on they’re awfully mum, not even so much as a headline and NK’s recently been hacking banks. Not to mention China /w the FDIC.

Coyne Tibbets August 3, 2016 3:19 AM

While their motivation remains unclear,

Even though they lack an obvious motive, their objective is clear enough: attack and destroy the DNC and Hillary Clinton.

I think the real question is: Who would have the motive for an act like that? Possible answers: Republicans. Plutocracy. Corporations. National security apparatus.

Take your pick, but the list of those who might have motivation suggests someone here in the USA is paying for the attacks.

Dirk Praet August 3, 2016 3:49 AM

@ r

In all fairness, you’re in what? middle europe dirk? This type of sabre rattling probably makes you very nervous.

I’m in Western Europe, and are you surprised?

What we’re seeing here across the pond is that the US as a nation appears to have gone collectively bonkers ever since 9/11. Bin Laden and the PNAC have actually won. Common sense, restraint and diplomacy are totally out of the window and have been replaced by secrecy, lies, paranoia and cold war rhetoric. National security dominates every debate, trumping every other argument. Resolution of conflicts through the UN is considered an exercise in futility. Your upcoming presidential election is one between a narcissistic madman and a Wall Street war mongerer. Need I go on?

And, yes, we find this evolution pretty unsettling over here, especially when even folks like our host are starting to fall victim to this collective madness. If you have some spare time, may I suggest watching The man who saved the world some time ? Because that’s exactly where the world is heading to once again if you guys continue on this path. Only this time it may not end well.

Grauhut August 3, 2016 4:19 AM

@Mark: Yes, i am not Smith, but i am at least able to read his texts! 🙂

“without intending it, without knowing it, advance the interest of the society”

The conspiracy of the DNC power cartel was knowingly intending to kick Sanders out of the game. Thats not the famous “invisible hand”. 🙂

ianf August 3, 2016 6:44 AM

Dirk Praet: […] US as a nation appears to have gone collectively bonkers ever since 2001/9/11

In all fairness, Dirk, it was bonkers even before, that day events only provided it with an ready excuse to go bonkers BIG TIME. And unfortunately, Western nations’ leaders AND populations to some extent play along with that, and let the Yanks sink ever deeper into paranoia.

    Once I was boo-ed out of a public meet when I questioned the grassroots organizers’ condemnation of “the USA doing nothing” by asking ALOUD “so, essentially, you’re expecting the USA to be a world cop, if only when it suits this currently higher moral purpose?” 20 years later, now and then I’m accosted by unknown faces, who congratulate me on my courage, yet in all probability were among the ones boo-ing me out ;-))

I don’t know how many discussions I’ve had with educated/ academic Americans, who just couldn’t see past their inner conviction that, warts ‘n all, essentially they’re a force for the good in this world (“we were never colonialists, we helped other empires’ colonies to liberate themselves from oppression! we welcomed the huddled masses!“). It’s like they’re unable to see that, where US geopolitical interests are at stake, no other lives than those of Americans matter (NOTALM ;-)) – American in the clean-cut, WASP’ish, conservative sense.

The Stanislav Petrov’s story probably has been shown on US PBS, or in some narrow history channel – but it’s a vast country, lots of junk on the airwaves, and so it may prove impossible for rrrrrrr to see it. It was a ambitious BBC docu-drama of the relevant events, combined with a travelogue of Petrov’s 2013 visiting a post Cold War conference in New York, where he was hailed as a hero, and not liking much either his hosts, his English translator, or the surroundings—a true know-better Russian to the core! A gem of a story, sort of a real counterweight to the fantasy jingoistic decision-making scenes in Dr. Strangelove, but, as nothing catastrophic happened, easily supplanted by the latest man-bites-dog-gets-chased-away-by-a-cat clip that we all so love Americans for.

Mark August 3, 2016 7:44 AM

@ r, “The DNC crossed it. But I hear you on the 2nd trick, I forgot about misdirection but that’s not a spell for your head it’s one for your eyes.”

DNC hack could very well have been perpetrated by a DNC whistle blower, with misdirection being the 2nd Trick.

@ Coyne Tibbets, “Even though they lack an obvious motive, their objective is clear enough: attack and destroy the DNC and Hillary Clinton.”

Alternatively, it could be a case of whistle-blowing, so that DNC can rid of the bad and get its act right.

r August 3, 2016 8:16 AM

@Dirk, ianf,

No, you do not need to go on, not for me anyways – I see who’s up for grabs. Ridiculous isn’t it? A big fat pompous pig who thinks he can turn the internet and freespeach off like a lightbulb (like both him and I can do w our good sense and words) and some greedy walstreet hugger who probably has sewing circles as cover for man hating witch covens (Who’s in denial now? (HRC or ME?)). Believe me, I’m not impressed. I don’t like or trust either one of them, what does HRC represent for women’s rights? subjugation? slavery? Oh yeah! she really stuck to it didn’t she? Hi-Fives all around if she stands for adultery!

How can you trust that kind’ve authenticity? Like I said, give Obama some extra time get rid of these other fools – what is this saturday night live?

Also, please note. That as much as some of us scream and yell about injustices abroad – they just don’t seem to care; there’s something on their agenda. So to hell with it, if the CIA acts with impunity from a black budget then I have no choice but to assume the KGB is alive and well.

I’ve got a joke for ya, it’s not your usual Arab + Butter Knife joke either.

3 Russians get onto a plane…

http://www.cnn.com/2014/07/17/world/europe/ukraine-malaysia-airlines-crash/index.html
http://www.nbcnews.com/storyline/missing-jet/malaysia-airlines-mh370-declared-accident-search-survivors-ends-n295916
http://www.cnn.com/2015/11/03/africa/russian-plane-crash-egypt-sinai/index.html

Did they take a page from our playbook?
Or can we just chalk this up to chance or the CIA?
I would fully expect if this kind’ve international damage was due to our guys – that they would quit out of some sort of moral dilemna.

http://abcnews.go.com/International/boris-nemtsov-vocal-critic-russian-president-vladimir-putin/story?id=29283658

Was that a moral dilemna?
Or a moral imperative?

http://www.cnn.com/2015/03/07/europe/russia-nemtsov-murder-arrest/index.html

And the $100,000USD Question???

http://www.nybooks.com/articles/2012/11/22/finally-we-know-about-moscow-bombings/

But go ahead, let them keep pushing their “anti-nationalist”/”anti-extremist” agenda while Trump takes the lead.

When it comes to nuclear weapons, we are ALL COMRADES IN [h]ARMS [way].

Our nation’s unions are amoung those most upset by globalization, keep ringing that bell.
Like I said before: Party Line! Party Line!

http://articles.baltimoresun.com/1991-11-06/news/1991310039_1_bread-lines-moscow-bread-a-day

How’s that party line look now?

That’s what I didn’t post, my comment about the trolls reading from some sort of script is valid – how much ‘his story’ was crammed down their throats? Likely the same amount crammed down ours with the whole ‘some nation, wonders god: where liberty and justice are stalled’ thing.

Are you going to be the one to tell NORAD to stand down?

Planes and Helicopters are dropping out of the sky. Americans Russians and ISIS all want blood – I thought getting buzz bombed by Russian fighters was friendly at first, now I don’t know what to think. I’m not here to blindly vote – but Mr. Chomsky is like 144 years old. Maybe, what needs to be done is the US unrest needs to reach a grander pitch.

Maybe we’re too big and we could be split up into little europes – just leave the my ‘murder mit’ alone.

@ianf,

I’ve seen that the story about that good man. It’s something that made me proud. I will say this again, publicly – and it could hurt my chances at employment/clearances/etc – I really do think WE (the west) messed up in the 90s. We had the chance when the wall fell to put our arm around Russia and it’s people and to bring them into the ‘new’ world with us. We didn’t, and now 20 years later it’s just the same old song and dance.

I would’ve much rather seen us prop Russia up with trade laws than Mexico.

Propaganda should be illegal everywhere no matter who it’s coming from, black budget operations should be illegal.

‘Democracy’ is completely open to manipulation, the only defense against it is the truth – and hiding one’s responsibility for disclosing such truths is very questionable in and of itself.

Skeptical August 3, 2016 8:55 AM

@Dirk: If at some point the USG believes it has irrefutable proof based on the full or partial reports of both private parties and its own IC, let them present their evidence before the UN to be objectively reviewed by the international community.

The UN would be pointless here. Russia doesn’t care about the opinions of the “international community” and Russia has a veto on the UNSC. So the UN is unlikely to be a forum in which the national security concerns of the US would be adequately addressed.

That said, in other instances the UN would be an appropriate part of a response, but those would be cases where the response would be of greater magnitude than it is likely to be here (e.g., a case involving Russian disabling of a power grid or more substantial Russian interference with the election).

I also doubt that there could be a full airing of the relevant evidence in such a forum, for obvious reasons.

And no, nobody will take your word for it. That ship sailed a long time ago after your false allegations about Saddam’s WMD’s. Or you could take it to the ICJ. But yes, that’s right, the US does not recognize that court’s compulsory jurisdiction.

It’s not a matter of taking anyone’s word, but of examining what you know and don’t know in its totality.

If you suppose, as Grauhut apparently does, that these companies are all part of some vast conspiracy to peddle false information and findings, then of course you should heavily discount their findings.

If you suppose that these are well respected experts – companies that you would even recommend be hired in similar circumstances – then the fact that all three came to this conclusion should tell you that, even though the evidence may not be certain, it’s likely quite strong.

And if you suppose that all intelligence findings are equally alike, and that assessing Hussein’s WMD programme is not at all different than, say, assessing the cause of a passenger jet crashing in Ukraine, or assessing who perpetrated the network intrusion of the DNC, then, by all means, approach what would be the rare event of the US naming the perpetrator with appropriate skepticism.

However, you might take into account the opinions of many experts who think that the US would have the resources to determine attribution – and you might take into account that the US Government appears to have compromised the intrusion for some months before the perpetrators saw their operation come to a sudden halt. And you might take into account that the US would be keenly aware of the fact that they are putting their credibility on the line in naming Russia, and so therefore have every interest in being conservative in their confidence levels, and cautious in their assessment.

And you might, taking all of that into account, conclude that perhaps such an announcement might bear more credence than the latest propaganda reel on Russia Today.

Common sense, restraint and diplomacy are totally out of the window and have been replaced by secrecy, lies, paranoia and cold war rhetoric.

Donald Trump completely agrees with you.

After all, look at the huge lack of restraint the US has shown, cutting brutal nuclear deals with Iran rather than humanely bombing them, selfishly cooperating with the rest of the world in levying economic sanctions on Russia for its annexation of Crimea and invasion of Ukraine rather than sending volunteer peace brigades into the fight to bring it to a peaceful conclusion, arrogantly arriving at enormous trade agreements with much of the world, forging a deeply harsh diplomatic agreement with the PRC concerning commercial espionage, and having the utter temerity to take intrusive pictures of Russian jets buzzing US destroyers with no regard whatsoever for the privacy of the pilots.

And just look at what is dominating the headlines in the US – it’s fear of Russian nuclear… oh, wait, sorry, actually it’s massive indignation and anger at Trump’s treatment of the Muslim parents of a fallen US soldier. Typical Cold War stuff.

MarkH August 3, 2016 10:01 AM

  1. In most cases, cyber attack attribution is necessarily based on circumstantial evidence, and cannot be substantiated to the standard required for criminal prosecution. Accordingly, such attributions are probabilistic, rather than definitive.
  2. Personally, I think it plausible that the DNC hack was made from Russia, perhaps with government participation or consent. However, this is not based on my own analysis (I lack the expertise) and I have no strong position on this.
  3. During the Putin era, Russia has executed many “active measures” — hostile interventions in foreign countries which were intended to be not blatantly overt. It is quite common that these have been carried out in ways that seem startlingly clumsy and amateurish, compared to they way many of us probably imagine state-level covert operations. Sometimes, they resemble a movie parody of bumbling state apparatus. Accordingly, evidence of error and clumsiness related to the hack is NOT evidence that it was not an active measure of the Russian Federation!
  4. Since Russia’s invasion of Ukraine, I have been shocked by how many in the West passionately rise to Russia’s defense. Many of them (including at least one frequent commenter on this blog) recite Kremlin fabrications as fact, though their falsity is not difficult to ascertain. My astonishment is proof of my poor understanding of various world views common in the West.

  5. As I explained in a comment on an earlier post, the Kremlin has strong cause to prefer Trump over Clinton.

  6. I don’t defend the DNC (I find their conduct disgusting). The merits or demerits of this particular disclosure are not relevant to Bruce’s argument that foreign intervention in US elections is a plausible risk, meriting a careful security response.

@Roy Lipscomb, who wrote “research has shown that VVPAT is insufficent. Most voters didn’t bother to verify the printout.”

I ALWAYS verify. It isn’t necessary that everyone do so. If only a few percent of voters verify the paper record, then a machine which is distorting the paper records (even if it does so only infrequently) is very likely to be discovered.

r August 3, 2016 10:13 AM

@Mark,

You made me think of something interesting,

About you eyeballing tabulated receipts.

Considering the urges for isolation and process separation some of us here espouse, maybe it would be a good idea to print receipts on punch coded cards and then keep a re-entered tally running from those machines too. No input except punch cards required, just a simple tabulation machine with an intermediate verification of your eyes inbetween?

Loser Laffs August 3, 2016 10:39 AM

In which the tragically humorless skeptical tries sarcasm. His examples of US government restraint:

  • US perfidy in bad-faith negotiations with Russia and China;
  • Trying and failing to stuff ISDS corporate star chambers down the world’s throat;
  • Illegal sanctions (to be fair, Article 42 is beyond his 7th-grade reading comprehension).

In other words, treacherous weakness and loss of international standing.

Skep’s painfully ponderous huh-huh humor could perhaps be a little funnier if Skep remembered the best example of US restraint: CIA’s cowardly aggression by sending of armed bands, groups, irregulars or mercenaries into Syria,

https://twitter.com/PetoLucem/status/760445007966994436

http://syrianperspective.com/2016/08/the-battle-for-aleppo-is-heating-up-as-terrorists-heave-a-last-breath-to-lift-the-siege-terrorist-lies-in-media-rebutted-with-syrian-supplies-of-food-and-medicine-flowing-into-aleppo.html

and getting their ass kicked, again,… But give them credit, the USG is afraid to escalate because they know they would get annihilated in symmetric warfare with a developed country or regional power. Now that’s restraint!

Sancho_P August 3, 2016 10:55 AM

The discussion is about a red herring.

I don’t want to dispute that also state actors may have had access to the server [1].
However, I’d be disappointed if only the Russians had not.

But I don’t get how “having access” is identical with “leaking the embarrassing info”.

Access aside:
Where is the “evidence” connecting Russia to the leak?

More questions:
What would be the Russian motive? For fun only? (“no risk no fun”)
To rig the election? Really?
Would such a leak (if Russia) harm Clinton’s position or unite America behind her?
(Clinton will win the election anyway because she’s got the money and is female)

In Russia, within SVR or GRU, would any official leak such information without the explicit approval of Putin?
Would anyone having access to the info leak it on it’s own? In Russia?

Would Putin support such a childish action?
[Ever heard Putin speaking? Same level as top US politicians?]

Can you imagine anyone else having a motive to embarrass the DNC?
A disgruntled Sanders supporter?
A disgruntled DNC employee?
Donald the Pony?

Anyone having a motive to unite American (in paranoia)?
Clinton herself?
The MIC? The NSIC?

[1]
Isn’t it sad?
How many times does it take to realize that it’s time to take (state) action?

Dirk Praet August 3, 2016 12:37 PM

@ ianf

I don’t know how many discussions I’ve had with educated/academic Americans, who just couldn’t see past their inner conviction that … essentially they’re a force for the good in this world

Same thing here. It’s an almost religious belief.

… where he was hailed as a hero, and not liking much either his hosts, his English translator, or the surroundings—a true know-better Russian to the core!

One of the most chilling scenes in the documentary is when visiting a former Minuteman missile silo he gets really emotional over some silly question from the tour guide, replying whether the man actually realizes that the Russian population and even military were every bit as scared as their American counterparts of the sheer madness leaders on both sides were capable of.

@ MarkH

In most cases, cyber attack attribution is necessarily based on circumstantial evidence, and cannot be substantiated to the standard required for criminal prosecution.

In which case a public debate among technical experts and legal scholars about the required standard for positive attribution would probably make for a more appropriate course of action than wild accusations based on assumptions.

During the Putin era, Russia has executed many “active measures”

The pot calling the kettle black. It’s standard foreign policy of quite some nations.

Since Russia’s invasion of Ukraine, I have been shocked by how many in the West passionately rise to Russia’s defense.

The fact of the matter remains that a corrupt, but legitimately elected president was ousted by an EU/US backed conglomerate of equally corrupt oligarchs and neo-nazis. This was not a popular uprising of a united nation against a bloodthirsty tyrant. At which point Putin decided to call a halt to what he perceived as further western expansion into his backyard and in several parts of which the majority of the population in fact was Russian and had no desire whatsoever to become part of the EU.

I get your astonishment as this probably doesn’t sit well with folks who have gotten an entirely different narrative from the Murdoch media, but it in fact represents the view of quite some people especially in Western Europe. Where in the end hardly anyone gives a rat’s *ss about Ukraine or would even remotely consider risking a war with Russia over. Both Merkel and Hollande realised that pushing the envelope on the issue would have been political suicide and stood down. In the US, however, it was the beginning of a popular cold war rhetoric revival.

@ Skeptical

So the UN is unlikely to be a forum in which the national security concerns of the US would be adequately addressed.

Excuse me, but wasn’t this the exact kind of thing the UN and international law were invented for? Admittedly, Russia doesn’t always care about international opinion and has a veto right in the UNSC, but that’s again a case of the pot calling the kettle black. The party that would play ball at least would hold the moral high ground, while still fully capable and entitled to explore a commensurate reply behind the scenes.

If you suppose, as Grauhut apparently does, that these companies are all part of some vast conspiracy to peddle false information and findings, then of course you should heavily discount their findings.

I don’t. What I’m saying is that there is no point in publishing assumptions and working theories as full-blown facts or withholding a smoking gun for “national security” reasons. The only purpose and result thereof is FUD serving someone’s political agenda. Or as Groucho Marx once said: “Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong remedies.”

Typical Cold War stuff.

If you’re denying that there is any cold war rhetoric going on in the US then I am obviously reading different US MSM than you are. Although Judging from their current discourse, it would look that precious few of the examples you just cited will hold up once current POTUS is gone, whoever of the two candidates gets elected in November.

r August 3, 2016 12:47 PM

@Dirk,

Doesn’t the very existence of Mr. Tony Veto, make…

“Excuse me, but wasn’t this the exact kind of thing the UN and international law were invented for? Admittedly, Russia doesn’t always care about international opinion and has a veto right in the UNSC, but that’s again a case of the pot calling the kettle black.”

seem kind’ve pointless? Like screaming at an abusive parent for beating your mom or your brother? How’s it feel to be next on that list?

r August 3, 2016 12:50 PM

@Dirk,

Minor nations, vacation spots on the globe for the big boys are wise to follow the NK lead and develop various deterrants, detergents and some strong self determinism. I, personally, wouldn’t go the nuclear route – maybe biological or chemical as they are far easier to keep under neutrino detecting wraps (traps?).

r August 3, 2016 12:53 PM

@Dirk, All

Is that why Europe has less guns than say the Americans? So whoever pulls up to Normandy wont have to start putting organized resistance (and resistants) down? It certainly makes a bloodless coup or hostile takeover considerably less hostile for the occupliers.

Dag Hammarskjöld rat-a-tat-tat zueooom BOOM August 3, 2016 12:55 PM

“Excuse me, but wasn’t this the exact kind of thing the UN and international law were invented for?”

Exactly. If the US were unhappy with the impunity conferred by the veto they could have adopted the restrictive recommendations of the Small Five. The US killed the proposal with back-room deals in the Secretariat. Only a patriotic American idiot could whine about the veto and expect to be taken seriously.

Zd August 3, 2016 1:25 PM

How the hell could the UN be a forum where attribution evidences can be shown and discussed? And I’m not talking about the DNS hack here, I’m talking about ANY cyberattack? Any technical evidence could be easily faked. There’s absolutely no way to guarantee any chain of custody – it’s already difficult for basic criminal courts, how the hell could this even be a possibility at the world stage, where public opinion is part of the equation and the stakes so high?

One of the big issue with cyberwarfare is precisely how elusive it is. There’s no bomb to show, no destruction, no video footage. The best we could hope for is basically a full testimony from one of the culprit – what are the chance of that happening?

r August 3, 2016 1:42 PM

@Zd,

YUP, too many foreign interests and half of them were soviet puppets to begin with.

(no offense, I’m not sure if I posted that earlier or not about EW vs the UN)

Wael August 3, 2016 1:59 PM

@r,

half of them were soviet puppets to begin with.

Not so fast! Soviet puppets[1] have last names that begin begin with “pup” 😉

[1] They’re collector’s items these days, Babushka!

Clive Robinson August 3, 2016 2:15 PM

@ r,

I, personally, wouldn’t go the nuclear route – maybe biological or chemical as they are far easier to keep under neutrino detecting wraps (traps?).

Whilst the Bio/Chem weapons are easier to manufacture and do so covertly, it’s only half the problem.

You have to consider the delivery mechanism, for nukes you need neither acuracy or sophistication (a truck on the outskirts of a city will be sufficient). Chemical and biological weapons whilst working well in the lab, have not realy made it into the outside world, and it’s not as though people have not tried including a death cult.

Scary guy August 3, 2016 2:35 PM

That rabid Trump supporter on CNN, Boris Epshteyn emigrated to the United States in 1993 from Moscow, is a fluent Russian speaker and is very well-versed in all aspects of current events, history, economics and international politics. — Russia connection, but sounds like militant Israeli operative. A scary guy.

MarkH August 3, 2016 2:49 PM

@Dirk:

Quod Erat Demonstrandum

@Scary guy:

I’m getting far afield, but I was thinking about Israel a couple of days ago, and particularly the recent silence of billionaire Sheldon Adelson (who seems to support every direction PM Netanyahu takes).

My projection, is that the Israeli security calculation will be that a president Trump would be acutely dangerous, in the sense of making radical changes to the international system which could have destabilizing effects on any small state.

If Adelson now gives a wad of money to the Trump campaign, I’ll consider that my calculation was mistaken.

Dirk Praet August 3, 2016 2:57 PM

@ Zd

… And I’m not talking about the DNS hack here, I’m talking about ANY cyberattack? Any technical evidence could be easily faked.

Err, you do realize that you have just pulled a monumental Nathan R. Jessup here?

@ r

Is that why Europe has less guns than say the Americans? So whoever pulls up to Normandy wont have to start putting organized resistance (and resistants) down?

Are you somehow suggesting that Putin is considering an invasion in Europe? Is there any political analyst who actually believes that?

Doesn’t the very existence of Mr. Tony Veto make seem (procedure at the UN) kind’ve pointless?

Well, you should know as both the US and Russia/USSR have made extensive use of it over the years, in effect neutering the very institution of the UNSC. My point is that as a nation you cannot possibly pretend to hold the moral high ground on the international stage when accusing an opponent of certain behaviour while in practice doing the exact same thing.

Which brings us right back to the this almost religious belief in American exceptionalism that is apparently so strong that in a thread like this you’re seeing a legion of Russian sockpuppets instead of plain dissenting voices.

MarkH August 3, 2016 2:57 PM

@Dirk:

“The pot calling the kettle black. It’s standard foreign policy of quite some nations.”

A classic example of straw-man argument. I did not say or even suggest that Russia is exceptional in using such techniques.

My point was that Russia often takes “active measures” in a ham-fisted manner likely to surprise a reasonable person … therefore, apparent clumsiness in an operation is not evidence that Russia is not behind the operation.

Kindly respond to the substance of my arguments, rather than arguing with things I never said. It is bad manners to do so, and the moderator(s) here have objected to this practice in the past.

Zd August 3, 2016 3:19 PM

@Dirk Praet:

What the hell are you talking about. Do you disagree that technical evidences could be easily faked, especially on a stage like the UN? How exactly could the US (or any other party, for any other cyberattack) proves the chain of custody of something like log files? With enough confidence to enact a UN resolution? Instead of referring to a movie (wtf?), try to think and answer the question – assuming obviously that you know about these things and aren’t just winging it on a forum full of infosec professionals just because it’s politically convenient to do so.

And I’m not even talking about the elephant in the room; the fact that any nation state wouldn’t want to share the detail of their signint capabilities on the world stage!

Grauhut August 3, 2016 3:26 PM

@Skeptical: “If you suppose, as Grauhut apparently does, that these companies are all part of some vast conspiracy to peddle false information and findings”

Wrong. This is not a conspiracy, its simply regular mercenary behaviour. 🙂

They do what they are payed for, just business, no conspiracy needed.

Moose & Squirrel Must Die August 3, 2016 3:29 PM

MarkH,

How much time have you spent in Russia? How much have you worked with Russians? Have you had any exposure to classified information on Russian strategy? Говорите со мной по-русски. There are a lot of people talking out their ass here. In the US, ignorance is a badge of honor. Look at Doug Laux, CIA mastermind of Syria, who didn’t know the country from a hole in the ground, as you can see.

This culture of cheery ignorance is how your secret police get the masses to swallow really, really stupid propaganda.

Zd August 3, 2016 3:31 PM

@Grauhut

Do you work in infosec? Have you ever dealt with Mandiant? Or any large security company? Does your “knowledge” of their mercenary behaviors comes from this? Or are you just throwing mud at them right now because it just happens to be convenient to your current political opinion? ‘Cause I can tell you, from my point of view, that’s exactly like how your accusations sound.

Grauhut August 3, 2016 3:37 PM

@MarkH: “cyber attack attribution is necessarily based on circumstantial evidence, and cannot be substantiated to the standard required for criminal prosecution.”

Wrong, NSA or FBI could present us evidence from the Xkeyscore Storage.

HRC is a presidential candidate under secret service protection, so its fair to assume they log all foreign packets that belong to her an her party.

At least, if it were my job, i would! 🙂

Grauhut August 3, 2016 3:52 PM

@Zd: “Do you work in infosec? Have you ever dealt with Mandiant? Or any large security company? Does your “knowledge” of their mercenary behaviors comes from this?”

Most of your questions collide with my opsec ruleset. Lets say i am senior level and have seen a lot of funny biz in my life.

Is it fair to call a former air force cyber warrior who made a business out of his knowledge and contacts a cyber mercenary? Imho: Funck yes! 🙂

Pepito August 3, 2016 3:54 PM

@MarkH
I’m perplexed when you say all or most Russian actions have been ham-fisted. Matter of fact Crimea was annexed, Assad is still in charge in Syria, the DNC is being rattled (for those whe attribute it to Russia), and all of this earned Putin domestic popularity. Compare with the brilliant state of affairs in Iraq, Afghanistan, Lybia and so many botched US/Western actions abroad. Perhaps we hear different naarratives in Europe and in the US.

@r
I’m honestly surprised and disturbed that the Russian scare is still so mainstream in the US. My perception is that here in Western Europe there are way more people angry at the US for spying on our governments and communications and for (sadly assisted by our own puppet governments) endlessly stirring troubles in the Middle East, than there are people afraid of Russian tanks rolling through the Fulda Gap.

Grauhut August 3, 2016 4:10 PM

@Zd: The answer is “Its not your business!” Go and troll someone else.

Or even better, go and tell your boss to send a real troll to me, not a second hand copy. 🙂

Dirk Praet August 3, 2016 4:13 PM

@ MarkH

My point was that Russia often takes “active measures” in a ham-fisted manner likely to surprise a reasonable person … therefore, apparent clumsiness in an operation is not evidence that Russia is not behind the operation.

Point taken, but neither is it evidence to the contrary.

@ Zd

What the hell are you talking about?

While some people are stating that there is conclusive proof Russia was behind the attack, others have argued that there isn’t and that whoever was behind it may just as well have left a false trace pointing to Russia. You just confirmed that.

As to your elephant in the room, I’m pretty sure over the years and behind closed doors way more sensitive subjects have been investigated and discussed in UN special committees, including the methods through which certain information was obtained. It’s sad to see that apparently nobody believes in such an approach anymore.

@ Grauhut

Wrong, NSA or FBI could present us evidence from the Xkeyscore Storage.

Like you, I believe the NSA is perfectly capable of shedding a more conclusive light on this affair. I suppose they either have their own reasons or have been given such by a third party not to do so.

@ Pepito

I’m honestly surprised and disturbed that the Russian scare is still so mainstream in the US. My perception is that here in Western Europe there are way more people angry at the US for spying on our governments and communications and for (sadly assisted by our own puppet governments) endlessly stirring troubles in the Middle East, than there are people afraid of Russian tanks rolling through the Fulda Gap.

My thoughts exactly. I guess that makes you a Putin asset too.

I’ll just leave it here for now. However passionate I am about certain matters, there’s little fun to be had in being called a nazi capitalist in service of Obama on one day and a Russian sockpuppet with no clue about infosec on the next. F*ck that.

Zd August 3, 2016 4:24 PM

@Dirk Praet

Yes, it’s a question of trust. Never been anything else. Any request for “proofs” is telegraphing a lack of understanding on how APT are investigated. Read my very first post in this thread.

And this is also why expecting the UN to be an arbiter on such topic is pointless.

Grauhut August 3, 2016 4:33 PM

@Zd: “Any request for “proofs” is telegraphing a lack of understanding on how APT are investigated”

Oh, a real master, come on, explain it to us, how are proofless APTs investigated? 🙂

ianf August 3, 2016 4:45 PM

@ MarkH (cc: Moose & Squirrel Must Die: он смотрит документальные фильмы русской природы),

your grand conspiracy theory may be novel, but is much too shallow to be of use. Try this instead: the scary billionaire Adelson in cahoots with Bibi Netanyahu surreptitiously gives The Donald a wad of money, but arranges for it to be discovered, so that he CATEGORICALLY can deny it on prime TV… in effect have Trump eat the cake out of his hand, and still have it. Then, on the eve of the election, if it looks like Trump actually might win, and perchance do something stupid to upset Netanyahu’s current ME terror balance, the latter does something SO GRAND, SO MONUMENTAL[*], that no matter who gets the nod from the electoral college, that POTUS has no option but to STAND FIRM BOTH FEET AT ATTENTION BEHIND ISRAEL ON THE DOUBLE. In a nutshell, the Hohollywood high concept. That’s how you weave conspiration theories that later will stand up to Congressional hearings.

[^*] I could tell you, but then I’d either have to kill myself, or do you all. Which option do you think I’d be more inclined to take?

MarkH August 3, 2016 4:52 PM

@Pepito:

Reading comprehension, anyone? I did not say that “all or most” Russian sub-overt hostile interventions have been ham-fisted. I wrote two expressions for proportion or frequency: “quite common” and “often.” Neither of these means “in the majority of cases.”

Also, I think you failed to understand my language, which is my fault for using a somewhat dated idiom. “Ham-fisted” does not mean unsuccessful, or ineffective. It means awkward, clumsy, inept, or heavy-handed.

To offer one shining example, the murder in London of Litvinenko (during one of Putin’s terms as president). The operation was successful, in that the victim died, and other critics of Putin were suitably terrorized. The use of such an exotic poison immediately suggested the Russian government as a suspect. Given the “deterrent” purpose of the murder, it would be logical for the Kremlin to want its responsibility for the murder to be plainly evident, but at the same time deniable (to minimize costs in terms of foreign relations).

However, the agents of the murder left quite a lot of polonium contamination, including in several airliners making trips between London and Moscow. This was sheer sloppiness, and seriously harmful to Kremlin deniability.

Really, it’s like a bad movie. The interested student of Russian ham-fistedness can easily adduce a list of other examples.

@Moose:

I have visited Russia more than twenty times, but lost exact count. Mostly short visits, so my cumulative time there is only a few months. I’ve visited Ukraine rather more than twenty-five times, and my time there is rather longer. I have frequently visited both countries since before Ukraine’s 2004 Orange Revolution … though I’m not planning to visit Russia in the future. I find the new Imperium to be excessively tedious.

I can only think of two Russians with whom I have worked as colleagues. In my professional life, the Russians were outnumbered by people from Ukraine and Belarus. I have a number of Russian friends living in Russia, and one in Ukraine (a Russian citizen). Some of them are very dear to me. They are all good people. I have engaged in many dialogues with Russian citizens (and Ukrainian citizens, too) concerning politics and international relations.

If I’ve had any exposure to classified information on Russian strategy, it’s because it got leaked to the press. There is quite a lot of public information concerning активные мероприятия.

Я только чуть-чуть говорю по-русски. Мне стрыдно, как медленно я учусь. Но елси мы говорим по-английски, было бы более понятной для остальных, не так ли?

Yes, I agree with you, there are a lot of people talking out their ass here. I don’t claim to be an expert on anything. At the same time, I have seen no evidence that any frequent commenter here has more than a superficial knowledge of relations between the states of the former Soviet Union, relations between those states and their non-Soviet neighbors, conditions of life in those states, their languages and cultures, or their politics and operations of government.

I’ve read your assessment of what you suggest are my secret police. Won’t you enlighten us, concerning the operations of YOUR secret police? We eagerly await …

@Dirk: “neither is it evidence to the contrary”

AGAIN straw-man. I DID NOT SAY that it is evidence to the contrary. Several writers have made the argument “this DNC hack is so clumsy (bread crumbs etc.) that it can’t credibly be a Russian government attack.” I responded directly to that argument, explaining why I believe it is invalid.

Will you kindly stop the straw-man routine? It is pure contrarianism, adding no value to the conversation. You are obviously intelligent enough to understand the distinction.

r August 3, 2016 4:55 PM

Okay, a couple more things.

@Grauhut,

The answer is: TIME, Rome wasn’t built in a day. The only real ‘out’ to that attribution argument is if say Israel infiltrated the developmental group itself (malware or encoding scheme specifically). Assuming signals have reached a high enough level to actually make that claim considering Russia has switched to paper.

#1, @Zd, All
I’m not a professional. I’m very far from it in fact, do any of you watch the walking dead? Hi, I’m Glenn.

#2, @Dirk Praet
Oh how I long for the days of my youth, in blissfully ignorant teary eyed nostalgia as to the evils of the world (all sides considered). “Why[,] can’t we all just get along?”
Also, you’re what a millenial? What spectre do you live under “the infiltration of Islam” into europe? Oh that’s right, American Imperialism. Let’s point something else out here…

“Russia often takes “active measures” in a ham-fisted manner likely to surprise a reasonable person.”

So you’re implying that basic paranoia is an effective counter measure v Russia?

Also,

“As to your elephant in the room, I’m pretty sure over the years and behind closed doors way more sensitive subjects have been investigated and discussed in UN special committees, including the methods through which certain information was obtained. It’s sad to see that apparently nobody believes in such an approach anymore.”

Yeah, this is concerning EW not economic or nuclear. Are you egging them on? “Go Russia! Big bad America messes with everybody’s electrocutions!” Seriously? We can mess with yours next if you’d like I imagine but where’s the fun in undermining a disarmed population? What are all you guys rugby players? I could watch that.

Also, I almost forgot: Brexit, Tony Blair stepped down immediately prior after being exposed by the same platform that round-about-linked him to Putin. Europe is on it’s way to destabilization huzzah! who’s next for political doxxing?

https://www.schneier.com/blog/archives/2016/08/hacking_the_vot.html#c6730121

That little piglet dropped a four letter acronym, SBRF in reference to crooked beltway piggies. Want to take a chance that there’s not some larger economic themes at play here?

https://www.washingtonpost.com/news/worldviews/wp/2016/04/09/the-not-completely-crazy-theory-that-russia-leaked-the-panama-papers/

http://www.thedailybeast.com/articles/2015/11/13/this-is-how-ak-47s-get-to-paris.html

It’s not like you guys are being killed by AR15’s and all, now where’s that little black ledger…

#3, @Moose & Squirrel,
I looked up to alot of you guys for a long time, where’d you all go?
Wael linked some things on another page earlier concerning 96-06 v russian coders, and believe me I’ve slammed quite a few slashdotters over “russian technology sucks”. Clueless parrots, so what if the NSA and GRU appropriated your technologies for their ill-gotten gains? You’re still human beings, come back to the ‘gnu’ world.

#4, @Pepito,
Look, our own government lies to us. They go out of their way to look the other way when their friends and family are cutting corners or pinching from the public tills but when it comes to the public we get shot at for pretty much no reason at all. If you really do see our media and the craziness over here then you will understand that we don’t know who to believe. A lady just the other day reinforced my position that lead poisoning is a socioecomic experiment, it’s horrible but most white people don’t fsck’n understand what it is to live in squallor (of course neither do I, and neither do most African Americans – I’ve seen pictures of Sao Paulo.)

https://www.washingtonpost.com/news/true-crime/wp/2016/08/03/did-lead-poisoning-and-outrage-over-police-violence-set-the-stage-for-korryn-gainess-death/?tid=pm_local_pop_b

That beautiful mother of a 5 year old was out of her mind, NO IFS ANDS OR BUTS. And! IT WASN’T PCP OR CRACK INDUCED – IT WAS SOCIOECONOMIC AND BEAUROCRATIC.

Just because you hear this all our crazy bullshit don’t think that the USG would scramble a silo over something as stupid as this – you can bet that they’d have to answer to the public if they drew their guns first. This is kids with punters, no big deal – if someone shuts down a power plant things could get ugly (old people could die). But when CP (consumers power) does it nobody cares so w/e.

http://www.ripoffreport.com/r/bay-city-electric-light-power/bay-city-michigan-48708/bay-city-electric-light-power-93-year-old-man-dies-after-electricity-is-cut-off-are-elder-417111

These are pensioners that put their time and life away for both the government and industry and capitalism just smokes them out (co2 and all). Don’t think that by leaking corruption you’re not doing us a favor – but don’t hide from the light it makes people question your motives.

#5, @Grauhut,
Sounds more like a cyber-bully to me (human rights and all).
I’m kind’ve on Dirk’s fence, the internet is no place for the military but there’s not squat I can do. “Get off my lawn” doesn’t work, I think the internet should be for the people – all the people.


#6,
In the meantime, while I can be transparent about my doubts about my government. You guys all seem to be pretty steadfast in the belief of your own beaurocrazy’s huh?

I guess it’s just an American thing, you know…
Being able to question one’s own government and all.

Moose & Squirrel Must Die August 3, 2016 5:06 PM

Aha, a Ukie. That explains everything. CIA has been whipping you poor dupes to a frenzy since birth. Your cultural associations are a hotbed of loony revanchism and twanging bandura dirges. But now it all pays off, now that they turned your ancestral home into No Man’s Land, or something, Right?

Grauhut August 3, 2016 5:23 PM

@r: “”Get off my lawn” doesn’t work, I think the internet should be for the people – all the people.”

Step aside yourself for a moment and ask yourself: Who’s lawn is it?

I work full time in the commercial internet biz since 94 and from the beginning i was confronted with tree letter agency attempts to set off claims in it.

Pepito August 3, 2016 5:23 PM

@Zd & al.

Re. fake evidence: precisely. Therefore please understand no one outside the US could care less about the DNC leak and whoever Clinton, some expensive consultant or perhaps tomorrow the USG itself may choose to blame. Do you realize the world has seen actual proofs that the USG is systematically hacking everyone everywhere – just as Russia is surely doing but at least they don’t feel entitled to our gratitude and cooperation? Snowden’s haven’t been claimed to be forgeries and he is still wanted…

After Iraq nobody outside the US likes to see the supposedly best qualified presidential candidate of the largest nuclear power being a warmonger finger pointing at the second-largest nuclear power based on something you say yourself is trivially easy to fake. This is pretty much the only reason why some boring news of internal political corruption in the US became something of serious concern to people in other countries.

This entire story boils down to typical IT security being unsurprisingly bad, politics being unsurprisingly corrupt and cold war era propaganda being unsurprisingly(?!) effective.

r August 3, 2016 5:30 PM

@Grauhut,

I understand that aspect of it, but there’s other points a luminary would make: the right to privacy, the right to assemble, the right to free speech.

I understand where the American interests involved in this convoluted gift to society stand, but I can still post it as a reminder to all who would draw their guns over a +++ATH0.

Get with the program leakers, if you want to help don’t hide it makes you look maligned and insincere.

Grauhut August 3, 2016 5:42 PM

@r: “Wasn’t calling you a cyber-bully, was refering to the cyber-warrior thing.”

Never mind, i didnt understand it completely but i didnt misunderstand it! 😀

I pulled the “Cyber Warrior to Mercenary” joker cause the founder of Mandiant was once an AFOSI…

Dirk Praet August 3, 2016 6:00 PM

@ r

OK, I said I’d shut up but there’s a couple of things to rectify here.

So you’re implying that basic paranoia is an effective counter measure v Russia?

@MarkH said that, not me. As to your assumption I’m a milennial, think again. Apparently it takes people my age and above (e.g. @Clive) to actually realize that much of the stuff we’re seeing today has happened before and that it lead exactly nowhere.

And please don’t get me started about Islamic fundamentalism most of us here in Europe actually do blame the US and its meddling in the Middle East for.

If you really do see our media and the craziness over here then you will understand that we don’t know who to believe.

Well, isn’t that exactly the problem? You’re getting fed massive amounts of cr*p, you even realize it and still decide to just go along with it. Then when you hear a different voice, it cannot be but Russian propaganda. That’s exactly how in the Soviet Union the population was kept under control too.

Grauhut August 3, 2016 6:02 PM

@r: “Get with the program leakers, if you want to help don’t hide it”

All internet stone age programs i knew a little more intimately already went trough the press years ago. 😉

That would just be of historical interest. I work on the corporate defending side for many years now, not in the provider or special consultancy biz anymore.

Anon10 August 3, 2016 6:25 PM

@dirk

Excuse me, but wasn’t this the exact kind of thing the UN and international law were invented for?

The UN has some success stories(UNICEF and malnutrition), but resolving national security conflicts isn’t one of them. If resolving national security conflicts is the primary purpose of the UN, the UN has been an almost complete failure since its inception.

The fact of the matter remains that a corrupt, but legitimately elected president was ousted by an EU/US backed conglomerate of equally corrupt oligarchs and neo-nazis.

You seem to be including some innuendo that either the USG or EU governments or both were involved in Yanukovych’s removal, but there’s zero evidence of that.

Pepito August 3, 2016 6:27 PM

@MarkH:

Right, apologies for misunderstanding your “quite common” and “often” as “all or most”. I was then carried away by contrasting the silly but quick and successful ‘blank uniforms’ takeover of Crimea vs. the never-ending nothing-solving mammoth missions in the Middle East.

As to the Russian clumsiness: my impression is that some taste for ‘reluctantly disguised bravado’ or ‘accidentally in your face’, if you understand what I mean, is not at all extraneous to the Russian character. Especially when the deed is instigated or tolerated by powers way up. Faking clumsiness is one of the ingredients to make that work. Of course a professional cover action would never indulge in such things, and the Polonium thing was indeed damaging and worse than clumsy, but selection bias can play a role – we don’t get to know of actions that went smoothly. Anyways you convinced me that clumsiness in itself doesn’t necessarily rule out Russia.

Grauhut August 3, 2016 6:46 PM

@Anon10: “some innuendo that either the USG or EU governments or both were involved in Yanukovych’s removal, but there’s zero evidence of that.”

May i ask you from wich parallel universe you post here? 😀

Obama: “Mr. Putin made this decision around Crimea and Ukraine – not because of some grand strategy, but essentially because he was caught off-balance by the protests in the Maidan and Yanukovych then fleeing after we had brokered a deal to transition power in Ukraine”

http://cnnpressroom.blogs.cnn.com/2015/02/01/pres-obama-on-fareed-zakaria-gps-cnn-exclusive/

Skin In The Game August 3, 2016 7:25 PM

@Zd

In the end, like a lot of other things in life, it all comes down to trust. Should we trust a company like Mandiant or not?

My point was that most voters know (and have limited choice in the matter of trusting) the organization known as the NSA. Do some polling on how many of those voters have ever heard of “the top shop” known as “Mandiant”. My guess- less than 1%, in fact far less. This is about basic common sense in how democracy and national security should work. The NSA is still playing games to avoid putting their own reputation at stake (as if).

At the end of the newscycle, Blackwater changes its name to XM satellite radio or some bullshit, and people get away with murder. That’s the game these pieces of trash are playing with our democracy.

Anon Coward August 3, 2016 7:29 PM

@CallMeLateForSupper wrote

Does anyone know what rationalle was used to justify abandoning “lever” voting machines?

I’ve used mechanical voting machines and they’re just as opaque to voters as the new-fangled electronic vote-stealing machines.

Fair voting is tricky. I think the machine has to produce two identical physical, human-readable ballots. After confirming that the paper is correct, one goes into a scanner and immediately into a lock-box. The second goes directly into a second lock-box. At the end of the night, the second lock-box is “shaken” and the ballots are videotaped as they leave the box. The video files are check-summed, the video is posted to the internet along with a photo of the hashes. Reporters publish the hashes in the next print edition of a newspaper of record. The paper lands in sealed boxes and is stored to resolve disputes. Volunteers can count off the video to validate the scanned tabulation. Teams of volunteers watch the boxes and the video cameras.

I think voters should be videotaped as they enter the polling place and pull a cord that increments a mechanical counter that everyone can see. This is a deterrent to voting multiple times without disenfranchising anyone because they don’t have a driver’s license. It also establishes the exact number of voters to make it much more difficult to stuff both ballot boxes.

Clever people will figure out how to game this, but it will require a local conspiracy and won’t happen remotely in a black box program with no hope of discovery.

Dirk Praet August 3, 2016 7:45 PM

@ MarkH

Several writers have made the argument “this DNC hack is so clumsy (bread crumbs etc.) that it can’t credibly be a Russian government attack.”

Sigh. For what it’s worth: my initial pot/kettle response was to your statement that “Russia has executed many active measures”. That’s the part I quoted verbatim and replied to if you care to re-read my post. As to the disputed argument, I never made or supported that statement because, frankly, it makes as much sense to me as it does to you. Are we good now or did I just use another imaginary straw man?

r August 3, 2016 8:08 PM

@Skin in the game,

So, you’re going to throw your mouth in the ring – but not your name either.

There’s a reason why Russia or whoever and the NSA etc aren’t speaking up, everyone here with a lick of sense knows it. My point about altruism and honesty ARE VALID. And I’m not the only one pointing out that the only people questioning their own government are Americans.

It’s funny how true freedom expresses itself through the reflections on and criticism of.

Russia must be made of teflon, nothing sticks. There’s not even so much as a peep from the proponents of the soviet bloc of mistakes. That’s one well greased machine if you ask me.

Anon10 August 3, 2016 8:26 PM

@Grauhut

You have to follow the timeline. At some point, Yanukovych knew he either had to compromise with the opposition or be removed from power. The US and EU came late to the party, after the critical events had already happened.

Pepito August 3, 2016 8:44 PM

@Anon10

Well Victoria Nuland’s famous ‘F*ck the EU!’ leak over Ukraine doesn’t give the idea they were just sitting on their hands.

Ukraine is a good example where I see many average western Europeans having mixed feelings about the role of the US, NATO and their own countries. On one hand most people would like to help in some way all of Eastern Europe (including Russia) to emerge from the disgrace left behind at the fall of the Soviet era. Not necessarily on humanitarian grounds: prosperous neighbors make good business. On the other hand, no one wants to think what the public reaction would be to an hypothetical NATO-Russia armed confrontation over the Baltics. Or Turkey, for other reasons. Among all of Trump’s extravagant commentaries, one of the least gratuitous was about conditioning US protection of geopolitically unsignificant countries (sadly, when you think what they had to endure). Of course the mere doubt of doubt is a fatal threat to an alliance like NATO. But how many Americans truly want to commit their country to open warfare with Russia over some little Baltic NATO member many had never even heard the name before? And Russia obviously realize this. Like in Ukraine but this time in the Western media, some ‘fascist’ name calling went around during the last elections in Estonia and Poland. It could be preparing the ground in case a good propaganda campaign suddenly becomes necessary to justify inaction in front of the fait accompli should Russia suddenly need to ‘protect their ethnic minority from ‘genocide’ by the fascist government of ___’

With the perceived and I believe real vanishing of the Soviet military threat to themselves, Western Europeans may be slowly starting to question whether the burden of their governments always siding with US geopolitical interests is still pays back in some way. In Skeptical’s Matrix world the US graciously conceded to universal pleads to impose sanctions on Russia over Crimea. In reality there was serios opposition and feet dragging from many sides within Europe, as it is the EU economy not US’ to pay by far the biggest price. Germany, Italy and many other would gladly remove sanctions on Russia any day were it not ‘inappropriate’ to do so.

In the same way, given the USG cannot truly think Russia is any military threat to itself (except for its persisting strike-back capability), why should they value and cultivate their relation with the European allies any more than the convenience of the day and the divide et impera custom of any larger player? Even good old UK is quite less useful post-Brexit than it used to be.

So all in all we have a contest between an unpredictable guy seemingly happy to let the world order unpredictably reshuffle its many peripheries as long as it does not directly affect US interests, and an experienced former Secretary of State that is happy to stir international tensions between nuclear powers for some petty issue, while proclaiming that she is ready to go to war with Russia to protect a tiny country no one truly cares about. Or an ally like Erdogan’s Turkey. Nice…

Donald Trump August 3, 2016 9:36 PM

I would make an excellent friend to Russia. I’m thoughtful, contemplative, modest, and accepting of all Leftist Pinko Degenerates even if they are poofters and I’ll only use that button sporadically, suddenly, and without thought only when I’m really pissed off.

By the way, I’m thinking of a new concrete,shovel and wheelbarrow business. Get yours here http://www.trumpshovels.biz …and there is none of that bullshit security at my website (except verification of payment).

r August 3, 2016 10:24 PM

@Donald Trump,

Hi, I’m a big fan.

My favorite thing you ever said was this:

http://www.newyorker.com/tech/elements/please-dont-shut-down-the-internet-donald-trump

@Dirk,

My apologies if I got confused earlier in my responses, #1 about your age and #2 about the retort to MarkH.

@All,

If any of you are still in doubt about the troll farms, there’s only so much I can do but have a look at this other one posted:

https://www.schneier.com/blog/archives/2016/08/new_presidentia.html#c6730245

If you look at The Guardian’s article, you will note that before the app was removed from play/apple it was registered under what appears to be a vacant nom de plume.

That’s a little low tech for the CIA don’t you think?

I am really starting to think Russia is financially all in with their military and this is the best they can muster from their IT/IS – just some fanbois who’re hoping to take a crack at some real spy work.

r August 3, 2016 10:30 PM

@All,

It’s almost like they’re hiring or subsidizing moonlighters from my inbox, the stories are about as good as the two letters I got from Mr. Commie this week.

Also,

This is/was an end-run attack on the resolve of the sitting US President and the International Community, I thoughroughly believe this to be an attempt to break a financial arm-bar placed over Putin’s Kleptocracy.

Vouchers please.

r August 3, 2016 10:33 PM

@Dirk,

Bay of pigs said:

“and probably Turkey invokes Article 13 in 3-2-1…”

That’s a direct reference to destabilizing Europe, is he projecting?

Am I?

Clive Robinson August 3, 2016 10:40 PM

@ Anon 10,

The UN has some success stories…, but resolving national security conflicts isn’t one of them. If resolving national security conflicts is the primary purpose of the UN, the UN has been an almost complete failure since its inception.

You need to have a little look at history.

The UN is “League of Nations” two. The League of Nations failed to do what it was supposed to do which was, stop world wars by policing nations. The reason it failed can be attributed to many things, but underneath it was the fact that it had no ability to prosecute sanctions against a country.

The supposed winners of World War Two, were not going to alow themselves to be policed, so the price of their buy-in was not just permanent membership of the United Nations Security Council but also a veto on what the UNSC would discuss. That is they made themselves “first among equals” but in reality made every other nation “second class” or worse[1].

Thus the “permanent five” sowed the seeds of destruction of the UN’s ability to do what it was set up to do. Thus the UN has been on “life support” from day one, and is treated as at best a “toothless talking shop” through a “kangaroo court” to a weapon of “colonial power”, which US exceptionalism is at the end of the day.

I guess the real questions to ask are “How much longer will the UN exist?” and “Will there be a League of Nations three?”. I guess

[1] The US made it abundantly clear over the years that their attitude was “do as we say, and STFU”. The US has been consistantly the worst “payer of dues” to the UN, yet bitches about others not paying their dues to US led organisations like NATO. Further the US regularly break all treaties they have signed with regards to international law. As we are talking about “evidence” and “chain of evidence” and by implication a defendants rights, a prime example of US treaty breaking in more current times was the Iraq WMD submission. The Iraq submition over US WMD accusations to the UN was covered fully by the rules of diplomatic convention, that the US had signed up to. The US however decided that they had “divine right” / “power transcends all”, and intercepted and very publicaly grabbed the diplomatic pouch and it’s contents by force. Which was technicaly “a first act of war”. Yet the UN did little but vacillate…

r August 3, 2016 10:43 PM

Correction,

Article 13 of the Lisbon Treaty is irrelavent:

http://www.lisbon-treaty.org/wcm/the-lisbon-treaty/treaty-on-european-union-and-comments/title-3-provisions-on-the-institutions/90-article-13.html

Brexit requires article 50.

http://www.lisbon-treaty.org/wcm/the-lisbon-treaty/treaty-on-european-union-and-comments/title-6-final-provisions/137-article-50.html

Whatever could Mr. Bay of Pigs be referencing?

Is it minable? Was it a freudianslip or a failure to identify the proper protocol?

Anon10 August 3, 2016 11:17 PM

@Clive

Your analysis just goes to show why it would be bonkers for the US to follow Dirk’s suggestion and bring any real national security issues before the UN, and completely bonkers to do so if the other alleged party was also a P5 member.

Clive Robinson August 4, 2016 1:02 AM

@ Zd,

… And I’m not talking about the DNS hack here, I’m talking about ANY cyberattack? Any technical evidence could be easily faked.

You need to insert the word “intangible” before “technical evidence” for your statment to be true.

A significant and growing problem –and one I mention from time to time– is that tangible or physical object assumptions do not apply to intangible informational objects.

It’s why the assumptions we think of as “rules of nature” we have developed by experience in our physical world fail unexpectedly.

Informational objects have no physicality, thus they can be copied at near zero cost as frequently as required and just about any where at any time as the cost of transmitting them is again near zero cost. Likewise making any changes to them at any time at any place has near zero cost.

The reason there is some cost, is that we have no way to store, transmit or use informational objects as physical beings without them being impressed or modulated onto matter or it’s equivalent energy.

This gives us some weird issues, in that we can usually tell if a copy has been subsiquently modified after copying as that causes identifiable physical changes. But can not tell what order copies are made in, thus which is the “original” from which is a “copy” of it.

Thus you can change an information object and it’s underlying physical object will bare testiment to the changes. But if you then copy it’s information to another physical object, the copies underlying physical object will not show the changes. Thus you now have two information objects, one that shows physical evidence of changes and one that does not, but you can not tell which was the original and which is the copy. Thus although you can undo the changes you can not tell if you have the original “information” or not…

Thus you can not trust any information object you are given is an original or not. Which in turn means you can not verify who is or is not telling the truth.

Which is why I get anoyed with the stupidity of people who insist that intangible cyber-attacks should be responded to by tangible physical attacks.

Unfortunately the leaders of the US are insisting on this “stupidity” why I don’t know. But US citizens because they have either not had the stupidity explained to them, or have not realised it exists are beginning to support the physical response stupidity of their leaders. It is thus very likely to end badly at some point in the near future.

r August 4, 2016 1:38 AM

@Clive,

I had something much bigger written out, but then I realized that somebody is onto me.

Probably related to those two letters Mr. Commie sent me, no big deal.

But I do have something smaller for you to digest:

The United States has been trolled, I mean that literally.

Remember those non-Russian Russian soldiers in Ukraine? I’m willing to bet it’s the same idea. Only these guys are ultra amateur, they should really stay out of the spy business as they’re starting to look like some of the Chinese skids. I’ll try to reformulate tomorrow, but have a good long look at the non-US trolls.

Look at the evidense involving this, at the evidense involving Turkey (the coup), at the fact the airport in Turkey was bombed by a Russian a Chechan and somebody else, at the airplane in Egypt. This is a huge disinformation campaign and for as hard as these trolls are pushing the CIA being involved in Maidam Square, I’m willing to bet that was their doing too. There was a small phone leak involved around that, there was the pre-Brexit political doxxing of Mr. Blair which at least one thinktank surmises might’ve been Russian orchestrated and then there’s this. Watch the trolls man, they’re skids and they’re sopping data. You and I both know China has been using civvies for a while. We all know where AK’s are coming into the European market from.

Grauhut August 4, 2016 3:38 AM

@Anon10: “You have to follow the timeline.”

And you have to follow the timeline and the money! 😀

The US subversion work in Ukraine took 25 years.

“Since Ukraine’s independence in 1991, the United States has supported Ukrainians as they build democratic skills and institutions, as they promote civic participation and good governance, all of which are preconditions for Ukraine to achieve its European aspirations. We’ve invested over $5 billion to assist Ukraine in these and other goals that will ensure a secure and prosperous and democratic Ukraine.”
(V. Nuland)

http://www.state.gov/p/eur/rls/rm/2013/dec/218804.htm

https://www.youtube.com/watch?v=U2fYcHLouXY

Dirk Praet August 4, 2016 4:01 AM

@ Anon10

Your analysis just goes to show why it would be bonkers for the US to follow Dirk’s suggestion and bring any real national security issues before the UN

It only is so because of the US’s own refusal to empower the UN and the UNSC to be the international arbiters they were originally meant to be, so you really don’t get to use this argument. Something similar can be said about the ICJ and the ICC. Many nations would like to see it differently. The same goes for Russia, by the way, and before I get accused of sockpuppetry again.

The US and EU came late to the party, after the critical events had already happened.

Actually, no. Victoria Nuland herself at some conference in December 2013 publically stated that the US had invested “more than $5 billion and five years worth of work and preparation” in achieving what she called Ukraine’s “European aspirations”.

@ r

Whatever could Mr. Bay of Pigs be referencing?

NATO Article 13 is about a state abandonning its NATO membership. I guess he’s alluding to Turkey pulling out of NATO because of alleged US complicity in the failed coup.

… there was the pre-Brexit political doxxing of Mr. Blair …

Probably the most futile doxxing effort in the history of doxxing. By then, everyone already knew Mr. Blair for the crook he was. Short of calling for a public hanging, the Chilcot report only confirmed that.

fajensen August 4, 2016 5:27 AM

@r:
And they’re all epousing our leaders are corrupt? Are you even sure they can read the new york times?

Better The Wall Street Journal: http://www.wsj.com/articles/the-clinton-foundation-state-and-kremlin-connections-1469997195

Hill is a shill for Russian oligarchs, Middle East dictators and whoever else pays the Clinton Foundation. That is real, effective-in-life-ouside-of-academic-papers, “Hacking the Vote”-stuff: That if you don’t pay for services rendered, what/who was voted on won’t matter at all!

Clive Robinson August 4, 2016 6:07 AM

@ Wael,

Is! He hasn’t recovered from crookedness

Nor is he dead… Which hopefully time will fix sooner rather than later, but his evil and crookedness will live on even then into infamy[1].

But there will be a difference between Mark Antony’s speech about Ceaser, there will be no “goodness” to be interned with the Blair bones, and nobodies heart will be in the coffin with him. Thus rather than sarcastic rhetoric to rouse a crowd the first few lines of the speech Shakespear wrote will be seen as prophetic. However, I suspect that the Blair will will not be read in public either, as it will show what Blair has attempted to keep hidden, the rewards of his crookedness.

[1] Speaking of Ceaser and infamy, there is the classic line from “Carry on Cleo” camply given by Kenneth Williams of “Infamy, infamy they all have it in for me”, in Blair’s case, “never a truer word spoken in jest”.

r August 4, 2016 8:23 AM

I don’t know what to say, Russia is the saviour of the free world.

America did it, I must bee a paranoid schitzophenic.

Wow. I can see the light (and the red carpet), thank you guys!

Tourist in Hell's Kitchen August 4, 2016 9:22 AM

@r

So, you’re going to throw your mouth in the ring – but not your name either.

Pot, meet Mr. Kettle.

r August 4, 2016 9:32 AM

@Tourist,

Yeah the irony there does not escape me, but that is not what I intended:

It was to put light to Russia/NSA not weighing in outside of denial or silence, so your point is pretty well moot as it isn’t supposed to qualify for civvy’s.

r August 4, 2016 11:25 AM

@BlackListed,

There ya go, tip a potentially paranoid schitzophenic old-crow over the edge with a guilt trip. Do you have any proof? I will not take these allegations of mass subversion SITTING DOWN – where’s my stand-up desk? I hacked the vote, I hacked github (not the no-name in seattle), I’m currently hacking NATO and the DNC now. Why not? I just finished the FDIC, Singapore was a joke, I hacked good ol’ Dirk Praet’s free will and opinion slot, I even made the turk’s QQ.

I drop planes out of the air on a bad day with a good laugh, ask the trolls – they’ve got all the answers.

Root root root for the home team, root root root for the art!
I’ve got me some free shells and cracker-jack,
I don’t care if the owner’s get back, I’m going to…

Dirk Praet August 4, 2016 11:57 AM

@ r

… I drop planes out of the air on a bad day with a good laugh …

There’s no reason to panic. You’ll feel better tomorrow. I remember going through similar emotions the day I was told Santaclaus wasn’t real or at that very drunk party where I french-kissed this gorgeous babe who turned out to be a transvestite.

CYBERGENOCIDE AGAINST HUMANNITY!!! August 4, 2016 12:06 PM

Act of aggression. Bruce here delivers MILSPEC bullshit, which is calling random stuff an act of aggression without having the faintest idea what the definition of aggression says. Normally only military pukes are stupid enough to pull it off with a straight face. If Bruce was explaining the OPM hack to you and he said the Chinese penetrated the federal ENIAC with a Trojan ENZ, you’d say, get lost, you moron, and stop taking him seriously. Guess he thinks you don’t know that you could put aggression into goggle.

Of course, forcible interference with sovereignty or political independence is not unheard of here. Only it’s CIA that does it. Thane Eugene Cesar blew RFK’s brains out for CIA. After brain-damaged palooka Gerald Ford convincingly played dumb on the Warren commission to hide that CIA murder, various CIA lone nuts plinked at him to unelect him in case he spilled the beans. CIA made a dumb but serviceable ninja of Arthur Bremer to take care of Wallace. Bush I changed presidential succession procedures while his family friend John Hinckley shot Reagan, then tried to bring him to the White House instead of the hospital so the old vegetable could bleed out in peace. Big chicken Zainelabdeen Ibrahim Omer was unfortunately even lamer than Bremer or Hinckley, but it’s the thought that counts.

And now it’s Trump’s turn. Stalked by a dead guy. Now that is cool.

http://getoffthebs.com/deceased-fbi-agent-found-trump-tower-silenced-pistol/
http://www.lehighvalleylive.com/breaking-news/index.ssf/2013/02/missteps_confusion_reigned_as.html

Wael August 4, 2016 1:32 PM

@Clive Robinson,

Which hopefully time will fix sooner rather than later, but his evil and crookedness will live

From your lips to the ears of the nth parallel universe 😉

Grauhut August 4, 2016 3:36 PM

@r: “I don’t know what to say, Russia is the saviour of the free world.”

Of cause they are not! 😀

Think about this: Does it make a difference for me if a hacker drops a trojan on my pc or if a software producer does this beside an installation, allowance deeply burried in some miles long licence crap pages nobody reads?

For me it doesn’t. And its the same with one country influencing another countries elections.

All that tribal stone age “right or wrong, my country” exceptionalistic bullsh*t doesnt make something better.

Trust me, if the Russians would fund a zapatist revolution in Mexico, the US would do the same the Russians did with Ukraine. And i would understand it. As i understand the Russians. If you ignore a nuke powered states interests, they will all react the same way.

One better than the other? I don’t think so.

r August 4, 2016 4:24 PM

@Grauhut,

I give up, no more world police I guess.

I for one vote that we mine, not man the Mexican border. There’s not really a more effective deterent available – and there’s very little upkeep – mine fields persist far longer than mere walls.

Mr. Trump, here I come.

@Wail, ColorMeLateForSupper, Rebecca Hardon, etc

Get off Mr. Trumps lawn, his orders are to shutdown the internet. And please, don’t let the door hit ya where the good lord split ya because…

We just installed it.

@All,

Oh yeah, since encryption is (not) used by terrorists – you’re all under investigation for violating international arms treaties. You’re going to lose your right to vacate this shithole when you’re a felon. The NSA has been watching Mr. Bruce and fiends for years, each and every last one of you are known knowns.

r August 4, 2016 5:21 PM

@Grauhut,

Are we at an empasse over the wrong emphasis?

the world policing
— or? —
policing the world

(Insincerity speaking here, but all in the name of great (not good) fun)

I don’t like the tone of your voice, do we have any extra-extra-dition or extra-intra-dition or inter-diction treaties in this case for Mr. Grauhut? I think we (US) do. Do we need them? Really? He’s already admitted to being some sort of network administrator the other day, that’s more than good enough.

I’m sure once the free loading Mexicans are expunged, the terrorist bank haters, Muslims and Blacks all have had their hands occupied (or arms2 removed) with less vocal[ization] – maybe, more vocational tasks – there wont be too many more barriers left to stand in our way for the headliner this fall. Let’s get on that escalator. Mr. Obama will be stepping down to a soda mist pig, it’s a real step up if you ask me. He’s not afraid to stick his tounge in your face, you know all Gene Simmons like. Women will know their place in this world, to be bought – as wives – and slandered – and slammed2 properly – and to be put on show at the RNC. TO BE PRESIDED OVER. What’s that? The DNC will stop them? They’re too liberal with their security. Their itch for capitalism and non-conservative things was their undoing (handshakes behind closed doors and all that congressional bathroom stuff). I’ll tell you what, you can do me a favor Mr. Grauhut… You can give me the names of everyone you know and speak to, and then the names of everyone they know and speak to… and then the names of everyone they know and speak too. I promise I’ll look the other way when your name comes up, maybe we (US) can buy you a new zuit.

About the 28 pages of redactions, do you think any of that matters when the Trumpette’s sound? Do you think they wont be as quick and as rash as their glorious leader? Do you think it wont be business as usual leading a sitting president around by his nose to maybe Iraq, or Miss Lewinsky? They’re play things and believe me when we tell you that we like em dumb and entertainable.

Wael August 4, 2016 5:35 PM

@r,

@Wail

Are you testing to see if I read everything?

don’t let the door hit ya where the good lord split ya

Funny expression, first time I hear it 🙂

mine fields persist far longer than mere walls.

By all means! Proverbs 26:27

@Dirk Praet,

this gorgeous babe who turned out to be a transvestite.

You need to watch “The Philadelphia Experiment”. It’s based on a true story, and has a relevant seen to your experience.

Anon10 August 4, 2016 6:18 PM

@dirk

Why don’t you provide the full quote from Victoria Nuland:
Since Ukraine’s independence in 1991, the United States has supported Ukrainians as they build democratic skills and institutions, as they promote civic participation and good governance, all of which are preconditions for Ukraine to achieve its European aspirations. We’ve invested over $5 billion to assist Ukraine in these and other goals that will ensure a secure and prosperous and democratic Ukraine.

Supporting a democratic Ukraine doesn’t mean removing Yanukovych, unless you believe that Yanukovych was an opponent of democracy or that Yanukovych was never democratically elected. I’m really at a loss as to what you think your quote proves.

Grauhut August 4, 2016 6:19 PM

@Poor little r: “I don’t like the tone of your voice”

Its not the tone, you dislike the content. You know its true and that hurts, right?

You know the rules, you pull a content free ad hominem, i win. 🙂

“You can give me the names of everyone you know and speak to, and then the names of everyone they know and speak to… and then the names of everyone they know and speak too.”

Quid pro quo, your list first!

And no, i am not so much a network admin, its more architectural work. I am just a well educated old fart proud of still being able to show juvenile network scrum bags with my keyboard, screwdriver and soldering iron (if needed) what agile hacking really means, if a job can not wait. 🙂

Grauhut August 4, 2016 6:23 PM

@Anon10: “Supporting a democratic Ukraine doesn’t mean removing Yanukovych, unless you believe that Yanukovych was an opponent of democracy”

Yanukovych was an example for “and other goals”! 🙂

Clive Robinson August 4, 2016 9:00 PM

@ Wael,

From your lips to the ears…

Shush, you hush them lips of yourn lest you give “them” ideas 😉

Sooner was a funny old –world– word even before those “dam Yankees” “crooked” it a bit more… So,

    I’d sooner not say, but sooner or later those thieving Sooners will be running the US.

Oh… shall I bring this to your attention or @Dirk’s,

It’s based on a true story, and has a relevant seen to your experience

Yes it’s mean of me, given the bloopers I drop from time to time, but some excuse for a Jonny come lately libertine rattled my cage the other day, so I’m “sharing the love” from that other more well known child of the sixties counter culture 😉

r August 4, 2016 9:23 PM

@Wael,

Nice like to the early expression of what happens to retaining walls.

First, we will build one for Mexico – then as global warming advances – Canada will erect one for us. The irony of the proverb is not lost on me, thanks.

Mark August 4, 2016 9:50 PM

@ r, “Mr. Trump, here I come.”

The Wall may be more problematic than it seems. Where else can we hire cheap, un-insured labor? We know the Canadians aren’t coming over here to flip burgers, the second generation Mexican immigrants who just got their Harvard degrees aren’t going to mow your lawn, the Indians here on visa aren’t allowed to scan your grocery at Wallmart, etc. etc.

So, who’s going to do all the wet work, Americans?

Mark August 4, 2016 10:05 PM

@ Zd, “… And I’m not talking about the DNS hack here, I’m talking about ANY cyberattack? Any technical evidence could be easily faked.”

If you believe in gaining the moral high ground, then military actions are always “reactionary” or “pre-emptive” (ahem Rumsfeld?). Thus, the top notch houses trumps with ex-mil dudes running the show, because justification is their prime game, and if anything is found of “intelligence” value then it’s most probably kept a “secret” — the kind of “consultants” a politically-sensitive client would love. History is written…

@ Grauhut, “And you have to follow …. the money!”

There’s only be one place at the end of the money trail, the source of all monies.

r August 5, 2016 12:15 AM

@Mark,

“So, who’s going to do all the wet work, Americans?”

You figured that out just now, all by yourself? Are you an American?

I’ve been saying that for years, it’s part of my speil about ‘murder making the world go round’ and there only being police, ambulance drivers, hospitals and the cough food service industries. Hookers not excluded of course, but they’re technically off the books anyways.

Our jobs are going over seas, the public school system is failing and the “school of choice” vouchers aren’t helping it in the least, we’re getting fat, lazy, disgruntled (think pigs(hogs/swine not cops)), all our gold is being bought up – and if they take all our weapons then our ammo stores are practically worthless after a collapse.

We’re threatened into signing non-compete agreements and then fired from walmart, does that mean I can’t sell food anywhere? (depends on how it’s worded)(walmart sells everything).

Shit, we’re even being forced to train our replacements – my method on that one is train them to form unions. Train them to put up pro union signs around the office, take your shoes off, laugh at the idiots in third floor acounting, trip people walking into/out-of/by the elevators, general office disruption shit – you know.

My job is particularly hard, I have a hard time getting my spit wads to accurately hit people 3 cubicles down. But do I try.

Disney and time constrained parents involved in the modern culture are mass breeding 14 year olds from 14 year olds from 14 year olds, it’s a nation of kids raising kids. Maybe people like Peter Thiel are okay with that:

http://gawker.com/peter-thiel-is-interested-in-harvesting-the-blood-of-th-1784649830

But I’m not, it stresses me out something fierce.

If this keeps up we wont have any choice but to invest in genetic engineering and test tube children (think matrix). Our population will be completely infiltrated by HERVS AIDS HERPES and HPV, shoot – even our old people are doing it doggy these days… My ex-father-in-law has a fascination with retired hookers (30yr olds) who don’t mind sharing Hepatitis C.

Anyways, just like pb (not peanut butter @bumblebee) I liken it to a socioeconomic experiment on drugs (roofies likely, as no one seems to notice)(but I’m sure that’s in the drinking water too)(have any of you ever noticed Evian is Naive backwards?)(it’s even made by the french). It really feels like we’re intentionally breeding morons out here, the area I live in like 40% of the population can’t read past the 4th grade level. When I got here in 3rd grade I was in their 11th grade level and as you all know: I’m far from some super star.

Egad! I almost forgot, I have to vote for McCafee this year.

Move over Trump and Sanders, we’ve got a real man to elect.

He’s pro drugs, pro money, pro escalation, pro philanderer – just try to find a better package. I think he’s even invented some things…

In retrospect, he’s probably invented a great many things.

r August 5, 2016 12:18 AM

@Mark,

Do you know what stress is an indicator of?

STRESS.

Did you know that ‘worry warts’ are real and that they are actually contagious?

Dirk Praet August 5, 2016 3:31 AM

@ Anon10

I’m really at a loss as to what you think your quote proves.

Both the full and abbreviated quote show that there’s something not entirely correct about your statement that “the US and EU came late to the party, after the critical events had already happened”. As @Grauhut pointed out too, even POTUS admitted it.

Now whereas at face value Mrs. Nuland’s words sound quite innocuous, most political analysts know that when a US official talks about actively supporting democracy in a country where an unfriendly government is in charge, than he/she actually means that said country has been targeted for regime change through both overt and covert channels. Examples a plenty. And QED.

When back in the days our own conquistadores and their overlords talked about bringing the word of Christ to remote and magnificent lands, everybody also kinda knew that what they really meant was to invade by force, pillage the resources and enslave the population.

Mark August 5, 2016 10:31 AM

@ r , “In retrospect, he’s probably invented a great many things.”

Virus Scanner was a rather interesting “invention,” if you think about it. I have to respect people who put their own names on both their products and their company, and you already know who I’m voting for.

Mark August 5, 2016 10:56 AM

@ r, “You figured that out just now, all by yourself? Are you an American?”

Labor scarcity isn’t exclusively an American problem, so I’m not so sure where your question came from. As technology advance, people acquire skills which lead to comfortable, rewarding careers, and they demand not only better salaries, but also perks. This leads to a void in low end labor, especially in smaller businesses who cannot negotiate with/against rent-seekers from the insurance industry. So, traditionally you solve this problem by either infusing low-skilled illegals, that you turn a blind eye to, or issueing visa to high-skilled workers who are willing to work for pennies on the dollar but that you must pay rent for, to the rent-seekers.

“Shit, we’re even being forced to train our replacements”

I don’t quite understand your qualms because someone else had trained you into your job, so as long as we get paid for, we are obliged to do the same. Forming a union, that’s another story, but unions are in essence democracy in its purest form, mob rule, which is what we have in sincereity.

rover August 5, 2016 11:44 AM

In response to Mike Morrell’s endorsement of HRC, “standing up to Russian aggression is going to be really different under a Trump-Pence administration.” — Mike Pence

That’s what we’re afraid of.

I’ve ragged on MM’s BS rhetoric in the news on encryption etc, but will take his endorsement. I fully expect HRC to be no different than Obama or W on the subject of encryption and mass surveillance and end runs around the cConstitution, but they weren’t insane, vindictive, and easily played with flattery like Trump.

r August 5, 2016 3:06 PM

@Mark,

“I don’t quite understand your qualms because someone else had trained you into your job, so as long as we get paid for, we are obliged to do the same.”

The way I understand the current situation, ethically and realistically: is that the people being required to train their foreign replacements had no choice in the matter. They did not ask to leave. They’re not leaving what was once a seemingly secure job for better prospects, they are not moving on with certainty. They’re just being told to train your replacements or die. The company just gives them notice that it’s replacing them – and if they want to get any shot at a severance package they’d better suck it up. Personally, I think you guys by endorsing that kind’ve activity to such a casual degree is going to come back to bite you. In some cases, if not all cases: let’s hope it does.

Maybe there’s an extra layer to this I’m not seeing, maybe you’re forcing them to train foreign replacements this time – but next time those replacements will be training an AI. I’m sure that would cause considerably more uproar if it was applied directly to American jobs.

Skeptical August 5, 2016 3:42 PM

@Dirk: The party that would play ball at least would hold the moral high ground, while still fully capable and entitled to explore a commensurate reply behind the scenes.

In certain circumstances, the gesture would be useful, though the limits on what evidence could be introduced and the complexity of such evidence might also limit the effectiveness of the gesture. Here, however, I don’t think the offending act by itself merits such a step.

The objective here is to indicate that operations such as these cross the line from forms of espionage and propaganda that have predictable and accepted consequences, to a form of offensive interference where the US interest weighs in favor of escalation to limit further such attempts.

In part this may be a perception problem. Those who green-lighted the information offensive may have viewed this as more of the same, or have calculated that the US response would be within tolerable bounds (i.e. bounds such that the value of the operation is worth the cost if it is compromised).

However it’s not. Communicating that may require a frank discussion with the Russian Government – but that conversation cannot be had until the US has made a determination as to attribution and as to its strategy.

Introducing the issue to the UN complicates matters by heightening the aspect of Russia “losing face” and by increasing the number of audiences to which messages must be addressed.

The best outcome here is this: a mutual understanding is reached that such operations will result in a response that renders such operations unwise. I’m not sure that outcome can be reached without a US response that attaches such a price tag to the Russian operation.

I also – granted from the position of someone who knows nothing more than what he reads in the newspapers – wonder just how coordinated Russia’s information operations against the United States are. How much of what we’ve seen over the last couple of years is part of an integrated strategy? It’s just speculation, wild speculation, but some of it… the degree to which Wikileaks, and some of those associated, would be susceptible to compromise by a foreign intelligence agency, especially given what we’ve learned about the behavior of some of those associated, the timing of many of the leaks… it would fit the specs of someone who wanted a grand strategy aimed at rolling back US influence, who knew that military competition was not viable, who supposed the point of vulnerability for the US lay in the uncontrolled nature of its press and politics.

If you’re denying that there is any cold war rhetoric going on in the US then I am obviously reading different US MSM than you are.

The Cold War was characterized by a mostly bipolar, ideologically driven conflict in the framework of MAD between the Soviet Union and the US and allies.

Criticism of Russia does not qualify as “Cold War rhetoric” merely because it is critical of Russia.

antiRussian August 5, 2016 4:17 PM

Bruce Schneier:
Russia has attacked the US in cyberspace in an attempt to influence our national election

And how do they know it’s actually Russia and not e.g.

<

ul>

  • Western operatives working in Russia. It’s not that hard to create “Russian looking” work habits (what-ever that means to those “experts”)
  • Russian hacking team(s) paid by Western interests
  • Hacking team(s) operated by a third party, such as some anti-Russian interest (e.g. ISIL, Ukraine, etc)

    • <

    ul>

    Grauhut August 5, 2016 4:46 PM

    @antiRussian: “Western operatives working in Russia. It’s not that hard to create “Russian looking” work habits (what-ever that means to those “experts”)”

    Why “western operatives”, why not MIC payed cyber-mercenaries?

    I dont think any western government would create such a cyber soap. And i dont think the Russian intelligence community is brain dead enough to point with 10 fingers on themselfs.

    I think what we see in the DNC case is a strange form of security marketing. Not enough Tomahawks fired these days to run profitable enough. Big.int business trying to generate more cashflow, something like that. And of cause some redneck military members looking for a good war to aquire some more stars.

    This is not state policy, just business.

    Anon10 August 5, 2016 5:33 PM

    @dirk

    Your spin on the Nuland quote is beyond ridiculous. As for the POTUS quote that Grauhut referenced, he got the causality exactly backwards. Yanukovych wasn’t removed from power because he negotiated with the international community. He agreed to negotiate with the international community because there was a popular uprising, which was obviously going to remove him from power.

    r August 5, 2016 5:34 PM

    @Grauhut,

    You bet it’s just business.

    Subsidized trolling, just like in China. Thankfully those farms are seemingly winding down, maybe Russia has repurposed them or their tech – the X-Tunnel malware does have a Chinese variant.

    Grauhut August 5, 2016 6:42 PM

    @r: “Chinese Variant”

    Xtunnel (a piece of SIP softphone tech from the internet stone age) was the firewall piercer in XLite, a wide spread softphone from chinese corp XTen (copied from a late open source version).

    Nothing special, just a function clone of the firewall piercing tech in Skype. It made XLite famous as the only known SIP software working nearly everywhere in these good ole days.

    Skype, the master piercers, are owned by Microsoft now, maybe Billy Gates hates HRC, who knows? 😀

    Mark August 7, 2016 12:13 AM

    @ r, “Maybe there’s an extra layer to this I’m not seeing, maybe you’re forcing them to train foreign replacements this time – but next time those replacements will be training an AI.”

    Welp, maybe next time the foreign replacements will be training you.

    We all signed on to Corporatism, and it’s at its finest hour as we type. To have reach beyond borders, corporations have become global. The concept of “foreign” has been blurred beyond recognition. I honestly don’t know which of my colleagues have my best interest at heart, the domestic ones or the H1B dude.

    I’ve been in the position where I trained, learned something from, and worked with my replacement at a job, only to see him leave for the big bucks after many years of loyal work. The turnover rates have grown, and loyalty runs thin, on both domestically and foriegn fronts.

    MarkH August 7, 2016 12:42 PM

    To believe in chemtrails, it is necessary to be pig-ignorant about transport aircraft and their operations.

    To believe that the buildings of the World Trade Center collapsed due to controlled demolition, it is necessary to be pig-ignorant concerning the civil engineering techniques of structure demolition.

    To believe that the HAARP facility manipulates Earth’s weather or causes earthquakes, it is necessary to be pig-ignorant of basic physics, geophysics, and meteorology.

    To believe that the 2014 revolution in Ukraine was somehow originated or directed by any Western state(s), it is necessary to be pig-ignorant of the politics and its international relations of Ukraine.

    Welcome to the tinfoil hat brigade!!!

    PS I agree with one facet of the nutters’ thesis: there is one foreign state which has consistently made malign interventions in Ukrainian affairs, and continues so to do.

    Grauhut August 8, 2016 12:52 AM

    @MarkH: “To believe that the 2014 revolution in Ukraine was somehow originated or directed by any Western state(s), it is necessary to be pig-ignorant of the politics and its international relations of Ukraine.”

    Welcome to reality and ask Woolsey about details! 😀

    The revolution in Ukraine followed the OTPOR / CANVAS scheme, the instant revolution system that brought down Milosevich (under another Clinton).

    https://web.archive.org/web/20070116153809/http://www.ferdeggan.net/sitebuildercontent/sitebuilderfiles/60to69.pdf

    “CANVAS’ training and methodology has been successfully applied by groups in Georgia (2003), Ukraine (2004), Lebanon (2005), The Maldives (2008), Egypt (2011), Syria (2011) and Ukraine(2014)”

    https://en.wikipedia.org/wiki/Centre_for_Applied_Nonviolent_Action_and_Strategies

    OTPOR / CANVAS is financed by: National Endowment for Democracy (NED), National Democratic Institute (NDI), International Republican Institute (IRI), Freedom House, Open Society Institute International Renaissance Foundation, Committee on the Present Danger (CPD)…

    https://translate.google.com/translate?sl=de&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fde.wikipedia.org%2Fwiki%2FOtpor!%23Finanzierung&edit-text=&act=url

    The US government payed for this relvolutionary party over decades:

    “Since Ukraine’s independence in 1991, the United States has supported Ukrainians as they build democratic skills and institutions, as they promote civic participation and good governance, all of which are preconditions for Ukraine to achieve its European aspirations. We’ve invested over $5 billion to assist Ukraine in these and other goals that will ensure a secure and prosperous and democratic Ukraine.”
    (V. Nuland)

    http://www.state.gov/p/eur/rls/rm/2013/dec/218804.htm
    https://www.youtube.com/watch?v=U2fYcHLouXY

    And Obama finally kicked out the elected president of the Ukraine:

    Obama: “Mr. Putin made this decision around Crimea and Ukraine – not because of some grand strategy, but essentially because he was caught off-balance by the protests in the Maidan and Yanukovych then fleeing after we had brokered a deal to transition power in Ukraine”

    http://cnnpressroom.blogs.cnn.com/2015/02/01/pres-obama-on-fareed-zakaria-gps-cnn-exclusive/

    What more does someone like you need @MarkH? 😉

    Wael August 8, 2016 3:53 AM

    @MarkH,

    I’m getting far afield

    Maybe, maybe not. I don’t know.

    Why do you have to bring 9/11 into this, especially when your evidence is based on dismissive labeling and name-calling? It would have been more appropriate to bring something like Area 51 and UFOs — serves your argument better, without introducing ancillary debatable topics… Unless that’s your intention… I’ll take a small bite!

    To believe that the buildings of the World Trade Center collapsed due to controlled demolition, it is necessary to be pig-ignorant concerning the civil engineering techniques of structure demolition.

    Strange! Pig-ignorant nutters are presenting a cohesive, scientific, evidence based narrative. The way to counter that is by presenting a more cohesive, more scientifically accurate, evidence based factual story, I would think.

    And 2200 pig-ignorant nutters (I mean Architects and engineers, high-rise and demolition subject matter experts) see it differently.

    By the way, I’m not saying I believe this or that. I’m only evaluating the evidence publicly presented and debated by all sides. Perhaps, in your eyes, that makes me a nutter as well. But You know what I think is amusing? The black boxes of the two planes were never found, presumably incinerated, but two hijacker’s passports were found intact! On top of the burning ruble, mind you! I got an idea to patent: construct black boxes out of passport papers and stick them in the cockpit — oh, don’t forget to use passport paper made out of middle-eastern paper; the most robust material one can find!

    War is Peace
    Freedom is Slavery
    Ignorance is Strength

    Bullsheeeeet 😉

    de La Boetie August 9, 2016 4:13 AM

    Glen Greenwald has published this:

    https://theintercept.com/2016/08/08/dems-tactic-of-accusing-adversaries-of-kremlin-ties-and-russia-sympathies-has-long-history-in-us/?comments=1#comments

    which, I think, illustrates why Bruce’s foray into this was unwise. Happens to us all, the politician’s spin goes in under the radar, scrambling otherwise rational people, and causing them to be less sceptical than the situation cries out for.

    It also seems to have influenced those here who accuse those of different views to themselves as sock-puppetry. Strange, because at least some of us don’t come from the US, and view both the “main” presidential candidates with dismay, along with Russia.

    Clive Robinson August 9, 2016 5:04 AM

    @ de La Boetie,

    It also seems to have influenced those here who accuse those of different views to themselves as sock-puppetry.

    It also stopped rational debate over the actual security issues.

    Some of us (from Europe) pointed out that what had been presented as “damming evidence” of Russian involvment, was nothing of the sort. In that it was neither damming or more importantly evidence.

    Which makes it very scary when the US is trying to claim what is simple espionage / vandalism is in effect first strike thus illegal warfare subject to unlimited kinetic or WMD response.

    Yet the US is known to be one of the worst offenders in such espionage, but having been caught with their fingers in the cookie jar, they try to make a distinguisher between political and economic espionage to try to claim some moral high ground for the home audience… Some might call this hypocrisy whilst others might be more profane about it.

    As I and others have more tactfully pointed out, we are not in the slightest bit interested in ruffled feathers on a grounded eagle what we are interested in is not getting caught in some “pissing contest” between two super powers which the likes of the MIC etc only see profit in.

    As such “extrodinary claims” need to be backed by “extrodinary evidence” not a load of baseless mumbo jumbo from associated members of the MIC and their hangers on.

    Dirk Praet August 9, 2016 7:24 AM

    @ MarkH

    To believe that the 2014 revolution in Ukraine was somehow originated or directed by any Western state(s), it is necessary to be pig-ignorant of the politics and its international relations of Ukraine.

    To ignore that the US was very involved both before and during the coup while American officials, including POTUS, publicly admit they were “supporting democratic forces” and “brokering a deal”, in essence boils down to willfully being in denial about what went down there.

    r August 9, 2016 5:13 PM

    @Mark,

    I don’t care who trains me really, let’s see…

    Spain, Russia, more than a couple AC’ers from Arizona and Texas including one punch card coder, one very special man from Microsoft – really an international conglomerate of pre-open-source fanboi open-sourcerers.

    Reversers and Researchers are much an international crowd, much to the dismay of control freaks everywhere I might add.

    The people that tried to ‘train’ me locally, tried through brutal submission.

    Hence, me.

    Maybe I did learn a little something from them, it certainly wasn’t what they were trying to teach me though. It seems I just don’t learn through the same methods as most American children, I’m not big on the whole ‘do this or I’m going to beat your little nerd ass’. So maybe I’m (more than?) a little reactive and para-no-id but: my hearts in the right place.

    One thing, I did pick up from the hillbillys – was an uncanny knack to hear what is not being said. I can usually smell bullshit when it’s not “in my face”, it’s odd.

    @Wael,

    “I got an idea to patent: construct black boxes out of passport papers and stick them in the cockpit”

    I would like to get in on that as early as possible.

    Anon10 August 9, 2016 6:08 PM

    @Mark

    You really need to stop arguing with Dirk and Grauhut. Their assertion that “supporting democratic forces” equals orchestrating a coup proves that they’re either in total denial or Russian plants.

    Grauhut August 10, 2016 3:21 PM

    @Anon10: “Their assertion that “supporting democratic forces” equals orchestrating a coup proves that they’re either in total denial or Russian plants.”

    Yanukovich was a freely elected head of state in a democracy, not a dictator.

    And your “supported democratic forces” in that revolution were mostly fascists. And now?

    https://en.wikipedia.org/wiki/Svoboda_(political_party)
    https://en.wikipedia.org/wiki/Right_Sector

    And by the way, according to an Assange interview, it looks like the dnc hack was an inside job by a dead DNC sysadmin, Seth Rich. No evil Russians needed. 😉

    youtube.com/watch?v=Kp7FkLBRpKg

    Assange: Whistleblowers go to significant efforts to get us material and often significant risks. There was a 27-year old that works for the DNC who was shot in the back… murdered.. for unknown reasons as he was walking down the street in Washington.

    Host: That was just a robbery wasn’t it?

    Assange: No. There’s no finding.

    Host: What are you suggesting?

    Assange: I am suggesting that our sources take risks and they become concerned to see things occurring like that.

    Host: But was he one of your sources, then?

    Assange: We don’t comment on who our sources are.

    Host: But why make the suggestion?

    Assange: Because we have to understand how high the stakes are in the United States and that our sources face serious risks… that’s why they come to us so we can protect their anonymity.

    Peter August 14, 2016 7:45 AM

    Mr. Schneier, do you have any hard evidence for your claim about “russian” hacking ?
    And why do you worry about voting-machines and the internets when all you need to worry about is the diebold-dude with a reset-the-counter code and a candidates Governor-brother ?
    Or are you just talking FUD-BS, now that you have joined T.O.R , yet another TLA ?

    ab praeceptis August 16, 2016 2:45 AM

    As I’m not ready to think that Bruce Schneier has suddenly lost his brains and professionality I have to assume there’s another – and well intended – reason for this ridiculous attribution attack.

    Here is my hypothesis:

    Bruce Schneier has been trying to create attention to security issues since a long time. And, frankly, he widely failed. Not because his attempts were weak or poor but because the vast majority of addressees seems to consider security to be something one can buy at symantec and other snake oil businesses.

    Attention, however, is quickly and forcefully gained when there is some vulgar and very simply structured connected to it – like “Russia hacked dnc!”.

    It is my assumption that Bruce Schneier somewhat desperately tried to make use of that phaenomenon. After all, trying to push people to care about security is a rather hard undertaking with little and rare success. And he must not (and can not afford to) care so much about why they pay attention, if only they do it at all.

    Tell people “SSL3 with RC4 is calling for security trouble” and 99% will yawn and look for more attractive matters like phozos of the kardashian at the beach. However, tell them “The Russians are hacking us!” and you’ll have their attention.

    And yes, I want to believe that Bruce Schneier, one of the few realiable rocks in the wild sea, still is in full posession of his capabilities and brains.
    In case I’m wrong, oh well, that’s a sin very easy to forgive compared to “It was the Russians! There were russian words in it!”.

    fung0 August 21, 2016 7:30 PM

    Releasing evidence OF a crime (e.g. rigging an election) shouldn’t be viewed AS a crime.

    Regardless of who did it, or why.

    End of story.

    James William Steven Parker November 2, 2017 5:21 AM

    There is literally enough information to call into speculation that the votes were definitely hacked. I read an article recently on News Puddle which actually identified that various social media platforms confirmed there was highly irregular internet traffic coming from Russia. So, I have a few questions:

    a. Why was the election re-done? It’s obviously rigged, or something is highly out of the ordinary, and
    b. How is Donald Trump still president when you know this shit is going on?

    https://newspuddle.com/facebook-google-and-twitter-admit-large-scale-russian-infiltration/

    Leave a comment

    Login

    Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

    Sidebar photo of Bruce Schneier by Joe MacInnis.